xref: /plugin/pureldap/auth.php (revision 49b4734aee448aa81e331b6d0cad7fd8e0888c82) 
179f39653SAndreas Gohr<?php
21078ec26SAndreas Gohr
31078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\ADClient;
41078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\Client;
51078ec26SAndreas Gohr
679f39653SAndreas Gohr/**
779f39653SAndreas Gohr * DokuWiki Plugin pureldap (Auth Component)
879f39653SAndreas Gohr *
979f39653SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
1079f39653SAndreas Gohr * @author  Andreas Gohr <andi@splitbrain.org>
1179f39653SAndreas Gohr */
1279f39653SAndreas Gohrclass auth_plugin_pureldap extends DokuWiki_Auth_Plugin
1379f39653SAndreas Gohr{
141078ec26SAndreas Gohr    /** @var Client */
151078ec26SAndreas Gohr    protected $client;
1679f39653SAndreas Gohr
1779f39653SAndreas Gohr    /**
1879f39653SAndreas Gohr     * Constructor.
1979f39653SAndreas Gohr     */
2079f39653SAndreas Gohr    public function __construct()
2179f39653SAndreas Gohr    {
221078ec26SAndreas Gohr        global $conf;
2379f39653SAndreas Gohr        parent::__construct(); // for compatibility
2479f39653SAndreas Gohr
251078ec26SAndreas Gohr        // prepare the base client
261078ec26SAndreas Gohr        $this->loadConfig();
271078ec26SAndreas Gohr        $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']);
281078ec26SAndreas Gohr        $this->conf['defaultgroup'] = $conf['defaultgroup'];
291078ec26SAndreas Gohr
301078ec26SAndreas Gohr        $this->client = new ADClient($this->conf); // FIXME decide class on config
3122654fdeSAndreas Gohr
3222654fdeSAndreas Gohr        // set capabilities
3322654fdeSAndreas Gohr        $this->cando['getUsers'] = true;
3422654fdeSAndreas Gohr        $this->cando['getGroups'] = true;
3522654fdeSAndreas Gohr        $this->cando['logout'] = !$this->client->getConf('sso');
3622654fdeSAndreas Gohr
3779f39653SAndreas Gohr        $this->success = true;
3879f39653SAndreas Gohr    }
3979f39653SAndreas Gohr
401078ec26SAndreas Gohr    /** @inheritDoc */
4179f39653SAndreas Gohr    public function checkPass($user, $pass)
4279f39653SAndreas Gohr    {
43bf69b89cSAndreas Gohr        global $INPUT;
44bf69b89cSAndreas Gohr
45bf69b89cSAndreas Gohr        // when SSO is enabled, the login is autotriggered and we simply trust the environment
46bf69b89cSAndreas Gohr        if (
4722654fdeSAndreas Gohr            $this->client->getConf('sso') &&
48bf69b89cSAndreas Gohr            $INPUT->server->str('REMOTE_USER') !== '' &&
49bf69b89cSAndreas Gohr            $INPUT->server->str('REMOTE_USER') == $user
50bf69b89cSAndreas Gohr        ) {
51bf69b89cSAndreas Gohr            return true;
52bf69b89cSAndreas Gohr        }
53bf69b89cSAndreas Gohr
541078ec26SAndreas Gohr        // use a separate client from the default one, because this is not a superuser bind
551078ec26SAndreas Gohr        $client = new ADClient($this->conf); // FIXME decide class on config
561078ec26SAndreas Gohr        return $client->authenticate($user, $pass);
5779f39653SAndreas Gohr    }
5879f39653SAndreas Gohr
591078ec26SAndreas Gohr    /** @inheritDoc */
6079f39653SAndreas Gohr    public function getUserData($user, $requireGroups = true)
6179f39653SAndreas Gohr    {
625a3b9122SAndreas Gohr        $info = $this->client->getCachedUser($user, $requireGroups);
631078ec26SAndreas Gohr        return $info ?: false;
6479f39653SAndreas Gohr    }
6579f39653SAndreas Gohr
66*49b4734aSAndreas Gohr    /**
67*49b4734aSAndreas Gohr     * @inheritDoc
68*49b4734aSAndreas Gohr     */
69b21740b4SAndreas Gohr    public function retrieveUsers($start = 0, $limit = 0, $filter = null)
70b21740b4SAndreas Gohr    {
7185916a2dSAndreas Gohr        return array_slice(
7285916a2dSAndreas Gohr            $this->client->getFilteredUsers(
7385916a2dSAndreas Gohr                $filter,
74*49b4734aSAndreas Gohr                Client::FILTER_CONTAINS
7585916a2dSAndreas Gohr            ),
7685916a2dSAndreas Gohr            $start,
7785916a2dSAndreas Gohr            $limit);
78b21740b4SAndreas Gohr    }
7979f39653SAndreas Gohr
80b21740b4SAndreas Gohr    /** @inheritDoc */
81b21740b4SAndreas Gohr    public function retrieveGroups($start = 0, $limit = 0)
82b21740b4SAndreas Gohr    {
83b21740b4SAndreas Gohr        return array_slice($this->client->getCachedGroups(), $start, $limit);
84b21740b4SAndreas Gohr    }
8579f39653SAndreas Gohr
866d90d5c8SAndreas Gohr    /** @inheritDoc */
8779f39653SAndreas Gohr    public function isCaseSensitive()
8879f39653SAndreas Gohr    {
896d90d5c8SAndreas Gohr        return false;
9079f39653SAndreas Gohr    }
9179f39653SAndreas Gohr
925da7f46bSAndreas Gohr    /** @inheritDoc */
9379f39653SAndreas Gohr    public function cleanUser($user)
9479f39653SAndreas Gohr    {
95a1128cc0SAndreas Gohr        return $this->client->cleanUser($user);
9679f39653SAndreas Gohr    }
9779f39653SAndreas Gohr
985da7f46bSAndreas Gohr    /** @inheritDoc */
9979f39653SAndreas Gohr    public function cleanGroup($group)
10079f39653SAndreas Gohr    {
10179f39653SAndreas Gohr        return $group;
10279f39653SAndreas Gohr    }
10379f39653SAndreas Gohr
1046d90d5c8SAndreas Gohr    /** @inheritDoc */
1051078ec26SAndreas Gohr    public function useSessionCache($user)
1061078ec26SAndreas Gohr    {
1076d90d5c8SAndreas Gohr        return true;
1081078ec26SAndreas Gohr    }
109b21740b4SAndreas Gohr}
110