From 4ae475af3d062ad634677a93371703eadbfdf256 Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Tue, 3 Jan 2012 02:45:43 +0100 Subject: Added prototype for Auth-Plugins --- lib/plugins/auth.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 lib/plugins/auth.php (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php new file mode 100644 index 000000000..3ec64018c --- /dev/null +++ b/lib/plugins/auth.php @@ -0,0 +1,25 @@ + + */ +// must be run within Dokuwiki +if(!defined('DOKU_INC')) die(); + +/** + * All plugins that provide Authentication should inherit from this class and implement + * the getAuth() method to make its Auth-System available. + * + * @author Jan Schumann + */ +class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { + + /** + * Retrieves the authentication system + */ + function getAuth() { + trigger_error('getAuth() not implemented in '.get_class($this), E_USER_WARNING); + } +} -- cgit v1.2.3 From f4476bd9b5badd36cd0617d76538e47d9649986b Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Mon, 20 Feb 2012 19:51:26 +0100 Subject: Refactored auth system: All auth methods are now introduced as plugins. --- lib/plugins/auth.php | 420 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 412 insertions(+), 8 deletions(-) (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php index 3ec64018c..59631143f 100644 --- a/lib/plugins/auth.php +++ b/lib/plugins/auth.php @@ -9,17 +9,421 @@ if(!defined('DOKU_INC')) die(); /** - * All plugins that provide Authentication should inherit from this class and implement - * the getAuth() method to make its Auth-System available. + * auth/basic.class.php * - * @author Jan Schumann + * foundation authorisation class + * all auth classes should inherit from this class + * + * @author Chris Smith + * @author Jan Schumann */ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { - /** - * Retrieves the authentication system - */ - function getAuth() { - trigger_error('getAuth() not implemented in '.get_class($this), E_USER_WARNING); + var $success = true; + + + /** + * Posible things an auth backend module may be able to + * do. The things a backend can do need to be set to true + * in the constructor. + */ + var $cando = array ( + 'addUser' => false, // can Users be created? + 'delUser' => false, // can Users be deleted? + 'modLogin' => false, // can login names be changed? + 'modPass' => false, // can passwords be changed? + 'modName' => false, // can real names be changed? + 'modMail' => false, // can emails be changed? + 'modGroups' => false, // can groups be changed? + 'getUsers' => false, // can a (filtered) list of users be retrieved? + 'getUserCount'=> false, // can the number of users be retrieved? + 'getGroups' => false, // can a list of available groups be retrieved? + 'external' => false, // does the module do external auth checking? + 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) + ); + + + /** + * Constructor. + * + * Carry out sanity checks to ensure the object is + * able to operate. Set capabilities in $this->cando + * array here + * + * Set $this->success to false if checks fail + * + * @author Christopher Smith + */ + function auth_basic() { + // the base class constructor does nothing, derived class + // constructors do the real work + } + + /** + * Capability check. [ DO NOT OVERRIDE ] + * + * Checks the capabilities set in the $this->cando array and + * some pseudo capabilities (shortcutting access to multiple + * ones) + * + * ususal capabilities start with lowercase letter + * shortcut capabilities start with uppercase letter + * + * @author Andreas Gohr + * @return bool + */ + function canDo($cap) { + switch($cap){ + case 'Profile': + // can at least one of the user's properties be changed? + return ( $this->cando['modPass'] || + $this->cando['modName'] || + $this->cando['modMail'] ); + break; + case 'UserMod': + // can at least anything be changed? + return ( $this->cando['modPass'] || + $this->cando['modName'] || + $this->cando['modMail'] || + $this->cando['modLogin'] || + $this->cando['modGroups'] || + $this->cando['modMail'] ); + break; + default: + // print a helping message for developers + if(!isset($this->cando[$cap])){ + msg("Check for unknown capability '$cap' - Do you use an outdated Plugin?",-1); + } + return $this->cando[$cap]; + } + } + + /** + * Trigger the AUTH_USERDATA_CHANGE event and call the modification function. [ DO NOT OVERRIDE ] + * + * You should use this function instead of calling createUser, modifyUser or + * deleteUsers directly. The event handlers can prevent the modification, for + * example for enforcing a user name schema. + * + * @author Gabriel Birke + * @param string $type Modification type ('create', 'modify', 'delete') + * @param array $params Parameters for the createUser, modifyUser or deleteUsers