search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix logic error in IMS check introduced in r72940. Was sending 304 even for modified...
[mediawiki.git] / includes / AuthPlugin.php
blob7dc992596242025aa0ae658e8feb3f6e279e60fe
1 <?php
2 /**
3 * Authentication plugin interface
4 *
5 * Copyright © 2004 Brion Vibber <brion@pobox.com>
6 * http://www.mediawiki.org/
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 * http://www.gnu.org/copyleft/gpl.html
22 *
23 * @file
24 */
25
26 /**
27 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
28 * and set $wgAuth to it to authenticate against some external tool.
29 *
30 * The default behavior is not to do anything, and use the local user
31 * database for all authentication. A subclass can require that all
32 * accounts authenticate externally, or use it only as a fallback; also
33 * you can transparently create internal wiki accounts the first time
34 * someone logs in who can be authenticated externally.
35 */
36 class AuthPlugin {
37 /**
38 * Check whether there exists a user account with the given name.
39 * The name will be normalized to MediaWiki's requirements, so
40 * you might need to munge it (for instance, for lowercase initial
41 * letters).
42 *
43 * @param $username String: username.
44 * @return bool
45 */
46 public function userExists( $username ) {
47 # Override this!
48 return false;
49 }
50
51 /**
52 * Check if a username+password pair is a valid login.
53 * The name will be normalized to MediaWiki's requirements, so
54 * you might need to munge it (for instance, for lowercase initial
55 * letters).
56 *
57 * @param $username String: username.
58 * @param $password String: user password.
59 * @return bool
60 */
61 public function authenticate( $username, $password ) {
62 # Override this!
63 return false;
64 }
65
66 /**
67 * Modify options in the login template.
68 *
69 * @param $template UserLoginTemplate object.
70 * @param $type String 'signup' or 'login'.
71 */
72 public function modifyUITemplate( &$template, &$type ) {
73 # Override this!
74 $template->set( 'usedomain', false );
75 }
76
77 /**
78 * Set the domain this plugin is supposed to use when authenticating.
79 *
80 * @param $domain String: authentication domain.
81 */
82 public function setDomain( $domain ) {
83 $this->domain = $domain;
84 }
85
86 /**
87 * Check to see if the specific domain is a valid domain.
88 *
89 * @param $domain String: authentication domain.
90 * @return bool
91 */
92 public function validDomain( $domain ) {
93 # Override this!
94 return true;
95 }
96
97 /**
98 * When a user logs in, optionally fill in preferences and such.
99 * For instance, you might pull the email address or real name from the
100 * external user database.
101 *
102 * The User object is passed by reference so it can be modified; don't
103 * forget the & on your function declaration.
104 *
105 * @param $user User object
106 */
107 public function updateUser( &$user ) {
108 # Override this and do something
109 return true;
110 }
111
112 /**
113 * Return true if the wiki should create a new local account automatically
114 * when asked to login a user who doesn't exist locally but does in the
115 * external auth database.
116 *
117 * If you don't automatically create accounts, you must still create
118 * accounts in some way. It's not possible to authenticate without
119 * a local account.
120 *
121 * This is just a question, and shouldn't perform any actions.
122 *
123 * @return Boolean
124 */
125 public function autoCreate() {
126 return false;
127 }
128
129 /**
130 * Allow a property change? Properties are the same as preferences
131 * and use the same keys. 'Realname' 'Emailaddress' and 'Nickname'
132 * all reference this.
133 *
134 * @return Boolean
135 */
136 public function allowPropChange( $prop = '' ) {
137 if ( $prop == 'realname' && is_callable( array( $this, 'allowRealNameChange' ) ) ) {
138 return $this->allowRealNameChange();
139 } elseif ( $prop == 'emailaddress' && is_callable( array( $this, 'allowEmailChange' ) ) ) {
140 return $this->allowEmailChange();
141 } elseif ( $prop == 'nickname' && is_callable( array( $this, 'allowNickChange' ) ) ) {
142 return $this->allowNickChange();
143 } else {
144 return true;
145 }
146 }
147
148 /**
149 * Can users change their passwords?
150 *
151 * @return bool
152 */
153 public function allowPasswordChange() {
154 return true;
155 }
156
157 /**
158 * Set the given password in the authentication database.
159 * As a special case, the password may be set to null to request
160 * locking the password to an unusable value, with the expectation
161 * that it will be set later through a mail reset or other method.
162 *
163 * Return true if successful.
164 *
165 * @param $user User object.
166 * @param $password String: password.
167 * @return bool
168 */
169 public function setPassword( $user, $password ) {
170 return true;
171 }
172
173 /**
174 * Update user information in the external authentication database.
175 * Return true if successful.
176 *
177 * @param $user User object.
178 * @return Boolean
179 */
180 public function updateExternalDB( $user ) {
181 return true;
182 }
183
184 /**
185 * Check to see if external accounts can be created.
186 * Return true if external accounts can be created.
187 * @return Boolean
188 */
189 public function canCreateAccounts() {
190 return false;
191 }
192
193 /**
194 * Add a user to the external authentication database.
195 * Return true if successful.
196 *
197 * @param $user User: only the name should be assumed valid at this point
198 * @param $password String
199 * @param $email String
200 * @param $realname String
201 * @return Boolean
202 */
203 public function addUser( $user, $password, $email = '', $realname = '' ) {
204 return true;
205 }
206
207 /**
208 * Return true to prevent logins that don't authenticate here from being
209 * checked against the local database's password fields.
210 *
211 * This is just a question, and shouldn't perform any actions.
212 *
213 * @return Boolean
214 */
215 public function strict() {
216 return false;
217 }
218
219 /**
220 * Check if a user should authenticate locally if the global authentication fails.
221 * If either this or strict() returns true, local authentication is not used.
222 *
223 * @param $username String: username.
224 * @return Boolean
225 */
226 public function strictUserAuth( $username ) {
227 return false;
228 }
229
230 /**
231 * When creating a user account, optionally fill in preferences and such.
232 * For instance, you might pull the email address or real name from the
233 * external user database.
234 *
235 * The User object is passed by reference so it can be modified; don't
236 * forget the & on your function declaration.
237 *
238 * @param $user User object.
239 * @param $autocreate Boolean: True if user is being autocreated on login
240 */
241 public function initUser( &$user, $autocreate = false ) {
242 # Override this to do something.
243 }
244
245 /**
246 * If you want to munge the case of an account name before the final
247 * check, now is your chance.
248 */
249 public function getCanonicalName( $username ) {
250 return $username;
251 }
252
253 /**
254 * Get an instance of a User object
255 *
256 * @param $user User
257 */
258 public function getUserInstance( User &$user ) {
259 return new AuthPluginUser( $user );
260 }
261 }
262
263 class AuthPluginUser {
264 function __construct( $user ) {
265 # Override this!
266 }
267
268 public function getId() {
269 # Override this!
270 return -1;
271 }
272
273 public function isLocked() {
274 # Override this!
275 return false;
276 }
277
278 public function isHidden() {
279 # Override this!
280 return false;
281 }
282
283 public function resetAuthToken() {
284 # Override this!
285 return true;
286 }
287 }
MediaWiki Core