xref: /plugin/pureldap/auth.php (revision 22654fdec35cb8c2bc6368625db77310d71208fb) 
1<?php
2
3use dokuwiki\plugin\pureldap\classes\ADClient;
4use dokuwiki\plugin\pureldap\classes\Client;
5
6/**
7 * DokuWiki Plugin pureldap (Auth Component)
8 *
9 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
10 * @author  Andreas Gohr <andi@splitbrain.org>
11 */
12class auth_plugin_pureldap extends DokuWiki_Auth_Plugin
13{
14    /** @var Client */
15    protected $client;
16
17    /**
18     * Constructor.
19     */
20    public function __construct()
21    {
22        global $conf;
23        parent::__construct(); // for compatibility
24
25        // prepare the base client
26        $this->loadConfig();
27        $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']);
28        $this->conf['defaultgroup'] = $conf['defaultgroup'];
29
30        $this->client = new ADClient($this->conf); // FIXME decide class on config
31
32        // set capabilities
33        $this->cando['getUsers'] = true;
34        $this->cando['getGroups'] = true;
35        $this->cando['logout'] = !$this->client->getConf('sso');
36
37        $this->success = true;
38    }
39
40
41    /**
42     * Log off the current user [ OPTIONAL ]
43     */
44    // public function logOff()
45    // {
46    // }
47
48    /**
49     * Do all authentication [ OPTIONAL ]
50     *
51     * @param string $user Username
52     * @param string $pass Cleartext Password
53     * @param bool $sticky Cookie should not expire
54     *
55     * @return  bool             true on successful auth
56     */
57    //public function trustExternal($user, $pass, $sticky = false)
58    //{
59    /* some example:
60
61    global $USERINFO;
62    global $conf;
63    $sticky ? $sticky = true : $sticky = false; //sanity check
64
65    // do the checking here
66
67    // set the globals if authed
68    $USERINFO['name'] = 'FIXME';
69    $USERINFO['mail'] = 'FIXME';
70    $USERINFO['grps'] = array('FIXME');
71    $_SERVER['REMOTE_USER'] = $user;
72    $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
73    $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
74    $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
75    return true;
76
77    */
78    //}
79
80    /** @inheritDoc */
81    public function checkPass($user, $pass)
82    {
83        global $INPUT;
84
85        // when SSO is enabled, the login is autotriggered and we simply trust the environment
86        if (
87            $this->client->getConf('sso') &&
88            $INPUT->server->str('REMOTE_USER') !== '' &&
89            $INPUT->server->str('REMOTE_USER') == $user
90        ) {
91            return true;
92        }
93
94        // use a separate client from the default one, because this is not a superuser bind
95        $client = new ADClient($this->conf); // FIXME decide class on config
96        return $client->authenticate($user, $pass);
97    }
98
99    /** @inheritDoc */
100    public function getUserData($user, $requireGroups = true)
101    {
102        $info = $this->client->getCachedUser($user, $requireGroups);
103        return $info ?: false;
104    }
105
106    /**
107     * Create a new User [implement only where required/possible]
108     *
109     * Returns false if the user already exists, null when an error
110     * occurred and true if everything went well.
111     *
112     * The new user HAS TO be added to the default group by this
113     * function!
114     *
115     * Set addUser capability when implemented
116     *
117     * @param string $user
118     * @param string $pass
119     * @param string $name
120     * @param string $mail
121     * @param null|array $grps
122     *
123     * @return bool|null
124     */
125    //public function createUser($user, $pass, $name, $mail, $grps = null)
126    //{
127    // FIXME implement
128    //    return null;
129    //}
130
131    /**
132     * Modify user data [implement only where required/possible]
133     *
134     * Set the mod* capabilities according to the implemented features
135     *
136     * @param string $user nick of the user to be changed
137     * @param array $changes array of field/value pairs to be changed (password will be clear text)
138     *
139     * @return  bool
140     */
141    //public function modifyUser($user, $changes)
142    //{
143    // FIXME implement
144    //    return false;
145    //}
146
147    /**
148     * Delete one or more users [implement only where required/possible]
149     *
150     * Set delUser capability when implemented
151     *
152     * @param array $users
153     *
154     * @return  int    number of users deleted
155     */
156    //public function deleteUsers($users)
157    //{
158    // FIXME implement
159    //    return false;
160    //}
161
162    /** @inheritDoc */
163    public function retrieveUsers($start = 0, $limit = 0, $filter = null)
164    {
165        return array_slice(
166            $this->client->getFilteredUsers(
167                $filter,
168                $this->filterType2FilterMethod('contains')
169            ),
170            $start,
171            $limit);
172    }
173
174    /**
175     * Define a group [implement only where required/possible]
176     *
177     * Set addGroup capability when implemented
178     *
179     * @param string $group
180     *
181     * @return  bool
182     */
183    //public function addGroup($group)
184    //{
185    // FIXME implement
186    //    return false;
187    //}
188
189    /** @inheritDoc */
190    public function retrieveGroups($start = 0, $limit = 0)
191    {
192        return array_slice($this->client->getCachedGroups(), $start, $limit);
193    }
194
195    /** @inheritDoc */
196    public function isCaseSensitive()
197    {
198        return false;
199    }
200
201    /**
202     * Sanitize a given username
203     *
204     * This function is applied to any user name that is given to
205     * the backend and should also be applied to any user name within
206     * the backend before returning it somewhere.
207     *
208     * This should be used to enforce username restrictions.
209     *
210     * @param string $user username
211     * @return string the cleaned username
212     */
213    public function cleanUser($user)
214    {
215        return $this->client->cleanUser($user);
216    }
217
218    /**
219     * Sanitize a given groupname
220     *
221     * This function is applied to any groupname that is given to
222     * the backend and should also be applied to any groupname within
223     * the backend before returning it somewhere.
224     *
225     * This should be used to enforce groupname restrictions.
226     *
227     * Groupnames are to be passed without a leading '@' here.
228     *
229     * @param string $group groupname
230     *
231     * @return string the cleaned groupname
232     */
233    public function cleanGroup($group)
234    {
235        return $group;
236    }
237
238    /** @inheritDoc */
239    public function useSessionCache($user)
240    {
241        return true;
242    }
243
244    /**
245     * Convert DokuWiki filter type to method in the library
246     *
247     * @todo implement with proper constants once #3028 has been implemented
248     * @param string $type
249     * @return string
250     */
251    protected function filterType2FilterMethod($type)
252    {
253        $filtermethods = [
254            'contains' => 'contains',
255            'startswith' => 'startsWith',
256            'endswith' => 'endsWith',
257            'equals' => 'equals',
258        ];
259
260        if (isset($filtermethods[$type])) {
261            return $filtermethods[$type];
262        }
263
264        return 'equals';
265    }
266}
267
268