includes/AuthPlugin.php

   1 <?php
   2 /**
   3  * Authentication plugin interface
   4  *
   5  * Copyright © 2004 Brion Vibber <brion@pobox.com>
   6  * http://www.mediawiki.org/
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License along
  19  * with this program; if not, write to the Free Software Foundation, Inc.,
  20  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  21  * http://www.gnu.org/copyleft/gpl.html
  22  *
  23  * @file
  24  */
  25
  26 /**
  27  * Authentication plugin interface. Instantiate a subclass of AuthPlugin
  28  * and set $wgAuth to it to authenticate against some external tool.
  29  *
  30  * The default behavior is not to do anything, and use the local user
  31  * database for all authentication. A subclass can require that all
  32  * accounts authenticate externally, or use it only as a fallback; also
  33  * you can transparently create internal wiki accounts the first time
  34  * someone logs in who can be authenticated externally.
  35  */
  36 class AuthPlugin {
  37         /**
  38          * Check whether there exists a user account with the given name.
  39          * The name will be normalized to MediaWiki's requirements, so
  40          * you might need to munge it (for instance, for lowercase initial
  41          * letters).
  42          *
  43          * @param $username String: username.
  44          * @return bool
  45          */
  46         public function userExists( $username ) {
  47                 # Override this!
  48                 return false;
  49         }
  50
  51         /**
  52          * Check if a username+password pair is a valid login.
  53          * The name will be normalized to MediaWiki's requirements, so
  54          * you might need to munge it (for instance, for lowercase initial
  55          * letters).
  56          *
  57          * @param $username String: username.
  58          * @param $password String: user password.
  59          * @return bool
  60          */
  61         public function authenticate( $username, $password ) {
  62                 # Override this!
  63                 return false;
  64         }
  65
  66         /**
  67          * Modify options in the login template.
  68          *
  69          * @param $template UserLoginTemplate object.
  70          * @param $type String 'signup' or 'login'. Added in 1.16.
  71          */
  72         public function modifyUITemplate( &$template, &$type ) {
  73                 # Override this!
  74                 $template->set( 'usedomain', false );
  75         }
  76
  77         /**
  78          * Set the domain this plugin is supposed to use when authenticating.
  79          *
  80          * @param $domain String: authentication domain.
  81          */
  82         public function setDomain( $domain ) {
  83                 $this->domain = $domain;
  84         }
  85
  86         /**
  87          * Get the user's domain
  88          *
  89          * @return string
  90          */
  91         public function getDomain() {
  92                 if ( $this->domain ) {
  93                         return $this->domain;
  94                 } else {
  95                         return 'invaliddomain';
  96                 }
  97         }
  98
  99         /**
 100          * Check to see if the specific domain is a valid domain.
 101          *
 102          * @param $domain String: authentication domain.
 103          * @return bool
 104          */
 105         public function validDomain( $domain ) {
 106                 # Override this!
 107                 return true;
 108         }
 109
 110         /**
 111          * When a user logs in, optionally fill in preferences and such.
 112          * For instance, you might pull the email address or real name from the
 113          * external user database.
 114          *
 115          * The User object is passed by reference so it can be modified; don't
 116          * forget the & on your function declaration.
 117          *
 118          * @param $user User object
 119          * @return bool
 120          */
 121         public function updateUser( &$user ) {
 122                 # Override this and do something
 123                 return true;
 124         }
 125
 126         /**
 127          * Return true if the wiki should create a new local account automatically
 128          * when asked to login a user who doesn't exist locally but does in the
 129          * external auth database.
 130          *
 131          * If you don't automatically create accounts, you must still create
 132          * accounts in some way. It's not possible to authenticate without
 133          * a local account.
 134          *
 135          * This is just a question, and shouldn't perform any actions.
 136          *
 137          * @return Boolean
 138          */
 139         public function autoCreate() {
 140                 return false;
 141         }
 142
 143         /**
 144          * Allow a property change? Properties are the same as preferences
 145          * and use the same keys. 'Realname' 'Emailaddress' and 'Nickname'
 146          * all reference this.
