search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Introduced Maintenance::getDB() and corresponding setDB() to control externally what...
[mediawiki.git] / includes / AuthPlugin.php
blob1ce96c1ea15f9901eb1cff6350e0612d0def5744
1 <?php
2 /**
3 * Authentication plugin interface
4 *
5 * Copyright © 2004 Brion Vibber <brion@pobox.com>
6 * http://www.mediawiki.org/
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 * http://www.gnu.org/copyleft/gpl.html
22 *
23 * @file
24 */
25
26 /**
27 * Authentication plugin interface. Instantiate a subclass of AuthPlugin
28 * and set $wgAuth to it to authenticate against some external tool.
29 *
30 * The default behavior is not to do anything, and use the local user
31 * database for all authentication. A subclass can require that all
32 * accounts authenticate externally, or use it only as a fallback; also
33 * you can transparently create internal wiki accounts the first time
34 * someone logs in who can be authenticated externally.
35 */
36 class AuthPlugin {
37 /**
38 * Check whether there exists a user account with the given name.
39 * The name will be normalized to MediaWiki's requirements, so
40 * you might need to munge it (for instance, for lowercase initial
41 * letters).
42 *
43 * @param $username String: username.
44 * @return bool
45 */
46 public function userExists( $username ) {
47 # Override this!
48 return false;
49 }
50
51 /**
52 * Check if a username+password pair is a valid login.
53 * The name will be normalized to MediaWiki's requirements, so
54 * you might need to munge it (for instance, for lowercase initial
55 * letters).
56 *
57 * @param $username String: username.
58 * @param $password String: user password.
59 * @return bool
60 */
61 public function authenticate( $username, $password ) {
62 # Override this!
63 return false;
64 }
65
66 /**
67 * Modify options in the login template.
68 *
69 * @param $template UserLoginTemplate object.
70 * @param $type String 'signup' or 'login'.
71 */
72 public function modifyUITemplate( &$template, &$type ) {
73 # Override this!
74 $template->set( 'usedomain', false );
75 }
76
77 /**
78 * Set the domain this plugin is supposed to use when authenticating.
79 *
80 * @param $domain String: authentication domain.
81 */
82 public function setDomain( $domain ) {
83 $this->domain = $domain;
84 }
85
86 /**
87 * Check to see if the specific domain is a valid domain.
88 *
89 * @param $domain String: authentication domain.
90 * @return bool
91 */
92 public function validDomain( $domain ) {
93 # Override this!
94 return true;
95 }
96
97 /**
98 * When a user logs in, optionally fill in preferences and such.
99 * For instance, you might pull the email address or real name from the
100 * external user database.
101 *
102 * The User object is passed by reference so it can be modified; don't
103 * forget the & on your function declaration.
104 *
105 * @param $user User object
106 */
107 public function updateUser( &$user ) {
108 # Override this and do something
109 return true;
110 }
111
112 /**
113 * Return true if the wiki should create a new local account automatically
114 * when asked to login a user who doesn't exist locally but does in the
115 * external auth database.
116 *
117 * If you don't automatically create accounts, you must still create
118 * accounts in some way. It's not possible to authenticate without
119 * a local account.
120 *
121 * This is just a question, and shouldn't perform any actions.
122 *
123 * @return Boolean
124 */
125 public function autoCreate() {
126 return false;
127 }
128
129 /**
130 * Allow a property change? Properties are the same as preferences
131 * and use the same keys. 'Realname' 'Emailaddress' and 'Nickname'
132 * all reference this.
133 *
134 * @param $prop string
135 *
136 * @return Boolean
137 */
138 public function allowPropChange( $prop = '' ) {
139 if ( $prop == 'realname' && is_callable( array( $this, 'allowRealNameChange' ) ) ) {
140 return $this->allowRealNameChange();
141 } elseif ( $prop == 'emailaddress' && is_callable( array( $this, 'allowEmailChange' ) ) ) {
142 return $this->allowEmailChange();
143 } elseif ( $prop == 'nickname' && is_callable( array( $this, 'allowNickChange' ) ) ) {
144 return $this->allowNickChange();
145 } else {
146 return true;
147 }
148 }
149
150 /**
151 * Can users change their passwords?
152 *
153 * @return bool
154 */
155 public function allowPasswordChange() {
156 return true;
157 }
158
159 /**
160 * Set the given password in the authentication database.
161 * As a special case, the password may be set to null to request
162 * locking the password to an unusable value, with the expectation
163 * that it will be set later through a mail reset or other method.
164 *
165 * Return true if successful.
166 *
167 * @param $user User object.
168 * @param $password String: password.
169 * @return bool
170 */
171 public function setPassword( $user, $password ) {
172 return true;
173 }
174
175 /**
176 * Update user information in the external authentication database.
177 * Return true if successful.
178 *
179 * @param $user User object.
180 * @return Boolean
181 */
182 public function updateExternalDB( $user ) {
183 return true;
184 }
185
186 /**
187 * Check to see if external accounts can be created.
188 * Return true if external accounts can be created.
189 * @return Boolean
190 */
191 public function canCreateAccounts() {
192 return false;
193 }
194
195 /**
196 * Add a user to the external authentication database.
197 * Return true if successful.
198 *
199 * @param $user User: only the name should be assumed valid at this point
200 * @param $password String
201 * @param $email String
202 * @param $realname String
203 * @return Boolean
204 */
205 public function addUser( $user, $password, $email = '', $realname = '' ) {
206 return true;
207 }
208
209 /**
210 * Return true to prevent logins that don't authenticate here from being
211 * checked against the local database's password fields.
212 *
213 * This is just a question, and shouldn't perform any actions.
214 *
215 * @return Boolean
216 */
217 public function strict() {
218 return false;
219 }
220
221 /**
222 * Check if a user should authenticate locally if the global authentication fails.
223 * If either this or strict() returns true, local authentication is not used.
224 *
225 * @param $username String: username.
226 * @return Boolean
227 */
228 public function strictUserAuth( $username ) {
229 return false;
230 }
231
232 /**
233 * When creating a user account, optionally fill in preferences and such.
234 * For instance, you might pull the email address or real name from the
235 * external user database.
236 *
237 * The User object is passed by reference so it can be modified; don't
238 * forget the & on your function declaration.
239 *
240 * @param $user User object.
241 * @param $autocreate Boolean: True if user is being autocreated on login
242 */
243 public function initUser( &$user, $autocreate = false ) {
244 # Override this to do something.
245 }
246
247 /**
248 * If you want to munge the case of an account name before the final
249 * check, now is your chance.
250 */
251 public function getCanonicalName( $username ) {
252 return $username;
253 }
254
255 /**
256 * Get an instance of a User object
257 *
258 * @param $user User
259 *
260 * @return AuthPluginUser
261 */
262 public function getUserInstance( User &$user ) {
263 return new AuthPluginUser( $user );
264 }
265 }
266
267 class AuthPluginUser {
268 function __construct( $user ) {
269 # Override this!
270 }
271
272 public function getId() {
273 # Override this!
274 return -1;
275 }
276
277 public function isLocked() {
278 # Override this!
279 return false;
280 }
281
282 public function isHidden() {
283 # Override this!
284 return false;
285 }
286
287 public function resetAuthToken() {
288 # Override this!
289 return true;
290 }
291 }
MediaWiki Core