diff options
| author | Christopher Smith <chris@jalakai.co.uk> | 2013-07-30 10:50:52 +0200 |
|---|---|---|
| committer | Christopher Smith <chris@jalakai.co.uk> | 2013-07-30 10:50:52 +0200 |
| commit | af07997c5ff7cc096965159d90158e3710d2d019 (patch) | |
| tree | defaf770e77a679436eb56291185905b547640d0 /lib/plugins/authad/auth.php | |
| parent | bdac741579f8c6f00248d5d3ec635d4c2e08fb1e (diff) | |
| parent | 7d8a6abbb21979fd77dca10275ebb8e01a04b6e4 (diff) | |
| download | rpg-af07997c5ff7cc096965159d90158e3710d2d019.tar.gz rpg-af07997c5ff7cc096965159d90158e3710d2d019.tar.bz2 | |
Merge branch 'master' into configmgr_improvements
Conflicts:
inc/auth.php
inc/template.php
lib/plugins/authad/lang/zh/settings.php
lib/plugins/authldap/lang/en/settings.php
lib/plugins/authldap/lang/zh/settings.php
lib/plugins/authmysql/lang/zh/settings.php
lib/plugins/config/settings/config.class.php
lib/plugins/usermanager/admin.php
Diffstat (limited to 'lib/plugins/authad/auth.php')
| -rw-r--r-- | lib/plugins/authad/auth.php | 63 |
1 files changed, 44 insertions, 19 deletions
diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index 6c49eafbb..fcbd2eeef 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -21,8 +21,8 @@ require_once(DOKU_PLUGIN.'authad/adLDAP/adLDAP.php'); * * //optional: * $conf['plugin']['authad']['sso'] = 1; - * $conf['plugin']['authad']['ad_username'] = 'root'; - * $conf['plugin']['authad']['ad_password'] = 'pass'; + * $conf['plugin']['authad']['admin_username'] = 'root'; + * $conf['plugin']['authad']['admin_password'] = 'pass'; * $conf['plugin']['authad']['real_primarygroup'] = 1; * $conf['plugin']['authad']['use_ssl'] = 1; * $conf['plugin']['authad']['use_tls'] = 1; @@ -111,6 +111,19 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { } /** + * Load domain config on capability check + * + * @param string $cap + * @return bool + */ + public function canDo($cap) { + //capabilities depend on config, which may change depending on domain + $domain = $this->_userDomain($_SERVER['REMOTE_USER']); + $this->_loadServerConfig($domain); + return parent::canDo($cap); + } + + /** * Check user+password [required auth function] * * Checks if the given user exists and the given @@ -172,6 +185,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { // add additional fields to read $fields = array_merge($fields, $this->conf['additional']); $fields = array_unique($fields); + $fields = array_filter($fields); //get info for given user $result = $adldap->user()->info($this->_userName($user), $fields); @@ -218,22 +232,24 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { // check expiry time if($info['expires'] && $this->conf['expirywarn']){ - $timeleft = $adldap->user()->passwordExpiry($user); // returns unixtime - $timeleft = round($timeleft/(24*60*60)); - $info['expiresin'] = $timeleft; - - // if this is the current user, warn him (once per request only) - if(($_SERVER['REMOTE_USER'] == $user) && - ($timeleft <= $this->conf['expirywarn']) && - !$this->msgshown - ) { - $msg = sprintf($lang['authpwdexpire'], $timeleft); - if($this->canDo('modPass')) { - $url = wl($ID, array('do'=> 'profile')); - $msg .= ' <a href="'.$url.'">'.$lang['btn_profile'].'</a>'; + $expiry = $adldap->user()->passwordExpiry($user); + if(is_array($expiry)){ + $info['expiresat'] = $expiry['expiryts']; + $info['expiresin'] = round(($info['expiresat'] - time())/(24*60*60)); + + // if this is the current user, warn him (once per request only) + if(($_SERVER['REMOTE_USER'] == $user) && + ($info['expiresin'] <= $this->conf['expirywarn']) && + !$this->msgshown + ) { + $msg = sprintf($lang['authpwdexpire'], $info['expiresin']); + if($this->canDo('modPass')) { + $url = wl($ID, array('do'=> 'profile')); + $msg .= ' <a href="'.$url.'">'.$lang['btn_profile'].'</a>'; + } + msg($msg); + $this->msgshown = true; } - msg($msg); - $this->msgshown = true; } } @@ -462,6 +478,10 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { $opts['domain_controllers'] = array_map('trim', $opts['domain_controllers']); $opts['domain_controllers'] = array_filter($opts['domain_controllers']); + // compatibility with old option name + if(empty($opts['admin_username']) && !empty($opts['ad_username'])) $opts['admin_username'] = $opts['ad_username']; + if(empty($opts['admin_password']) && !empty($opts['ad_password'])) $opts['admin_password'] = $opts['ad_password']; + // we can change the password if SSL is set if($opts['use_ssl'] || $opts['use_tls']) { $this->cando['modPass'] = true; @@ -469,10 +489,15 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { $this->cando['modPass'] = false; } - if(isset($opts['ad_username']) && isset($opts['ad_password'])) { + // adLDAP expects empty user/pass as NULL, we're less strict FS#2781 + if(empty($opts['admin_username'])) $opts['admin_username'] = null; + if(empty($opts['admin_password'])) $opts['admin_password'] = null; + + // user listing needs admin priviledges + if(!empty($opts['admin_username']) && !empty($opts['admin_password'])) { $this->cando['getUsers'] = true; } else { - $this->cando['getUsers'] = true; + $this->cando['getUsers'] = false; } return $opts; |