180852c15SAndreas Gohr<?php 23e7ac5b1SAndreas Gohr 380852c15SAndreas Gohr/** 480852c15SAndreas Gohr * DokuWiki Plugin oauth (Auth Component) 580852c15SAndreas Gohr * 680852c15SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 780852c15SAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 880852c15SAndreas Gohr */ 93e7ac5b1SAndreas Gohrclass auth_plugin_oauth extends auth_plugin_authplain 103e7ac5b1SAndreas Gohr{ 1180852c15SAndreas Gohr 123e7ac5b1SAndreas Gohr /** @inheritDoc */ 133e7ac5b1SAndreas Gohr public function __construct() 143e7ac5b1SAndreas Gohr { 15f10e09e2SAndreas Gohr parent::__construct(); 1680852c15SAndreas Gohr 17f10e09e2SAndreas Gohr $this->cando['external'] = true; 1880852c15SAndreas Gohr } 1980852c15SAndreas Gohr 203e7ac5b1SAndreas Gohr /** @inheritDoc */ 21311a6606SAnna Dabrowska public function trustExternal($user, $pass, $sticky = false) 223e7ac5b1SAndreas Gohr { 23*a02a5d81SAnna Dabrowska global $INPUT; 24438dcc52SMichael Grosse 25438dcc52SMichael Grosse if ($INPUT->has('state') && plugin_load('helper', 'farmer', false, true)) { 26438dcc52SMichael Grosse $this->handleState($INPUT->str('state')); 27438dcc52SMichael Grosse } 2880852c15SAndreas Gohr 29*a02a5d81SAnna Dabrowska if ($this->sessionLogin()) return true; 3080852c15SAndreas Gohr 31*a02a5d81SAnna Dabrowska list($servicename, $page, $params, $existingLoginProcess) = $this->inProgress(); 32523e6571SMichael Große 33*a02a5d81SAnna Dabrowska // either we're in oauth login or a previous login needs to be rechecked 342e94f0b8SAndreas Gohr if (isset($servicename)) { 35*a02a5d81SAnna Dabrowska return $this->serviceLogin($servicename, $sticky, $page, $params, $existingLoginProcess); 36a7a8f46aSAndreas Gohr } 37a7a8f46aSAndreas Gohr 38*a02a5d81SAnna Dabrowska // otherwise try cookie 39*a02a5d81SAnna Dabrowska $this->cookieLogin(); 4080852c15SAndreas Gohr 41a7a8f46aSAndreas Gohr // do the "normal" plain auth login via form 42a7a8f46aSAndreas Gohr return auth_login($user, $pass, $sticky); 43a7a8f46aSAndreas Gohr } 4480852c15SAndreas Gohr 45f2e164b0SMichael Große /** 46311a6606SAnna Dabrowska * Enhance function to check against duplicate emails 47311a6606SAnna Dabrowska * 48311a6606SAnna Dabrowska * @param string $user 49311a6606SAnna Dabrowska * @param string $pwd 50311a6606SAnna Dabrowska * @param string $name 51311a6606SAnna Dabrowska * @param string $mail 52311a6606SAnna Dabrowska * @param null $grps 53311a6606SAnna Dabrowska * @return bool|null|string 54311a6606SAnna Dabrowska */ 55311a6606SAnna Dabrowska public function createUser($user, $pwd, $name, $mail, $grps = null) 56311a6606SAnna Dabrowska { 57311a6606SAnna Dabrowska if ($this->getUserByEmail($mail)) { 58311a6606SAnna Dabrowska msg($this->getLang('emailduplicate'), -1); 59311a6606SAnna Dabrowska return false; 60311a6606SAnna Dabrowska } 61311a6606SAnna Dabrowska 62311a6606SAnna Dabrowska return parent::createUser($user, $pwd, $name, $mail, $grps); 63311a6606SAnna Dabrowska } 64311a6606SAnna Dabrowska 65311a6606SAnna Dabrowska /** 66311a6606SAnna Dabrowska * Enhance function to check against