179f39653SAndreas Gohr<?php 21078ec26SAndreas Gohr 31078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\ADClient; 41078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\Client; 51078ec26SAndreas Gohr 679f39653SAndreas Gohr/** 779f39653SAndreas Gohr * DokuWiki Plugin pureldap (Auth Component) 879f39653SAndreas Gohr * 979f39653SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 1079f39653SAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 1179f39653SAndreas Gohr */ 1279f39653SAndreas Gohrclass auth_plugin_pureldap extends DokuWiki_Auth_Plugin 1379f39653SAndreas Gohr{ 141078ec26SAndreas Gohr /** @var Client */ 151078ec26SAndreas Gohr protected $client; 1679f39653SAndreas Gohr 1779f39653SAndreas Gohr /** 1879f39653SAndreas Gohr * Constructor. 1979f39653SAndreas Gohr */ 2079f39653SAndreas Gohr public function __construct() 2179f39653SAndreas Gohr { 221078ec26SAndreas Gohr global $conf; 2379f39653SAndreas Gohr parent::__construct(); // for compatibility 2479f39653SAndreas Gohr 2585916a2dSAndreas Gohr $this->cando['getUsers'] = true; 2685916a2dSAndreas Gohr $this->cando['getGroups'] = true; 2779f39653SAndreas Gohr 281078ec26SAndreas Gohr // prepare the base client 291078ec26SAndreas Gohr $this->loadConfig(); 301078ec26SAndreas Gohr $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']); 311078ec26SAndreas Gohr $this->conf['defaultgroup'] = $conf['defaultgroup']; 321078ec26SAndreas Gohr 331078ec26SAndreas Gohr $this->client = new ADClient($this->conf); // FIXME decide class on config 3479f39653SAndreas Gohr $this->success = true; 3579f39653SAndreas Gohr } 3679f39653SAndreas Gohr 3779f39653SAndreas Gohr 3879f39653SAndreas Gohr /** 3979f39653SAndreas Gohr * Log off the current user [ OPTIONAL ] 4079f39653SAndreas Gohr */ 4179f39653SAndreas Gohr // public function logOff() 4279f39653SAndreas Gohr // { 4379f39653SAndreas Gohr // } 4479f39653SAndreas Gohr 4579f39653SAndreas Gohr /** 4679f39653SAndreas Gohr * Do all authentication [ OPTIONAL ] 4779f39653SAndreas Gohr * 4879f39653SAndreas Gohr * @param string $user Username 4979f39653SAndreas Gohr * @param string $pass Cleartext Password 5079f39653SAndreas Gohr * @param bool $sticky Cookie should not expire 5179f39653SAndreas Gohr * 5279f39653SAndreas Gohr * @return bool true on successful auth 5379f39653SAndreas Gohr */ 5479f39653SAndreas Gohr //public function trustExternal($user, $pass, $sticky = false) 5579f39653SAndreas Gohr //{ 5679f39653SAndreas Gohr /* some example: 5779f39653SAndreas Gohr 5879f39653SAndreas Gohr global $USERINFO; 5979f39653SAndreas Gohr global $conf; 6079f39653SAndreas Gohr $sticky ? $sticky = true : $sticky = false; //sanity check 6179f39653SAndreas Gohr 6279f39653SAndreas Gohr // do the checking here 6379f39653SAndreas Gohr 6479f39653SAndreas Gohr // set the globals if authed 6579f39653SAndreas Gohr $USERINFO['name'] = 'FIXME'; 6679f39653SAndreas Gohr $USERINFO['mail'] = 'FIXME'; 6779f39653SAndreas Gohr $USERINFO['grps'] = array('FIXME'); 6879f39653SAndreas Gohr $_SERVER['REMOTE_USER'] = $user; 6979f39653SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; 7079f39653SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; 7179f39653SAndreas Gohr $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; 7279f39653SAndreas Gohr return true; 7379f39653SAndreas Gohr 7479f39653SAndreas Gohr */ 7579f39653SAndreas Gohr //} 7679f39653SAndreas Gohr 771078ec26SAndreas Gohr /** @inheritDoc */ 7879f39653SAndreas Gohr public function checkPass($user, $pass) 7979f39653SAndreas Gohr { 80*bf69b89cSAndreas Gohr global $INPUT; 81*bf69b89cSAndreas Gohr 82*bf69b89cSAndreas Gohr // when SSO is enabled, the login is autotriggered and we simply trust the environment 83*bf69b89cSAndreas Gohr if ( 84*bf69b89cSAndreas Gohr $this->conf['sso'] && 85*bf69b89cSAndreas Gohr $INPUT->server->str('REMOTE_USER') !