forked from mantisbt/dokuwiki-plugin-authmantis
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.php
179 lines (159 loc) · 5 KB
/
auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
<?php
/**
* DokuWiki / Mantis Authentication Plugin
*
* Allows single sign-on to DokuWiki, using external Trust mechanism to
* authenticate the user against MantisBT's user cookie.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* @copyright (c) 2006 Victor Boctor
* @copyright (c) 2007-2012 Victor Boctor, Tiago Gomes and various contributors
* @copyright (c) 2013, 2020 Damien Regad
* @license GPLv3 or later (https://www.gnu.org/licenses/gpl-3.0.html)
* @author Damien Regad
*/
// must be run within Dokuwiki
if( !defined( 'DOKU_INC' ) ) die();
/**
* Class auth_plugin_authmantis.
*
* Dokuwiki Single Sign-On with MantisBT.
*/
class auth_plugin_authmantis extends DokuWiki_Auth_Plugin {
/**
* Constructor.
*
* Sets additional capabilities and config strings
*/
function __construct() {
parent::__construct();
// MantisBT Core MUST be loaded - abort if it is not
// We can't load it in the plugin, due to conflicts with the
// declaration of utf8 compatibility functions.
if( !defined( 'MANTIS_VERSION' ) ) {
die( $this->getLang( 'mantis_core_missing' ) );
}
$this->cando['external'] = true;
$this->cando['logoff'] = true;
}
/**
* Authenticates the user using Mantis APIs.
* @param string $user Username
* @param string $pass Cleartext Password
* @param bool $sticky Cookie should not expire
* @return bool true on successful auth
*/
public function trustExternal( $user, $pass, $sticky = false ) {
global $USERINFO;
$ValidUser = false;
// Manage HTTP authentication with Negotiate protocol enabled
$user = auth_prepare_username( $user );
$pass = auth_prepare_password( $pass );
// This is necessary in all cases where Authorization HTTP header is always set
if( auth_is_user_authenticated() ) {
$user = '';
}
// Has a user name been provided?
if( !empty( $user ) ) {
// User name provided, so login via form in progress...
// Are the specified user name and password valid?
if( auth_attempt_login( $user, $pass, $sticky ) ) {
// Credential accepted...
$_SERVER['REMOTE_USER'] = $user; // Set the user name (makes things work...)
$ValidUser = true; // Report success.
}
else {
// Invalid credentials
global $lang;
msg( $lang['badlogin'], -1 );
}
}
else {
// No user name provided.
// Is a user already logged in?
if( auth_is_user_authenticated() ) {
// Yes, a user is logged in, so set the globals...
$t_user_id = auth_get_current_user_id();
$USERINFO = $this->_loadUserData( $t_user_id );
$_SERVER[ 'REMOTE_USER' ] = user_get_field( $t_user_id, 'username' );
$ValidUser = true;
}
}
// Is there a valid user login?
if( !$ValidUser ) {
// No, so make sure any existing authentication is revoked.
auth_logoff ( );
}
return $ValidUser;
}
/**
* Logout from Mantis
*/
public function logOff() {
auth_logout();
}
/**
* Return user info
*
* @param string $user username
* @param bool $requireGroups whether or not the returned data must include groups
* @return false|array containing user data or false
*/
public function getUserData($user, $requireGroups = true) {
return $this->_loadUserData( user_get_id_by_name( $user ) );
}
/**
* Retrieves user information from MantisBT
* @param int $p_user_id
* @return array|false if user does not exist
*/
protected function _loadUserData( $p_user_id ) {
if( !user_exists( $p_user_id ) ) {
return false;
}
// is it a media display or a page?
if( isset( $_REQUEST['media'] ) ) {
//media
$t_project_name = explode( ':', getNS( getID( "media", false ) ) );
}
else {
// normal page
$t_project_name = explode( ':', getNS( getID() ) );
}
if( array_key_exists( 1, $t_project_name ) ) {
$t_project_id = project_get_id_by_name( $t_project_name[1] );
$t_project_name = strtoupper( $t_project_name[1] );
}
else {
$t_project_id = ALL_PROJECTS;
}
$t_access_level_string = strtoupper(
MantisEnum::getLabel(
config_get( 'access_levels_enum_string' ),
access_get_project_level( $t_project_id, $p_user_id )
)
);
$t_access_levels = array( $t_access_level_string );
if( $t_project_id !== ALL_PROJECTS ) {
$t_access_levels[] = $t_project_name;
}
return array(
'name' => user_get_name( $p_user_id ),
'pass' => user_get_field( $p_user_id, 'password' ),
'mail' => user_get_field( $p_user_id, 'email' ),
'grps' => $t_access_levels,
);
}
}