duplicate emails 67311a6606SAnna Dabrowska * 68311a6606SAnna Dabrowska * @param string $user 69311a6606SAnna Dabrowska * @param array $changes 70311a6606SAnna Dabrowska * @return bool 71311a6606SAnna Dabrowska */ 72311a6606SAnna Dabrowska public function modifyUser($user, $changes) 73311a6606SAnna Dabrowska { 74311a6606SAnna Dabrowska global $conf; 75311a6606SAnna Dabrowska 76311a6606SAnna Dabrowska if (isset($changes['mail'])) { 77311a6606SAnna Dabrowska $found = $this->getUserByEmail($changes['mail']); 78311a6606SAnna Dabrowska if ($found && $found != $user) { 79311a6606SAnna Dabrowska msg($this->getLang('emailduplicate'), -1); 80311a6606SAnna Dabrowska return false; 81311a6606SAnna Dabrowska } 82311a6606SAnna Dabrowska } 83311a6606SAnna Dabrowska 84311a6606SAnna Dabrowska $ok = parent::modifyUser($user, $changes); 85311a6606SAnna Dabrowska 86311a6606SAnna Dabrowska // refresh session cache 87311a6606SAnna Dabrowska touch($conf['cachedir'] . '/sessionpurge'); 88311a6606SAnna Dabrowska 89311a6606SAnna Dabrowska return $ok; 90311a6606SAnna Dabrowska } 91311a6606SAnna Dabrowska 92311a6606SAnna Dabrowska /** 93311a6606SAnna Dabrowska * Unset additional stuff in session on logout 94311a6606SAnna Dabrowska */ 95311a6606SAnna Dabrowska public function logOff() 96311a6606SAnna Dabrowska { 97311a6606SAnna Dabrowska parent::logOff(); 98311a6606SAnna Dabrowska 99311a6606SAnna Dabrowska $this->cleanLogout(); 100311a6606SAnna Dabrowska } 101311a6606SAnna Dabrowska 102311a6606SAnna Dabrowska /** 103*a02a5d81SAnna Dabrowska * check if auth data is present in session and is still considered valid 104f2e164b0SMichael Große * 105f2e164b0SMichael Große * @return bool 106f2e164b0SMichael Große */ 107*a02a5d81SAnna Dabrowska protected function sessionLogin() 1083e7ac5b1SAndreas Gohr { 109*a02a5d81SAnna Dabrowska global $USERINFO; 110*a02a5d81SAnna Dabrowska $session = $_SESSION[DOKU_COOKIE]['auth']; 111*a02a5d81SAnna Dabrowska if (isset($session['oauth']) && $this->isSessionValid($session)) { 112*a02a5d81SAnna Dabrowska $_SERVER['REMOTE_USER'] = $session['user']; 113*a02a5d81SAnna Dabrowska $USERINFO = $session['info']; 114f2e164b0SMichael Große return true; 115f2e164b0SMichael Große } 116f2e164b0SMichael Große return false; 117f2e164b0SMichael Große } 118f2e164b0SMichael Große 119*a02a5d81SAnna Dabrowska /** 120*a02a5d81SAnna Dabrowska * Try extracting data from login in progress 121*a02a5d81SAnna Dabrowska * 122*a02a5d81SAnna Dabrowska * @return array 123*a02a5d81SAnna Dabrowska */ 124*a02a5d81SAnna Dabrowska protected function inProgress() 1253e7ac5b1SAndreas Gohr { 126*a02a5d81SAnna Dabrowska $existingLoginProcess = false; 127*a02a5d81SAnna Dabrowska if (isset($_SESSION[DOKU_COOKIE]['oauth-inprogress'])) { 128*a02a5d81SAnna Dabrowska $servicename = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['service']; 129*a02a5d81SAnna Dabrowska $page = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['id']; 130*a02a5d81SAnna Dabrowska $params = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['params']; 131213f4618SMichael Große 