Commit 2f9b6ca5 authored by Stanislav Tsymbalov's avatar Stanislav Tsymbalov Committed by Aaron Wells

auth/imap: Autocreating users; email domain filter

Bug 1523644. This change adds an "autocreate users"
option to auth/imap, and it allows you to add a domain
name filter to check that the user's email address is
@ a particular domain.

Taken together, these changes make it possible to use
auth/imap with Google Apps for Business, and other
similar services.

behatnotneeded: Requires an IMAP server to test

Change-Id: Ic1892e4df652e3997d21897cc03bfb9cf1e075cf
parent 3569ae7a
......@@ -14,3 +14,5 @@ defined('INTERNAL') || die();
$string['title'] = 'IMAP';
$string['description'] = 'Authenticate against an IMAP email server';
$string['notusable'] = 'Please install the PHP IMAP extension';
$string['domainname'] = 'Email address domain name';
$string['weautocreateusers'] = 'We auto-create users';
<!-- @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later -->
<!-- @copyright For copyright information on Mahara, please see the README file distributed with this software. -->
<h3>Domain Name</h3>
<p>Only accept email addresses from this domain name. This option is useful if you are using your
own domain name on a shared IMAP provider like GMail or Outlook.com.</p>
<p>For instance, if you were using your own domain name on GMail, you might do this:</p>
<p>Hostname or address: imap.gmail.com</p>
<p>Port: 993</p>
<p>Protocol: IMAP/SSL</p>
<p>Domain name: YOUR.DOMAIN</p>
\ No newline at end of file
<!-- @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later -->
<!-- @copyright For copyright information on Mahara, please see the README file distributed with this software. -->
<h3>We auto-create users</h3>
<p>Users that successfully authenticate but are not currently users in the system
will have an account created automatically.</p>
......@@ -25,7 +25,9 @@ class AuthImap extends Auth {
$this->config['host'] = '';
$this->config['port'] = '143';
$this->config['protocol'] = '/imap';
$this->config['domainname'] = '';
$this->config['changepasswordurl'] = '';
$this->config['weautocreateusers'] = '';
if (!empty($id)) {
return $this->init($id);
......@@ -64,15 +66,17 @@ class AuthImap extends Auth {
throw new ConfigException('IMAP is not available in your PHP environment. Check that it is properly installed');
}
$connectionstring = '{'.
$this->config['host']
.':'.
$this->config['port']
.
$this->config['protocol']
.'}';
$connectionstring = '{'. $this->config['host'] .':'. $this->config['port'] . $this->config['protocol'] .'}';
try {
if (isset($this->config['domainname']) && $this->config['domainname'] != '') {
// Check whether the end of the user's email address matches the specified domain name
$domainpart = '@' . strtolower($this->config['domainname']);
if (strtolower(substr($user->username, -1 * strlen($domainpart))) != $domainpart) {
return false;
}
}
$connection = imap_open($connectionstring, $user->username, $password, OP_HALFOPEN);
if ($connection) {
imap_close($connection);
......@@ -86,10 +90,28 @@ class AuthImap extends Auth {
}
/**
* Imap doesn't export enough information to be able to auto-create users
* Whether to auto-create users. (The only information that IMAP exports is the user's
* email address; but this is no different from Persona/Browserid.)
*
* @return bool
*/
public function can_auto_create_users() {
return false;
return (bool)$this->config['weautocreateusers'];
}
/**
* Get basic user info to create new users
* Needed if can_auto_create_users comes back true
*
* @param string $username The username to look up information for
* @return array The information for the user
* @throws AuthUnknownUserException If the user is unknown to the
* authentication method
*/
public function get_user_info($username) {
$userinfo = array('email' => $username);
return (object)$userinfo;
}
}
......@@ -99,7 +121,7 @@ class AuthImap extends Auth {
*/
class PluginAuthImap extends PluginAuth {
private static $default_config = array('host'=>'', 'port'=>'143', 'protocol'=>'/imap','changepasswordurl'=>'');
private static $default_config = array('host'=>'', 'port'=>'143', 'protocol'=>'/imap', 'domainname'=>'', 'changepasswordurl'=>'', 'weautocreateusers'=>'');
public static function has_config() {
return false;
......@@ -199,6 +221,16 @@ class PluginAuthImap extends PluginAuth {
'defaultvalue' => self::$default_config['protocol']
);
$elements['domainname'] = array(
'type' => 'text',
'title' => get_string('domainname', 'auth.imap'),
'rules' => array(
'required' => false
),
'defaultvalue' => self::$default_config['domainname'],
'help' => true,
);
$elements['changepasswordurl'] = array(
'type' => 'text',
'title' => get_string('changepasswordurl', 'auth'),
......@@ -208,13 +240,20 @@ class PluginAuthImap extends PluginAuth {
'defaultvalue' => self::$default_config['changepasswordurl']
);
$elements['weautocreateusers'] = array(
'type' => 'checkbox',
'title' => get_string('weautocreateusers', 'auth'),
'defaultvalue' => self::$default_config['weautocreateusers'],
'help' => true,
);
return array(
'elements' => $elements,
'renderer' => 'div'
);
}
public static function save_instance_config_options($values, Pieform $form) {
public static function save_instance_config_options($values, $form) {
$authinstance = new stdClass();
......@@ -254,7 +293,10 @@ class PluginAuthImap extends PluginAuth {
self::$default_config = array('host' => $values['host'],
'port' => $values['port'],
'protocol' => $values['protocol'],
'changepasswordurl' => $values['changepasswordurl']);
'domainname' => $values['domainname'],
'changepasswordurl' => $values['changepasswordurl'],
'weautocreateusers' => $values['weautocreateusers'],
);
foreach(self::$default_config as $field => $value) {
$record = new stdClass();
......
......@@ -12,7 +12,7 @@
defined('INTERNAL') || die();
$config = new StdClass;
$config->version = 2008040200;
$config->release = '1.0.0';
$config->version = 2015111600;
$config->release = '1.2.0';
$config->requires_config = 1;
$config->requires_parent = 0;
$config->requires_parent = 0;
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment