From 3002d731a466d09ce747cfbbe930444ee584f118 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 19 Apr 2013 10:25:36 +0200 Subject: adjusted authad language files for config option change --- lib/plugins/authad/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/plugins/authad/auth.php') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index 6c49eafbb..f7f350c3f 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -21,8 +21,8 @@ require_once(DOKU_PLUGIN.'authad/adLDAP/adLDAP.php'); * * //optional: * $conf['plugin']['authad']['sso'] = 1; - * $conf['plugin']['authad']['ad_username'] = 'root'; - * $conf['plugin']['authad']['ad_password'] = 'pass'; + * $conf['plugin']['authad']['admin_username'] = 'root'; + * $conf['plugin']['authad']['admin_password'] = 'pass'; * $conf['plugin']['authad']['real_primarygroup'] = 1; * $conf['plugin']['authad']['use_ssl'] = 1; * $conf['plugin']['authad']['use_tls'] = 1; -- cgit v1.2.3 From 1b228d28eda480cd189c68eadd1172c9409c6ef7 Mon Sep 17 00:00:00 2001 From: Klap-in Date: Sun, 21 Apr 2013 21:24:33 +0200 Subject: Rename ad_username to admin_username canDo getUsers to false when unavailable --- lib/plugins/authad/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/plugins/authad/auth.php') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index f7f350c3f..5985cd18f 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -469,10 +469,10 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { $this->cando['modPass'] = false; } - if(isset($opts['ad_username']) && isset($opts['ad_password'])) { + if(isset($opts['admin_username']) && isset($opts['admin_password'])) { $this->cando['getUsers'] = true; } else { - $this->cando['getUsers'] = true; + $this->cando['getUsers'] = false; } return $opts; -- cgit v1.2.3 From 1e52e72a2e603634696a9f6db2fae3daf1d821fa Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Mon, 22 Apr 2013 22:03:13 +0200 Subject: fix expiry check for adLDAP version FS#2759 --- lib/plugins/authad/auth.php | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'lib/plugins/authad/auth.php') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index 5985cd18f..95a25c5af 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -218,22 +218,24 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { // check expiry time if($info['expires'] && $this->conf['expirywarn']){ - $timeleft = $adldap->user()->passwordExpiry($user); // returns unixtime - $timeleft = round($timeleft/(24*60*60)); - $info['expiresin'] = $timeleft; - - // if this is the current user, warn him (once per request only) - if(($_SERVER['REMOTE_USER'] == $user) && - ($timeleft <= $this->conf['expirywarn']) && - !$this->msgshown - ) { - $msg = sprintf($lang['authpwdexpire'], $timeleft); - if($this->canDo('modPass')) { - $url = wl($ID, array('do'=> 'profile')); - $msg .= ' '.$lang['btn_profile'].''; + $expiry = $adldap->user()->passwordExpiry($user); + if(is_array($expiry)){ + $info['expiresat'] = $expiry['expiryts']; + $info['expiresin'] = round(($info['expiresat'] - time())/(24*60*60)); + + // if this is the current user, warn him (once per request only) + if(($_SERVER['REMOTE_USER'] == $user) && + ($info['expiresin'] <= $this->conf['expirywarn']) && + !$this->msgshown + ) { + $msg = sprintf($lang['authpwdexpire'], $info['expiresin']); + if($this->canDo('modPass')) { + $url = wl($ID, array('do'=> 'profile')); + $msg .= ' '.$lang['btn_profile'].''; + } + msg($msg); + $this->msgshown = true; } - msg($msg); - $this->msgshown = true; } } -- cgit v1.2.3 From 14642325892b50c3a95bead35efca7c5a6f16dc7 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 25 Apr 2013 15:57:55 +0200 Subject: authad: don't request empty fields --- lib/plugins/authad/auth.php | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/plugins/authad/auth.php') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index 95a25c5af..d6455c751 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -172,6 +172,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { // add additional fields to read $fields = array_merge($fields, $this->conf['additional']); $fields = array_unique($fields); + $fields = array_filter($fields); //get info for given user $result = $adldap->user()->info($this->_userName($user), $fields); -- cgit v1.2.3 From 8257d713a47c1819c2c33ddd2b868eea62d9f6fc Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 25 Apr 2013 16:05:53 +0200 Subject: authad: added compatibility for old option names adLDAP renamed the ad_username and ad_password to admin_username admin_password recently. this makes our backend recognize the old settings --- lib/plugins/authad/auth.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib/plugins/authad/auth.php') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index d6455c751..5d5f532b6 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -465,6 +465,10 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { $opts['domain_controllers'] = array_map('trim', $opts['domain_controllers']); $opts['domain_controllers'] = array_filter($opts['domain_controllers']); + // compatibility with old option name + if(empty($opts['admin_username']) && !empty($opts['ad_username'])) $opts['admin_username'] = $opts['ad_username']; + if(empty($opts['admin_password']) && !empty($opts['ad_password'])) $opts['admin_password'] = $opts['ad_password']; + // we can change the password if SSL is set if($opts['use_ssl'] || $opts['use_tls']) { $this->cando['modPass'] = true; @@ -472,7 +476,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { $this->cando['modPass'] = false; } - if(isset($opts['admin_username']) && isset($opts['admin_password'])) { + if(!empty($opts['admin_username']) && !empty($opts['admin_password'])) { $this->cando['getUsers'] = true; } else { $this->cando['getUsers'] = false; -- cgit v1.2.3 From a154806fb54c04841a42641bf5d66716d89c1554 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 25 Apr 2013 16:43:54 +0200 Subject: authad: capabilities depend on userdomain specific config --- lib/plugins/authad/auth.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'lib/plugins/authad/auth.php') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index 5d5f532b6..b6b5dd268 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -110,6 +110,19 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { $this->cando['modMail'] = true; } + /** + * Load domain config on capability check + * + * @param string $cap + * @return bool + */ + public function canDo($cap) { + //capabilities depend on config, which may change depending on domain + $domain = $this->_userDomain($_SERVER['REMOTE_USER']); + $this->_loadServerConfig($domain); + return parent::canDo($cap); + } + /** * Check user+password [required auth function] * -- cgit v1.2.3