132*a02a5d81SAnna Dabrowska unset($_SESSION[DOKU_COOKIE]['oauth-inprogress']); 133*a02a5d81SAnna Dabrowska $existingLoginProcess = true; 134213f4618SMichael Große } 135*a02a5d81SAnna Dabrowska return [$servicename, $page, $params, $existingLoginProcess]; 136213f4618SMichael Große } 137213f4618SMichael Große 138a7a8f46aSAndreas Gohr /** 139*a02a5d81SAnna Dabrowska * Use cookie data to log in 140*a02a5d81SAnna Dabrowska */ 141*a02a5d81SAnna Dabrowska protected function cookieLogin() 142*a02a5d81SAnna Dabrowska { 143*a02a5d81SAnna Dabrowska if (isset($_COOKIE[DOKU_COOKIE])) { 144*a02a5d81SAnna Dabrowska list($cookieuser, $cookiesticky, $auth, $servicename) = explode('|', $_COOKIE[DOKU_COOKIE]); 145*a02a5d81SAnna Dabrowska $auth = base64_decode($auth, true); 146*a02a5d81SAnna Dabrowska $servicename = base64_decode($servicename, true); 147*a02a5d81SAnna Dabrowska if ($auth === 'oauth') { 148*a02a5d81SAnna Dabrowska $this->doLogin($servicename); 149*a02a5d81SAnna Dabrowska } 150*a02a5d81SAnna Dabrowska } 151*a02a5d81SAnna Dabrowska } 152*a02a5d81SAnna Dabrowska 153*a02a5d81SAnna Dabrowska /** 154*a02a5d81SAnna Dabrowska * Use the OAuth service 155*a02a5d81SAnna Dabrowska * 156*a02a5d81SAnna Dabrowska * @param $servicename 157b2b9fbc7SMichael Große * @param $sticky 158*a02a5d81SAnna Dabrowska * @param $page 159*a02a5d81SAnna Dabrowska * @param $params 160*a02a5d81SAnna Dabrowska * @param $existingLoginProcess 161*a02a5d81SAnna Dabrowska * @return bool 162*a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Exception\Exception 163*a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Http\Exception\TokenResponseException 164*a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Storage\Exception\TokenNotFoundException 165*a02a5d81SAnna Dabrowska */ 166*a02a5d81SAnna Dabrowska protected function serviceLogin($servicename, $sticky, $page, $params, $existingLoginProcess) 167*a02a5d81SAnna Dabrowska { 168*a02a5d81SAnna Dabrowska $service = $this->getService($servicename); 169*a02a5d81SAnna Dabrowska if (is_null($service)) { 170*a02a5d81SAnna Dabrowska $this->cleanLogout(); 171*a02a5d81SAnna Dabrowska return false; 172*a02a5d81SAnna Dabrowska } 173*a02a5d81SAnna Dabrowska 174*a02a5d81SAnna Dabrowska if ($service->checkToken()) { 175*a02a5d81SAnna Dabrowska if (!$this->processLogin($sticky, $service, $servicename, $page, $params)) { 176*a02a5d81SAnna Dabrowska $this->cleanLogout(); 177*a02a5d81SAnna Dabrowska return false; 178*a02a5d81SAnna Dabrowska } 179*a02a5d81SAnna Dabrowska return true; 180*a02a5d81SAnna Dabrowska } else { 181*a02a5d81SAnna Dabrowska if ($existingLoginProcess) { 182*a02a5d81SAnna Dabrowska msg($this->getLang('oauth login failed'), 0); 183*a02a5d81SAnna Dabrowska $this->cleanLogout(); 184*a02a5d81SAnna Dabrowska return false; 185*a02a5d81SAnna Dabrowska } else { 186*a02a5d81SAnna Dabrowska // first time here 187*a02a5d81SAnna Dabrowska $this->doLogin($servicename); 188*a02a5d81SAnna Dabrowska } 189*a02a5d81SAnna Dabrowska } 190*a02a5d81SAnna Dabrowska 191*a02a5d81SAnna Dabrowska $this->cleanLogout(); 192*a02a5d81SAnna