xref: /plugin/pureldap/auth.php (revision b21740b4f161dc4f7eea5b46986e251641fc409a) 
1<?php
2
3use dokuwiki\plugin\pureldap\classes\ADClient;
4use dokuwiki\plugin\pureldap\classes\Client;
5
6/**
7 * DokuWiki Plugin pureldap (Auth Component)
8 *
9 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
10 * @author  Andreas Gohr <andi@splitbrain.org>
11 */
12class auth_plugin_pureldap extends DokuWiki_Auth_Plugin
13{
14    /** @var Client */
15    protected $client;
16
17    /**
18     * Constructor.
19     */
20    public function __construct()
21    {
22        global $conf;
23        parent::__construct(); // for compatibility
24
25        // FIXME set capabilities accordingly
26        //$this->cando['addUser']     = false; // can Users be created?
27        //$this->cando['delUser']     = false; // can Users be deleted?
28        //$this->cando['modLogin']    = false; // can login names be changed?
29        //$this->cando['modPass']     = false; // can passwords be changed?
30        //$this->cando['modName']     = false; // can real names be changed?
31        //$this->cando['modMail']     = false; // can emails be changed?
32        //$this->cando['modGroups']   = false; // can groups be changed?
33        //$this->cando['getUsers']    = false; // can a (filtered) list of users be retrieved?
34        //$this->cando['getUserCount']= false; // can the number of users be retrieved?
35        //$this->cando['getGroups']   = false; // can a list of available groups be retrieved?
36        //$this->cando['external']    = false; // does the module do external auth checking?
37        //$this->cando['logout']      = true; // can the user logout again? (eg. not possible with HTTP auth)
38
39        // prepare the base client
40        $this->loadConfig();
41        $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']);
42        $this->conf['defaultgroup'] = $conf['defaultgroup'];
43
44        $this->client = new ADClient($this->conf); // FIXME decide class on config
45        $this->success = true;
46    }
47
48
49    /**
50     * Log off the current user [ OPTIONAL ]
51     */
52    // public function logOff()
53    // {
54    // }
55
56    /**
57     * Do all authentication [ OPTIONAL ]
58     *
59     * @param string $user Username
60     * @param string $pass Cleartext Password
61     * @param bool $sticky Cookie should not expire
62     *
63     * @return  bool             true on successful auth
64     */
65    //public function trustExternal($user, $pass, $sticky = false)
66    //{
67    /* some example:
68
69    global $USERINFO;
70    global $conf;
71    $sticky ? $sticky = true : $sticky = false; //sanity check
72
73    // do the checking here
74
75    // set the globals if authed
76    $USERINFO['name'] = 'FIXME';
77    $USERINFO['mail'] = 'FIXME';
78    $USERINFO['grps'] = array('FIXME');
79    $_SERVER['REMOTE_USER'] = $user;
80    $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
81    $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
82    $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
83    return true;
84
85    */
86    //}
87
88    /** @inheritDoc */
89    public function checkPass($user, $pass)
90    {
91        // use a separate client from the default one, because this is not a superuser bind
92        $client = new ADClient($this->conf); // FIXME decide class on config
93        return $client->authenticate($user, $pass);
94    }
95
96    /** @inheritDoc */
97    public function getUserData($user, $requireGroups = true)
98    {
99        $info = $this->client->getCachedUser($user, $requireGroups);
100        return $info ?: false;
101    }
102
103    /**
104     * Create a new User [implement only where required/possible]
105     *
106     * Returns false if the user already exists, null when an error
107     * occurred and true if everything went well.
108     *
109     * The new user HAS TO be added to the default group by this
110     * function!