method. The content of this array depends on the modification type + * @return mixed Result from the modification function or false if an event handler has canceled the action + */ + function triggerUserMod($type, $params) + { + $validTypes = array( + 'create' => 'createUser', + 'modify' => 'modifyUser', + 'delete' => 'deleteUsers' + ); + if(empty($validTypes[$type])) + return false; + $eventdata = array('type' => $type, 'params' => $params, 'modification_result' => null); + $evt = new Doku_Event('AUTH_USER_CHANGE', $eventdata); + if ($evt->advise_before(true)) { + $result = call_user_func_array(array($this, $validTypes[$type]), $params); + $evt->data['modification_result'] = $result; } + $evt->advise_after(); + unset($evt); + return $result; + } + + /** + * Log off the current user [ OPTIONAL ] + * + * Is run in addition to the ususal logoff method. Should + * only be needed when trustExternal is implemented. + * + * @see auth_logoff() + * @author Andreas Gohr + */ + function logOff(){ + } + + /** + * Do all authentication [ OPTIONAL ] + * + * Set $this->cando['external'] = true when implemented + * + * If this function is implemented it will be used to + * authenticate a user - all other DokuWiki internals + * will not be used for authenticating, thus + * implementing the checkPass() function is not needed + * anymore. + * + * The function can be used to authenticate against third + * party cookies or Apache auth mechanisms and replaces + * the auth_login() function + * + * The function will be called with or without a set + * username. If the Username is given it was called + * from the login form and the given credentials might + * need to be checked. If no username was given it + * the function needs to check if the user is logged in + * by other means (cookie, environment). + * + * The function needs to set some globals needed by + * DokuWiki like auth_login() does. + * + * @see auth_login() + * @author Andreas Gohr + * + * @param string $user Username + * @param string $pass Cleartext Password + * @param bool $sticky Cookie should not expire + * @return bool true on successful auth + */ + function trustExternal($user,$pass,$sticky=false){ +# // some example: +# +# global $USERINFO; +# global $conf; +# $sticky ? $sticky = true : $sticky = false; //sanity check +# +# // do the checking here +# +# // set the globals if authed +# $USERINFO['name'] = 'FIXME'; +# $USERINFO['mail'] = 'FIXME'; +# $USERINFO['grps'] = array('FIXME'); +# $_SERVER['REMOTE_USER'] = $user; +# $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; +# $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; +# $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; +# return true; + } + + /** + * Check user+password [ MUST BE OVERRIDDEN ] + * + * Checks if the given user exists and the given + * plaintext password is correct + * + * May be ommited if trustExternal is used. + * + * @author Andreas Gohr + * @return bool + */ + function checkPass($user,$pass){ + msg("no valid authorisation system in use", -1); + return false; + } + + /** + * Return user info [ MUST BE OVERRIDDEN ] + * + * Returns info about the given user needs to contain + * at least these fields: + * + * name string full name of the user + * mail string email addres of the user + * grps array list of groups the user is in + * + * @author Andreas Gohr + * @return array containing user data or false + */ + function getUserData($user) { + if(!$this->cando['external']) msg("no valid authorisation system in use", -1); + return false; + } + + /** + * Create a new User [implement only where required/possible] + * + * Returns false if the user already exists, null when an error + * occurred and true if everything went well. + * + * The new user HAS TO be added to the default group by this + * function! + * + * Set addUser capability when implemented + * + * @author Andreas Gohr + */ + function createUser($user,$pass,$name,$mail,$grps=null){ + msg("authorisation method does not allow creation of new users", -1); + return null; + } + + /** + * Modify user data [implement only where required/possible] + * + * Set the mod* capabilities according to the implemented features + * + * @author Chris Smith + * @param $user nick of the user to be changed + * @param $changes array of field/value pairs to be changed (password will be clear text) + * @return bool + */ + function modifyUser($user, $changes) { + msg("authorisation method does not allow modifying of user data", -1); + return false; + } + + /** + * Delete one or more users [implement only where required/possible] + * + * Set delUser capability when implemented + * + * @author Chris Smith + * @param array $users + * @return int number of users deleted + */ + function deleteUsers($users) { + msg("authorisation method does not allow deleting