Dabrowska return false; // something went wrong during oAuth login 193*a02a5d81SAnna Dabrowska } 194*a02a5d81SAnna Dabrowska 195*a02a5d81SAnna Dabrowska /** 196*a02a5d81SAnna Dabrowska * @param string $servicename 197*a02a5d81SAnna Dabrowska * @return void|false 198*a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Http\Exception\TokenResponseException 199*a02a5d81SAnna Dabrowska */ 200*a02a5d81SAnna Dabrowska protected function doLogin($servicename) 201*a02a5d81SAnna Dabrowska { 202*a02a5d81SAnna Dabrowska $service = $this->getService($servicename); 203*a02a5d81SAnna Dabrowska if (is_null($service)) return false; 204*a02a5d81SAnna Dabrowska 205*a02a5d81SAnna Dabrowska $this->writeSession($servicename); 206*a02a5d81SAnna Dabrowska $service->login(); 207*a02a5d81SAnna Dabrowska } 208*a02a5d81SAnna Dabrowska 209*a02a5d81SAnna Dabrowska 210*a02a5d81SAnna Dabrowska /** 211*a02a5d81SAnna Dabrowska * @param bool $sticky 212*a02a5d81SAnna Dabrowska * @param \dokuwiki\plugin\oauth\Service $service 2139928f5efSMichael Große * @param string $servicename 214b2b9fbc7SMichael Große * @param string $page 215188ba446SMichael Große * @param array $params 216f07c7607SMichael Große * 217f07c7607SMichael Große * @return bool 218*a02a5d81SAnna Dabrowska * @throws \OAuth\Common\Exception\Exception 219f07c7607SMichael Große */ 220*a02a5d81SAnna Dabrowska protected function processLogin($sticky, $service, $servicename, $page, $params = []) 2213e7ac5b1SAndreas Gohr { 222*a02a5d81SAnna Dabrowska $userinfo = $service->getUser(); 223*a02a5d81SAnna Dabrowska $ok = $this->processUserinfo($userinfo, $servicename); 224f07c7607SMichael Große if (!$ok) { 225f07c7607SMichael Große return false; 226f07c7607SMichael Große } 227*a02a5d81SAnna Dabrowska $this->setUserSession($userinfo, $servicename); 228*a02a5d81SAnna Dabrowska $this->setUserCookie($userinfo['user'], $sticky, $servicename); 229b2b9fbc7SMichael Große if (isset($page)) { 230188ba446SMichael Große if (!empty($params['id'])) unset($params['id']); 231188ba446SMichael Große send_redirect(wl($page, $params, false, '&')); 232b2b9fbc7SMichael Große } 233f07c7607SMichael Große return true; 234f07c7607SMichael Große } 235f07c7607SMichael Große 2369928f5efSMichael Große /** 237*a02a5d81SAnna Dabrowska * process the user and update the user info array 2389928f5efSMichael Große * 239*a02a5d81SAnna Dabrowska * @param array $userinfo User info received from authentication 240*a02a5d81SAnna Dabrowska * @param string $servicename Auth service 2419928f5efSMichael Große * 2429928f5efSMichael Große * @return bool 2439928f5efSMichael Große */ 244*a02a5d81SAnna Dabrowska protected function processUserinfo(&$userinfo, $servicename) 2453e7ac5b1SAndreas Gohr { 246*a02a5d81SAnna Dabrowska $userinfo['user'] = $this->cleanUser((string)$userinfo['user']); 247*a02a5d81SAnna Dabrowska if (!$userinfo['name']) $userinfo['name'] = $userinfo['user']; 2489928f5efSMichael Große 249*a02a5d81SAnna Dabrowska if (!$userinfo['user'] || !$userinfo['mail']) { 2509928f5efSMichael Große msg("$servicename did not provide the needed user info. Can't log you in", -1); 2519928f5efSMichael Große return false; 2529928f5efSMichael Große } 2539928f5efSMichael Große 2549928f5efSMichael Große // see if the user is known already 255*a02a5d81SAnna Dabrowska $localUser = $this->getUserByEmail($userinfo['mail']); 256*a02a5d81SAnna Dabrowska if ($localUser) { 257*a02a5d81SAnna Dabrowska $localUserInfo = $this->getUserData($localUser); 2589928f5efSMichael Große // check if the user allowed access via this service 259*a02a5d81SAnna Dabrowska if (!in_array($this->cleanGroup($servicename), $localUserInfo['grps'])) { 2609928f5efSMichael Große msg(sprintf($this->getLang('authnotenabled'), $servicename), -1); 2619928f5efSMichael Große return false; 2629928f5efSMichael Große } 263*a02a5d81SAnna Dabrowska $userinfo['user'] = $localUser; 264*a02a5d81SAnna Dabrowska $userinfo['name'] = $localUserInfo['name']; 265*a02a5d81SAnna Dabrowska $userinfo['grps'] = array_merge((array)$userinfo['grps'], $localUserInfo['grps']); 266d313403cSAnna Dabrowska } elseif (actionOK('register') || $this->getConf('register-on-auth')) { 267*a02a5d81SAnna Dabrowska $ok = $this->addUser($userinfo, $servicename); 2689928f5efSMichael Große if (!$ok) { 2699928f5efSMichael Große msg('something went wrong creating your user account. please try again later.', -1); 2709928f5efSMichael Große return false; 2719928f5efSMichael Große } 2729928f5efSMichael Große } else { 2739928f5efSMichael Große msg($this->getLang('addUser not possible'), -1); 2749928f5efSMichael Große return false; 2759928f5efSMichael Große } 2769928f5efSMichael Große return true; 2779928f5efSMichael Große } 2789928f5efSMichael Große 2799928f5efSMichael Große /** 280b2b9fbc7SMichael Große * new user, create him - making sure the login is unique by adding a number if needed 281b2b9fbc7SMichael Große * 282*a02a5d81SAnna Dabrowska * @param array $userinfo user info received from the oAuth service 283b2b9fbc7SMichael Große * @param string $servicename 284b2b9fbc7SMichael Große * 285b2b9fbc7SMichael Große * @return bool 286b2b9fbc7SMichael Große */ 287*a02a5d81SAnna Dabrowska protected function addUser(&$userinfo, $servicename) 2883e7ac5b1SAndreas Gohr { 289b2b9fbc7SMichael Große global $conf; 290*a02a5d81SAnna Dabrowska $user = $userinfo['user']; 291b2b9fbc7SMichael Große $count = ''; 292b2b9fbc7SMichael Große while ($this->getUserData($user . $count)) { 293b2b9fbc7SMichael Große if ($count) { 294b2b9fbc7SMichael Große $count++; 295b2b9fbc7SMichael Große } else { 296b2b9fbc7SMichael Große $count = 1; 297b2b9fbc7SMichael Große } 298b2b9fbc7SMichael Große } 299b2b9fbc7SMichael Große $user = $user . $count; 300*a02a5d81SAnna Dabrowska $userinfo['user'] = $user; 301b2b9fbc7SMichael Große $groups_on_creation = array(); 302b2b9fbc7SMichael Große $groups_on_creation[] = $conf['defaultgroup']; 303b2b9fbc7SMichael Große $groups_on_creation[] = $this->cleanGroup($servicename); // add service as group 304*a02a5d81SAnna Dabrowska $userinfo['grps'] = array_merge((array)$userinfo['grps'], $groups_on_creation); 305b2b9fbc7SMichael Große 306b2b9fbc7SMichael Große $ok = $this->triggerUserMod( 307b2b9fbc7SMichael Große 'create', 308*a02a5d81SAnna Dabrowska array($user, auth_pwgen($user), $userinfo['name'], $userinfo['mail'], $groups_on_creation,) 309b2b9fbc7SMichael Große ); 310b2b9fbc7SMichael Große if (!