MaharaAuthPlugin.php 8.22 KB
Newer Older
Brett Wilkins's avatar
Brett Wilkins committed
1 2
<?php
/**
Brett Wilkins's avatar
Brett Wilkins committed
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
 *Mediawiki Authentication Plugin for Mahara
 *Copyright (C) 2010, 2011 Catalyst IT (http://www.catalyst.net.nz)
 *
 *This program is free software; you can redistribute it and/or
 *modify it under the terms of the GNU General Public License
 *as published by the Free Software Foundation; either version 2
 *of the License, or (at your option) any later version.
 *
 *This program is distributed in the hope that it will be useful,
 *but WITHOUT ANY WARRANTY; without even the implied warranty of
 *MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *GNU General Public License for more details.
 *
 *You should have received a copy of the GNU General Public License
 *along with this program; if not, write to the Free Software
 *Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
**/
20
require_once('includes/AuthPlugin.php');
Brett Wilkins's avatar
Brett Wilkins committed
21

22 23 24 25 26 27 28
$wgExtensionCredits['other'][] = array(
    'name' => 'Mahara Authentication Plugin',
    'author' => 'Brett Wilkins',
    'url' => 'http://gitorious.org/mahara-contrib/mediawiki-auth-mahara',
    'description' => 'Authenticates against users in the Mahara database'
    );

29
class MaharaAuthPlugin extends AuthPlugin {
Brett Wilkins's avatar
Brett Wilkins committed
30 31 32
	/**
	 * Check whether there exists a user account with the given name.
	 * The name will be normalized to MediaWiki's requirements, so
33
     * you might need to munge it (for instance, for lowercase initial
Brett Wilkins's avatar
Brett Wilkins committed
34 35 36 37 38 39
	 * letters).
	 *
	 * @param $username String: username.
	 * @return bool
	 */

40 41 42 43 44 45
	var $dbname;
	var $host;
	var $prefix;
	var $dbtype;
	var $dbuser;
	var $dbpass;
Brett Wilkins's avatar
Brett Wilkins committed
46

47
    public function __construct($dbname, $host='localhost',$dbtype='', $user='', $password='', $prefix='') {
Brett Wilkins's avatar
Brett Wilkins committed
48 49 50
        $this->dbname = $dbname;
        $this->host = $host;
        $this->prefix = $prefix;
51
	    $this->dbtype = $dbtype;
Brett Wilkins's avatar
Brett Wilkins committed
52 53 54 55 56
        $this->dbuser = $user;
        $this->dbpass = $password;
    }

	public function userExists( $username ) {
57
        $username = strtolower($username);
58
        $db = $this->getDatabase();
59
        $sql = "SELECT username FROM ".$this->prefix."usr where LOWER(username) = '".$username."'";
Brett Wilkins's avatar
Brett Wilkins committed
60
        $res = $db->query($sql);
61
        $val = $db->fetchObject($res);
Brett Wilkins's avatar
Brett Wilkins committed
62
        $db->close();
63
        if (!empty($val)) {
Brett Wilkins's avatar
Brett Wilkins committed
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
            return true;
        }
		return false;
	}

	/**
	 * Check if a username+password pair is a valid login.
	 * The name will be normalized to MediaWiki's requirements, so
	 * you might need to munge it (for instance, for lowercase initial
	 * letters).
	 *
	 * @param $username String: username.
	 * @param $password String: user password.
	 * @return bool
	 */
	public function authenticate( $username, $password ) {
80 81
	$username = strtolower($username);
        $db = $this->getDatabase();
82
	    $sql = "SELECT username, password, salt FROM ".$this->prefix."usr where LOWER(username) = '".$username."' and deleted != 1";
83
        $res = $db->query($sql);
84
        $val = $db->fetchObject($res);
85
        $db->close();
86
        if (!empty($val)) {
87 88 89 90 91
            $passcheck = sha1($val->salt . $password);
            if ($passcheck == $val->password) {
                return true;
            }
        }
Brett Wilkins's avatar
Brett Wilkins committed
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135
		return false;
	}

	/**
	 * Modify options in the login template.
	 *
	 * @param $template UserLoginTemplate object.
	 */
	public function modifyUITemplate( &$template ) {
		# Override this!
		$template->set( 'usedomain', false );
	}

	/**
	 * Set the domain this plugin is supposed to use when authenticating.
	 *
	 * @param $domain String: authentication domain.
	 */
	public function setDomain( $domain ) {
		$this->domain = $domain;
	}

