xref: /plugin/pureldap/auth.php (revision 79f39653646dbe91196636a4fb016f788f558bf9) 
1<?php
2/**
3 * DokuWiki Plugin pureldap (Auth Component)
4 *
5 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
6 * @author  Andreas Gohr <andi@splitbrain.org>
7 */
8
9// must be run within Dokuwiki
10if (!defined('DOKU_INC')) {
11    die();
12}
13
14class auth_plugin_pureldap extends DokuWiki_Auth_Plugin
15{
16
17
18    /**
19     * Constructor.
20     */
21    public function __construct()
22    {
23        parent::__construct(); // for compatibility
24
25        // FIXME set capabilities accordingly
26        //$this->cando['addUser']     = false; // can Users be created?
27        //$this->cando['delUser']     = false; // can Users be deleted?
28        //$this->cando['modLogin']    = false; // can login names be changed?
29        //$this->cando['modPass']     = false; // can passwords be changed?
30        //$this->cando['modName']     = false; // can real names be changed?
31        //$this->cando['modMail']     = false; // can emails be changed?
32        //$this->cando['modGroups']   = false; // can groups be changed?
33        //$this->cando['getUsers']    = false; // can a (filtered) list of users be retrieved?
34        //$this->cando['getUserCount']= false; // can the number of users be retrieved?
35        //$this->cando['getGroups']   = false; // can a list of available groups be retrieved?
36        //$this->cando['external']    = false; // does the module do external auth checking?
37        //$this->cando['logout']      = true; // can the user logout again? (eg. not possible with HTTP auth)
38
39        // FIXME intialize your auth system and set success to true, if successful
40        $this->success = true;
41    }
42
43
44    /**
45     * Log off the current user [ OPTIONAL ]
46     */
47    // public function logOff()
48    // {
49    // }
50
51    /**
52     * Do all authentication [ OPTIONAL ]
53     *
54     * @param   string $user   Username
55     * @param   string $pass   Cleartext Password
56     * @param   bool   $sticky Cookie should not expire
57     *
58     * @return  bool             true on successful auth
59     */
60    //public function trustExternal($user, $pass, $sticky = false)
61    //{
62        /* some example:
63
64        global $USERINFO;
65        global $conf;
66        $sticky ? $sticky = true : $sticky = false; //sanity check
67
68        // do the checking here
69
70        // set the globals if authed
71        $USERINFO['name'] = 'FIXME';
72        $USERINFO['mail'] = 'FIXME';
73        $USERINFO['grps'] = array('FIXME');
74        $_SERVER['REMOTE_USER'] = $user;
75        $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
76        $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
77        $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
78        return true;
79
80        */
81    //}
82
83    /**
84     * Check user+password
85     *
86     * May be ommited if trustExternal is used.
87     *
88     * @param   string $user the user name
89     * @param   string $pass the clear text password
90     *
91     * @return  bool
92     */
93    public function checkPass($user, $pass)
94    {
95        // FIXME implement password check
96        return false; // return true if okay
97    }
98
99    /**
100     * Return user info
101     *
102     * Returns info about the given user needs to contain
103     * at least these fields:
104     *
105     * name string  full name of the user
106     * mail string  email addres of the user
107     * grps array   list of groups the user is in
108     *
109     * @param   string $user          the user name
110     * @param   bool   $requireGroups whether or not the returned data must include groups
111     *
112     * @return  array  containing user data or false
113     */
114    public function getUserData($user, $requireGroups=true)
115    {
116        // FIXME implement
117        return false;
118    }
119
120    /**
121     * Create a new User [implement only where required/possible]
122     *
123     * Returns false if the user already exists, null when an error
124     * occurred and true if everything went well.
125     *
126     * The new user HAS TO be added to the default group by this
127     * function!
128     *
129     * Set addUser capability when implemented
130     *
131     * @param  string     $user
132     * @param  string     $pass
133     * @param  string     $name
134     * @param  string     $mail
135     * @param  null|array $grps
136     *
137     * @return bool|null
138     */
139    //public function createUser($user, $pass, $name, $mail, $grps = null)
140    //{
141        // FIXME implement
142    //    return null;
143    //}
144
145    /**
146     * Modify user data [implement only where required/possible]
147     *
148     * Set the mod* capabilities according to the implemented features
149     *
150     * @param   string $user    nick of the user to be changed
151     * @param   array  $changes array of field/value pairs to be changed (password will be clear text)
152     *
153     * @return  bool
154     */
155    //public function modifyUser($user, $changes)
156    //{
157        // FIXME implement
158    //    return false;
159    //}
160
161    /**
162     * Delete one or more users [implement only where required/possible]
163     *
164     * Set delUser capability when implemented
165     *
166     * @param   array  $users
167     *
168     * @return  int    number of users deleted
169     */
170    //public function deleteUsers($users)
171    //{
172        // FIXME implement
173    //    return false;
174    //}
175
176    /**
177     * Bulk retrieval of user data [implement only where required/possible]
178     *
179     * Set getUsers capability when implemented
180     *
181     * @param   int   $start  index of first user to be returned
182     * @param   int   $limit  max number of users to be returned, 0 for unlimited
183     * @param   array $filter array of field/pattern pairs, null for no filter
184     *
185     * @return  array list of userinfo (refer getUserData for internal userinfo details)
186     */
187    //public function retrieveUsers($start = 0, $limit = 0, $filter = null)
188    //{
189        // FIXME implement
190    //    return array();
191    //}
192
193    /**
194     * Return a count of the number of user which meet $filter criteria
195     * [should be implemented whenever retrieveUsers is implemented]
196     *
197     * Set getUserCount capability when implemented
198     *
199     * @param  array $filter array of field/pattern pairs, empty array for no filter
200     *
201     * @return int
202     */
203    //public function getUserCount($filter = array())
204    //{
205        // FIXME implement
206    //    return 0;
207    //}
208
209    /**
210     * Define a group [implement only where required/possible]
211     *
212     * Set addGroup capability when implemented
213     *
214     * @param   string $group
215     *
216     * @return  bool
217     */
218    //public function addGroup($group)
219    //{
220        // FIXME implement
221    //    return false;
222    //}
223
224    /**
225     * Retrieve groups [implement only where required/possible]
226     *
227     * Set getGroups capability when implemented
228     *
229     * @param   int $start
230     * @param   int $limit
231     *
232     * @return  array
233     */
234    //public function retrieveGroups($start = 0, $limit = 0)
235    //{
236        // FIXME implement
237    //    return array();
238    //}
239
240    /**
241     * Return case sensitivity of the backend
242     *
243     * When your backend is caseinsensitive (eg. you can login with USER and
244     * user) then you need to overwrite this method and return false
245     *
246     * @return bool
247     */
248    public function isCaseSensitive()
249    {
250        return true;
251    }
252
253    /**
254     * Sanitize a given username
255     *
256     * This function is applied to any user name that is given to
257     * the backend and should also be applied to any user name within
258     * the backend before returning it somewhere.
259     *
260     * This should be used to enforce username restrictions.
261     *
262     * @param string $user username
263     * @return string the cleaned username
264     */
265    public function cleanUser($user)
266    {
267        return $user;
268    }
269
270    /**
271     * Sanitize a given groupname
272     *
273     * This function is applied to any groupname that is given to
274     * the backend and should also be applied to any groupname within
275     * the backend before returning it somewhere.
276     *
277     * This should be used to enforce groupname restrictions.
278     *
279     * Groupnames are to be passed without a leading '@' here.
280     *
281     * @param  string $group groupname
282     *
283     * @return string the cleaned groupname
284     */
285    public function cleanGroup($group)
286    {
287        return $group;
288    }
289
290    /**
291     * Check Session Cache validity [implement only where required/possible]
292     *
293     * DokuWiki caches user info in the user's session for the timespan defined
294     * in $conf['auth_security_timeout'].
295     *
296     * This makes sure slow authentication backends do not slow down DokuWiki.
297     * This also means that changes to the user database will not be reflected
298     * on currently logged in users.
299     *
300     * To accommodate for this, the user manager plugin will touch a reference
301     * file whenever a change is submitted. This function compares the filetime
302     * of this reference file with the time stored in the session.
303     *
304     * This reference file mechanism does not reflect changes done directly in
305     * the backend's database through other means than the user manager plugin.
306     *
307     * Fast backends might want to return always false, to force rechecks on
308     * each page load. Others might want to use their own checking here. If
309     * unsure, do not override.
310     *
311     * @param  string $user - The username
312     *
313     * @return bool
314     */
315    //public function useSessionCache($user)
316    //{
317      // FIXME implement
318    //}
319}
320
321