$ok) { 311b2b9fbc7SMichael Große return false; 312b2b9fbc7SMichael Große } 313b2b9fbc7SMichael Große 314b2b9fbc7SMichael Große // send notification about the new user 315b2b9fbc7SMichael Große $subscription = new Subscription(); 316*a02a5d81SAnna Dabrowska $subscription->send_register($user, $userinfo['name'], $userinfo['mail']); 317b2b9fbc7SMichael Große return true; 318b2b9fbc7SMichael Große } 319b2b9fbc7SMichael Große 320b2b9fbc7SMichael Große /** 321*a02a5d81SAnna Dabrowska * Find a user by email address 322b2b9fbc7SMichael Große * 323b2b9fbc7SMichael Große * @param $mail 324b2b9fbc7SMichael Große * @return bool|string 325b2b9fbc7SMichael Große */ 3263e7ac5b1SAndreas Gohr protected function getUserByEmail($mail) 3273e7ac5b1SAndreas Gohr { 3288b214edcSAndreas Gohr if ($this->users === null) { 3298b214edcSAndreas Gohr if (is_callable([$this, '_loadUserData'])) { 3308b214edcSAndreas Gohr $this->_loadUserData(); 3318b214edcSAndreas Gohr } else { 3328b214edcSAndreas Gohr $this->loadUserData(); 3338b214edcSAndreas Gohr } 3348b214edcSAndreas Gohr } 335b2b9fbc7SMichael Große $mail = strtolower($mail); 336b2b9fbc7SMichael Große 337*a02a5d81SAnna Dabrowska foreach ($this->users as $user => $userinfo) { 338*a02a5d81SAnna Dabrowska if (strtolower($userinfo['mail']) == $mail) return $user; 339b2b9fbc7SMichael Große } 340b2b9fbc7SMichael Große 341b2b9fbc7SMichael Große return false; 342b2b9fbc7SMichael Große } 343b2b9fbc7SMichael Große 344b2b9fbc7SMichael Große /** 345*a02a5d81SAnna Dabrowska * unset auth cookies and session information 346*a02a5d81SAnna Dabrowska */ 347*a02a5d81SAnna Dabrowska private function cleanLogout() 348*a02a5d81SAnna Dabrowska { 349*a02a5d81SAnna Dabrowska if (isset($_SESSION[DOKU_COOKIE]['oauth-done'])) { 350*a02a5d81SAnna Dabrowska unset($_SESSION[DOKU_COOKIE]['oauth-done']); 351*a02a5d81SAnna Dabrowska } 352*a02a5d81SAnna Dabrowska if (isset($_SESSION[DOKU_COOKIE]['auth'])) { 353*a02a5d81SAnna Dabrowska unset($_SESSION[DOKU_COOKIE]['auth']); 354*a02a5d81SAnna Dabrowska } 355*a02a5d81SAnna Dabrowska $this->setUserCookie('', true, '', -60); 356*a02a5d81SAnna Dabrowska } 357*a02a5d81SAnna Dabrowska 358*a02a5d81SAnna Dabrowska /** 359*a02a5d81SAnna Dabrowska * @param string $servicename 360*a02a5d81SAnna Dabrowska * @return \dokuwiki\plugin\oauth\Service 361*a02a5d81SAnna Dabrowska */ 362*a02a5d81SAnna Dabrowska protected function getService($servicename) 363*a02a5d81SAnna Dabrowska { 364*a02a5d81SAnna Dabrowska /** @var helper_plugin_oauth $hlp */ 365*a02a5d81SAnna Dabrowska $hlp = plugin_load('helper', 'oauth'); 366*a02a5d81SAnna Dabrowska 367*a02a5d81SAnna Dabrowska return $hlp->loadService($servicename); 368*a02a5d81SAnna Dabrowska } 369*a02a5d81SAnna Dabrowska 370*a02a5d81SAnna Dabrowska 371*a02a5d81SAnna Dabrowska /** 372*a02a5d81SAnna Dabrowska * Save user