of users", -1); + return false; + } + + /** + * Return a count of the number of user which meet $filter criteria + * [should be implemented whenever retrieveUsers is implemented] + * + * Set getUserCount capability when implemented + * + * @author Chris Smith + */ + function getUserCount($filter=array()) { + msg("authorisation method does not provide user counts", -1); + return 0; + } + + /** + * Bulk retrieval of user data [implement only where required/possible] + * + * Set getUsers capability when implemented + * + * @author Chris Smith + * @param start index of first user to be returned + * @param limit max number of users to be returned + * @param filter array of field/pattern pairs, null for no filter + * @return array of userinfo (refer getUserData for internal userinfo details) + */ + function retrieveUsers($start=0,$limit=-1,$filter=null) { + msg("authorisation method does not support mass retrieval of user data", -1); + return array(); + } + + /** + * Define a group [implement only where required/possible] + * + * Set addGroup capability when implemented + * + * @author Chris Smith + * @return bool + */ + function addGroup($group) { + msg("authorisation method does not support independent group creation", -1); + return false; + } + + /** + * Retrieve groups [implement only where required/possible] + * + * Set getGroups capability when implemented + * + * @author Chris Smith + * @return array + */ + function retrieveGroups($start=0,$limit=0) { + msg("authorisation method does not support group list retrieval", -1); + return array(); + } + + /** + * Return case sensitivity of the backend [OPTIONAL] + * + * When your backend is caseinsensitive (eg. you can login with USER and + * user) then you need to overwrite this method and return false + */ + function isCaseSensitive(){ + return true; + } + + /** + * Sanitize a given username [OPTIONAL] + * + * This function is applied to any user name that is given to + * the backend and should also be applied to any user name within + * the backend before returning it somewhere. + * + * This should be used to enforce username restrictions. + * + * @author Andreas Gohr + * @param string $user - username + * @param string - the cleaned username + */ + function cleanUser($user){ + return $user; + } + + /** + * Sanitize a given groupname [OPTIONAL] + * + * This function is applied to any groupname that is given to + * the backend and should also be applied to any groupname within + * the backend before returning it somewhere. + * + * This should be used to enforce groupname restrictions. + * + * Groupnames are to be passed without a leading '@' here. + * + * @author Andreas Gohr + * @param string $group - groupname + * @param string - the cleaned groupname + */ + function cleanGroup($group){ + return $group; + } + + + /** + * Check Session Cache validity [implement only where required/possible] + * + * DokuWiki caches user info in the user's session for the timespan defined + * in $conf['auth_security_timeout']. + * + * This makes sure slow authentication backends do not slow down DokuWiki. + * This also means that changes to the user database will not be reflected + * on currently logged in users. + * + * To accommodate for this, the user manager plugin will touch a reference + * file whenever a change is submitted. This function compares the filetime + * of this reference file with the time stored in the session. + * + * This reference file mechanism does not reflect changes done directly in + * the backend's database through other means than the user manager plugin. + * + * Fast backends might want to return always false, to force rechecks on + * each page load. Others might want to use their own checking here. If + * unsure, do not override. + * + * @param string $user - The username + * @author Andreas Gohr + * @return bool + */ + function useSessionCache($user){ + global $conf; + return ($_SESSION[DOKU_COOKIE]['auth']['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')); + } + + + /** + * loadConfig() + * merges the plugin's default settings with any local settings + * this function is automatically called through getConf() + */ + function loadConfig(){ + global $conf; + + parent::loadConfig(); + + $this->conf['debug'] = $conf['debug']; + $this->conf['useacl'] = $conf['useacl']; + $this->conf['disableactions'] = $conf['disableactions']; + $this->conf['autopasswd'] = $conf['autopasswd']; + $this->conf['passcrypt'] = $conf['ssha']; + } + } -- cgit v1.2.3 From 94c0297d119ce52ad794c18f26220311e3c0ed8c Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 6 Oct 2012 11:31:26 +0200 Subject: completed plugin.info.txt files --- lib/plugins/auth.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php index 637435252..39d63d8a1 100644 --- a/lib/plugins/auth.php +++ b/lib/plugins/auth.php @@ -1,4 +1,7 @@ * @author Jan Schumann - */ -// must be run within Dokuwiki -if(!defined('DOKU_INC')) die(); - class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { var $success = true; -- cgit v1.2.3 From ecd445c000e4e54bf7228890848222312cffd3e3 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 7 Oct 2012 09:43:34 +0200 Subject: PHP5ized the auth plugin base --- lib/plugins/auth.php | 146 ++++++++++++++++++++++++++++----------------------- 1 file changed, 80 insertions(+), 66 deletions(-) (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php index 39d63d8a1..4c3c585cf 100644 --- a/lib/plugins/auth.php +++ b/lib/plugins/auth.php @@ -13,14 +13,14 @@ if(!defined('DOKU_INC')) die(); * @author Jan Schumann */ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { - var $success = true; + public $success = true; /** - * Posible things an auth backend module may be able to + * Possible things an auth backend module may be able to * do. The things a backend can do need to be set to true * in the constructor. */ - var $cando = array ( + protected $cando = array( 'addUser' => false, // can Users be created? 'delUser' => false, // can Users be deleted? 'modLogin' => false, // can login names be changed? @@ -32,7 +32,7 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { 'getUserCount'=> false, // can the number of users be retrieved? 'getGroups' => false, // can a list of available groups be retrieved? 'external' => false, // does the module do external auth checking? - 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) + 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) ); /** @@ -46,7 +46,7 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * * @author Christopher Smith */ - function __construct() { + public function __construct() { // the base class constructor does nothing, derived class // constructors do the real work } @@ -62,29 +62,30 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * shortcut capabilities start with uppercase letter * * @author Andreas Gohr + * @param string $cap the capability to check * @return bool */ - function canDo($cap) { - switch($cap){ + public function canDo($cap) { + switch($cap) { case 'Profile': // can at least one of the user's properties be changed? - return ( $this->cando['modPass'] || - $this->cando['modName'] || - $this->cando['modMail'] ); + return ($this->cando['modPass'] || + $this->cando['modName'] || + $this->cando['modMail']); break; case 'UserMod': // can at least anything be changed? - return ( $this->cando['modPass'] || - $this->cando['modName'] || - $this->cando['modMail'] || - $this->cando['modLogin'] || - $this->cando['modGroups'] || - $this->cando['modMail'] ); + return ($this->cando['modPass'] || + $this->cando['modName'] || + $this->cando['modMail'] || + $this->cando['modLogin'] || + $this->cando['modGroups'] || + $this->cando['modMail']); break; default: // print a helping message for developers - if(!isset($this->cando[$cap])){ - msg("Check for unknown capability '$cap' - Do you use an outdated Plugin?",-1); + if(!isset($this->cando[$cap])) { + msg("Check for unknown capability '$cap' - Do you use an outdated Plugin?", -1); } return $this->cando[$cap]; } @@ -99,10 +100,10 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * * @author Gabriel Birke * @param string $type Modification type ('create', 'modify', 'delete') - * @param array $params Parameters for the createUser, modifyUser or deleteUsers method. The content of this array depends on the modification type + * @param array $params Parameters for the createUser, modifyUser or deleteUsers method. The content of this array depends on the modification type * @return mixed Result from the modification function or false if an event handler has canceled the action */ - function triggerUserMod($type, $params) { + public function triggerUserMod($type, $params) { $validTypes = array( 'create' => 'createUser', 'modify' => 'modifyUser', @@ -111,9 +112,9 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { if(empty($validTypes[$type])) return false; $eventdata = array('type' => $type, 'params' => $params, 'modification_result' => null); - $evt = new Doku_Event('AUTH_USER_CHANGE', $eventdata); - if ($evt->advise_before(true)) { - $result = call_user_func_array(array($this, $validTypes[$type]), $params); + $evt = new Doku_Event('AUTH_USER_CHANGE', $eventdata); + if($evt->advise_before(true)) { + $result = call_user_func_array(array($this, $validTypes[$type]), $params); $evt->data['modification_result'] = $result; } $evt->advise_after(); @@ -130,7 +131,7 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * @see auth_logoff() * @author Andreas Gohr */ - function logOff(){ + public function logOff() { } /** @@ -166,7 +167,7 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * @param bool $sticky Cookie should not expire * @return bool true on successful auth */ - function trustExternal($user,$pass,$sticky=false){ + public function trustExternal($user, $pass, $sticky = false) { /* some example: global $USERINFO; @@ -197,9 +198,11 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * May be ommited if trustExternal is used. * * @author Andreas Gohr + * @param string $user the user name + * @param string $pass the clear text password * @return bool */ - function checkPass($user,$pass){ + public function checkPass($user, $pass) { msg("no valid authorisation system in use", -1); return false; } @@ -215,9 +218,10 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * grps array list of groups the user is in * * @author Andreas Gohr + * @param string $user the user name * @return array containing user data or false */ - function getUserData($user) { + public function getUserData($user) { if(!$this->cando['external']) msg("no valid authorisation system in use", -1); return false; } @@ -234,8 +238,14 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * Set addUser capability when implemented * * @author Andreas Gohr + * @param string $user + * @param string $pass + * @param string $name + * @param string $mail + * @param null|array $grps + * @return bool|null */ - function createUser($user,$pass,$name,$mail,$grps=null){ + public function createUser($user, $pass, $name, $mail, $grps = null) { msg("authorisation method does not allow creation of new users", -1); return null; } @@ -246,11 +256,11 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * Set the mod* capabilities according to the implemented features * * @author Chris Smith - * @param $user nick of the user to be changed - * @param $changes array of field/value pairs to be changed (password will be clear text) + * @param string $user nick of the user to be changed + * @param array $changes array of field/value pairs to be changed (password will be clear text) * @return bool */ - function modifyUser($user, $changes) { + public function modifyUser($user, $changes) { msg("authorisation method does not allow modifying of user data", -1); return false; } @@ -264,7 +274,7 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * @param array $users * @return int number of users deleted */ - function deleteUsers($users) { + public function deleteUsers($users) { msg("authorisation method does not allow deleting of users", -1); return false; } @@ -275,9 +285,11 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * * Set getUserCount capability when implemented * - * @author Chris Smith + * @author Chris Smith + * @param array $filter array of field/pattern pairs, empty array for no filter + * @return int */ - function getUserCount($filter=array()) { + public function getUserCount($filter = array()) { msg("authorisation method does not provide user counts", -1); return 0; } @@ -288,12 +300,12 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * Set getUsers capability when implemented * * @author Chris Smith - * @param start index of first user to be returned - * @param limit max number of users to be returned - * @param filter array of field/pattern pairs, null for no filter - * @return array of userinfo (refer getUserData for internal userinfo details) + * @param int $start index of first user to be returned + * @param int $limit max number of users to be returned + * @param array $filter array of field/pattern pairs, null for no filter + * @return array list of userinfo (refer getUserData for internal userinfo details) */ - function retrieveUsers($start=0,$limit=-1,$filter=null) { + public function retrieveUsers($start = 0, $limit = -1, $filter = null) { msg("authorisation method does not support mass retrieval of user data", -1); return array(); } @@ -304,9 +316,10 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * Set addGroup capability when implemented * * @author Chris Smith + * @param string $group * @return bool */ - function addGroup($group) { + public function addGroup($group) { msg("authorisation method does not support independent group creation", -1); return false; } @@ -317,9 +330,11 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * Set getGroups capability when implemented * * @author Chris Smith + * @param int $start + * @param int $limit * @return array */ - function retrieveGroups($start=0,$limit=0) { + public function retrieveGroups($start = 0, $limit = 0) { msg("authorisation method does not support group list retrieval", -1); return array(); } @@ -329,8 +344,10 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * * When your backend is caseinsensitive (eg. you can login with USER and * user) then you need to overwrite this method and return false + * + * @return bool */ - function isCaseSensitive(){ + public function