xref: /plugin/pureldap/auth.php (revision 0f498d06932ad0cbbdcc8844b96d4913174c7968) 
1<?php
2
3use dokuwiki\plugin\pureldap\classes\ADClient;
4use dokuwiki\plugin\pureldap\classes\Client;
5
6/**
7 * DokuWiki Plugin pureldap (Auth Component)
8 *
9 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
10 * @author  Andreas Gohr <andi@splitbrain.org>
11 */
12class auth_plugin_pureldap extends DokuWiki_Auth_Plugin
13{
14    /** @var Client */
15    public $client;
16
17    /**
18     * Constructor.
19     */
20    public function __construct()
21    {
22        global $conf;
23        parent::__construct(); // for compatibility
24
25        // prepare the base client
26        $this->loadConfig();
27        $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']);
28        $this->conf['defaultgroup'] = $conf['defaultgroup'];
29
30        $this->client = new ADClient($this->conf); // FIXME decide class on config
31
32        // set capabilities
33        $this->cando['getUsers'] = true;
34        $this->cando['getGroups'] = true;
35        $this->cando['logout'] = !$this->client->getConf('sso');
36        if($this->client->getConf('encryption') !== 'none') {
37            // with encryption passwords can be changed
38            // for resetting passwords a privileged user is needed
39            $this->cando['modPass'] = true;
40        }
41
42
43        $this->success = true;
44    }
45
46    /** @inheritDoc */
47    public function checkPass($user, $pass)
48    {
49        global $INPUT;
50
51        // when SSO is enabled, the login is autotriggered and we simply trust the environment
52        if (
53            $this->client->getConf('sso') &&
54            $INPUT->server->str('REMOTE_USER') !== '' &&
55            $INPUT->server->str('REMOTE_USER') == $user
56        ) {
57            return true;
58        }
59
60        // try to bind with the user credentials, client will stay authenticated as user
61        $this->client = new ADClient($this->conf); // FIXME decide class on config
62        return $this->client->authenticate($user, $pass);
63    }
64
65    /** @inheritDoc */
66    public function getUserData($user, $requireGroups = true)
67    {
68        $info = $this->client->getCachedUser($user, $requireGroups);
69        return $info ?: false;
70    }
71
72    /**
73     * @inheritDoc
74     */
75    public function retrieveUsers($start = 0, $limit = 0, $filter = null)
76    {
77        return array_slice(
78            $this->client->getFilteredUsers(
79                $filter,
80                Client::FILTER_CONTAINS
81            ),
82            $start,
83            $limit);
84    }
85
86    /** @inheritDoc */
87    public function retrieveGroups($start = 0, $limit = 0)
88    {
89        return array_slice($this->client->getCachedGroups(), $start, $limit);
90    }
91
92    /** @inheritDoc */
93    public function isCaseSensitive()
94    {
95        return false;
96    }
97
98    /** @inheritDoc */
99    public function cleanUser($user)
100    {
101        return $this->client->cleanUser($user);
102    }
103
104    /** @inheritDoc */
105    public function cleanGroup($group)
106    {
107        return $group;
108    }
109
110    /** @inheritDoc */
111    public function useSessionCache($user)
112    {
113        return true;
114    }
115
116    /**
117     * Support password changing
118     * @inheritDoc
119     */
120    public function modifyUser($user, $changes)
121    {
122        if (empty($changes['pass'])) {
123            $this->client->error('Only password changes are supported', __FILE__, __LINE__);
124            return false;
125        }
126
127        global $INPUT;
128        return $this->client->setPassword($user, $changes['pass'], $INPUT->str('oldpass', null, true));
129    }
130
131}
132