179f39653SAndreas Gohr<?php 21078ec26SAndreas Gohr 3*208fe81aSAndreas Gohruse dokuwiki\Extension\AuthPlugin; 41078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\ADClient; 51078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\Client; 61078ec26SAndreas Gohr 779f39653SAndreas Gohr/** 879f39653SAndreas Gohr * DokuWiki Plugin pureldap (Auth Component) 979f39653SAndreas Gohr * 1079f39653SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 1179f39653SAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 1279f39653SAndreas Gohr */ 13*208fe81aSAndreas Gohrclass auth_plugin_pureldap extends AuthPlugin 1479f39653SAndreas Gohr{ 151078ec26SAndreas Gohr /** @var Client */ 160f498d06SAndreas Gohr public $client; 1779f39653SAndreas Gohr 1879f39653SAndreas Gohr /** 1979f39653SAndreas Gohr * Constructor. 2079f39653SAndreas Gohr */ 2179f39653SAndreas Gohr public function __construct() 2279f39653SAndreas Gohr { 231078ec26SAndreas Gohr global $conf; 2479f39653SAndreas Gohr parent::__construct(); // for compatibility 2579f39653SAndreas Gohr 261078ec26SAndreas Gohr // prepare the base client 271078ec26SAndreas Gohr $this->loadConfig(); 281078ec26SAndreas Gohr $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']); 291078ec26SAndreas Gohr $this->conf['defaultgroup'] = $conf['defaultgroup']; 301078ec26SAndreas Gohr 311078ec26SAndreas Gohr $this->client = new ADClient($this->conf); // FIXME decide class on config 3222654fdeSAndreas Gohr 3322654fdeSAndreas Gohr // set capabilities 3422654fdeSAndreas Gohr $this->cando['getUsers'] = true; 3522654fdeSAndreas Gohr $this->cando['getGroups'] = true; 3622654fdeSAndreas Gohr $this->cando['logout'] = !$this->client->getConf('sso'); 3708ace392SAndreas Gohr if ($this->client->getConf('encryption') !== 'none') { 3808ace392SAndreas Gohr // with encryption passwords can be changed 3908ace392SAndreas Gohr // for resetting passwords a privileged user is needed 4008ace392SAndreas Gohr $this->cando['modPass'] = true; 4108ace392SAndreas Gohr } 4208ace392SAndreas Gohr 4322654fdeSAndreas Gohr 4479f39653SAndreas Gohr $this->success = true; 4579f39653SAndreas Gohr } 4679f39653SAndreas Gohr 471078ec26SAndreas Gohr /** @inheritDoc */ 4879f39653SAndreas Gohr public function checkPass($user, $pass) 4979f39653SAndreas Gohr { 50bf69b89cSAndreas Gohr global $INPUT; 51bf69b89cSAndreas Gohr 52bf69b89cSAndreas Gohr // when SSO is enabled, the login is autotriggered and we simply trust the environment 53bf69b89cSAndreas Gohr if ( 5422654fdeSAndreas Gohr $this->client->getConf('sso') && 55bf69b89cSAndreas Gohr $INPUT->server->str('REMOTE_USER') !== '' && 56bf69b89cSAndreas Gohr $INPUT->server->str('REMOTE_USER') == $user 57bf69b89cSAndreas Gohr ) { 58bf69b89cSAndreas Gohr return true; 59bf69b89cSAndreas Gohr } 60bf69b89cSAndreas Gohr 6108ace392SAndreas Gohr // try to bind with the user credentials, client will stay authenticated as user 6208ace392SAndreas Gohr $this->client = new ADClient($this->conf); // FIXME decide class on config 6308ace392SAndreas Gohr return $this->client->authenticate($user, $pass); 6479f39653SAndreas Gohr } 6579f39653SAndreas Gohr 661078ec26SAndreas Gohr /** @inheritDoc */ 6779f39653SAndreas Gohr public function getUserData($user, $requireGroups = true) 6879f39653SAndreas Gohr { 695a3b9122SAndreas Gohr $info = $this->client->getCachedUser($user, $requireGroups); 701078ec26SAndreas Gohr return $info ?: false; 7179f39653SAndreas Gohr } 7279f39653SAndreas Gohr 7349b4734aSAndreas Gohr /** 7449b4734aSAndreas Gohr * @inheritDoc 7549b4734aSAndreas Gohr */ 76b21740b4SAndreas Gohr public function retrieveUsers($start = 0, $limit = 0, $filter = null) 77b21740b4SAndreas Gohr { 7885916a2dSAndreas Gohr return array_slice( 7985916a2dSAndreas Gohr $this->client->getFilteredUsers( 8085916a2dSAndreas Gohr $filter, 8149b4734aSAndreas Gohr Client::FILTER_CONTAINS 8285916a2dSAndreas Gohr ), 8385916a2dSAndreas Gohr $start, 84*208fe81aSAndreas Gohr $limit 85*208fe81aSAndreas Gohr ); 86b21740b4SAndreas Gohr } 8779f39653SAndreas Gohr 88b21740b4SAndreas Gohr /** @inheritDoc */ 89b21740b4SAndreas Gohr public function retrieveGroups($start = 0, $limit = 0) 90b21740b4SAndreas Gohr { 91b21740b4SAndreas Gohr return array_slice($this->client->getCachedGroups(), $start, $limit); 92b21740b4SAndreas Gohr } 9379f39653SAndreas Gohr 946d90d5c8SAndreas Gohr /** @inheritDoc */ 9579f39653SAndreas Gohr public function isCaseSensitive() 9679f39653SAndreas Gohr { 976d90d5c8SAndreas Gohr return false; 9879f39653SAndreas Gohr } 9979f39653SAndreas Gohr 1005da7f46bSAndreas Gohr /** @inheritDoc */ 10179f39653SAndreas Gohr public function cleanUser($user) 10279f39653SAndreas Gohr { 103a1128cc0SAndreas Gohr return $this->client->cleanUser($user); 10479f39653SAndreas Gohr } 10579f39653SAndreas Gohr 1065da7f46bSAndreas Gohr /** @inheritDoc */ 10779f39653SAndreas Gohr public function cleanGroup($group) 10879f39653SAndreas Gohr { 10979f39653SAndreas Gohr return $group; 11079f39653SAndreas Gohr } 11179f39653SAndreas Gohr 1126d90d5c8SAndreas Gohr /** @inheritDoc */ 1131078ec26SAndreas Gohr public function useSessionCache($user) 1141078ec26SAndreas Gohr { 1156d90d5c8SAndreas Gohr return true; 1161078ec26SAndreas Gohr } 11708ace392SAndreas Gohr 11808ace392SAndreas Gohr /** 11908ace392SAndreas Gohr * Support password changing 12008ace392SAndreas Gohr * @inheritDoc 12108ace392SAndreas Gohr */ 12208ace392SAndreas Gohr public function modifyUser($user, $changes) 12308ace392SAndreas Gohr { 12408ace392SAndreas Gohr if (empty($changes['pass'])) { 12508ace392SAndreas Gohr $this->client->error('Only password changes are supported', __FILE__, __LINE__); 12608ace392SAndreas Gohr return false; 12708ace392SAndreas Gohr } 12808ace392SAndreas Gohr 12908ace392SAndreas Gohr global $INPUT; 13008ace392SAndreas Gohr return $this->client->setPassword($user, $changes['pass'], $INPUT->str('oldpass', null, true)); 13108ace392SAndreas Gohr } 132b21740b4SAndreas Gohr} 133