MaharaAuthPlugin.php 8.8 KB
Newer Older
Brett Wilkins's avatar
Brett Wilkins committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
<?php
/**
 */
# Copyright (C) 2004 Brion Vibber <brion@pobox.com>
# http://www.mediawiki.org/
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# http://www.gnu.org/copyleft/gpl.html

/**
 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
 * and set $wgAuth to it to authenticate against some external tool.
 *
 * The default behavior is not to do anything, and use the local user
 * database for all authentication. A subclass can require that all
 * accounts authenticate externally, or use it only as a fallback; also
 * you can transparently create internal wiki accounts the first time
 * someone logs in who can be authenticated externally.
 */
32 33 34 35 36 37 38
$wgExtensionCredits['other'][] = array(
    'name' => 'Mahara Authentication Plugin',
    'author' => 'Brett Wilkins',
    'url' => 'http://gitorious.org/mahara-contrib/mediawiki-auth-mahara',
    'description' => 'Authenticates against users in the Mahara database'
    );

39
class MaharaAuthPlugin extends AuthPlugin {
Brett Wilkins's avatar
Brett Wilkins committed
40 41 42
	/**
	 * Check whether there exists a user account with the given name.
	 * The name will be normalized to MediaWiki's requirements, so
43
     * you might need to munge it (for instance, for lowercase initial
Brett Wilkins's avatar
Brett Wilkins committed
44 45 46 47 48 49
	 * letters).
	 *
	 * @param $username String: username.
	 * @return bool
	 */

50 51 52 53 54 55
	var $dbname;
	var $host;
	var $prefix;
	var $dbtype;
	var $dbuser;
	var $dbpass;
Brett Wilkins's avatar
Brett Wilkins committed
56

57
    public function __construct($dbname, $host='localhost',$dbtype='', $user='', $password='', $prefix='') {
Brett Wilkins's avatar
Brett Wilkins committed
58 59 60
        $this->dbname = $dbname;
        $this->host = $host;
        $this->prefix = $prefix;
61
	    $this->dbtype = $dbtype;
Brett Wilkins's avatar
Brett Wilkins committed
62 63 64 65 66
        $this->dbuser = $user;
        $this->dbpass = $password;
    }

	public function userExists( $username ) {
67 68
	$username = strtolower($username);
        $db = $this->getDatabase();
69
	$sql = "SELECT username FROM ".$this->prefix."usr where LOWER(username) = '".$username."'";
Brett Wilkins's avatar
Brett Wilkins committed
70
        $res = $db->query($sql);
71
        $val = $db->fetchObject($res);
Brett Wilkins's avatar
Brett Wilkins committed
72
        $db->close();
73
        if (!empty($val)) {
Brett Wilkins's avatar
Brett Wilkins committed
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
            return true;
        }
		return false;
	}

	/**
	 * Check if a username+password pair is a valid login.
	 * The name will be normalized to MediaWiki's requirements, so
	 * you might need to munge it (for instance, for lowercase initial
	 * letters).
	 *
	 * @param $username String: username.
	 * @param $password String: user password.
	 * @return bool
	 */
	public function authenticate( $username, $password ) {
90 91
	$username = strtolower($username);
        $db = $this->getDatabase();
92
	$sql = "SELECT username, password, salt FROM ".$this->prefix."usr where LOWER(username) = '".$username."'";
93
        $res = $db->query($sql);
94
        $val = $db->fetchObject($res);
95
        $db->close();
96
        if (!empty($val)) {
97 98 99 100 101
            $passcheck = sha1($val->salt . $password);
            if ($passcheck == $val->password) {
                return true;
            }
        }
Brett Wilkins's avatar
Brett Wilkins committed
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145
		return false;
	}

	/**
	 * Modify options in the login template.
	 *
	 * @param $template UserLoginTemplate object.
	 */
	public function modifyUITemplate( &$template ) {
		# Override this!
		$template->set( 'usedomain', false );
	}

	/**
	 * Set the domain this plugin is supposed to use when authenticating.
	 *
	 * @param $domain String: authentication domain.
	 */
	public function setDomain( $domain ) {
		$this->domain = $domain;
	}

	/**
	 * Check to see if the specific domain is a valid domain.
	 *
	 * @param $domain String: authentication domain.
	 * @return bool
	 */
	public function validDomain( $domain ) {
		# Override this!
		return true;
	}

	/**
	 * When a user logs in, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param User $user
	 */
	public function updateUser( &$user ) {
146
        
147
        $db = $this->getDatabase();
148
	    $sql = "SELECT * FROM ".$this->prefix."usr where LOWER(username) = LOWER('".$user->username."')";
149 150 151 152
        $res = $db->query($sql);
        $val = $db->fetchRow($res);
        $db->close();
		$user->setOption('nickname',$val->username);
153 154
		$user->setEmail($val->email);
		$user->setRealName($val->firstname.' '.$val->lastname);
Brett Wilkins's avatar
Brett Wilkins committed
155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172
		return true;
	}


	/**
	 * Return true if the wiki should create a new local account automatically
	 * when asked to login a user who doesn't exist locally but does in the
	 * external auth database.
	 *
	 * If you don't automatically create accounts, you must still create
	 * accounts in some way. It's not possible to authenticate without
	 * a local account.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 */
	public function autoCreate() {
173
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
174 175 176 177 178 179 180 181
	}

	/**
	 * Can users change their passwords?
	 *
	 * @return bool
	 */
	public function allowPasswordChange() {
182
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197
	}

	/**
	 * Set the given password in the authentication database.
	 * As a special case, the password may be set to null to request
	 * locking the password to an unusable value, with the expectation
	 * that it will be set later through a mail reset or other method.
	 *
	 * Return true if successful.
	 *
	 * @param $user User object.
	 * @param $password String: password.
	 * @return bool
	 */
	public function setPassword( $user, $password ) {
198
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
199 200 201 202 203 204 205 206 207 208
	}

	/**
	 * Update user information in the external authentication database.
	 * Return true if successful.
	 *
	 * @param $user User object.
	 * @return bool
	 */
	public function updateExternalDB( $user ) {
209
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
	}

	/**
	 * Check to see if external accounts can be created.
	 * Return true if external accounts can be created.
	 * @return bool
	 */
	public function canCreateAccounts() {
		return false;
	}

	/**
	 * Add a user to the external authentication database.
	 * Return true if successful.
	 *
	 * @param User $user - only the name should be assumed valid at this point
	 * @param string $password
	 * @param string $email
	 * @param string $realname
	 * @return bool
	 */
	public function addUser( $user, $password, $email='', $realname='' ) {
232
		return false;
Brett Wilkins's avatar
Brett Wilkins committed
233 234 235 236 237 238 239 240 241 242 243 244
	}


	/**
	 * Return true to prevent logins that don't authenticate here from being
	 * checked against the local database's password fields.
	 *
	 * This is just a question, and shouldn't perform any actions.
	 *
	 * @return bool
	 */
	public function strict() {
245
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
246 247 248 249 250 251 252 253 254 255
	}

	/**
	 * Check if a user should authenticate locally if the global authentication fails.
	 * If either this or strict() returns true, local authentication is not used.
	 *
	 * @param $username String: username.
	 * @return bool
	 */
	public function strictUserAuth( $username ) {
256
		return true;
Brett Wilkins's avatar
Brett Wilkins committed
257 258 259 260 261 262 263 264 265 266 267 268 269 270
	}

	/**
	 * When creating a user account, optionally fill in preferences and such.
	 * For instance, you might pull the email address or real name from the
	 * external user database.
	 *
	 * The User object is passed by reference so it can be modified; don't
	 * forget the & on your function declaration.
	 *
	 * @param $user User object.
	 * @param $autocreate bool True if user is being autocreated on login
	 */
	public function initUser( &$user, $autocreate=false ) {
271
        $username = strtolower($username);
272
        $db = $this->getDatabase();
273
	    $sql = "SELECT * FROM ".$this->prefix."usr where LOWER(username) = '".$username."'";
274 275 276 277 278 279
        $res = $db->query($sql);
        $val = $db->fetchRow($res);
        $db->close();
		$user->setOption('nickname',$val->username);
		$user->setEmail($this->email);
		$user->setRealName($this->firstname.' '.$this->lastname);
Brett Wilkins's avatar
Brett Wilkins committed
280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298
	}

	/**
	 * If you want to munge the case of an account name before the final
	 * check, now is your chance.
	 */
	public function getCanonicalName( $username ) {
		return $username;
	}
	
	/**
	 * Get an instance of a User object
	 *
	 * @param $user User
	 * @public
	 */
	public function getUserInstance( User &$user ) {
		return new AuthPluginUser( $user );
	}
299 300 301 302 303 304 305 306 307 308 309 310 311 312

	private function getDatabase() {
		if (empty($this->dbtype)) {
			return false;
		}
		switch ($this->dbtype) {
			case 'mysql':
				return new DatabaseMysql($this->host,$this->dbuser,$this->dbpass,$this->dbname);
			case 'postgres':
			default:
				return new DatabasePostgres($this->host,$this->dbuser,$this->dbpass,$this->dbname);
		}
		return false;
	}
Brett Wilkins's avatar
Brett Wilkins committed
313
}