-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.php
127 lines (99 loc) · 3.17 KB
/
auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
// must be run within Dokuwiki
if (!defined('DOKU_INC')) die();
class auth_plugin_oauthcvut extends auth_plugin_authplain
{
private $plugin_name = 'oauthcvut';
public function __construct()
{
parent::__construct();
$this->cando['external'] = true;
/** @var helper_plugin_oauthcvut $helper */
$helper = plugin_load('helper', $this->plugin_name);
if ($helper->get_var('logined'))
$this->cando['modPass'] = false;
$this->success = true;
}
function trustExternal($user, $pass, $sticky = false)
{
/** @var helper_plugin_oauthcvut $helper */
$helper = plugin_load('helper', $this->plugin_name);
global $ID, $USERINFO, $INPUT;
if ($helper->get_var('logined')) { //user logined
if ($helper->get_var('finish_id')) {
if (!$this->processUser($_SESSION[DOKU_COOKIE][$this->plugin_name]['info'])) { // TODO: Better variable reference
msg('Finishing login error!', -1);
return false;
}
$url = wl($helper->get_var('finish_id'));
$helper->unset_var('finish_id');
send_redirect($url);
}
if ($helper->get_var('expires') <= time() && !$INPUT->has($this->plugin_name . '_renew')) // access token expired
$helper->refresh_token();
$USERINFO = $helper->get_var('info');
$_SERVER['REMOTE_USER'] = $USERINFO['user'];
return true;
} else if ($helper->get_refresh_token() && !$INPUT->has($this->plugin_name . '_renew')) { //renew token
$url = wl($ID, array($this->plugin_name . '_renew' => true));
send_redirect($url);
}
return auth_login($user, $pass, $sticky); // normal login
}
function processUser(&$uinfo)
{
$user = $this->getUserData($uinfo['user']);
if ($user) {
$groups = array_unique(array_merge(array_filter($user['grps'], function ($var) {
return substr($var, 0, 7) !== $this->getConf('group-prefix');
}), $uinfo['grps']));
if ($groups != $user['grps'])
$this->modifyUser($uinfo['user'], array('grps' => $groups));
$uinfo['name'] = $user['name'];
$uinfo['mail'] = $user['mail'];
return true;
}
if (!$this->addUser($uinfo)) {
msg('something went wrong creating your user account. please try again later.', -1);
return false;
}
return true;
}
protected function addUser(&$uinfo)
{
global $conf;
$user = $uinfo['user'];
$ok = $this->triggerUserMod(
'create',
array($user, auth_pwgen($user), $uinfo['name'], $uinfo['mail'], $uinfo['grps'],)
);
if (!$ok) {
return false;
}
return true;
}
public function modifyUser($user, $changes)
{
/** @var helper_plugin_oauthcvut $helper */
$helper = plugin_load('helper', $this->plugin_name);
global $ID, $USERINFO;
$own_session = session_status() === PHP_SESSION_NONE;
if ($own_session)
session_start();
$new_info = $helper->get_var('info');
if (isset($changes['mail']))
$new_info['mail'] = $changes['mail'];
if (isset($changes['name']))
$new_info['name'] = $changes['name'];
if (isset($changes['grps']))
$new_info['grps'] = $changes['grps'];
$helper->set_var('info', $new_info);
$USERINFO = $new_info;
$ok = parent::modifyUser($user, $changes);
if ($own_session) {
session_write_close();
send_redirect(wl($ID)); //reload to update username in website header
}
return $ok;
}
}