and auth data 373*a02a5d81SAnna Dabrowska * 374b2b9fbc7SMichael Große * @param array $data 375b2b9fbc7SMichael Große * @param string $service 376b2b9fbc7SMichael Große */ 3773e7ac5b1SAndreas Gohr protected function setUserSession($data, $service) 3783e7ac5b1SAndreas Gohr { 379b2b9fbc7SMichael Große global $USERINFO; 380b2b9fbc7SMichael Große 381b2b9fbc7SMichael Große // set up groups 382b2b9fbc7SMichael Große if (!is_array($data['grps'])) { 383b2b9fbc7SMichael Große $data['grps'] = array(); 384b2b9fbc7SMichael Große } 385b2b9fbc7SMichael Große $data['grps'][] = $this->cleanGroup($service); 386b2b9fbc7SMichael Große $data['grps'] = array_unique($data['grps']); 387b2b9fbc7SMichael Große 388b2b9fbc7SMichael Große $USERINFO = $data; 389b2b9fbc7SMichael Große $_SERVER['REMOTE_USER'] = $data['user']; 390b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['user'] = $data['user']; 391b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['pass'] = $data['pass']; 392b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 393b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); 394b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); 395b2b9fbc7SMichael Große $_SESSION[DOKU_COOKIE]['auth']['oauth'] = $service; 396b2b9fbc7SMichael Große } 397b2b9fbc7SMichael Große 398b2b9fbc7SMichael Große /** 3999928f5efSMichael Große * @param string $user 400523e6571SMichael Große * @param bool $sticky 4019928f5efSMichael Große * @param string $servicename 402523e6571SMichael Große * @param int $validityPeriodInSeconds optional, per default 1 Year 4039928f5efSMichael Große */ 4043e7ac5b1SAndreas Gohr private function setUserCookie($user, $sticky, $servicename, $validityPeriodInSeconds = 31536000) 4053e7ac5b1SAndreas Gohr { 4069928f5efSMichael Große $cookie = base64_encode($user) . '|' . ((int)$sticky) . '|' . base64_encode('oauth') . '|' . base64_encode($servicename); 4079928f5efSMichael Große $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; 408523e6571SMichael Große $time = $sticky ? (time() + $validityPeriodInSeconds) : 0; 4099928f5efSMichael Große setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), true); 4109928f5efSMichael Große } 4119928f5efSMichael Große 412827232fcSMichael Große /** 413*a02a5d81SAnna Dabrowska * @param array $session cookie auth session 414*a02a5d81SAnna Dabrowska * 415*a02a5d81SAnna Dabrowska * @return bool 416b2b9fbc7SMichael Große */ 417*a02a5d81SAnna Dabrowska protected function isSessionValid($session) 4183e7ac5b1SAndreas Gohr { 419*a02a5d81SAnna Dabrowska /** @var helper_plugin_oauth $hlp */ 420*a02a5d81SAnna Dabrowska $hlp = plugin_load('helper', 'oauth'); 421*a02a5d81SAnna Dabrowska if ($hlp->validBrowserID($session)) { 422*a02a5d81SAnna Dabrowska if (!$hlp->isSessionTimedOut($session)) { 423*a02a5d81SAnna Dabrowska return true; 424*a02a5d81SAnna Dabrowska } elseif (!