179f39653SAndreas Gohr<?php 21078ec26SAndreas Gohr 31078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\ADClient; 41078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\Client; 51078ec26SAndreas Gohr 679f39653SAndreas Gohr/** 779f39653SAndreas Gohr * DokuWiki Plugin pureldap (Auth Component) 879f39653SAndreas Gohr * 979f39653SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 1079f39653SAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 1179f39653SAndreas Gohr */ 1279f39653SAndreas Gohrclass auth_plugin_pureldap extends DokuWiki_Auth_Plugin 1379f39653SAndreas Gohr{ 141078ec26SAndreas Gohr /** @var Client */ 151078ec26SAndreas Gohr protected $client; 1679f39653SAndreas Gohr 1779f39653SAndreas Gohr /** 1879f39653SAndreas Gohr * Constructor. 1979f39653SAndreas Gohr */ 2079f39653SAndreas Gohr public function __construct() 2179f39653SAndreas Gohr { 221078ec26SAndreas Gohr global $conf; 2379f39653SAndreas Gohr parent::__construct(); // for compatibility 2479f39653SAndreas Gohr 251078ec26SAndreas Gohr // prepare the base client 261078ec26SAndreas Gohr $this->loadConfig(); 271078ec26SAndreas Gohr $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']); 281078ec26SAndreas Gohr $this->conf['defaultgroup'] = $conf['defaultgroup']; 291078ec26SAndreas Gohr 301078ec26SAndreas Gohr $this->client = new ADClient($this->conf); // FIXME decide class on config 31*22654fdeSAndreas Gohr 32*22654fdeSAndreas Gohr // set capabilities 33*22654fdeSAndreas Gohr $this->cando['getUsers'] = true; 34*22654fdeSAndreas Gohr $this->cando['getGroups'] = true; 35*22654fdeSAndreas Gohr $this->cando['logout'] = !$this->client->getConf('sso'); 36*22654fdeSAndreas Gohr 3779f39653SAndreas Gohr $this->success = true; 3879f39653SAndreas Gohr } 3979f39653SAndreas Gohr 4079f39653SAndreas Gohr 4179f39653SAndreas Gohr /** 4279f39653SAndreas Gohr * Log off the current user [ OPTIONAL ] 4379f39653SAndreas Gohr */ 4479f39653SAndreas Gohr // public function logOff() 4579f39653SAndreas Gohr // { 4679f39653SAndreas Gohr // } 4779f39653SAndreas Gohr 4879f39653SAndreas Gohr /** 4979f39653SAndreas Gohr * Do all authentication [ OPTIONAL ] 5079f39653SAndreas Gohr * 5179f39653SAndreas Gohr * @param string $user Username 5279f39653SAndreas Gohr * @param string $pass Cleartext Password 5379f39653SAndreas Gohr * @param bool $sticky Cookie should not expire 5479f39653SAndreas Gohr * 5579f39653SAndreas Gohr * @return bool true on successful auth 5679f39653SAndreas Gohr */ 5779f39653SAndreas Gohr //public function trustExternal($user, $pass, $sticky = false) 5879f39653SAndreas Gohr //{ 5979f39653SAndreas Gohr /* some example: 6079f39653SAndreas Gohr 6179f39653SAndreas Gohr global $USERINFO; 6279f39653SAndreas Gohr global $conf; 6379f39653SAndreas Gohr $sticky ? $sticky = true : $sticky = false; //sanity check 6479f39653SAndreas Gohr 6579f39653SAndreas Gohr // do the checking here 6679f39653SAndreas Gohr 6779f39653SAndreas Gohr // set the globals if authed 6879f39653SAndreas Gohr $USERINFO['name'] = 'FIXME'; 6979f39653SAndreas Gohr $USERINFO['mail'] = 'FIXME'; 7079f39653SAndreas Gohr $USERINFO['grps'] = array('FIXME'); 7179f39653SAndreas Gohr $_SERVER['REMOTE_USER'] = $user; 7279f39653SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; 7379f39653SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; 7479f39653SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 7579f39653SAndreas Gohr return true; 7679f39653SAndreas Gohr 7779f39653SAndreas Gohr */ 7879f39653SAndreas Gohr //} 7979f39653SAndreas Gohr 801078ec26SAndreas Gohr /** @inheritDoc */ 8179f39653SAndreas Gohr public function checkPass($user, $pass) 8279f39653SAndreas Gohr { 83bf69b89cSAndreas Gohr global $INPUT; 84bf69b89cSAndreas Gohr 85bf69b89cSAndreas Gohr // when SSO is enabled, the login is autotriggered and we simply trust the environment 86bf69b89cSAndreas Gohr if ( 87*22654fdeSAndreas Gohr $this->client->getConf('sso') && 88bf69b89cSAndreas Gohr $INPUT->server->str('REMOTE_USER') !