diff options
Diffstat (limited to 'www/wiki/includes/auth/AuthManagerAuthPlugin.php')
| -rw-r--r-- | www/wiki/includes/auth/AuthManagerAuthPlugin.php | 231 |
1 files changed, 231 insertions, 0 deletions
diff --git a/www/wiki/includes/auth/AuthManagerAuthPlugin.php b/www/wiki/includes/auth/AuthManagerAuthPlugin.php new file mode 100644 index 00000000..4f84b4c6 --- /dev/null +++ b/www/wiki/includes/auth/AuthManagerAuthPlugin.php @@ -0,0 +1,231 @@ +<?php +/** + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * http://www.gnu.org/copyleft/gpl.html + * + * @file + */ + +namespace MediaWiki\Auth; + +use Psr\Log\LoggerInterface; +use User; + +/** + * Backwards-compatibility wrapper for AuthManager via $wgAuth + * @since 1.27 + * @deprecated since 1.27 + */ +class AuthManagerAuthPlugin extends \AuthPlugin { + /** @var string|null */ + protected $domain = null; + + /** @var LoggerInterface */ + protected $logger = null; + + public function __construct() { + $this->logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' ); + } + + public function userExists( $name ) { + return AuthManager::singleton()->userExists( $name ); + } + + public function authenticate( $username, $password ) { + $data = [ + 'username' => $username, + 'password' => $password, + ]; + if ( $this->domain !== null && $this->domain !== '' ) { + $data['domain'] = $this->domain; + } + $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_LOGIN ); + $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); + + $res = AuthManager::singleton()->beginAuthentication( $reqs, 'null:' ); + switch ( $res->status ) { + case AuthenticationResponse::PASS: + return true; + case AuthenticationResponse::FAIL: + // Hope it's not a PreAuthenticationProvider that failed... + $msg = $res->message instanceof \Message ? $res->message : new \Message( $res->message ); + $this->logger->info( __METHOD__ . ': Authentication failed: ' . $msg->plain() ); + return false; + default: + throw new \BadMethodCallException( + 'AuthManager does not support such simplified authentication' + ); + } + } + + public function modifyUITemplate( &$template, &$type ) { + // AuthManager does not support direct UI screwing-around-with + } + + public function setDomain( $domain ) { + $this->domain = $domain; + } + + public function getDomain() { + if ( isset( $this->domain ) ) { + return $this->domain; + } else { + return 'invaliddomain'; + } + } + + public function validDomain( $domain ) { + $domainList = $this->domainList(); + return $domainList ? in_array( $domain, $domainList, true ) : $domain === ''; + } + + public function updateUser( &$user ) { + \Hooks::run( 'UserLoggedIn', [ $user ] ); + return true; + } + + public function autoCreate() { + return true; + } + + public function allowPropChange( $prop = '' ) { + return AuthManager::singleton()->allowsPropertyChange( $prop ); + } + + public function allowPasswordChange() { + $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CHANGE ); + foreach ( $reqs as $req ) { + if ( $req instanceof PasswordAuthenticationRequest ) { + return true; + } + } + + return false; + } + + public function allowSetLocalPassword() { + // There should be a PrimaryAuthenticationProvider that does this, if necessary + return false; + } + + public function setPassword( $user, $password ) { + $data = [ + 'username' => $user->getName(), + 'password' => $password, + ]; + if ( $this->domain !== null && $this->domain !== '' ) { + $data['domain'] = $this->domain; + } + $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CHANGE ); + $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); + foreach ( $reqs as $req ) { + $status = AuthManager::singleton()->allowsAuthenticationDataChange( $req ); + if ( !$status->isGood() ) { + $this->logger->info( __METHOD__ . ': Password change rejected: {reason}', [ + 'username' => $data['username'], + 'reason' => $status->getWikiText( null, null, 'en' ), + ] ); + return false; + } + } + foreach ( $reqs as $req ) { + AuthManager::singleton()->changeAuthenticationData( $req ); + } + return true; + } + + public function updateExternalDB( $user ) { + // This fires the necessary hook + $user->saveSettings(); + return true; + } + + public function updateExternalDBGroups( $user, $addgroups, $delgroups = [] ) { + throw new \BadMethodCallException( + 'Update of user groups via AuthPlugin is not supported with AuthManager.' + ); + } + + public function canCreateAccounts() { + return AuthManager::singleton()->canCreateAccounts(); + } + + public function addUser( $user, $password, $email = '', $realname = '' ) { + throw new \BadMethodCallException( + 'Creation of users via AuthPlugin is not supported with ' + . 'AuthManager. Generally, user creation should be left to either ' + . 'Special:CreateAccount, auto-creation when triggered by a ' + . 'SessionProvider or PrimaryAuthenticationProvider, or ' + . 'User::newSystemUser().' + ); + } + + public function strict() { + // There should be a PrimaryAuthenticationProvider that does this, if necessary + return true; + } + + public function strictUserAuth( $username ) { + // There should be a PrimaryAuthenticationProvider that does this, if necessary + return true; + } + + public function initUser( &$user, $autocreate = false ) { + \Hooks::run( 'LocalUserCreated', [ $user, $autocreate ] ); + } + + public function getCanonicalName( $username ) { + // AuthManager doesn't support restrictions beyond MediaWiki's + return $username; + } + + public function getUserInstance( User &$user ) { + return new AuthManagerAuthPluginUser( $user ); + } + + public function domainList() { + return []; + } +} + +/** + * @since 1.27 + * @deprecated since 1.27 + */ +class AuthManagerAuthPluginUser extends \AuthPluginUser { + /** @var User */ + private $user; + + function __construct( $user ) { + $this->user = $user; + } + + public function getId() { + return $this->user->getId(); + } + + public function isLocked() { + return $this->user->isLocked(); + } + + public function isHidden() { + return $this->user->isHidden(); + } + + public function resetAuthToken() { + \MediaWiki\Session\SessionManager::singleton()->invalidateSessionsForUser( $this->user ); + return true; + } +} |