xref: /plugin/oauth/auth.php (revision a1fa007ab08a219fc271dac74f02ec04f98037c3) 
180852c15SAndreas Gohr<?php
23e7ac5b1SAndreas Gohr
3e170f465SAndreas Gohruse dokuwiki\plugin\oauth\OAuthManager;
4e170f465SAndreas Gohruse dokuwiki\plugin\oauth\Session;
5e170f465SAndreas Gohruse dokuwiki\Subscriptions\RegistrationSubscriptionSender;
6e170f465SAndreas Gohruse OAuth\Common\Exception\Exception as OAuthException;
7e170f465SAndreas Gohr
880852c15SAndreas Gohr/**
980852c15SAndreas Gohr * DokuWiki Plugin oauth (Auth Component)
1080852c15SAndreas Gohr *
1180852c15SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
1280852c15SAndreas Gohr * @author  Andreas Gohr <andi@splitbrain.org>
1380852c15SAndreas Gohr */
143e7ac5b1SAndreas Gohrclass auth_plugin_oauth extends auth_plugin_authplain
153e7ac5b1SAndreas Gohr{
16e170f465SAndreas Gohr    /** @var helper_plugin_oauth */
17e170f465SAndreas Gohr    protected $hlp;
18e170f465SAndreas Gohr
19*a1fa007aSNaoto Kobayashi    /** @var OAuthManager */
20*a1fa007aSNaoto Kobayashi    protected $om;
21*a1fa007aSNaoto Kobayashi
22e170f465SAndreas Gohr    // region standard auth methods
2380852c15SAndreas Gohr
243e7ac5b1SAndreas Gohr    /** @inheritDoc */
253e7ac5b1SAndreas Gohr    public function __construct()
263e7ac5b1SAndreas Gohr    {
27f10e09e2SAndreas Gohr        parent::__construct();
28f10e09e2SAndreas Gohr        $this->cando['external'] = true;
29e170f465SAndreas Gohr        $this->hlp = $this->loadHelper('oauth');
3080852c15SAndreas Gohr    }
3180852c15SAndreas Gohr
323e7ac5b1SAndreas Gohr    /** @inheritDoc */
33311a6606SAnna Dabrowska    public function trustExternal($user, $pass, $sticky = false)
343e7ac5b1SAndreas Gohr    {
35a02a5d81SAnna Dabrowska        global $INPUT;
36438dcc52SMichael Grosse
378523e9d0SAndreas Gohr        // handle redirects from farmer to animal wiki instances
388523e9d0SAndreas Gohr        if ($INPUT->has('state') && plugin_load('helper', 'farmer')) {
39d9be1cb5SAnna Dabrowska            $this->handleFarmState($INPUT->str('state'));
40438dcc52SMichael Grosse        }
4180852c15SAndreas Gohr
4274b4d4a4SAndreas Gohr        try {
4374b4d4a4SAndreas Gohr            // either oauth or "normal" plain auth login via form
44*a1fa007aSNaoto Kobayashi            $this->om = new OAuthManager();
45*a1fa007aSNaoto Kobayashi            return $this->om->continueFlow() || auth_login($user, $pass, $sticky);
46e170f465SAndreas Gohr        } catch (OAuthException $e) {
47e170f465SAndreas Gohr            $this->hlp->showException($e);
4828002081SAndreas Gohr            auth_logoff(); // clears all session and cookie data
4974b4d4a4SAndreas Gohr            return false;
50a7a8f46aSAndreas Gohr        }
51a7a8f46aSAndreas Gohr    }
5280852c15SAndreas Gohr
53f2e164b0SMichael Große    /**
54311a6606SAnna Dabrowska     * Enhance function to check against duplicate emails
55311a6606SAnna Dabrowska     *
56e170f465SAndreas Gohr     * @inheritdoc
57311a6606SAnna Dabrowska     */
58311a6606SAnna Dabrowska    public function createUser($user, $pwd, $name, $mail, $grps = null)
59311a6606SAnna Dabrowska    {
60311a6606SAnna Dabrowska        if ($this->getUserByEmail($mail)) {
61311a6606SAnna Dabrowska            msg($this->getLang('emailduplicate'), -1);
62311a6606SAnna Dabrowska            return false;
63311a6606SAnna Dabrowska        }
64311a6606SAnna Dabrowska
65311a6606SAnna Dabrowska        return parent::createUser($user, $pwd, $name, $mail, $grps);
66311a6606SAnna Dabrowska    }
67311a6606SAnna Dabrowska
68311a6606SAnna Dabrowska    /**
69311a6606SAnna Dabrowska     * Enhance function to check against duplicate emails
70311a6606SAnna Dabrowska     *
71e170f465SAndreas Gohr     * @inheritdoc
72311a6606SAnna Dabrowska     */
73311a6606SAnna Dabrowska    public function modifyUser($user, $changes)
74311a6606SAnna Dabrowska    {
75311a6606SAnna Dabrowska        global $conf;
