includes/AuthPlugin.php

   1 <?php
   2 /**
   3  * Authentication plugin interface
   4  *
   5  * Copyright © 2004 Brion Vibber <brion@pobox.com>
   6  * http://www.mediawiki.org/
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License along
  19  * with this program; if not, write to the Free Software Foundation, Inc.,
  20  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  21  * http://www.gnu.org/copyleft/gpl.html
  22  *
  23  * @file
  24  */
  25
  26 /**
  27  * Authentication plugin interface. Instantiate a subclass of AuthPlugin
  28  * and set $wgAuth to it to authenticate against some external tool.
  29  *
  30  * The default behavior is not to do anything, and use the local user
  31  * database for all authentication. A subclass can require that all
  32  * accounts authenticate externally, or use it only as a fallback; also
  33  * you can transparently create internal wiki accounts the first time
  34  * someone logs in who can be authenticated externally.
  35  */
  36 class AuthPlugin {
  37
  38         /**
  39          * @var string
  40          */
  41         protected $domain;
  42
  43         /**
  44          * Check whether there exists a user account with the given name.
  45          * The name will be normalized to MediaWiki's requirements, so
  46          * you might need to munge it (for instance, for lowercase initial
  47          * letters).
  48          *
  49          * @param string $username username.
  50          * @return bool
  51          */
  52         public function userExists( $username ) {
  53                 # Override this!
  54                 return false;
  55         }
  56
  57         /**
  58          * Check if a username+password pair is a valid login.
  59          * The name will be normalized to MediaWiki's requirements, so
  60          * you might need to munge it (for instance, for lowercase initial
  61          * letters).
  62          *
  63          * @param string $username username.
  64          * @param string $password user password.
  65          * @return bool
  66          */
  67         public function authenticate( $username, $password ) {
  68                 # Override this!
  69                 return false;
  70         }
  71
  72         /**
  73          * Modify options in the login template.
  74          *
  75          * @param $template UserLoginTemplate object.
  76          * @param string $type 'signup' or 'login'. Added in 1.16.
  77          */
  78         public function modifyUITemplate( &$template, &$type ) {
  79                 # Override this!
  80                 $template->set( 'usedomain', false );
  81         }
  82
  83         /**
  84          * Set the domain this plugin is supposed to use when authenticating.
  85          *
  86          * @param string $domain authentication domain.
  87          */
  88         public function setDomain( $domain ) {
  89                 $this->domain = $domain;
  90         }
  91
  92         /**
  93          * Get the user's domain
  94          *
  95          * @return string
  96          */
  97         public function getDomain() {
  98                 if ( isset( $this->domain ) ) {
  99                         return $this->domain;
 100                 } else {
 101                         return 'invaliddomain';
 102                 }
 103         }
 104
 105         /**
 106          * Check to see if the specific domain is a valid domain.
 107          *
 108          * @param string $domain authentication domain.
 109          * @return bool
 110          */
 111         public function validDomain( $domain ) {
 112                 # Override this!
 113                 return true;
 114         }
 115
 116         /**
 117          * When a user logs in, optionally fill in preferences and such.
 118          * For instance, you might pull the email address or real name from the
 119          * external user database.
 120          *
 121          * The User object is passed by reference so it can be modified; don't
 122          * forget the & on your function declaration.
 123          *
 124          * @param $user User object
 125          * @return bool
 126          */
 127         public function updateUser( &$user ) {
 128                 # Override this and do something
 129                 return true;
 130         }
 131
 132         /**
 133          * Return true if the wiki should create a new local account automatically
 134          * when asked to login a user who doesn't exist locally but does in the
 135          * external auth database.
 136          *
 137          * If you don't automatically create accounts, you must still create
 138          * accounts in some way. It's not possible to authenticate without
 139          * a local account.
 140          *
 141          * This is just a question, and shouldn't perform any actions.
 142          *
 143          * @return Boolean
 144          */
 145         public function autoCreate() {
 146                 return false;
 147         }
 148
 149         /**
 150          * Allow a property change? Properties are the same as preferences
 151          * and use the same keys. 'Realname' 'Emailaddress' and 'Nickname'
 152          * all reference this.