111     *
112     * Set addUser capability when implemented
113     *
114     * @param string $user
115     * @param string $pass
116     * @param string $name
117     * @param string $mail
118     * @param null|array $grps
119     *
120     * @return bool|null
121     */
122    //public function createUser($user, $pass, $name, $mail, $grps = null)
123    //{
124    // FIXME implement
125    //    return null;
126    //}
127
128    /**
129     * Modify user data [implement only where required/possible]
130     *
131     * Set the mod* capabilities according to the implemented features
132     *
133     * @param string $user nick of the user to be changed
134     * @param array $changes array of field/value pairs to be changed (password will be clear text)
135     *
136     * @return  bool
137     */
138    //public function modifyUser($user, $changes)
139    //{
140    // FIXME implement
141    //    return false;
142    //}
143
144    /**
145     * Delete one or more users [implement only where required/possible]
146     *
147     * Set delUser capability when implemented
148     *
149     * @param array $users
150     *
151     * @return  int    number of users deleted
152     */
153    //public function deleteUsers($users)
154    //{
155    // FIXME implement
156    //    return false;
157    //}
158
159    /**
160     * Bulk retrieval of user data [implement only where required/possible]
161     *
162     * Set getUsers capability when implemented
163     *
164     * @param int $start index of first user to be returned
165     * @param int $limit max number of users to be returned, 0 for unlimited
166     * @param array $filter array of field/pattern pairs, null for no filter
167     *
168     * @return  array list of userinfo (refer getUserData for internal userinfo details)
169     */
170    public function retrieveUsers($start = 0, $limit = 0, $filter = null)
171    {
172        // FIXME implement
173        return array();
174    }
175
176    /**
177     * Return a count of the number of user which meet $filter criteria
178     * [should be implemented whenever retrieveUsers is implemented]
179     *
180     * Set getUserCount capability when implemented
181     *
182     * @param array $filter array of field/pattern pairs, empty array for no filter
183     *
184     * @return int
185     */
186    //public function getUserCount($filter = array())
187    //{
188    // FIXME implement
189    //    return 0;
190    //}
191
192    /**
193     * Define a group [implement only where required/possible]
194     *
195     * Set addGroup capability when implemented
196     *
197     * @param string $group
198     *
199     * @return  bool
200     */
201    //public function addGroup($group)
202    //{
203    // FIXME implement
204    //    return false;
205    //}
206
207    /** @inheritDoc */
208    public function retrieveGroups($start = 0, $limit = 0)
209    {
210        return array_slice($this->client->getCachedGroups(), $start, $limit);
211    }
212
213    /**
214     * Return case sensitivity of the backend
215     *
216     * When your backend is caseinsensitive (eg. you can login with USER and
217     * user) then you need to overwrite this method and return false
218     *
219     * @return bool
220     */
221    public function isCaseSensitive()
222    {
223        return true;
224    }
225
226    /**
227     * Sanitize a given username
228     *
229     * This function is applied to any user name that is given to
230     * the backend and should also be applied to any user name within
231     * the backend before returning it somewhere.
232     *
233     * This should be used to enforce username restrictions.
234     *
235     * @param string $user username
236     * @return string the cleaned username
237     */
238    public function cleanUser($user)
239    {
240        return $user;
241    }
242
243    /**
244     * Sanitize a given groupname
245     *
246     * This function is applied to any groupname that is given to
247     * the backend and should also be applied to any groupname within
248     * the backend before returning it somewhere.
249     *
250     * This should be used to enforce groupname restrictions.
251     *
252     * Groupnames are to be passed without a leading '@' here.
253     *
254     * @param string $group groupname
255     *
256     * @return string the cleaned groupname
257     */
258    public function cleanGroup($group)
259    {
260        return $group;
261    }
262
263    /**
264     * Check Session Cache validity [implement only where required/possible]
265     *
266     * DokuWiki caches user info in the user's session for the timespan defined
267     * in $conf['auth_security_timeout'].
268     *
269     * This makes sure slow authentication backends do not slow down DokuWiki.
270     * This also means that changes to the user database will not be reflected
271     * on currently logged in users.
272     *
273     * To accommodate for this, the user manager plugin will touch a reference
274     * file whenever a change is submitted. This function compares the filetime
275     * of this reference file with the time stored in the session.
276     *
277     * This reference file mechanism does not reflect changes done directly in
278     * the backend's database through other means than the user manager plugin.
279     *
280     * Fast backends might want to return always false, to force rechecks on
281     * each page load. Others might want to use their own checking here. If
282     * unsure, do not override.
283     *
284     * @param string $user - The username
285     *
286     * @return bool
287     */
288    public function useSessionCache($user)
289    {
290        return false;
291    }
292
293    /**
294     * Convert DokuWiki filter type to method in the library
295     *
296     * @todo implement with proper constants once #3028 has been implemented
297     * @param string $type
298     * @return string
299     */
300    protected function filterType2FilterMethod($type) {
301        $filtermethods = [
302            'contains' => 'contains',
303            'startswith' => 'startsWith',
304            'endswith' => 'endsWith',
305            'equals' => 'equals'
306        ];
307
308        if(isset($filtermethods[$type])) {
309            return $filtermethods[$type];
310        }
311
312        return 'equals';
313    }
314}
315
316