== '' && 89bf69b89cSAndreas Gohr $INPUT->server->str('REMOTE_USER') == $user 90bf69b89cSAndreas Gohr ) { 91bf69b89cSAndreas Gohr return true; 92bf69b89cSAndreas Gohr } 93bf69b89cSAndreas Gohr 941078ec26SAndreas Gohr // use a separate client from the default one, because this is not a superuser bind 951078ec26SAndreas Gohr $client = new ADClient($this->conf); // FIXME decide class on config 961078ec26SAndreas Gohr return $client->authenticate($user, $pass); 9779f39653SAndreas Gohr } 9879f39653SAndreas Gohr 991078ec26SAndreas Gohr /** @inheritDoc */ 10079f39653SAndreas Gohr public function getUserData($user, $requireGroups = true) 10179f39653SAndreas Gohr { 1025a3b9122SAndreas Gohr $info = $this->client->getCachedUser($user, $requireGroups); 1031078ec26SAndreas Gohr return $info ?: false; 10479f39653SAndreas Gohr } 10579f39653SAndreas Gohr 10679f39653SAndreas Gohr /** 10779f39653SAndreas Gohr * Create a new User [implement only where required/possible] 10879f39653SAndreas Gohr * 10979f39653SAndreas Gohr * Returns false if the user already exists, null when an error 11079f39653SAndreas Gohr * occurred and true if everything went well. 11179f39653SAndreas Gohr * 11279f39653SAndreas Gohr * The new user HAS TO be added to the default group by this 11379f39653SAndreas Gohr * function! 11479f39653SAndreas Gohr * 11579f39653SAndreas Gohr * Set addUser capability when implemented 11679f39653SAndreas Gohr * 11779f39653SAndreas Gohr * @param string $user 11879f39653SAndreas Gohr * @param string $pass 11979f39653SAndreas Gohr * @param string $name 12079f39653SAndreas Gohr * @param string $mail 12179f39653SAndreas Gohr * @param null|array $grps 12279f39653SAndreas Gohr * 12379f39653SAndreas Gohr * @return bool|null 12479f39653SAndreas Gohr */ 12579f39653SAndreas Gohr //public function createUser($user, $pass, $name, $mail, $grps = null) 12679f39653SAndreas Gohr //{ 12779f39653SAndreas Gohr // FIXME implement 12879f39653SAndreas Gohr // return null; 12979f39653SAndreas Gohr //} 13079f39653SAndreas Gohr 13179f39653SAndreas Gohr /** 13279f39653SAndreas Gohr * Modify user data [implement only where required/possible] 13379f39653SAndreas Gohr * 13479f39653SAndreas Gohr * Set the mod* capabilities according to the implemented features 13579f39653SAndreas Gohr * 13679f39653SAndreas Gohr * @param string $user nick of the user to be changed 13779f39653SAndreas Gohr * @param array $changes array of field/value pairs to be changed (password will be clear text) 13879f39653SAndreas Gohr * 13979f39653SAndreas Gohr * @return bool 14079f39653SAndreas Gohr */ 14179f39653SAndreas Gohr //public function modifyUser($user, $changes) 14279f39653SAndreas Gohr //{ 14379f39653SAndreas Gohr // FIXME implement 14479f39653SAndreas Gohr // return false; 14579f39653SAndreas Gohr //} 14679f39653SAndreas Gohr 14779f39653SAndreas Gohr /** 14879f39653SAndreas Gohr * Delete one or more users [implement only where required/possible] 14979f39653SAndreas Gohr * 15079f39653SAndreas Gohr * Set delUser capability when implemented 15179f39653SAndreas Gohr * 15279f39653SAndreas Gohr * @param array $users 15379f39653SAndreas Gohr * 15479f39653SAndreas Gohr * @return int number of users deleted 15579f39653SAndreas Gohr */ 15679f39653SAndreas Gohr //public function deleteUsers($users) 15779f39653SAndreas Gohr //{ 15879f39653SAndreas Gohr // FIXME implement 15979f39653SAndreas Gohr // return false; 16079f39653SAndreas Gohr //} 16179f39653SAndreas Gohr 16285916a2dSAndreas Gohr /** @inheritDoc */ 163b21740b4SAndreas Gohr public function retrieveUsers($start = 0, $limit = 0, $filter = null) 164b21740b4SAndreas Gohr { 16585916a2dSAndreas Gohr return array_slice( 16685916a2dSAndreas Gohr $this->client->getFilteredUsers( 16785916a2dSAndreas Gohr $filter, 16885916a2dSAndreas Gohr $this->filterType2FilterMethod('contains') 16985916a2dSAndreas Gohr ), 17085916a2dSAndreas Gohr $start, 17185916a2dSAndreas Gohr $limit); 172b21740b4SAndreas Gohr } 17379f39653SAndreas Gohr 17479f39653SAndreas Gohr /** 17579f39653SAndreas Gohr * Define a group [implement only where required/possible] 17679f39653SAndreas Gohr * 