xref: /plugin/pureldap/auth.php (revision bf69b89c042d8a8a10fdd1dd78cc14b8f933bfe1) 
1<?php
2
3use dokuwiki\plugin\pureldap\classes\ADClient;
4use dokuwiki\plugin\pureldap\classes\Client;
5
6/**
7 * DokuWiki Plugin pureldap (Auth Component)
8 *
9 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
10 * @author  Andreas Gohr <andi@splitbrain.org>
11 */
12class auth_plugin_pureldap extends DokuWiki_Auth_Plugin
13{
14    /** @var Client */
15    protected $client;
16
17    /**
18     * Constructor.
19     */
20    public function __construct()
21    {
22        global $conf;
23        parent::__construct(); // for compatibility
24
25        $this->cando['getUsers'] = true;
26        $this->cando['getGroups'] = true;
27
28        // prepare the base client
29        $this->loadConfig();
30        $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']);
31        $this->conf['defaultgroup'] = $conf['defaultgroup'];
32
33        $this->client = new ADClient($this->conf); // FIXME decide class on config
34        $this->success = true;
35    }
36
37
38    /**
39     * Log off the current user [ OPTIONAL ]
40     */
41    // public function logOff()
42    // {
43    // }
44
45    /**
46     * Do all authentication [ OPTIONAL ]
47     *
48     * @param string $user Username
49     * @param string $pass Cleartext Password
50     * @param bool $sticky Cookie should not expire
51     *
52     * @return  bool             true on successful auth
53     */
54    //public function trustExternal($user, $pass, $sticky = false)
55    //{
56    /* some example:
57
58    global $USERINFO;
59    global $conf;
60    $sticky ? $sticky = true : $sticky = false; //sanity check
61
62    // do the checking here
63
64    // set the globals if authed
65    $USERINFO['name'] = 'FIXME';
66    $USERINFO['mail'] = 'FIXME';
67    $USERINFO['grps'] = array('FIXME');
68    $_SERVER['REMOTE_USER'] = $user;
69    $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
70    $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
71    $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
72    return true;
73
74    */
75    //}
76
77    /** @inheritDoc */
78    public function checkPass($user, $pass)
79    {
80        global $INPUT;
81
82        // when SSO is enabled, the login is autotriggered and we simply trust the environment
83        if (
84            $this->conf['sso'] &&
85            $INPUT->server->str('REMOTE_USER') !== '' &&
86            $INPUT->server->str('REMOTE_USER') == $user
87        ) {
88            return true;
89        }
90
91        // use a separate client from the default one, because this is not a superuser bind
92        $client = new ADClient($this->conf); // FIXME decide class on config
93        return $client->authenticate($user, $pass);
94    }
95
96    /** @inheritDoc */
97    public function getUserData($user, $requireGroups = true)
98    {
99        $info = $this->client->getCachedUser($user, $requireGroups);
100        return $info ?: false;
101    }
102
103    /**
104     * Create a new User [implement only where required/possible]
105     *
106     * Returns false if the user already exists, null when an error
107     * occurred and true if everything went well.
108     *
109     * The new user HAS TO be added to the default group by this
110     * function!
111     *
112     * Set addUser capability when implemented
113     *
114     * @param string $user
115     * @param string $pass
116     * @param string $name
117     * @param string $mail
118     * @param null|array $grps
119     *
120     * @return bool|null
121     */
122    //public function createUser($user, $pass, $name, $mail, $grps = null)
123    //{
124    // FIXME implement
125    //    return null;
126    //}
127
128    /**
129     * Modify user data [implement only where required/possible]
130     *
131     * Set the mod* capabilities according to the implemented features
132     *
133     * @param string $user nick of the user to be changed
134     * @param array $changes array of field/value pairs to be changed (password will be clear text)
135     *
136     * @return  bool
137     */
138    //public function modifyUser($user, $changes)
139    //{
140    // FIXME implement
141    //    return false;
142    //}
143
144    /**
145     * Delete one or more users [implement only where required/possible]
146     *
147     * Set delUser capability when implemented
148     *
149     * @param array $users
150     *
151     * @return  int    number of users deleted
152     */
153    //public function deleteUsers($users)
154    //{
155    // FIXME implement
156    //    return false;
157    //}
158
159    /** @inheritDoc */
160    public function retrieveUsers($start = 0, $limit = 0, $filter = null)
161    {
162        return array_slice(
163            $this->client->getFilteredUsers(
164                $filter,
165                $this->filterType2FilterMethod('contains')
166            ),
167            $start,
168            $limit);
169    }
170
171    /**
172     * Define a group [implement only where required/possible]
173     *
174     * Set addGroup capability when implemented
175     *
176     * @param string $group
177     *
178     * @return  bool
179     */
180    //public function addGroup($group)
181    //{
182    // FIXME implement
183    //    return false;
184    //}
185
186    /** @inheritDoc */
187    public function retrieveGroups($start = 0, $limit = 0)
188    {
189        return array_slice($this->client->getCachedGroups(), $start, $limit);
190    }
191
192    /** @inheritDoc */
193    public function isCaseSensitive()
194    {
195        return false;
196    }
197
198    /**
199     * Sanitize a given username
200     *
201     * This function is applied to any user name that is given to
202     * the backend and should also be applied to any user name within
203     * the backend before returning it somewhere.
204     *
205     * This should be used to enforce username restrictions.
206     *
207     * @param string $user username
208     * @return string the cleaned username
209     */
210    public function cleanUser($user)
211    {
212        return $this->client->cleanUser($user);
213    }
214
215    /**
216     * Sanitize a given groupname
217     *
218     * This function is applied to any groupname that is given to
219     * the backend and should also be applied to any groupname within
220     * the backend before returning it somewhere.
221     *
222     * This should be used to enforce groupname restrictions.
223     *
224     * Groupnames are to be passed without a leading '@' here.
225     *
226     * @param string $group groupname
227     *
228     * @return string the cleaned groupname
229     */
230    public function cleanGroup($group)
231    {
232        return $group;
233    }
234
235    /** @inheritDoc */
236    public function useSessionCache($user)
237    {
238        return true;
239    }
240
241    /**
242     * Convert DokuWiki filter type to method in the library
243     *
244     * @todo implement with proper constants once #3028 has been implemented
245     * @param string $type
246     * @return string
247     */
248    protected function filterType2FilterMethod($type)
249    {
250        $filtermethods = [
251            'contains' => 'contains',
252            'startswith' => 'startsWith',
253            'endswith' => 'endsWith',
254            'equals' => 'equals',
255        ];
256
257        if (isset($filtermethods[$type])) {
258            return $filtermethods[$type];
259        }
260
261        return 'equals';
262    }
263}
264
265