76311a6606SAnna Dabrowska
77311a6606SAnna Dabrowska        if (isset($changes['mail'])) {
78311a6606SAnna Dabrowska            $found = $this->getUserByEmail($changes['mail']);
79311a6606SAnna Dabrowska            if ($found && $found != $user) {
80311a6606SAnna Dabrowska                msg($this->getLang('emailduplicate'), -1);
81311a6606SAnna Dabrowska                return false;
82311a6606SAnna Dabrowska            }
83311a6606SAnna Dabrowska        }
84311a6606SAnna Dabrowska
85311a6606SAnna Dabrowska        $ok = parent::modifyUser($user, $changes);
86311a6606SAnna Dabrowska
87311a6606SAnna Dabrowska        // refresh session cache
88311a6606SAnna Dabrowska        touch($conf['cachedir'] . '/sessionpurge');
89311a6606SAnna Dabrowska        return $ok;
90311a6606SAnna Dabrowska    }
91311a6606SAnna Dabrowska
92311a6606SAnna Dabrowska    /**
93311a6606SAnna Dabrowska     * Unset additional stuff in session on logout
94311a6606SAnna Dabrowska     */
95311a6606SAnna Dabrowska    public function logOff()
96311a6606SAnna Dabrowska    {
97311a6606SAnna Dabrowska        parent::logOff();
98*a1fa007aSNaoto Kobayashi        if (isset($this->om)) {
99*a1fa007aSNaoto Kobayashi            $this->om->logout();
100*a1fa007aSNaoto Kobayashi        }
101e170f465SAndreas Gohr        (Session::getInstance())->clear();
102311a6606SAnna Dabrowska    }
103311a6606SAnna Dabrowska
104e170f465SAndreas Gohr    // endregion
105e170f465SAndreas Gohr
106311a6606SAnna Dabrowska    /**
107e170f465SAndreas Gohr     * Register a new user logged in by oauth
108f2e164b0SMichael Große     *
109e170f465SAndreas Gohr     * It ensures the username is unique, by adding a number if needed.
110e170f465SAndreas Gohr     * Default and service name groups are set here.
111e170f465SAndreas Gohr     * Registration notifications are triggered.
112a02a5d81SAnna Dabrowska     *
113e170f465SAndreas Gohr     * @param array $userinfo This will be updated with the new username
114b2b9fbc7SMichael Große     * @param string $servicename
115b2b9fbc7SMichael Große     *
116b2b9fbc7SMichael Große     * @return bool
117e170f465SAndreas Gohr     * @todo - should this be part of the OAuthManager class instead?
118b2b9fbc7SMichael Große     */
119e170f465SAndreas Gohr    public function registerOAuthUser(&$userinfo, $servicename)
1203e7ac5b1SAndreas Gohr    {
121b2b9fbc7SMichael Große        global $conf;
122a02a5d81SAnna Dabrowska        $user = $userinfo['user'];
123b2b9fbc7SMichael Große        $count = '';
124b2b9fbc7SMichael Große        while ($this->getUserData($user . $count)) {
125b2b9fbc7SMichael Große            if ($count) {
126b2b9fbc7SMichael Große                $count++;
127b2b9fbc7SMichael Große            } else {
128b2b9fbc7SMichael Große                $count = 1;
129b2b9fbc7SMichael Große            }
130b2b9fbc7SMichael Große        }
131b2b9fbc7SMichael Große        $user = $user . $count;
132a02a5d81SAnna Dabrowska        $userinfo['user'] = $user;
133e170f465SAndreas Gohr        $groups_on_creation = [];
134b2b9fbc7SMichael Große        $groups_on_creation[] = $conf['defaultgroup'];
135b2b9fbc7SMichael Große        $groups_on_creation[] = $this->cleanGroup($servicename); // add service as group
136a02a5d81SAnna Dabrowska        $userinfo['grps'] = array_merge((array)$userinfo['grps'], $groups_on_creation);
137b2b9fbc7SMichael Große
138e170f465SAndreas Gohr        // the password set here will remain unknown to the user
139b2b9fbc7SMichael Große        $ok = $this->triggerUserMod(
140b2b9fbc7SMichael Große            'create',
141e170f465SAndreas Gohr            [
142e170f465SAndreas Gohr                $user,
143e170f465SAndreas Gohr                auth_pwgen($user),
144e170f465SAndreas Gohr                $userinfo['name'],
145e170f465SAndreas Gohr                $userinfo['mail'],