	/**
	 * Check to see if the specific domain is a valid domain.
	 *
	 * @param $domain String: authentication domain.
	 * @return bool
	 */
	public function validDomain( $domain ) {
		# Override this!
		return true;
	}

	/**
	 * When a user logs in, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param User $user
	 */
	public function updateUser( &$user ) {
136
        
137
        $db = $this->getDatabase();
138
	    $sql = "SELECT * FROM ".$this->prefix."usr where LOWER(username) = LOWER('".$user->mName."')";
139
        $res = $db->query($sql);
140
        $val = $db->fetchObject($res);
141 142
        $db->close();
		$user->setOption('nickname',$val->username);
143 144
		$user->setEmail($val->email);
		$user->setRealName($val->firstname.' '.$val->lastname);
145 146
        if ($val->admin == 1) {
            $user->addGroup('sysop');
147
        } else if (in_array('sysop',$user->getGroups())) {
148 149
            $user->removeGroup('sysop');
        }
Brett Wilkins's avatar
Brett Wilkins committed
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167
		return true;
	}


	/**
	 * Return true if the wiki should create a new local account automatically
	 * when asked to login a user who doesn't exist locally but does in the
	 * external auth database.
	 *
	 * If you don't automatically create accounts, you must still create
	 * accounts in some way. It's not possible to authenticate without
	 * a local account.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 */
	public function autoCreate() {
168
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
169 170 171 172 173 174 175 176
	}

	/**
	 * Can users change their passwords?
	 *
	 * @return bool
	 */
	public function allowPasswordChange() {
177
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
178 179 180 181 182 183 184 185 186 187 188 189 190 191 192
	}

	/**
	 * Set the given password in the authentication database.
	 * As a special case, the password may be set to null to request
	 * locking the password to an unusable value, with the expectation
	 * that it will be set later through a mail reset or other method.
	 *
	 * Return true if successful.
	 *
	 * @param $user User object.
	 * @param $password String: password.
	 * @return bool
	 */
	public function setPassword( $user, $password ) {
193
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
194 195 196 197 198 199 200 201 202 203
	}

	/**
	 * Update user information in the external authentication database.
	 * Return true if successful.
	 *
	 * @param $user User object.
	 * @return bool
	 */
	public function updateExternalDB( $user ) {
204
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226
	}

	/**
	 * Check to see if external accounts can be created.
	 * Return true if external accounts can be created.
	 * @return bool
	 */
	public function canCreateAccounts() {
		return false;
	}

	/**
	 * Add a user to the external authentication database.
	 * Return true if successful.
	 *
	 * @param User $user - only the name should be assumed valid at this point
	 * @param string $password
	 * @param string $email
	 * @param string $realname
	 * @return bool
	 */
	public function addUser( $user, $password, $email='', $realname='' ) {
227
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
228 229 230 231 232 233 234 235 236 237 238 239
	}


	/**
	 * Return true to prevent logins that don't authenticate here from being
	 * checked against the local database's password fields.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 */
	public function strict() {
240
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
241 242 243 244 245 246 247 248 249 250
	}

	/**
	 * Check if a user should authenticate locally if the global authentication fails.
	 * If either this or strict() returns true, local authentication is not used.
	 *
	 * @param $username String: username.
	 * @return bool
	 */
	public function strictUserAuth( $username ) {
251
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
252 253 254 255 256 257 258 259 260 261 262 263 264 265
	}

	/**
	 * When creating a user account, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param $user User object.
	 * @param $autocreate bool True if user is being autocreated on login
	 */
	public function initUser( &$user, $autocreate=false ) {
266
        return $this->updateUser($user);
Brett Wilkins's avatar
Brett Wilkins committed
267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285
	}

	/**
	 * If you want to munge the case of an account name before the final
	 * check, now is your chance.
	 */
	public function getCanonicalName( $username ) {
		return $username;
	}
	
	/**
	 * Get an instance of a User object
	 *
	 * @param $user User
	 * @public
	 */
	public function getUserInstance( User &$user ) {
		return new AuthPluginUser( $user );
	}
286 287 288 289 290 291 292 293 294 295 296 297 298 299

	private function getDatabase() {
		if (empty($this->dbtype)) {
			return false;
		}
		switch ($this->dbtype) {
			case 'mysql':
				return new DatabaseMysql($this->host,$this->dbuser,$this->dbpass,$this->dbname);
			case 'postgres':
			default:
				return new DatabasePostgres($this->host,$this->dbuser,$this->dbpass,$this->dbname);
		}
		return false;
	}
Brett Wilkins's avatar
Brett Wilkins committed
300
}