isCaseSensitive() { return true; } @@ -344,10 +361,10 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * This should be used to enforce username restrictions. * * @author Andreas Gohr - * @param string $user - username - * @param string - the cleaned username + * @param string $user username + * @return string the cleaned username */ - function cleanUser($user){ + public function cleanUser($user) { return $user; } @@ -363,14 +380,13 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * Groupnames are to be passed without a leading '@' here. * * @author Andreas Gohr - * @param string $group - groupname - * @param string - the cleaned groupname + * @param string $group groupname + * @return string the cleaned groupname */ - function cleanGroup($group){ + public function cleanGroup($group) { return $group; } - /** * Check Session Cache validity [implement only where required/possible] * @@ -396,27 +412,25 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * @author Andreas Gohr * @return bool */ - function useSessionCache($user){ + public function useSessionCache($user) { global $conf; return ($_SESSION[DOKU_COOKIE]['auth']['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')); } + /** + * loadConfig() + * merges the plugin's default settings with any local settings + * this function is automatically called through getConf() + */ + function loadConfig() { + global $conf; - /** - * loadConfig() - * merges the plugin's default settings with any local settings - * this function is automatically called through getConf() - */ - function loadConfig(){ - global $conf; - - parent::loadConfig(); - - $this->conf['debug'] = $conf['debug']; - $this->conf['useacl'] = $conf['useacl']; - $this->conf['disableactions'] = $conf['disableactions']; - $this->conf['autopasswd'] = $conf['autopasswd']; - $this->conf['passcrypt'] = $conf['ssha']; - } + parent::loadConfig(); + $this->conf['debug'] = $conf['debug']; + $this->conf['useacl'] = $conf['useacl']; + $this->conf['disableactions'] = $conf['disableactions']; + $this->conf['autopasswd'] = $conf['autopasswd']; + $this->conf['passcrypt'] = $conf['ssha']; + } } -- cgit v1.2.3 From 4d390d4260c028ff110151e305e93b80f3eb13eb Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 9 Nov 2012 14:00:14 +0100 Subject: don't merge any global confs into auth plugin configs --- lib/plugins/auth.php | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php index 4c3c585cf..cd2f9ac12 100644 --- a/lib/plugins/auth.php +++ b/lib/plugins/auth.php @@ -416,21 +416,4 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { global $conf; return ($_SESSION[DOKU_COOKIE]['auth']['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')); } - - /** - * loadConfig() - * merges the plugin's default settings with any local settings - * this function is automatically called through getConf() - */ - function loadConfig() { - global $conf; - - parent::loadConfig(); - - $this->conf['debug'] = $conf['debug']; - $this->conf['useacl'] = $conf['useacl']; - $this->conf['disableactions'] = $conf['disableactions']; - $this->conf['autopasswd'] = $conf['autopasswd']; - $this->conf['passcrypt'] = $conf['ssha']; - } } -- cgit v1.2.3 From 454d868b911059adb8889a2d6afefa016d6a21f5 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 9 Nov 2012 14:04:41 +0100 Subject: make all sub auth classes call the parent constructor This does nothing currently but allows us adding certain things to the base class later. --- lib/plugins/auth.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php index cd2f9ac12..cce2370d9 100644 --- a/lib/plugins/auth.php +++ b/lib/plugins/auth.php @@ -42,6 +42,9 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * able to operate. Set capabilities in $this->cando * array here * + * For future compatibility, sub classes should always include a call + * to parent::__constructor() in their constructors! + * * Set $this->success to false if checks fail * * @author Christopher Smith -- cgit v1.2.3 From 46b991a30bc4c7dab4e06bdd3f9a70a34204e005 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 9 Nov 2012 14:32:33 +0100 Subject: merge old auth style configs with plugin config --- lib/plugins/auth.