17779f39653SAndreas Gohr * Set addGroup capability when implemented 17879f39653SAndreas Gohr * 17979f39653SAndreas Gohr * @param string $group 18079f39653SAndreas Gohr * 18179f39653SAndreas Gohr * @return bool 18279f39653SAndreas Gohr */ 18379f39653SAndreas Gohr //public function addGroup($group) 18479f39653SAndreas Gohr //{ 18579f39653SAndreas Gohr // FIXME implement 18679f39653SAndreas Gohr // return false; 18779f39653SAndreas Gohr //} 18879f39653SAndreas Gohr 189b21740b4SAndreas Gohr /** @inheritDoc */ 190b21740b4SAndreas Gohr public function retrieveGroups($start = 0, $limit = 0) 191b21740b4SAndreas Gohr { 192b21740b4SAndreas Gohr return array_slice($this->client->getCachedGroups(), $start, $limit); 193b21740b4SAndreas Gohr } 19479f39653SAndreas Gohr 1956d90d5c8SAndreas Gohr /** @inheritDoc */ 19679f39653SAndreas Gohr public function isCaseSensitive() 19779f39653SAndreas Gohr { 1986d90d5c8SAndreas Gohr return false; 19979f39653SAndreas Gohr } 20079f39653SAndreas Gohr 20179f39653SAndreas Gohr /** 20279f39653SAndreas Gohr * Sanitize a given username 20379f39653SAndreas Gohr * 20479f39653SAndreas Gohr * This function is applied to any user name that is given to 20579f39653SAndreas Gohr * the backend and should also be applied to any user name within 20679f39653SAndreas Gohr * the backend before returning it somewhere. 20779f39653SAndreas Gohr * 20879f39653SAndreas Gohr * This should be used to enforce username restrictions. 20979f39653SAndreas Gohr * 21079f39653SAndreas Gohr * @param string $user username 21179f39653SAndreas Gohr * @return string the cleaned username 21279f39653SAndreas Gohr */ 21379f39653SAndreas Gohr public function cleanUser($user) 21479f39653SAndreas Gohr { 215a1128cc0SAndreas Gohr return $this->client->cleanUser($user); 21679f39653SAndreas Gohr } 21779f39653SAndreas Gohr 21879f39653SAndreas Gohr /** 21979f39653SAndreas Gohr * Sanitize a given groupname 22079f39653SAndreas Gohr * 22179f39653SAndreas Gohr * This function is applied to any groupname that is given to 22279f39653SAndreas Gohr * the backend and should also be applied to any groupname within 22379f39653SAndreas Gohr * the backend before returning it somewhere. 22479f39653SAndreas Gohr * 22579f39653SAndreas Gohr * This should be used to enforce groupname restrictions. 22679f39653SAndreas Gohr * 22779f39653SAndreas Gohr * Groupnames are to be passed without a leading '@' here. 22879f39653SAndreas Gohr * 22979f39653SAndreas Gohr * @param string $group groupname 23079f39653SAndreas Gohr * 23179f39653SAndreas Gohr * @return string the cleaned groupname 23279f39653SAndreas Gohr */ 23379f39653SAndreas Gohr public function cleanGroup($group) 23479f39653SAndreas Gohr { 23579f39653SAndreas Gohr return $group; 23679f39653SAndreas Gohr } 23779f39653SAndreas Gohr 2386d90d5c8SAndreas Gohr /** @inheritDoc */ 2391078ec26SAndreas Gohr public function useSessionCache($user) 2401078ec26SAndreas Gohr { 2416d90d5c8SAndreas Gohr return true; 2421078ec26SAndreas Gohr } 243b21740b4SAndreas Gohr 244b21740b4SAndreas Gohr /** 245b21740b4SAndreas Gohr * Convert DokuWiki filter type to method in the library 246b21740b4SAndreas Gohr * 247b21740b4SAndreas Gohr * @todo implement with proper constants once #3028 has been implemented 248b21740b4SAndreas Gohr * @param string $type 249b21740b4SAndreas Gohr * @return string 250b21740b4SAndreas Gohr */ 25185916a2dSAndreas Gohr protected function filterType2FilterMethod($type) 25285916a2dSAndreas Gohr { 253b21740b4SAndreas Gohr $filtermethods = [ 254b21740b4SAndreas Gohr 'contains' => 'contains', 255b21740b4SAndreas Gohr 'startswith' => 'startsWith', 256b21740b4SAndreas Gohr 'endswith' => 'endsWith', 25785916a2dSAndreas Gohr 'equals' => 'equals', 258b21740b4SAndreas Gohr ]; 259b21740b4SAndreas Gohr 260b21740b4SAndreas Gohr if (isset($filtermethods[$type])) { 261b21740b4SAndreas Gohr return $filtermethods[$type]; 262b21740b4SAndreas Gohr } 263b21740b4SAndreas Gohr 264b21740b4SAndreas Gohr return 'equals'; 265b21740b4SAndreas Gohr } 26679f39653SAndreas Gohr} 26779f39653SAndreas Gohr 268