diff options
| author | ghi <dokuwiki@imz.re> | 2015-02-17 11:08:15 +0100 |
|---|---|---|
| committer | ghi <dokuwiki@imz.re> | 2015-02-17 11:08:15 +0100 |
| commit | 7d0b7e5ed7aa0f9c56def8f6c9866aa4fc8315b8 (patch) | |
| tree | 08330b0a548a402caeb02ee7a185e745386ad45d /lib/plugins/authplain | |
| parent | d6dc28be40fb3202a3df69458db164e20999ac2b (diff) | |
| parent | f8803275a58a05b29e4029cc539a6f8c60ad2ea5 (diff) | |
| download | rpg-7d0b7e5ed7aa0f9c56def8f6c9866aa4fc8315b8.tar.gz rpg-7d0b7e5ed7aa0f9c56def8f6c9866aa4fc8315b8.tar.bz2 | |
Merge https://github.com/splitbrain/dokuwiki into html_showrev_output
Diffstat (limited to 'lib/plugins/authplain')
| -rw-r--r-- | lib/plugins/authplain/_test/escaping.test.php | 126 | ||||
| -rw-r--r-- | lib/plugins/authplain/auth.php | 72 | ||||
| -rw-r--r-- | lib/plugins/authplain/plugin.info.txt | 2 |
3 files changed, 191 insertions, 9 deletions
diff --git a/lib/plugins/authplain/_test/escaping.test.php b/lib/plugins/authplain/_test/escaping.test.php new file mode 100644 index 000000000..e1eade8d4 --- /dev/null +++ b/lib/plugins/authplain/_test/escaping.test.php @@ -0,0 +1,126 @@ +<?php + +/** + * These tests are designed to test the capacity of pluginauth to handle + * correct escaping of colon field delimiters and backslashes in user content. + * + * (Note that these tests set some Real Names, etc. that are may not be + * valid in the broader dokuwiki context, but the tests ensure that + * authplain won't get unexpectedly surprised.) + * + * @group plugin_authplain + * @group plugins + */ +class helper_plugin_authplain_escaping_test extends DokuWikiTest { + + protected $pluginsEnabled = array('authplainharness'); + /** @var auth_plugin_authplain|auth_plugin_authplainharness */ + protected $auth; + + protected function reloadUsers() { + /* auth caches data loaded from file, but recreated object forces reload */ + $this->auth = new auth_plugin_authplainharness(); + } + + function setUp() { + global $config_cascade; + parent::setUp(); + $name = $config_cascade['plainauth.users']['default']; + copy($name, $name.".orig"); + $this->reloadUsers(); + } + + function tearDown() { + global $config_cascade; + parent::tearDown(); + $name = $config_cascade['plainauth.users']['default']; + copy($name.".orig", $name); + } + + public function testMediawikiPasswordHash() { + global $conf; + $conf['passcrypt'] = 'mediawiki'; + $this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com"); + $this->reloadUsers(); + $this->assertTrue($this->auth->checkPass("mwuser", "12345")); + $mwuser = $this->auth->getUserData("mwuser"); + $this->assertStringStartsWith(":B:",$mwuser['pass']); + $this->assertEquals("Mediawiki User",$mwuser['name']); + } + + public function testNameWithColons() { + $name = ":Colon: User:"; + $this->auth->createUser("colonuser", "password", $name, "me@example.com"); + $this->reloadUsers(); + $user = $this->auth->getUserData("colonuser"); + $this->assertEquals($name,$user['name']); + } + + public function testNameWithBackslashes() { + $name = "\\Slash\\ User\\"; + $this->auth->createUser("slashuser", "password", $name, "me@example.com"); + $this->reloadUsers(); + $user = $this->auth->getUserData("slashuser"); + $this->assertEquals($name,$user['name']); + } + + public function testModifyUser() { + global $conf; + $conf['passcrypt'] = 'mediawiki'; + $user = $this->auth->getUserData("testuser"); + $user['name'] = "\\New:Crazy:Name\\"; + $user['pass'] = "awesome new password"; + $this->auth->modifyUser("testuser", $user); + $this->reloadUsers(); + + $saved = $this->auth->getUserData("testuser"); + $this->assertEquals($saved['name'], $user['name']); + $this->assertTrue($this->auth->checkPass("testuser", $user['pass'])); + } + + // really only required for developers to ensure this plugin will + // work with systems running on PCRE 6.6 and lower. + public function testLineSplit(){ + $this->auth->setPregsplit_safe(false); + + $names = array( + 'plain', + 'ut-fठ8', + 'colon:', + 'backslash\\', + 'alltogether\\ठ:' + ); + $userpass = 'user:password_hash:'; + $other_user_data = ':email@address:group1,group2'; + + foreach ($names as $testname) { + $escaped = str_replace(array('\\',':'),array('\\\\','\\:'),$testname); // escape : & \ + $test_line = $userpass.$escaped.