xref: /plugin/oauth/auth.php (revision a7a8f46af52da816b287e06ab144b73c09876cd0) 
1<?php
2/**
3 * DokuWiki Plugin oauth (Auth Component)
4 *
5 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
6 * @author  Andreas Gohr <andi@splitbrain.org>
7 */
8
9// must be run within Dokuwiki
10if(!defined('DOKU_INC')) die();
11
12class auth_plugin_oauth extends auth_plugin_authplain {
13
14    public function __construct() {
15        parent::__construct();
16
17
18        $this->cando['external'] = true;
19    }
20
21
22    function trustExternal($user, $pass, $sticky = false) {
23	    global $INPUT;
24        global $conf;
25        global $USERINFO;
26
27        $servicename = $INPUT->str('oa');
28
29        // check session for existing oAuth login data
30        $session = $_SESSION[DOKU_COOKIE]['auth'];
31        if(!$servicename && isset($session['oauth'])) {
32            $servicename = $session['oauth'];
33            // check if session data is still considered valid
34            if( ($session['time'] >= time() - $conf['auth_security_timeout']) &&
35                ($session['buid'] == auth_browseruid())) {
36
37                $_SERVER['REMOTE_USER'] = $session['user'];
38                $USERINFO               = $session['info'];
39                return true;
40            }
41        }
42
43        // either we're in oauth login or a previous log needs to be rechecked
44        if($servicename) {
45            /** @var helper_plugin_oauth $hlp */
46            $hlp = plugin_load('helper', 'oauth');
47            $service = $hlp->loadService($servicename);
48            if(is_null($service)) return false;
49
50            // get the token
51            if($service->checkToken()) {
52                $uinfo = $service->getUser();
53                $this->setUserSession($uinfo, $servicename);
54                return true;
55            }
56
57            return false; // something went wrong during oAuth login
58        }
59
60
61        // do the "normal" plain auth login via form
62        return auth_login($user, $pass, $sticky);
63    }
64
65    /**
66     * @param array $data
67     * @param string $service
68     */
69    protected function setUserSession($data, $service) {
70        global $USERINFO;
71        global $conf;
72
73        // set up groups
74        if(!is_array($data['grps'])) {
75            $data['grps'] = array();
76        }
77        $data['grps'][] = $conf['defaultgroup'];
78        $data['grps'][] = $this->cleanGroup($service);
79
80        $USERINFO = $data;
81        $_SERVER['REMOTE_USER'] = $data['user'];
82        $_SESSION[DOKU_COOKIE]['auth']['user'] = $data['user'];
83        $_SESSION[DOKU_COOKIE]['auth']['pass'] = $data['pass'];
84        $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
85        $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
86        $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
87        $_SESSION[DOKU_COOKIE]['auth']['oauth'] = $service;
88    }
89
90}
91
92// vim:ts=4:sw=4:et: