search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
"<p id="userloginlink"><p>Don't have an account" is illegal xhtml
[mediawiki.git] / includes / AuthPlugin.php
blob0cb25b9489d8f64e5db2f643c5fb9a85121313d6
1 <?php
2 # Copyright (C) 2004 Brion Vibber <brion@pobox.com>
3 # http://www.mediawiki.org/
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 2 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License along
16 # with this program; if not, write to the Free Software Foundation, Inc.,
17 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 # http://www.gnu.org/copyleft/gpl.html
19
20 /**
21 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
22 * and set $wgAuth to it to authenticate against some external tool.
23 *
24 * The default behavior is not to do anything, and use the local user
25 * database for all authentication. A subclass can require that all
26 * accounts authenticate externally, or use it only as a fallback; also
27 * you can transparently create internal wiki accounts the first time
28 * someone logs in who can be authenticated externally.
29 */
30 class AuthPlugin {
31 /**
32 * Check whether there exists a user account with the given name.
33 * The name will be normalized to MediaWiki's requirements, so
34 * you might need to munge it (for instance, for lowercase initial
35 * letters).
36 *
37 * @param $username String: username.
38 * @return bool
39 */
40 public function userExists( $username ) {
41 # Override this!
42 return false;
43 }
44
45 /**
46 * Check if a username+password pair is a valid login.
47 * The name will be normalized to MediaWiki's requirements, so
48 * you might need to munge it (for instance, for lowercase initial
49 * letters).
50 *
51 * @param $username String: username.
52 * @param $password String: user password.
53 * @return bool
54 */
55 public function authenticate( $username, $password ) {
56 # Override this!
57 return false;
58 }
59
60 /**
61 * Modify options in the login template.
62 *
63 * @param $template UserLoginTemplate object.
64 * @param $type String 'signup' or 'login'.
65 */
66 public function modifyUITemplate( &$template, &$type ) {
67 # Override this!
68 $template->set( 'usedomain', false );
69 }
70
71 /**
72 * Set the domain this plugin is supposed to use when authenticating.
73 *
74 * @param $domain String: authentication domain.
75 */
76 public function setDomain( $domain ) {
77 $this->domain = $domain;
78 }
79
80 /**
81 * Check to see if the specific domain is a valid domain.
82 *
83 * @param $domain String: authentication domain.
84 * @return bool
85 */
86 public function validDomain( $domain ) {
87 # Override this!
88 return true;
89 }
90
91 /**
92 * When a user logs in, optionally fill in preferences and such.
93 * For instance, you might pull the email address or real name from the
94 * external user database.
95 *
96 * The User object is passed by reference so it can be modified; don't
97 * forget the & on your function declaration.
98 *
99 * @param $user User object
100 */
101 public function updateUser( &$user ) {
102 # Override this and do something
103 return true;
104 }
105
106 /**
107 * Return true if the wiki should create a new local account automatically
108 * when asked to login a user who doesn't exist locally but does in the
109 * external auth database.
110 *
111 * If you don't automatically create accounts, you must still create
112 * accounts in some way. It's not possible to authenticate without
113 * a local account.
114 *
115 * This is just a question, and shouldn't perform any actions.
116 *
117 * @return Boolean
118 */
119 public function autoCreate() {
120 return false;
121 }
122
123 /**
124 * Allow a property change? Properties are the same as preferences
125 * and use the same keys. 'Realname' 'Emailaddress' and 'Nickname'
126 * all reference this.
127 *
128 * @return Boolean
129 */
130 public function allowPropChange( $prop = '' ) {
131 if ( $prop == 'realname' && is_callable( array( $this, 'allowRealNameChange' ) ) ) {
132 return $this->allowRealNameChange();
133 } elseif ( $prop == 'emailaddress' && is_callable( array( $this, 'allowEmailChange' ) ) ) {
134 return $this->allowEmailChange();
135 } elseif ( $prop == 'nickname' && is_callable( array( $this, 'allowNickChange' ) ) ) {
136 return $this->allowNickChange();
137 } else {
138 return true;
139 }
140 }
141
142 /**
143 * Can users change their passwords?
144 *
145 * @return bool
146 */
147 public function allowPasswordChange() {
148 return true;
149 }
150
151 /**
152 * Set the given password in the authentication database.
153 * As a special case, the password may be set to null to request
154 * locking the password to an unusable value, with the expectation
155 * that it will be set later through a mail reset or other method.
156 *
157 * Return true if successful.
158 *
159 * @param $user User object.
160 * @param $password String: password.
161 * @return bool
162 */
163 public function setPassword( $user, $password ) {
164 return true;
165 }
166
167 /**
168 * Update user information in the external authentication database.
169 * Return true if successful.
170 *
171 * @param $user User object.
172 * @return Boolean
173 */
174 public function updateExternalDB( $user ) {
175 return true;
176 }
177
178 /**
179 * Check to see if external accounts can be created.
180 * Return true if external accounts can be created.
181 * @return Boolean
182 */
183 public function canCreateAccounts() {
184 return false;
185 }
186
187 /**
188 * Add a user to the external authentication database.
189 * Return true if successful.
190 *
191 * @param $user User: only the name should be assumed valid at this point
192 * @param $password String
193 * @param $email String
194 * @param $realname String
195 * @return Boolean
196 */
197 public function addUser( $user, $password, $email = '', $realname = '' ) {
198 return true;
199 }
200
201 /**
202 * Return true to prevent logins that don't authenticate here from being
203 * checked against the local database's password fields.
204 *
205 * This is just a question, and shouldn't perform any actions.
206 *
207 * @return Boolean
208 */
209 public function strict() {
210 return false;
211 }
212
213 /**
214 * Check if a user should authenticate locally if the global authentication fails.
215 * If either this or strict() returns true, local authentication is not used.
216 *
217 * @param $username String: username.
218 * @return Boolean
219 */
220 public function strictUserAuth( $username ) {
221 return false;
222 }
223
224 /**
225 * When creating a user account, optionally fill in preferences and such.
226 * For instance, you might pull the email address or real name from the
227 * external user database.
228 *
229 * The User object is passed by reference so it can be modified; don't
230 * forget the & on your function declaration.
231 *
232 * @param $user User object.
233 * @param $autocreate Boolean: True if user is being autocreated on login
234 */
235 public function initUser( &$user, $autocreate = false ) {
236 # Override this to do something.
237 }
238
239 /**
240 * If you want to munge the case of an account name before the final
241 * check, now is your chance.
242 */
243 public function getCanonicalName( $username ) {
244 return $username;
245 }
246
247 /**
248 * Get an instance of a User object
249 *
250 * @param $user User
251 */
252 public function getUserInstance( User &$user ) {
253 return new AuthPluginUser( $user );
254 }
255 }
256
257 class AuthPluginUser {
258 function __construct( $user ) {
259 # Override this!
260 }
261
262 public function getId() {
263 # Override this!
264 return -1;
265 }
266
267 public function isLocked() {
268 # Override this!
269 return false;
270 }
271
272 public function isHidden() {
273 # Override this!
274 return false;
275 }
276
277 public function resetAuthToken() {
278 # Override this!
279 return true;
280 }
281 }
MediaWiki Core