vbsso/includes/api.php

<?php
/**
 * -----------------------------------------------------------------------
 * vBSSO is a solution which helps you connect to different software platforms
 * via secure Single Sign-On.
 *
 * Copyright (c) 2011-2017 vBSSO. All Rights Reserved.
 * This software is the proprietary information of vBSSO.
 *
 * Author URI: http://www.vbsso.com
 * License: GPL version 2 or later -
 * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
 * -----------------------------------------------------------------------
 */

/**
 * Report error
 *
 * @param mixed $error error message
 *
 * @return array
 */
function vbsso_listener_report_error($error) {
    $message = !is_string($error) ? $error[0] : $error;

    return array(SHAREDAPI_EVENT_FIELD_ERROR_CODE => '', SHAREDAPI_EVENT_FIELD_ERROR_MESSAGE => $message,
        SHAREDAPI_EVENT_FIELD_ERROR_DATA => '');
}

/**
 * Verify listener
 *
 * @param array $json array
 *
 * @return array
 */
function vbsso_listener_verify($json) {
    global $conf;
    $vbsso = new action_plugin_vbsso();
    if (!$conf['useacl']) {
        return array(SHAREDAPI_EVENT_FIELD_ERROR => $vbsso->getLang('acl_is_off'));
    }

    $supported = vbsso_get_supported_api_properties();
    $settings = array();

    foreach ($supported as $key => $item) {
        $settings[$key] = $json[$item['field']];
    }

    vbsso_save_platform_settings($settings);

    return array(SHAREDAPI_EVENT_FIELD_DATA => array(SHAREDAPI_EVENT_FIELD_VERIFY => TRUE));
}


/**
 * User load
 *
 * @param array $json        array
 * @param bool  $create_user flag
 *
 * @return bool
 */
function vbsso_listener_user_load($json, $create_user = FALSE) {
    global $vbsso_settings;
    $auth = (class_exists('auth_plugin_authplain')) ? new auth_plugin_authplain() : new auth_plain();

    $usergroups = array();
    $plugin_ugs = json_decode($vbsso_settings[VBSSO_NAMED_EVENT_FIELD_USERGROUPS_ASSOC]);

    foreach (explode(',', $json[SHAREDAPI_EVENT_FIELD_USERGROUPS]) as $ug) {
        $usergroups[] = (isset($plugin_ugs->$ug)) ? $plugin_ugs->$ug : 'user';
    }

    if (!$user = $auth->getUserData($json[SHAREDAPI_EVENT_FIELD_USERNAME]) and $create_user) {
        if ($auth->createUser($json[SHAREDAPI_EVENT_FIELD_USERNAME], '', $json[SHAREDAPI_EVENT_FIELD_USERNAME],
            $json[SHAREDAPI_EVENT_FIELD_EMAIL], array_unique($usergroups))) {
            $user = $auth->getUserData($json[SHAREDAPI_EVENT_FIELD_USERNAME]);
        }
    }

    return ($user and $user['mail'] == $json[SHAREDAPI_EVENT_FIELD_EMAIL]) ? $user : FALSE;
}

/**
 * Listener register
 *
 * @param array $json array
 *
 * @return array
 */
function vbsso_listener_register($json) {
    $u = vbsso_listener_user_load($json, TRUE);

    if (is_array($u)) {
        return array(SHAREDAPI_EVENT_FIELD_DATA => 'User ' . $json[SHAREDAPI_EVENT_FIELD_USERNAME]
            . ' successfully created');
    } else {
        return array(SHAREDAPI_EVENT_FIELD_ERROR => $u);
    }
}

/**
 * Listener logout
 *
 * @return void
 */
function vbsso_listener_logout() {
    auth_logoff(TRUE);
}

/**
 * Listener auth
 *
 * @param array $json array
 *
 * @return void
 */
function vbsso_listener_authentication($json) {
    if (vbsso_listener_user_load($json, TRUE)) {
        $_SERVER['REMOTE_USER'] = $json[SHAREDAPI_EVENT_FIELD_USERNAME];
        $secret = auth_cookiesalt(TRUE); //always sticky
        vbsso_auth_setCookie($json[SHAREDAPI_EVENT_FIELD_USERNAME], PMA_blowfish_encrypt('', $secret),
            $json[SHAREDAPI_EVENT_FIELD_REMEMBERME], $json[SHAREDAPI_EVENT_FIELD_TIMEOUT]);
    }
}