== '' && 86*bf69b89cSAndreas Gohr $INPUT->server->str('REMOTE_USER') == $user 87*bf69b89cSAndreas Gohr ) { 88*bf69b89cSAndreas Gohr return true; 89*bf69b89cSAndreas Gohr } 90*bf69b89cSAndreas Gohr 911078ec26SAndreas Gohr // use a separate client from the default one, because this is not a superuser bind 921078ec26SAndreas Gohr $client = new ADClient($this->conf); // FIXME decide class on config 931078ec26SAndreas Gohr return $client->authenticate($user, $pass); 9479f39653SAndreas Gohr } 9579f39653SAndreas Gohr 961078ec26SAndreas Gohr /** @inheritDoc */ 9779f39653SAndreas Gohr public function getUserData($user, $requireGroups = true) 9879f39653SAndreas Gohr { 995a3b9122SAndreas Gohr $info = $this->client->getCachedUser($user, $requireGroups); 1001078ec26SAndreas Gohr return $info ?: false; 10179f39653SAndreas Gohr } 10279f39653SAndreas Gohr 10379f39653SAndreas Gohr /** 10479f39653SAndreas Gohr * Create a new User [implement only where required/possible] 10579f39653SAndreas Gohr * 10679f39653SAndreas Gohr * Returns false if the user already exists, null when an error 10779f39653SAndreas Gohr * occurred and true if everything went well. 10879f39653SAndreas Gohr * 10979f39653SAndreas Gohr * The new user HAS TO be added to the default group by this 11079f39653SAndreas Gohr * function! 11179f39653SAndreas Gohr * 11279f39653SAndreas Gohr * Set addUser capability when implemented 11379f39653SAndreas Gohr * 11479f39653SAndreas Gohr * @param string $user 11579f39653SAndreas Gohr * @param string $pass 11679f39653SAndreas Gohr * @param string $name 11779f39653SAndreas Gohr * @param string $mail 11879f39653SAndreas Gohr * @param null|array $grps 11979f39653SAndreas Gohr * 12079f39653SAndreas Gohr * @return bool|null 12179f39653SAndreas Gohr */ 12279f39653SAndreas Gohr //public function createUser($user, $pass, $name, $mail, $grps = null) 12379f39653SAndreas Gohr //{ 12479f39653SAndreas Gohr // FIXME implement 12579f39653SAndreas Gohr // return null; 12679f39653SAndreas Gohr //} 12779f39653SAndreas Gohr 12879f39653SAndreas Gohr /** 12979f39653SAndreas Gohr * Modify user data [implement only where required/possible] 13079f39653SAndreas Gohr * 13179f39653SAndreas Gohr * Set the mod* capabilities according to the implemented features 13279f39653SAndreas Gohr * 13379f39653SAndreas Gohr * @param string $user nick of the user to be changed 13479f39653SAndreas Gohr * @param array $changes array of field/value pairs to be changed (password will be clear text) 13579f39653SAndreas Gohr * 13679f39653SAndreas Gohr * @return bool 13779f39653SAndreas Gohr */ 13879f39653SAndreas Gohr //public function modifyUser($user, $changes) 13979f39653SAndreas Gohr //{ 14079f39653SAndreas Gohr // FIXME implement 14179f39653SAndreas Gohr // return false; 14279f39653SAndreas Gohr //} 14379f39653SAndreas Gohr 14479f39653SAndreas Gohr /** 14579f39653SAndreas Gohr * Delete one or more users [implement only where required/possible] 14679f39653SAndreas Gohr * 14779f39653SAndreas Gohr * Set delUser capability when implemented 14879f39653SAndreas Gohr * 14979f39653SAndreas Gohr * @param array $users 15079f39653SAndreas Gohr * 15179f39653SAndreas Gohr * @return int number of users deleted 15279f39653SAndreas Gohr */ 15379f39653SAndreas Gohr //public function deleteUsers($users) 15479f39653SAndreas Gohr //{ 15579f39653SAndreas Gohr // FIXME implement 15679f39653SAndreas Gohr // return false; 15779f39653SAndreas Gohr //} 15879f39653SAndreas Gohr 15985916a2dSAndreas Gohr /** @inheritDoc */ 160b21740b4SAndreas Gohr public function retrieveUsers($start = 0, $limit = 0, $filter = null) 161b21740b4SAndreas Gohr { 16285916a2dSAndreas Gohr return array_slice( 16385916a2dSAndreas Gohr $this->client->getFilteredUsers( 16485916a2dSAndreas Gohr $filter, 16585916a2dSAndreas Gohr $this->filterType2FilterMethod('contains') 16685916a2dSAndreas Gohr ), 16785916a2dSAndreas Gohr $start, 16885916a2dSAndreas Gohr $limit); 169b21740b4SAndreas Gohr } 17079f39653SAndreas Gohr 17179f39653SAndreas Gohr /** 17279f39653SAndreas Gohr * Define a group [implement only where required/possible] 17379f39653SAndreas Gohr * 17479f39653SAndreas Gohr * Set addGroup capability when implemented 17579f39653SAndreas Gohr * 17679f39653SAndreas Gohr * @param string $group 17779f39653SAndreas Gohr * 17879f39653SAndreas Gohr * @return bool 17979f39653SAndreas Gohr */ 18079f39653SAndreas Gohr //public function addGroup($group) 18179f39653SAndreas Gohr //{ 18279f39653SAndreas Gohr // FIXME implement 18379f39653SAndreas Gohr // return false; 18479f39653SAndreas Gohr //} 18579f39653SAndreas Gohr 186b21740b4SAndreas Gohr /** @inheritDoc */ 187b21740b4SAndreas Gohr public function retrieveGroups($start = 0, $limit = 0) 188b21740b4SAndreas Gohr { 189b21740b4SAndreas Gohr return array_slice($this->client->getCachedGroups(), $start, $limit); 190b21740b4SAndreas Gohr } 19179f39653SAndreas Gohr 1926d90d5c8SAndreas Gohr /** @inheritDoc */ 19379f39653SAndreas Gohr public function isCaseSensitive() 19479f39653SAndreas Gohr { 1956d90d5c8SAndreas Gohr return false; 19679f39653SAndreas Gohr } 19779f39653SAndreas Gohr 19879f39653SAndreas Gohr /** 19979f39653SAndreas Gohr * Sanitize a given username 20079f39653SAndreas Gohr * 20179f39653SAndreas Gohr * This function is applied to any user name that is given to 20279f39653SAndreas Gohr * the backend and should also be applied to any user name within 20379f39653SAndreas Gohr * the backend before returning it somewhere. 20479f39653SAndreas Gohr * 20579f39653SAndreas Gohr * This should be used to enforce username restrictions. 20679f39653SAndreas Gohr * 20779f39653SAndreas Gohr * @param string $user username 20879f39653SAndreas Gohr * @return string the cleaned username 20979f39653SAndreas Gohr */ 21079f39653SAndreas Gohr public function cleanUser($user) 21179f39653SAndreas Gohr { 212a1128cc0SAndreas Gohr return $this->client->cleanUser($user); 21379f39653SAndreas Gohr } 21479f39653SAndreas Gohr 21579f39653SAndreas Gohr /** 21679f39653SAndreas Gohr * Sanitize a given groupname 21779f39653SAndreas Gohr * 21879f39653SAndreas Gohr * This function is applied to any groupname that is given to 21979f39653SAndreas Gohr * the backend and should also be applied to any groupname within 22079f39653SAndreas Gohr * the backend before returning it somewhere. 22179f39653SAndreas Gohr * 22279f39653SAndreas Gohr * This should be used to enforce groupname restrictions. 22379f39653SAndreas Gohr * 22479f39653SAndreas Gohr * Groupnames are to be passed without a leading '@' here. 22579f39653SAndreas Gohr * 22679f39653SAndreas Gohr * @param string $group groupname 22779f39653SAndreas Gohr * 22879f39653SAndreas Gohr * @return string the cleaned groupname 22979f39653SAndreas Gohr */ 23079f39653SAndreas Gohr public function cleanGroup($group) 23179f39653SAndreas Gohr { 23279f39653SAndreas Gohr return $group; 23379f39653SAndreas Gohr } 23479f39653SAndreas Gohr 2356d90d5c8SAndreas Gohr /** @inheritDoc */ 2361078ec26SAndreas Gohr public function useSessionCache($user) 2371078ec26SAndreas Gohr { 2386d90d5c8SAndreas Gohr return true; 2391078ec26SAndreas Gohr } 240b21740b4SAndreas Gohr 241b21740b4SAndreas Gohr /** 242b21740b4SAndreas Gohr * Convert DokuWiki filter type to method in the library 243b21740b4SAndreas Gohr * 244b21740b4SAndreas Gohr * @todo implement with proper constants once #3028 has been implemented 245b21740b4SAndreas Gohr * @param string $type 246b21740b4SAndreas Gohr * @return string 247b21740b4SAndreas Gohr */ 24885916a2dSAndreas Gohr protected function filterType2FilterMethod($type) 24985916a2dSAndreas Gohr { 250b21740b4SAndreas Gohr $filtermethods = [ 251b21740b4SAndreas Gohr 'contains' => 'contains', 252b21740b4SAndreas Gohr 'startswith' => 'startsWith', 253b21740b4SAndreas Gohr 'endswith' => 'endsWith', 25485916a2dSAndreas Gohr 'equals' => 'equals', 255b21740b4SAndreas Gohr ]; 256b21740b4SAndreas Gohr 257b21740b4SAndreas Gohr if (isset($filtermethods[$type])) { 258b21740b4SAndreas Gohr return $filtermethods[$type]; 259b21740b4SAndreas Gohr } 260b21740b4SAndreas Gohr 261b21740b4SAndreas Gohr return 'equals'; 262b21740b4SAndreas Gohr } 26379f39653SAndreas Gohr} 26479f39653SAndreas Gohr 265