($hlp->isGETRequest() && $hlp->isDokuPHP())) { 425*a02a5d81SAnna Dabrowska // only force a recheck on a timed-out session during a GET request on the main script doku.php 426*a02a5d81SAnna Dabrowska return true; 427af2a4e8fSMichael Große } 428af2a4e8fSMichael Große } 429*a02a5d81SAnna Dabrowska return false; 430*a02a5d81SAnna Dabrowska } 431*a02a5d81SAnna Dabrowska 432*a02a5d81SAnna Dabrowska /** 433*a02a5d81SAnna Dabrowska * Save login info in session 434*a02a5d81SAnna Dabrowska * 435*a02a5d81SAnna Dabrowska * @param string $servicename 436*a02a5d81SAnna Dabrowska */ 437*a02a5d81SAnna Dabrowska protected function writeSession($servicename) 438*a02a5d81SAnna Dabrowska { 439*a02a5d81SAnna Dabrowska global $INPUT; 440*a02a5d81SAnna Dabrowska 441*a02a5d81SAnna Dabrowska session_start(); 442*a02a5d81SAnna Dabrowska $_SESSION[DOKU_COOKIE]['oauth-inprogress']['service'] = $servicename; 443*a02a5d81SAnna Dabrowska $_SESSION[DOKU_COOKIE]['oauth-inprogress']['id'] = $INPUT->str('id'); 444*a02a5d81SAnna Dabrowska $_SESSION[DOKU_COOKIE]['oauth-inprogress']['params'] = $_GET; 445*a02a5d81SAnna Dabrowska 446*a02a5d81SAnna Dabrowska $_SESSION[DOKU_COOKIE]['oauth-done']['$_REQUEST'] = $_REQUEST; 447*a02a5d81SAnna Dabrowska 448*a02a5d81SAnna Dabrowska if (is_array($INPUT->post->param('do'))) { 449*a02a5d81SAnna Dabrowska $doPost = key($INPUT->post->arr('do')); 450*a02a5d81SAnna Dabrowska } else { 451*a02a5d81SAnna Dabrowska $doPost = $INPUT->post->str('do'); 452*a02a5d81SAnna Dabrowska } 453*a02a5d81SAnna Dabrowska $doGet = $INPUT->get->str('do'); 454*a02a5d81SAnna Dabrowska if (!empty($doPost)) { 455*a02a5d81SAnna Dabrowska $_SESSION[DOKU_COOKIE]['oauth-done']['do'] = $doPost; 456*a02a5d81SAnna Dabrowska } elseif (!empty($doGet)) { 457*a02a5d81SAnna Dabrowska $_SESSION[DOKU_COOKIE]['oauth-done']['do'] = $doGet; 458*a02a5d81SAnna Dabrowska } 459*a02a5d81SAnna Dabrowska 460*a02a5d81SAnna Dabrowska session_write_close(); 461b2b9fbc7SMichael Große } 462b2b9fbc7SMichael Große 463b2b9fbc7SMichael Große /** 464311a6606SAnna Dabrowska * Farmer plugin 465b2b9fbc7SMichael Große * 466311a6606SAnna Dabrowska * @param $state 467b2b9fbc7SMichael Große */ 468311a6606SAnna Dabrowska private function handleState($state) 4693e7ac5b1SAndreas Gohr { 470311a6606SAnna Dabrowska /** @var \helper_plugin_farmer $farmer */ 471311a6606SAnna Dabrowska $farmer = plugin_load('helper', 'farmer', false, true); 472311a6606SAnna Dabrowska $data = json_decode(base64_decode(urldecode($state))); 473311a6606SAnna Dabrowska if (empty($data->animal) || $farmer->getAnimal() == $data->animal) { 474311a6606SAnna Dabrowska return; 475827232fcSMichael Große } 476311a6606SAnna Dabrowska $animal = $data->animal; 477311a6606SAnna Dabrowska $allAnimals = $farmer->getAllAnimals(); 478311a6606SAnna Dabrowska if (!in_array($animal, $allAnimals)) { 479311a6606SAnna Dabrowska msg('Animal ' . $animal . ' does not exist!'); 480311a6606SAnna Dabrowska return; 481827232fcSMichael Große } 482311a6606SAnna Dabrowska global $INPUT; 483311a6606SAnna Dabrowska $url = $farmer->getAnimalURL($animal) . '/doku.php?' . $INPUT->server->str('QUERY_STRING'); 484311a6606SAnna Dabrowska send_redirect($url); 485b2b9fbc7SMichael Große } 486b2b9fbc7SMichael Große} 487b2b9fbc7SMichael Große 48880852c15SAndreas Gohr// vim:ts=4:sw=4:et: 489