xref: /plugin/pureldap/auth.php (revision 5da7f46bfe6a840bb7981d986f2127bd7b9b986e) 
1<?php
2
3use dokuwiki\plugin\pureldap\classes\ADClient;
4use dokuwiki\plugin\pureldap\classes\Client;
5
6/**
7 * DokuWiki Plugin pureldap (Auth Component)
8 *
9 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
10 * @author  Andreas Gohr <andi@splitbrain.org>
11 */
12class auth_plugin_pureldap extends DokuWiki_Auth_Plugin
13{
14    /** @var Client */
15    protected $client;
16
17    /**
18     * Constructor.
19     */
20    public function __construct()
21    {
22        global $conf;
23        parent::__construct(); // for compatibility
24
25        // prepare the base client
26        $this->loadConfig();
27        $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']);
28        $this->conf['defaultgroup'] = $conf['defaultgroup'];
29
30        $this->client = new ADClient($this->conf); // FIXME decide class on config
31
32        // set capabilities
33        $this->cando['getUsers'] = true;
34        $this->cando['getGroups'] = true;
35        $this->cando['logout'] = !$this->client->getConf('sso');
36
37        $this->success = true;
38    }
39
40    /** @inheritDoc */
41    public function checkPass($user, $pass)
42    {
43        global $INPUT;
44
45        // when SSO is enabled, the login is autotriggered and we simply trust the environment
46        if (
47            $this->client->getConf('sso') &&
48            $INPUT->server->str('REMOTE_USER') !== '' &&
49            $INPUT->server->str('REMOTE_USER') == $user
50        ) {
51            return true;
52        }
53
54        // use a separate client from the default one, because this is not a superuser bind
55        $client = new ADClient($this->conf); // FIXME decide class on config
56        return $client->authenticate($user, $pass);
57    }
58
59    /** @inheritDoc */
60    public function getUserData($user, $requireGroups = true)
61    {
62        $info = $this->client->getCachedUser($user, $requireGroups);
63        return $info ?: false;
64    }
65
66    /** @inheritDoc */
67    public function retrieveUsers($start = 0, $limit = 0, $filter = null)
68    {
69        return array_slice(
70            $this->client->getFilteredUsers(
71                $filter,
72                $this->filterType2FilterMethod('contains')
73            ),
74            $start,
75            $limit);
76    }
77
78    /** @inheritDoc */
79    public function retrieveGroups($start = 0, $limit = 0)
80    {
81        return array_slice($this->client->getCachedGroups(), $start, $limit);
82    }
83
84    /** @inheritDoc */
85    public function isCaseSensitive()
86    {
87        return false;
88    }
89
90    /** @inheritDoc */
91    public function cleanUser($user)
92    {
93        return $this->client->cleanUser($user);
94    }
95
96    /** @inheritDoc */
97    public function cleanGroup($group)
98    {
99        return $group;
100    }
101
102    /** @inheritDoc */
103    public function useSessionCache($user)
104    {
105        return true;
106    }
107
108    /**
109     * Convert DokuWiki filter type to method in the library
110     *
111     * @todo implement with proper constants once splitbrain/dokuwiki#3028 has been implemented
112     * @param string $type
113     * @return string
114     */
115    protected function filterType2FilterMethod($type)
116    {
117        $filtermethods = [
118            'contains' => 'contains',
119            'startswith' => 'startsWith',
120            'endswith' => 'endsWith',
121            'equals' => 'equals',
122        ];
123
124        if (isset($filtermethods[$type])) {
125            return $filtermethods[$type];
126        }
127
128        return 'equals';
129    }
130}
131
132