Commit 8f072062 authored by Jonathan Harker's avatar Jonathan Harker

Tidy up, update docs, copyright, etc.

parent 602895f9
<?php
/**
* Mahara External Database Authentication
* Mahara External Database Authentication (MediaWiki Extension)
*
* This is an authentication plugin for MediaWiki which reads the user table
* in a Mahara database to authenticate MediaWiki logins.
* Requires a valid PDO DSN string, user and password for the database, and
* the Mahara site `passwordsaltmain` setting.
*
* © Copyright 2010-2016 Catalyst IT http://www.catalyst.net.nz
* © Copyright 2010-2016 Catalyst.Net Limited http://www.catalyst.net.nz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
......@@ -21,37 +21,45 @@
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
require_once "$IP/includes/AuthPlugin.php";
$wgExtensionCredits['other'][] = array(
'name' => 'Mahara Authentication Plugin',
'author' => 'Brett Wilkins',
'url' => 'http://gitorious.org/mahara-contrib/mediawiki-auth-mahara',
'description' => 'Authenticates against users in the Mahara database'
'author' => 'Catalyst.Net Limited',
'url' => 'https://git.mahara.org/scripts/mediawiki-auth-mahara',
'description' => 'Authenticates against users in a Mahara database.'
);
class MaharaAuthPlugin extends AuthPlugin {
/**
* Check whether there exists a user account with the given name.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param $username String: username.
* @return bool
*/
// Supplied PDO DSN.
var $pdo_dsn;
// Supplied database username.
var $dbuser;
// Supplied password for the database user.
var $dbpass;
// Supplied Mahara database table prefix, if required.
var $prefix;
// Supplied password salt used by the Mahara site.
var $passwordsaltmain;
// The database connection.
var $db;
/**
* Takes a Mahara database PDO DSN string, user and password, table prefix, and password salt.
* MediaWiki authentication plugin constructor.
*
* @param $dsn string The DSN for a PDO database connection object.
* @param $user string The database username.
* @param $password string The password for the database user.
* @param $prefix string The Mahara database table prefix.
* @param $passwordsaltmain The password salt used by the Mahara site.
*/
public function __construct($dsn, $user='', $password='', $prefix='', $passwordsaltmain='') {
$this->pdo_dsn = $dsn;
......@@ -59,8 +67,25 @@ class MaharaAuthPlugin extends AuthPlugin {
$this->dbpass = $password;
$this->prefix = $prefix;
$this->passwordsaltmain = $passwordsaltmain;
$this->db = $this->getDatabase();
}
/**
* Explicitly clobber the PDO object, which closes the database connection.
*/
public function __destruct() {
$this->db = null;
}
/**
* Check whether there exists a user account with the given name.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param $username String: username.
* @return bool
*/
public function userExists($username) {
// This will only work for the "internal" Mahara auth plugin, where the user's password is stored locally.
$sql = "SELECT u.username AS username
......@@ -74,13 +99,10 @@ class MaharaAuthPlugin extends AuthPlugin {
);
try {
$db = $this->getDatabase();
$query = $db->prepare($sql);
$query = $this->db->prepare($sql);
$query->execute($params);
$row = $query->fetchObject();
$db->close();
if (!empty($row)) {
$user = $query->fetchObject();
if (!empty($user)) {
return true;
}
return false;
......@@ -112,14 +134,12 @@ class MaharaAuthPlugin extends AuthPlugin {
);
try {
$db = $this->getDatabase();
$query = $db->prepare($sql);
$query = $this->db->prepare($sql);
$query->execute($params);
$row = $query->fetchObject();
$db->close();
$user = $query->fetchObject();
if (!empty($row)) {
return $this->_validate_password($password, $row->password, $row->salt);
if (!empty($user)) {
return $this->_validate_password($password, $user->password, $user->salt);
}
return false;
} catch (PDOException $e) {
......@@ -129,7 +149,9 @@ class MaharaAuthPlugin extends AuthPlugin {
/**
* Given a password that the user has sent, the password we have for them
* and the salt we have, see if the password they sent is correct.
* and the salt we have, see if the password they sent is correct. This
* function needs to be kept up to date with any changes made in the Mahara
* code, so that passwords can be compared correctly.
*
* @param string $theysent The password the user sent
* @param string $wehave The salted and hashed password we have in the database for them
......@@ -176,7 +198,9 @@ class MaharaAuthPlugin extends AuthPlugin {
}
/**
* Given a password and an optional salt, encrypt the given password.
* Given a password and an optional salt, encrypt the given password. This
* function needs to be kept up to date with any changes made in the Mahara
* code, so that passwords can be compared correctly.
*
* Passwords are stored in SHA1 form.
*
......@@ -259,16 +283,14 @@ class MaharaAuthPlugin extends AuthPlugin {
);
try {
$db = $this->getDatabase();
$query = $db->prepare($sql);
$query = $this->db->prepare($sql);
$query->execute($params);
$row = $query->fetchObject();
$db->close();
$mahara_user = $query->fetchObject();
$user->setOption('nickname',$row->username);
$user->setEmail($row->email);
$user->setRealName($row->firstname.' '.$row->lastname);
if ($row->admin == 1) {
$user->setOption('nickname', $mahara_user->username);
$user->setEmail($mahara_user->email);
$user->setRealName($mahara_user->firstname.' '.$mahara_user->lastname);
if ($mahara_user->admin == 1) {
$user->addGroup('sysop');
} else if (in_array('sysop', $user->getGroups())) {
$user->removeGroup('sysop');
......
Mediawiki authentication plugin for Mahara
==========================================
Mahara External Database Authentication (MediaWiki Extension)
=============================================================
An extension for MediaWiki that authenticates against users in a Mahara database.
......@@ -8,13 +8,26 @@ Installation
To install this plugin, follow these steps:
1. Copy this extension into the extensions directory
2. Add the following to your LocalSettings.php file:
1. Copy this extension directory into the MediaWiki `extensions` directory.
2. Add the following to your `LocalSettings.php` file:
```php
$wgAutoloadLocalClasses['MaharaAuthPlugin'] = 'extensions/MaharaAuth/MaharaAuthPlugin.php';
$wgAuth = new MaharaAuthPlugin('pdo_dsn', 'dbuser', 'dbpass', 'prefix', 'passwordsaltmain');
$wgAuth = new MaharaAuthPlugin($pdo_dsn, $dbuser, $dbpass, $prefix, $passwordsaltmain);
```
3. Replacing pdo_dsn, dbuser, dbpass, prefix, and passwordsaltmain with the respective values in
your setup.
3. Replacing $pdo_dsn, $dbuser, $dbpass, $prefix, and $passwordsaltmain with the respective values
that your Mahara site uses.
For information about PDO connection strings (DSN) see http://php.net/manual/en/book.pdo.php
Troubleshooting
---------------
1. Make sure your Mahara database connection settings are correct.
2. Are you are using the right password salt? It should be the same string as the
`$cfg->passwordsaltmain` setting, in the Mahara site `config.php` file.
3. It may be that the algorithm Mahara uses to encrypt and decrypt its stored passwords has
changed recently, in which case the code in this extension will need to be updated to
reflect the same changes. This manifests as failed logins, with "wrong password" messages.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment