From 2046a6546c8ed62b9a7b33305b6201458f2f8291 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 12 Mar 2014 15:38:28 +0000 Subject: Allow user info to be retrieved without groups Some parts of dokuwiki (e.g. recent changes, old revisions) can requests lots of user info (to provide editor names) without requiring any group information. This change also implements caching of user info by authmysql & authpgsql plugins to avoid repeated querying of the DB to retrieve the same user information. --- lib/plugins/authplain/auth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/plugins/authplain') diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index 8c4ce0dd9..16ecaa147 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -76,9 +76,10 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { * * @author Andreas Gohr * @param string $user + * @param bool $requireGroups (optional) ignored by this plugin, grps info always supplied * @return array|bool */ - public function getUserData($user) { + public function getUserData($user, $requireGroups=true) { if($this->users === null) $this->_loadUserData(); return isset($this->users[$user]) ? $this->users[$user] : false; } -- cgit v1.2.3 From f95ecbbf8b1de8bc1270d3cf91dfdf055ea5c78c Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Tue, 1 Jul 2014 08:35:07 +1000 Subject: authplain: Escape ':' in any data field as '\:' ':' is the field delimiter in the authplain flat text conf/users.auth.php file, but it's also used as an internal delimiter for the 'mediawiki' password hash format. Currently using this hash format corrupts the file This change escapes ':' as '\:' in any field in the users.auth.php file, and any '\' as '\\'. Also adds test cases for escaping modes. --- lib/plugins/authplain/_test/escaping.test.php | 82 +++++++++++++++++++++++++++ lib/plugins/authplain/auth.php | 33 +++++++++-- 2 files changed, 110 insertions(+), 5 deletions(-) create mode 100644 lib/plugins/authplain/_test/escaping.test.php (limited to 'lib/plugins/authplain') diff --git a/lib/plugins/authplain/_test/escaping.test.php b/lib/plugins/authplain/_test/escaping.test.php new file mode 100644 index 000000000..cd5294157 --- /dev/null +++ b/lib/plugins/authplain/_test/escaping.test.php @@ -0,0 +1,82 @@ +auth = new auth_plugin_authplain(); + } + + function setUp() { + global $config_cascade; + parent::setUp(); + $name = $config_cascade['plainauth.users']['default']; + copy($name, $name.".orig"); + $this->reloadUsers(); + } + + function tearDown() { + global $config_cascade; + parent::tearDown(); + $name = $config_cascade['plainauth.users']['default']; + copy($name.".orig", $name); + } + + public function testMediawikiPasswordHash() { + global $conf; + $conf['passcrypt'] = 'mediawiki'; + $this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com"); + $this->reloadUsers(); + $this->assertTrue($this->auth->checkPass("mwuser", "12345")); + $mwuser = $this->auth->getUserData("mwuser"); + $this->assertStringStartsWith(":B:",$mwuser['pass']); + $this->assertEquals("Mediawiki User",$mwuser['name']); + } + + public function testNameWithColons() { + $name = ":Colon: User:"; + $this->auth->createUser("colonuser", "password", $name, "me@example.com"); + $this->reloadUsers(); + $user = $this->auth->getUserData("colonuser"); + $this->assertEquals($name,$user['name']); + } + + public function testNameWithBackslashes() { + $name = "\\Slash\\ User\\"; + $this->auth->createUser("slashuser", "password", $name, "me@example.com"); + $this->reloadUsers(); + $user = $this->auth->getUserData("slashuser"); + $this->assertEquals($name,$user['name']); + } + + public function testModifyUser() { + global $conf; + $conf['passcrypt'] = 'mediawiki'; + $user = $this->auth->getUserData("testuser"); + $user['name'] = "\\New:Crazy:Name\\"; + $user['pass'] = "awesome new password"; + $this->auth->modifyUser("testuser", $user); + $this->reloadUsers(); + + $saved = $this->auth->getUserData("testuser"); + $this->assertEquals($saved['name'], $user['name']); + $this->assertTrue($this->auth->checkPass("testuser", $user['pass'])); + } + +} + +?> \ No newline at end of file diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index 8c4ce0dd9..e53f56667 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -83,6 +83,27 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { return isset($this->users[$user]) ? $this->users[$user] : false; } + /** + * Creates a string suitable for saving as a line + * in the file database + * (delimiters escaped, etc.) + * + * @param string $user + * @param string $pass + * @param string $name + * @param string $mail + * @param array $grps list of groups the user is in + * @return string + */ + protected function _createUserLine($user, $pass, $name, $mail, $grps) { + $groups = join(',', $grps); + $userline = array($user, $pass, $name, $mail, $groups); + $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\ + $userline = str_replace(':', '\\:', $userline); // escape : as \: + $userline = join(':', $userline)."\n"; + return $userline; + } + /** * Create a new User * @@ -115,8 +136,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { if(!is_array($grps)) $grps = array($conf['defaultgroup']); // prepare user line - $groups = join(',', $grps); - $userline = join(':', array($user, $pass, $name, $mail, $groups))."\n"; + $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps); if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) { $this->users[$user] = compact('pass', 'name', 'mail', 'grps'); @@ -157,8 +177,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $userinfo[$field] = $value; } - $groups = join(',', $userinfo['grps']); - $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n"; + $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']); if(!$this->deleteUsers(array($user))) { msg('Unable to modify user data. Please inform the Wiki-Admin', -1); @@ -308,7 +327,11 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $line = trim($line); if(empty($line)) continue; - $row = explode(":", $line, 5); + /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */ + $row = preg_split('/(?users[$row[0]]['pass'] = $row[1]; -- cgit v1.2.3 From 75112fc56c5237220d4fe1b104317f62eda8a561 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Sat, 2 Aug 2014 12:19:38 +0100 Subject: updated dates in info.txt of various plugins and template --- lib/plugins/authplain/plugin.info.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins/authplain') diff --git a/lib/plugins/authplain/plugin.info.txt b/lib/plugins/authplain/plugin.info.txt index b63ee53e4..2659ac7ad 100644 --- a/lib/plugins/authplain/plugin.info.txt +++ b/lib/plugins/authplain/plugin.info.txt @@ -1,7 +1,7 @@ base authplain author Andreas Gohr email andi@splitbrain.org -date 2012-11-09 +date 2014-07-01 name Plain Auth Plugin desc Provides user authentication against DokuWiki's local password storage url http://www.dokuwiki.org/plugin:authplain -- cgit v1.2.3