1464928b245SAndreas Gohr                $userinfo['grps'],
147e170f465SAndreas Gohr            ]
148b2b9fbc7SMichael Große        );
149b2b9fbc7SMichael Große        if (!$ok) {
150b2b9fbc7SMichael Große            return false;
151b2b9fbc7SMichael Große        }
152b2b9fbc7SMichael Große
153e170f465SAndreas Gohr        // send notification about the new user
154e170f465SAndreas Gohr        $subscriptionSender = new RegistrationSubscriptionSender();
155e170f465SAndreas Gohr        $subscriptionSender->sendRegister($user, $userinfo['name'], $userinfo['mail']);
156e170f465SAndreas Gohr
157b2b9fbc7SMichael Große        return true;
158b2b9fbc7SMichael Große    }
159b2b9fbc7SMichael Große
160b2b9fbc7SMichael Große    /**
161a02a5d81SAnna Dabrowska     * Find a user by email address
162b2b9fbc7SMichael Große     *
163b2b9fbc7SMichael Große     * @param $mail
164b2b9fbc7SMichael Große     * @return bool|string
165b2b9fbc7SMichael Große     */
16674b4d4a4SAndreas Gohr    public function getUserByEmail($mail)
1673e7ac5b1SAndreas Gohr    {
1688b214edcSAndreas Gohr        if ($this->users === null) {
1698b214edcSAndreas Gohr            $this->loadUserData();
1708b214edcSAndreas Gohr        }
171b2b9fbc7SMichael Große        $mail = strtolower($mail);
172b2b9fbc7SMichael Große
173a02a5d81SAnna Dabrowska        foreach ($this->users as $user => $userinfo) {
174a02a5d81SAnna Dabrowska            if (strtolower($userinfo['mail']) == $mail) return $user;
175b2b9fbc7SMichael Große        }
176b2b9fbc7SMichael Große
177b2b9fbc7SMichael Große        return false;
178b2b9fbc7SMichael Große    }
179b2b9fbc7SMichael Große
180b2b9fbc7SMichael Große    /**
1812a8b22d5SAndreas Gohr     * Fall back to plain auth strings
1822a8b22d5SAndreas Gohr     *
1832a8b22d5SAndreas Gohr     * @inheritdoc
1842a8b22d5SAndreas Gohr     */
1852a8b22d5SAndreas Gohr    public function getLang($id)
1862a8b22d5SAndreas Gohr    {
1872a8b22d5SAndreas Gohr        $result = parent::getLang($id);
1882a8b22d5SAndreas Gohr        if($result) return $result;
1892a8b22d5SAndreas Gohr
1902a8b22d5SAndreas Gohr        $parent = new auth_plugin_authplain();
1912a8b22d5SAndreas Gohr        return $parent->getLang($id);
1922a8b22d5SAndreas Gohr    }
1932a8b22d5SAndreas Gohr
1942a8b22d5SAndreas Gohr    /**
195b8ca6a42SAnna Dabrowska     * Farmer plugin support
196b8ca6a42SAnna Dabrowska     *
197b8ca6a42SAnna Dabrowska     * When coming back to farmer instance via OAUTH redirectURI, we need to redirect again
198b8ca6a42SAnna Dabrowska     * to a proper animal instance detected from $state
199b2b9fbc7SMichael Große     *
200311a6606SAnna Dabrowska     * @param $state
201b2b9fbc7SMichael Große     */
202e170f465SAndreas Gohr    protected function handleFarmState($state)
2033e7ac5b1SAndreas Gohr    {
204311a6606SAnna Dabrowska        /** @var \helper_plugin_farmer $farmer */
205311a6606SAnna Dabrowska        $farmer = plugin_load('helper', 'farmer', false, true);
206311a6606SAnna Dabrowska        $data = json_decode(base64_decode(urldecode($state)));
207311a6606SAnna Dabrowska        if (empty($data->animal) || $farmer->getAnimal() == $data->animal) {
208311a6606SAnna Dabrowska            return;
209827232fcSMichael Große        }
210311a6606SAnna Dabrowska        $animal = $data->animal;
211311a6606SAnna Dabrowska        $allAnimals = $farmer->getAllAnimals();
212311a6606SAnna Dabrowska        if (!in_array($animal, $allAnimals)) {
213311a6606SAnna Dabrowska            msg('Animal ' . $animal . ' does not exist!');
214311a6606SAnna Dabrowska            return;
215827232fcSMichael Große        }
216311a6606SAnna Dabrowska        global $INPUT;
217311a6606SAnna Dabrowska        $url = $farmer->getAnimalURL($animal) . '/doku.php?' . $INPUT->server->str('QUERY_STRING');
218311a6606SAnna Dabrowska        send_redirect($url);
219b2b9fbc7SMichael Große    }
220b2b9fbc7SMichael Große}
221