/**
 * Listener credentials
 *
 * @param array $json array
 *
 * @return array
 */
function vbsso_listener_credentials($json) {
    global $vbsso_settings;
    if ($u = vbsso_listener_user_load($json)) {
        $update = FALSE;
        $changes = array();

        if (isset($json[SHAREDAPI_EVENT_FIELD_EMAIL2])) {
            $changes['mail'] = $json[SHAREDAPI_EVENT_FIELD_EMAIL2];
            $update = TRUE;
        }

        if (isset($json[SHAREDAPI_EVENT_FIELD_USERNAME2])) {
            $changes['name'] = $json[SHAREDAPI_EVENT_FIELD_USERNAME2];
            $update = TRUE;
        }

        if (isset($json[SHAREDAPI_EVENT_FIELD_USERGROUPS2])) {
            $usergroups = array();
            $plugin_ugs = json_decode($vbsso_settings[VBSSO_NAMED_EVENT_FIELD_USERGROUPS_ASSOC]);

            foreach (explode(',', $json[SHAREDAPI_EVENT_FIELD_USERGROUPS2]) as $ug) {
                $usergroups[] = (isset($plugin_ugs->$ug)) ? $plugin_ugs->$ug : 'user';
            }
            $changes['grps'] = array_unique($usergroups);
            $update = TRUE;
        }

        if ($update) {
            $auth = (class_exists('auth_plugin_authplain')) ? new auth_plugin_authplain() : new auth_plain();
            $auth->modifyUser($json[SHAREDAPI_EVENT_FIELD_USERNAME], $changes);
        }

        return array(SHAREDAPI_EVENT_FIELD_DATA => 'User ' . $json[SHAREDAPI_EVENT_FIELD_USERNAME]
            . ' successfully modified');
    } else {
        return array(SHAREDAPI_EVENT_FIELD_ERROR => vbsso_listener_report_error('Unable to update user login: '
            . $json[SHAREDAPI_EVENT_FIELD_USERNAME]));
    }
}

/**
 * Generate password
 *
 * @return string
 */
function vbsso_generate_password() {
    $password = "";
    $possible = "1234567890abcdefghjklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
    for ($i = 0; $i < 20; $i++) {
        $password .= substr($possible, mt_rand(0, strlen($possible) - 1), 1);
    }

    return $password;
}

/**
 * Save platform settings
 *
 * @param mixed $settings settinhs
 *
 * @return void
 */
function vbsso_save_platform_settings($settings) {
    file_put_contents(VBSSO_PLATFORM_CONFIG_FILE, base64_encode(serialize($settings)));
}

/**
 * Get platform settings
 *
 * @return mixed
 */
function vbsso_get_platform_settings() {
    if (!file_exists(VBSSO_PLATFORM_CONFIG_FILE)) {
        file_put_contents(VBSSO_PLATFORM_CONFIG_FILE, '');
    }

    return unserialize(base64_decode(file_get_contents(VBSSO_PLATFORM_CONFIG_FILE)));
}

/**
 * Get vB user groups
 *
 * @return array|mixed
 */
function vbsso_get_vb_usergroups() {
    global $vbsso_platform_settings, $vbsso_settings;

    $baa_username = sharedapi_decode_data($vbsso_settings[VBSSO_NAMED_EVENT_FIELD_API_KEY],
        $vbsso_platform_settings[VBSSO_NAMED_EVENT_FIELD_BAA_USERNAME]);

    $baa_password = sharedapi_decode_data($vbsso_settings[VBSSO_NAMED_EVENT_FIELD_API_KEY],
        $vbsso_platform_settings[VBSSO_NAMED_EVENT_FIELD_BAA_PASSWORD]);

    $vbug = sharedapi_post($vbsso_platform_settings[VBSSO_NAMED_EVENT_FIELD_USERGROUPS_URL], FALSE, $baa_username,
        $baa_password);

    return ($vbug['error_string']) ? $vbug : json_decode($vbug['response']);
}

/**
 * Get alc groups
 *
 * @return array
 */
function vbsso_get_acl_groups() {
    $groups = array();
    foreach (auth_loadACL() as $a) {
        // Don't parse comments
        if (preg_match('/^#/', $a)) {
            continue;
        }
        if (preg_match('/^[^\s]+\s@([^\s]+)/', $a, $matches)) {
            $groups[urldecode($matches[1])] = $matches[1];
        }
    }

    return $groups;
}

/**
 * Set cookie
 *
 * @param object  $user            user
 * @param string  $pass            password
 * @param integer $sticky          glue
 * @param integer $session_timeout timeout
 *
 * @return bool
 */
function vbsso_auth_setCookie($user, $pass, $sticky, $session_timeout) {
    global $conf, $auth, $USERINFO;

    if (!$auth) {
        return FALSE;
    }
    $USERINFO = $auth->getUserData($user);

