180852c15SAndreas Gohr<?php 280852c15SAndreas Gohr/** 380852c15SAndreas Gohr * DokuWiki Plugin oauth (Helper Component) 480852c15SAndreas Gohr * 580852c15SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 680852c15SAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 780852c15SAndreas Gohr */ 880852c15SAndreas Gohr 980852c15SAndreas Gohr// must be run within Dokuwiki 1098a36116SAndreas Gohruse dokuwiki\Extension\Event; 1198a36116SAndreas Gohruse dokuwiki\plugin\oauth\Service; 1280852c15SAndreas Gohr 1398a36116SAndreas Gohrrequire_once(__DIR__ . '/vendor/autoload.php'); 1498a36116SAndreas Gohr 1598a36116SAndreas Gohr/** 1698a36116SAndreas Gohr * Basic helper methods for the oauth flow 1798a36116SAndreas Gohr */ 1898a36116SAndreas Gohrclass helper_plugin_oauth extends DokuWiki_Plugin 1998a36116SAndreas Gohr{ 2080852c15SAndreas Gohr 2180852c15SAndreas Gohr /** 22f10e09e2SAndreas Gohr * Load the needed libraries and initialize the named oAuth service 2380852c15SAndreas Gohr * 24f10e09e2SAndreas Gohr * @param string $servicename 2598a36116SAndreas Gohr * @return null|Service 2680852c15SAndreas Gohr */ 2798a36116SAndreas Gohr public function loadService($servicename) 2898a36116SAndreas Gohr { 2998a36116SAndreas Gohr $services = $this->listServices(true); 3098a36116SAndreas Gohr if (!isset($services[$servicename])) return null; 3198a36116SAndreas Gohr $service = $services[$servicename]; 32f10e09e2SAndreas Gohr 3398a36116SAndreas Gohr if (!$service->getOAuthService()) { 3498a36116SAndreas Gohr msg(hsc("Failed to initialize $servicename authentication service. Check credentials"), -1); 35f10e09e2SAndreas Gohr return null; 36f10e09e2SAndreas Gohr } 37f10e09e2SAndreas Gohr 38f10e09e2SAndreas Gohr return $service; 39f10e09e2SAndreas Gohr } 40f10e09e2SAndreas Gohr 41a90c044eSAndreas Gohr /** 42a90c044eSAndreas Gohr * The redirect URI used in all oAuth requests 43a90c044eSAndreas Gohr * 44a90c044eSAndreas Gohr * @return string 45a90c044eSAndreas Gohr */ 4698a36116SAndreas Gohr public function redirectURI() 4798a36116SAndreas Gohr { 489683193cSMichael Große if ($this->getConf('custom-redirectURI') !== '') { 499683193cSMichael Große return $this->getConf('custom-redirectURI'); 509683193cSMichael Große } else { 512e94f0b8SAndreas Gohr return DOKU_URL . DOKU_SCRIPT; 522e94f0b8SAndreas Gohr } 539683193cSMichael Große } 542e94f0b8SAndreas Gohr 55dfbdd519SAndreas Gohr /** 56dfbdd519SAndreas Gohr * List available Services 57dfbdd519SAndreas Gohr * 5898a36116SAndreas Gohr * @param bool $enabledonly list only services that have been configured 5998a36116SAndreas Gohr * @triggers PLUGIN_OAUTH_BACKEND_REGISTER 6098a36116SAndreas Gohr * @return Service[] list of service objects 61dfbdd519SAndreas Gohr */ 6298a36116SAndreas Gohr public function listServices($enabledonly = true) 6398a36116SAndreas Gohr { 6498a36116SAndreas Gohr $services = []; 6598a36116SAndreas Gohr $event = new Event('PLUGIN_OAUTH_BACKEND_REGISTER', $services); 6698a36116SAndreas Gohr $event->advise_before(false); 6798a36116SAndreas Gohr $event->advise_after(); 68dfbdd519SAndreas Gohr 6998a36116SAndreas Gohr // filter out unconfigured services 7098a36116SAndreas Gohr if ($enabledonly) { 7198a36116SAndreas Gohr $services = array_filter($services, function ($service) { 7298a36116SAndreas Gohr /** @var Service $service */ 7398a36116SAndreas Gohr return (bool)$service->getKey(); 7498a36116SAndreas Gohr }); 75dfbdd519SAndreas Gohr } 76dfbdd519SAndreas Gohr 77dfbdd519SAndreas Gohr return $services; 78dfbdd519SAndreas Gohr } 79f10e09e2SAndreas Gohr 80f10e09e2SAndreas Gohr /** 81ebf681d1SMichael Große * @return array 82d9818adbSMichael Große */ 8398a36116SAndreas Gohr public function getValidDomains() 8498a36116SAndreas Gohr { 853c0c1b14SMichael Große if ($this->getConf('mailRestriction') === '') { 863c0c1b14SMichael Große return array(); 873c0c1b14SMichael Große } 88d9818adbSMichael Große $validDomains = explode(',', trim($this->getConf('mailRestriction'), ',')); 89ebf681d1SMichael Große $validDomains = array_map('trim', $validDomains); 90d9818adbSMichael Große return $validDomains; 91d9818adbSMichael Große } 92d9818adbSMichael Große 93d9818adbSMichael Große /** 94d9818adbSMichael Große * @param string $mail 95d9818adbSMichael Große * 96d9818adbSMichael Große * @return bool 97d9818adbSMichael Große */ 9898a36116SAndreas Gohr public function checkMail($mail) 9998a36116SAndreas Gohr { 100d9818adbSMichael Große $hostedDomains = $this->getValidDomains(); 101d9818adbSMichael Große 102d9818adbSMichael Große foreach ($hostedDomains as $validDomain) { 103d9818adbSMichael Große if (substr($mail, -strlen($validDomain)) === $validDomain) { 104d9818adbSMichael Große return true; 105d9818adbSMichael Große } 106d9818adbSMichael Große } 107d9818adbSMichael Große return false; 108d9818adbSMichael Große } 109f2e164b0SMichael Große 110f2e164b0SMichael Große /** 111f2e164b0SMichael Große * @param array $session cookie auth session 112f2e164b0SMichael Große * 113f2e164b0SMichael Große * @return bool 114f2e164b0SMichael Große */ 11598a36116SAndreas Gohr public function validBrowserID($session) 11698a36116SAndreas Gohr { 117f2e164b0SMichael Große return $session['buid'] == auth_browseruid(); 118f2e164b0SMichael Große } 119f2e164b0SMichael Große 120f2e164b0SMichael Große /** 121f2e164b0SMichael Große * @param array $session cookie auth session 122f2e164b0SMichael Große * 123f2e164b0SMichael Große * @return bool 124f2e164b0SMichael Große */ 12598a36116SAndreas Gohr public function isSessionTimedOut($session) 12698a36116SAndreas Gohr { 127f2e164b0SMichael Große global $conf; 128f2e164b0SMichael Große return $session['time'] < time() - $conf['auth_security_timeout']; 129f2e164b0SMichael Große } 130f2e164b0SMichael Große 131f2e164b0SMichael Große /** 132f2e164b0SMichael Große * @return bool 133f2e164b0SMichael Große */ 13498a36116SAndreas Gohr public function isGETRequest() 13598a36116SAndreas Gohr { 136f2e164b0SMichael Große global $INPUT; 13798a36116SAndreas Gohr return $INPUT->server->str('REQUEST_METHOD') === 'GET'; 138f2e164b0SMichael Große } 139f2e164b0SMichael Große 140f2e164b0SMichael Große /** 141f2e164b0SMichael Große * check if we are handling a request to doku.php. Only doku.php defines $updateVersion 142f2e164b0SMichael Große * 143f2e164b0SMichael Große * @return bool 144f2e164b0SMichael Große */ 14598a36116SAndreas Gohr public function isDokuPHP() 14698a36116SAndreas Gohr { 147f2e164b0SMichael Große global $updateVersion; 148f2e164b0SMichael Große return isset($updateVersion); 149f2e164b0SMichael Große } 150*3e7ac5b1SAndreas Gohr 151*3e7ac5b1SAndreas Gohr /** 152*3e7ac5b1SAndreas Gohr * Display an exception to the user 153*3e7ac5b1SAndreas Gohr * 154*3e7ac5b1SAndreas Gohr * @param Exception $e 155*3e7ac5b1SAndreas Gohr * @param string $prefix - user friendly explanation if available 156*3e7ac5b1SAndreas Gohr */ 157*3e7ac5b1SAndreas Gohr public function showException(\Exception $e, $prefix = '') 158*3e7ac5b1SAndreas Gohr { 159*3e7ac5b1SAndreas Gohr global $conf; 160*3e7ac5b1SAndreas Gohr msg('OAuth: ' . $prefix . ' ' . hsc($e->getMessage()), -1); 161*3e7ac5b1SAndreas Gohr if ($conf['allowdebug']) { 162*3e7ac5b1SAndreas Gohr msg('<pre>' . hsc($e->getTraceAsString()) . '</pre>', -1); 163*3e7ac5b1SAndreas Gohr } 164*3e7ac5b1SAndreas Gohr } 16580852c15SAndreas Gohr} 16680852c15SAndreas Gohr 16780852c15SAndreas Gohr// vim:ts=4:sw=4:et: 168