$other_user_data; + $result = $this->auth->splitUserData($test_line); + + $this->assertEquals($escaped, $result[2]); + } + } + +} + +class auth_plugin_authplainharness extends auth_plugin_authplain { + + /** + * @param boolean $bool + */ + public function setPregsplit_safe($bool) { + $this->_pregsplit_safe = $bool; + } + + public function getPregsplit_safe(){ + return $this->_pregsplit_safe; + } + + /** + * @param string $line + */ + public function splitUserData($line){ + return $this->_splitUserData($line); + } +} diff --git a/lib/plugins/authplain/auth.php b/lib/plugins/authplain/auth.php index 8c4ce0dd9..b31c02fc8 100644 --- a/lib/plugins/authplain/auth.php +++ b/lib/plugins/authplain/auth.php @@ -17,6 +17,9 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { /** @var array filter pattern */ protected $_pattern = array(); + /** @var bool safe version of preg_split */ + protected $_pregsplit_safe = false; + /** * Constructor * @@ -44,6 +47,8 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $this->cando['getUsers'] = true; $this->cando['getUserCount'] = true; } + + $this->_pregsplit_safe = version_compare(PCRE_VERSION,'6.7','>='); } /** @@ -76,14 +81,36 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { * * @author Andreas Gohr <andi@splitbrain.org> * @param string $user - * @return array|bool + * @param bool $requireGroups (optional) ignored by this plugin, grps info always supplied + * @return array|false */ - public function getUserData($user) { + public function getUserData($user, $requireGroups=true) { if($this->users === null) $this->_loadUserData(); return isset($this->users[$user]) ? $this->users[$user] : false; } /** + * Creates a string suitable for saving as a line + * in the file database + * (delimiters escaped, etc.) + * + * @param string $user + * @param string $pass + * @param string $name + * @param string $mail + * @param array $grps list of groups the user is in + * @return string + */ + protected function _createUserLine($user, $pass, $name, $mail, $grps) { + $groups = join(',', $grps); + $userline = array($user, $pass, $name, $mail, $groups); + $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\ + $userline = str_replace(':', '\\:', $userline); // escape : as \: + $userline = join(':', $userline)."\n"; + return $userline; + } + + /** * Create a new User * * Returns false if the user already exists, null when an error @@ -115,8 +142,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { if(!is_array($grps)) $grps = array($conf['defaultgroup']); // prepare user line - $groups = join(',', $grps); - $userline = join(':', array($user, $pass, $name, $mail, $groups))."\n"; + $userline = $this->_createUserLine($user, $pass, $name, $mail, $grps); if(io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) { $this->users[$user] = compact('pass', 'name', 'mail', 'grps'); @@ -157,8 +183,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $userinfo[$field] = $value; } - $groups = join(',', $userinfo['grps']); - $userline = join(':', array($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $groups))."\n"; + $userline = $this->_createUserLine($newuser, $userinfo['pass'], $userinfo['name'], $userinfo['mail'], $userinfo['grps']); if(!$this->deleteUsers(array($user))) { msg('Unable to modify user data. Please inform the Wiki-Admin', -1); @@ -300,7 +325,7 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $this->users = array(); - if(!@file_exists($config_cascade['plainauth.users']['default'])) return; + if(!file_exists($config_cascade['plainauth.users']['default'])) return; $lines = file($config_cascade['plainauth.users']['default']); foreach($lines as $line) { @@ -308,7 +333,11 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { $line = trim($line); if(empty($line)) continue; - $row = explode(":", $line, 5); + /* NB: preg_split can be deprecated/replaced with str_getcsv once dokuwiki is min php 5.3 */ + $row = $this->_splitUserData($line); + $row = str_replace('\\:', ':', $row); + $row = str_replace('\\\\', '\\', $row); + $groups = array_values(array_filter(explode(",", $row[4]))); $this->users[$row[0]]['pass'] = $row[1]; @@ -318,6 +347,33 @@ class auth_plugin_authplain extends DokuWiki_Auth_Plugin { } } + protected function _splitUserData($line){ + // due to a bug in PCRE 6.6, preg_split will fail with the regex we use here + // refer github issues 877 & 885 + if ($this->_pregsplit_safe){ + return preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \: + } + + $row = array(); + $piece = ''; + $len = strlen($line); + for($i=0; $i<$len; $i++){ + if ($line[$i]=='\\'){ + $piece .= $line[$i]; + $i++; + if ($i>=$len) break; + } else if ($line[$i]==':'){ + $row[] = $piece; + $piece = ''; + continue; + } + $piece .= $line[$i]; + } + $row[] = $piece; + + return $row; + } + /** * return true if $user + $info match $filter criteria, false otherwise * diff --git a/lib/plugins/authplain/plugin.info.txt b/lib/plugins/authplain/plugin.info.txt index b63ee53e4..2659ac7ad 100644 --- a/lib/plugins/authplain/plugin.info.txt +++ b/lib/plugins/authplain/plugin.info.txt @@ -1,7 +1,7 @@ base authplain author Andreas Gohr email andi@splitbrain.org -date 2012-11-09 +date 2014-07-01 name Plain Auth Plugin desc Provides user authentication against DokuWiki's local password storage url http://www.dokuwiki.org/plugin:authplain |