1<?php 2/** 3 * DokuWiki Plugin oauth (Helper Component) 4 * 5 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 6 * @author Andreas Gohr <andi@splitbrain.org> 7 */ 8 9// must be run within Dokuwiki 10use dokuwiki\Extension\Event; 11use dokuwiki\plugin\oauth\Service; 12 13require_once(__DIR__ . '/vendor/autoload.php'); 14 15/** 16 * Basic helper methods for the oauth flow 17 */ 18class helper_plugin_oauth extends DokuWiki_Plugin 19{ 20 21 /** 22 * Load the needed libraries and initialize the named oAuth service 23 * 24 * @param string $servicename 25 * @return null|Service 26 */ 27 public function loadService($servicename) 28 { 29 $services = $this->listServices(true); 30 if (!isset($services[$servicename])) return null; 31 $service = $services[$servicename]; 32 33 if (!$service->getOAuthService()) { 34 msg(hsc("Failed to initialize $servicename authentication service. Check credentials"), -1); 35 return null; 36 } 37 38 return $service; 39 } 40 41 /** 42 * The redirect URI used in all oAuth requests 43 * 44 * @return string 45 */ 46 public function redirectURI() 47 { 48 if ($this->getConf('custom-redirectURI') !== '') { 49 return $this->getConf('custom-redirectURI'); 50 } else { 51 return DOKU_URL . DOKU_SCRIPT; 52 } 53 } 54 55 /** 56 * List available Services 57 * 58 * @param bool $enabledonly list only services that have been configured 59 * @triggers PLUGIN_OAUTH_BACKEND_REGISTER 60 * @return Service[] list of service objects 61 */ 62 public function listServices($enabledonly = true) 63 { 64 $services = []; 65 $event = new Event('PLUGIN_OAUTH_BACKEND_REGISTER', $services); 66 $event->advise_before(false); 67 $event->advise_after(); 68 69 // filter out unconfigured services 70 if ($enabledonly) { 71 $services = array_filter($services, function ($service) { 72 /** @var Service $service */ 73 return (bool)$service->getKey(); 74 }); 75 } 76 77 return $services; 78 } 79 80 /** 81 * @return array 82 */ 83 public function getValidDomains() 84 { 85 if ($this->getConf('mailRestriction') === '') { 86 return array(); 87 } 88 $validDomains = explode(',', trim($this->getConf('mailRestriction'), ',')); 89 $validDomains = array_map('trim', $validDomains); 90 return $validDomains; 91 } 92 93 /** 94 * @param string $mail 95 * 96 * @return bool 97 */ 98 public function checkMail($mail) 99 { 100 $hostedDomains = $this->getValidDomains(); 101 102 foreach ($hostedDomains as $validDomain) { 103 if (substr($mail, -strlen($validDomain)) === $validDomain) { 104 return true; 105 } 106 } 107 return false; 108 } 109 110 /** 111 * @param array $session cookie auth session 112 * 113 * @return bool 114 */ 115 public function validBrowserID($session) 116 { 117 return $session['buid'] == auth_browseruid(); 118 } 119 120 /** 121 * @param array $session cookie auth session 122 * 123 * @return bool 124 */ 125 public function isSessionTimedOut($session) 126 { 127 global $conf; 128 return $session['time'] < time() - $conf['auth_security_timeout']; 129 } 130 131 /** 132 * @return bool 133 */ 134 public function isGETRequest() 135 { 136 global $INPUT; 137 return $INPUT->server->str('REQUEST_METHOD') === 'GET'; 138 } 139 140 /** 141 * check if we are handling a request to doku.php. Only doku.php defines $updateVersion 142 * 143 * @return bool 144 */ 145 public function isDokuPHP() 146 { 147 global $updateVersion; 148 return isset($updateVersion); 149 } 150 151 /** 152 * Display an exception to the user 153 * 154 * @param Exception $e 155 * @param string $prefix - user friendly explanation if available 156 */ 157 public function showException(\Exception $e, $prefix = '') 158 { 159 global $conf; 160 msg('OAuth: ' . $prefix . ' ' . hsc($e->getMessage()), -1); 161 if ($conf['allowdebug']) { 162 msg('<pre>' . hsc($e->getTraceAsString()) . '</pre>', -1); 163 } 164 } 165} 166 167// vim:ts=4:sw=4:et: 168