    // set cookie
    $cookie = base64_encode($user) . '|' . ((int)$sticky) . '|' . base64_encode($pass);
    $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
    $time = $sticky ? (time() + 60 * 60 * 24 * 365) : (time() + $session_timeout); //one year
    if (version_compare(PHP_VERSION, '5.2.0', '>')) {
        setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()), TRUE);
    } else {
        setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', ($conf['securecookie'] && is_ssl()));
    }
    // set session
    $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
    $_SESSION[DOKU_COOKIE]['auth']['pass'] = sha1($pass);
    $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
    $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
    //If an administrator was registered NOT by vBSSO,
    //we don't know his pass, so he will logout every period, set in "auth_security_timeout".
    //We will just increase this parameter
    $_SESSION[DOKU_COOKIE]['auth']['time'] = time() + $time;

    return TRUE;
}

/**
 * Get Platform settings
 *
 * @return mixed
 */
function vbsso_get_dokuwiki_settings() {
    if (!file_exists(VBSSO_VBSSO_CONFIG_FILE)) {
        file_put_contents(VBSSO_VBSSO_CONFIG_FILE, '');
    }

    $settings = unserialize(base64_decode(file_get_contents(VBSSO_VBSSO_CONFIG_FILE)));

    if (!isset($settings[VBSSO_NAMED_EVENT_FIELD_LOGIN_THROUGH_VB_PAGE])) {
        $settings[VBSSO_NAMED_EVENT_FIELD_LOGIN_THROUGH_VB_PAGE] = TRUE;
    }

    if (!isset($settings[VBSSO_PLATFORM_FOOTER_LINK_PROPERTY])) {
        $settings[VBSSO_PLATFORM_FOOTER_LINK_PROPERTY] = VBSSO_PLATFORM_FOOTER_LINK_SHOW_EVERYWHERE;
    }
    if (!isset($settings[VBSSO_NAMED_EVENT_FIELD_API_KEY])) {
        $settings[VBSSO_NAMED_EVENT_FIELD_API_KEY] = SHAREDAPI_DEFAULT_API_KEY;
    }

    if (!isset($settings[VBSSO_NAMED_EVENT_FIELD_USERGROUPS_ASSOC])) {
        $settings[VBSSO_NAMED_EVENT_FIELD_USERGROUPS_ASSOC] = FALSE;
    }

    return $settings;
}

/**
 * Save platform settings
 *
 * @return void
 */
function vbsso_save_mediawiki_settings() {
    global $vbsso_settings, $vbsso_platform_settings;

    $settings = array();
    $settings[VBSSO_PLATFORM_FOOTER_LINK_PROPERTY] =
        (isset($_POST[VBSSO_PLATFORM_FOOTER_LINK_PROPERTY])) ? $_POST[VBSSO_PLATFORM_FOOTER_LINK_PROPERTY] : '1';
    $settings[VBSSO_NAMED_EVENT_FIELD_API_KEY] =
        (isset($_POST[VBSSO_NAMED_EVENT_FIELD_API_KEY]) && !empty($_POST[VBSSO_NAMED_EVENT_FIELD_API_KEY]))
            ? $_POST[VBSSO_NAMED_EVENT_FIELD_API_KEY] : SHAREDAPI_DEFAULT_API_KEY;
    $settings[VBSSO_NAMED_EVENT_FIELD_LOGIN_THROUGH_VB_PAGE] =
        (isset($_POST[VBSSO_NAMED_EVENT_FIELD_LOGIN_THROUGH_VB_PAGE]))
            ? $_POST[VBSSO_NAMED_EVENT_FIELD_LOGIN_THROUGH_VB_PAGE] : '0';

    if ($vbsso_platform_settings[VBSSO_NAMED_EVENT_FIELD_USERGROUPS_URL]) {
        $vb_usergroups = vbsso_get_vb_usergroups();
        $vbsso_usergroups_assoc = array();

        foreach ($vb_usergroups as $vb_usergroup) {
            $vbsso_usergroups_assoc[$vb_usergroup->usergroupid] =
                $_POST[VBSSO_NAMED_EVENT_FIELD_USERGROUPS_ASSOC . '_' . $vb_usergroup->usergroupid];
        }

        $settings[VBSSO_NAMED_EVENT_FIELD_USERGROUPS_ASSOC] = json_encode($vbsso_usergroups_assoc);
    }

    file_put_contents(VBSSO_VBSSO_CONFIG_FILE, base64_encode(serialize($settings)));
    $vbsso_settings = $settings;
}