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php index cce2370d9..42dbf1859 100644 --- a/lib/plugins/auth.php +++ b/lib/plugins/auth.php @@ -419,4 +419,21 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { global $conf; return ($_SESSION[DOKU_COOKIE]['auth']['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')); } + + /** + * Overrides the standard config loading to integrate old auth module style configs + * + * @deprecated 2012-11-09 + */ + public function loadConfig(){ + global $conf; + $plugin = $this->getPluginName(); + + $default = $this->readDefaultSettings(); + $oldconf = array(); + if(isset($conf['auth'][$plugin])) $oldconf = (array) $conf['auth'][$plugin]; + + $conf['plugin'][$plugin] = array_merge($default, $oldconf, $conf['plugin'][$plugin]); + $this->configloaded = true; + } } -- cgit v1.2.3 From a701b283f573ba104a34ba98717e3855c6b20621 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 8 Feb 2013 13:20:59 +0100 Subject: fixed config loading for auth plugins --- lib/plugins/auth.php | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php index 42dbf1859..c14a04dfb 100644 --- a/lib/plugins/auth.php +++ b/lib/plugins/auth.php @@ -434,6 +434,7 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { if(isset($conf['auth'][$plugin])) $oldconf = (array) $conf['auth'][$plugin]; $conf['plugin'][$plugin] = array_merge($default, $oldconf, $conf['plugin'][$plugin]); + $this->conf =& $conf['plugin'][$plugin]; $this->configloaded = true; } } -- cgit v1.2.3 From 6535e29c55fe997fa55a4f755bff8a41fbd9d525 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 1 Mar 2013 15:11:23 +0100 Subject: fixed loading of old configuration for auth plugins --- lib/plugins/auth.php | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) (limited to 'lib/plugins/auth.php') diff --git a/lib/plugins/auth.php b/lib/plugins/auth.php index c14a04dfb..ec8ed7e58 100644 --- a/lib/plugins/auth.php +++ b/lib/plugins/auth.php @@ -9,8 +9,8 @@ if(!defined('DOKU_INC')) die(); * all auth classes should inherit from this class * * @license GPL 2 (http://www.gnu.org/licenses/gpl.html) - * @author Chris Smith - * @author Jan Schumann + * @author Chris Smith + * @author Jan Schumann */ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { public $success = true; @@ -21,18 +21,18 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * in the constructor. */ protected $cando = array( - 'addUser' => false, // can Users be created? - 'delUser' => false, // can Users be deleted? - 'modLogin' => false, // can login names be changed? - 'modPass' => false, // can passwords be changed? - 'modName' => false, // can real names be changed? - 'modMail' => false, // can emails be changed? - 'modGroups' => false, // can groups be changed? - 'getUsers' => false, // can a (filtered) list of users be retrieved? - 'getUserCount'=> false, // can the number of users be retrieved? - 'getGroups' => false, // can a list of available groups be retrieved? - 'external' => false, // does the module do external auth checking? - 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) + 'addUser' => false, // can Users be created? + 'delUser' => false, // can Users be deleted? + 'modLogin' => false, // can login names be changed? + 'modPass' => false, // can passwords be changed? + 'modName' => false, // can real names be changed? + 'modMail' => false, // can emails be changed? + 'modGroups' => false, // can groups be changed? + 'getUsers' => false, // can a (filtered) list of users be retrieved? + 'getUserCount' => false, // can the number of users be retrieved? + 'getGroups' => false, // can a list of available groups be retrieved? + 'external' => false, // does the module do external auth checking? + 'logout' => true, // can the user logout again? (eg. not possible with HTTP auth) ); /** @@ -102,7 +102,7 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * example for enforcing a user name schema. * * @author Gabriel Birke - * @param string $type Modification type ('create', 'modify', 'delete') + * @param string $type Modification type ('create', 'modify', 'delete') * @param array $params Parameters for the createUser, modifyUser or deleteUsers method. The content of this array depends on the modification type * @return mixed Result from the modification function or false if an event handler has canceled the action */ @@ -162,7 +162,7 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * The function needs to set some globals needed by * DokuWiki like auth_login() does. * - * @see auth_login() + * @see auth_login() * @author Andreas Gohr * * @param string $user Username @@ -425,16 +425,17 @@ class DokuWiki_Auth_Plugin extends DokuWiki_Plugin { * * @deprecated 2012-11-09 */ - public function loadConfig(){ + public function loadConfig() { global $conf; - $plugin = $this->getPluginName(); + $plugin = $this->getPluginName(); + $oldname = preg_replace('/^auth/', '', $plugin); $default = $this->readDefaultSettings(); $oldconf = array(); - if(isset($conf['auth'][$plugin])) $oldconf = (array) $conf['auth'][$plugin]; + if(isset($conf['auth'][$oldname])) $oldconf = (array) $conf['auth'][$oldname]; + $conf['plugin'][$plugin] = array_merge($default, $oldconf, (array) $conf['plugin'][$plugin]); - $conf['plugin'][$plugin] = array_merge($default, $oldconf, $conf['plugin'][$plugin]); - $this->conf =& $conf['plugin'][$plugin]; + $this->conf =& $conf['plugin'][$plugin]; $this->configloaded = true; } } -- cgit v1.2.3