 153          *
 154          * @param $prop string
 155          *
 156          * @return Boolean
 157          */
 158         public function allowPropChange( $prop = '' ) {
 159                 if ( $prop == 'realname' && is_callable( array( $this, 'allowRealNameChange' ) ) ) {
 160                         return $this->allowRealNameChange();
 161                 } elseif ( $prop == 'emailaddress' && is_callable( array( $this, 'allowEmailChange' ) ) ) {
 162                         return $this->allowEmailChange();
 163                 } elseif ( $prop == 'nickname' && is_callable( array( $this, 'allowNickChange' ) ) ) {
 164                         return $this->allowNickChange();
 165                 } else {
 166                         return true;
 167                 }
 168         }
 169
 170         /**
 171          * Can users change their passwords?
 172          *
 173          * @return bool
 174          */
 175         public function allowPasswordChange() {
 176                 return true;
 177         }
 178
 179         /**
 180          * Should MediaWiki store passwords in its local database?
 181          *
 182          * @return bool
 183          */
 184         public function allowSetLocalPassword() {
 185                 return true;
 186         }
 187
 188         /**
 189          * Set the given password in the authentication database.
 190          * As a special case, the password may be set to null to request
 191          * locking the password to an unusable value, with the expectation
 192          * that it will be set later through a mail reset or other method.
 193          *
 194          * Return true if successful.
 195          *
 196          * @param $user User object.
 197          * @param string $password password.
 198          * @return bool
 199          */
 200         public function setPassword( $user, $password ) {
 201                 return true;
 202         }
 203
 204         /**
 205          * Update user information in the external authentication database.
 206          * Return true if successful.
 207          *
 208          * @param $user User object.
 209          * @return Boolean
 210          */
 211         public function updateExternalDB( $user ) {
 212                 return true;
 213         }
 214
 215         /**
 216          * Check to see if external accounts can be created.
 217          * Return true if external accounts can be created.
 218          * @return Boolean
 219          */
 220         public function canCreateAccounts() {
 221                 return false;
 222         }
 223
 224         /**
 225          * Add a user to the external authentication database.
 226          * Return true if successful.
 227          *
 228          * @param $user User: only the name should be assumed valid at this point
 229          * @param $password String
 230          * @param $email String
 231          * @param $realname String
 232          * @return Boolean
 233          */
 234         public function addUser( $user, $password, $email = '', $realname = '' ) {
 235                 return true;
 236         }
 237
 238         /**
 239          * Return true to prevent logins that don't authenticate here from being
 240          * checked against the local database's password fields.
 241          *
 242          * This is just a question, and shouldn't perform any actions.
 243          *
 244          * @return Boolean
 245          */
 246         public function strict() {
 247                 return false;
 248         }
 249
 250         /**
 251          * Check if a user should authenticate locally if the global authentication fails.
 252          * If either this or strict() returns true, local authentication is not used.
 253          *
 254          * @param string $username username.
 255          * @return Boolean
 256          */
 257         public function strictUserAuth( $username ) {
 258                 return false;
 259         }
 260
 261         /**
 262          * When creating a user account, optionally fill in preferences and such.
 263          * For instance, you might pull the email address or real name from the
 264          * external user database.
 265          *
 266          * The User object is passed by reference so it can be modified; don't
 267          * forget the & on your function declaration.
 268          *
 269          * @param $user User object.
 270          * @param $autocreate Boolean: True if user is being autocreated on login
 271          */
 272         public function initUser( &$user, $autocreate = false ) {
 273                 # Override this to do something.
 274         }
 275
 276         /**
 277          * If you want to munge the case of an account name before the final
 278          * check, now is your chance.
 279          * @param $username string
 280          * @return string
 281          */
 282         public function getCanonicalName( $username ) {
 283                 return $username;
 284         }
 285
 286         /**
 287          * Get an instance of a User object
 288          *
 289          * @param $user User
 290          *
 291          * @return AuthPluginUser
 292          */
 293         public function getUserInstance( User &$user ) {
 294                 return new AuthPluginUser( $user );
 295         }
 296
 297         /**
 298          * Get a list of domains (in HTMLForm options format) used.
 299          *
 300          * @return array
 301          */
 302         public function domainList() {
 303                 return array();
 304         }
 305 }
 306
 307 class AuthPluginUser {
 308         function __construct( $user ) {
 309                 # Override this!
 310         }
 311
 312         public function getId() {
 313                 # Override this!
 314                 return -1;
 315         }
 316
 317         public function isLocked() {
 318                 # Override this!
 319                 return false;
 320         }
 321
 322         public function isHidden() {
 323                 # Override this!
 324                 return false;
 325         }
 326
 327         public function resetAuthToken() {
 328                 # Override this!
 329                 return true;
 330         }
 331 }