 147          *
 148          * @param $prop string
 149          *
 150          * @return Boolean
 151          */
 152         public function allowPropChange( $prop = '' ) {
 153                 if ( $prop == 'realname' && is_callable( array( $this, 'allowRealNameChange' ) ) ) {
 154                         return $this->allowRealNameChange();
 155                 } elseif ( $prop == 'emailaddress' && is_callable( array( $this, 'allowEmailChange' ) ) ) {
 156                         return $this->allowEmailChange();
 157                 } elseif ( $prop == 'nickname' && is_callable( array( $this, 'allowNickChange' ) ) ) {
 158                         return $this->allowNickChange();
 159                 } else {
 160                         return true;
 161                 }
 162         }
 163
 164         /**
 165          * Can users change their passwords?
 166          *
 167          * @return bool
 168          */
 169         public function allowPasswordChange() {
 170                 return true;
 171         }
 172
 173         /**
 174          * Set the given password in the authentication database.
 175          * As a special case, the password may be set to null to request
 176          * locking the password to an unusable value, with the expectation
 177          * that it will be set later through a mail reset or other method.
 178          *
 179          * Return true if successful.
 180          *
 181          * @param $user User object.
 182          * @param $password String: password.
 183          * @return bool
 184          */
 185         public function setPassword( $user, $password ) {
 186                 return true;
 187         }
 188
 189         /**
 190          * Update user information in the external authentication database.
 191          * Return true if successful.
 192          *
 193          * @param $user User object.
 194          * @return Boolean
 195          */
 196         public function updateExternalDB( $user ) {
 197                 return true;
 198         }
 199
 200         /**
 201          * Check to see if external accounts can be created.
 202          * Return true if external accounts can be created.
 203          * @return Boolean
 204          */
 205         public function canCreateAccounts() {
 206                 return false;
 207         }
 208
 209         /**
 210          * Add a user to the external authentication database.
 211          * Return true if successful.
 212          *
 213          * @param $user User: only the name should be assumed valid at this point
 214          * @param $password String
 215          * @param $email String
 216          * @param $realname String
 217          * @return Boolean
 218          */
 219         public function addUser( $user, $password, $email = '', $realname = '' ) {
 220                 return true;
 221         }
 222
 223         /**
 224          * Return true to prevent logins that don't authenticate here from being
 225          * checked against the local database's password fields.
 226          *
 227          * This is just a question, and shouldn't perform any actions.
 228          *
 229          * @return Boolean
 230          */
 231         public function strict() {
 232                 return false;
 233         }
 234
 235         /**
 236          * Check if a user should authenticate locally if the global authentication fails.
 237          * If either this or strict() returns true, local authentication is not used.
 238          *
 239          * @param $username String: username.
 240          * @return Boolean
 241          */
 242         public function strictUserAuth( $username ) {
 243                 return false;
 244         }
 245
 246         /**
 247          * When creating a user account, optionally fill in preferences and such.
 248          * For instance, you might pull the email address or real name from the
 249          * external user database.
 250          *
 251          * The User object is passed by reference so it can be modified; don't
 252          * forget the & on your function declaration.
 253          *
 254          * @param $user User object.
 255          * @param $autocreate Boolean: True if user is being autocreated on login
 256          */
 257         public function initUser( &$user, $autocreate = false ) {
 258                 # Override this to do something.
 259         }
 260
 261         /**
 262          * If you want to munge the case of an account name before the final
 263          * check, now is your chance.
 264          * @param $username string
 265          * @return string
 266          */
 267         public function getCanonicalName( $username ) {
 268                 return $username;
 269         }
 270
 271         /**
 272          * Get an instance of a User object
 273          *
 274          * @param $user User
 275          *
 276          * @return AuthPluginUser
 277          */
 278         public function getUserInstance( User &$user ) {
 279                 return new AuthPluginUser( $user );
 280         }
 281
 282         /**
 283          * Get a list of domains (in HTMLForm options format) used.
 284          *
 285          * @return array
 286          */
 287         public function domainList() {
 288                 return array();
 289         }
 290 }
 291
 292 class AuthPluginUser {
 293         function __construct( $user ) {
 294                 # Override this!
 295         }
 296
 297         public function getId() {
 298                 # Override this!
 299                 return -1;
 300         }
 301
 302         public function isLocked() {
 303                 # Override this!
 304                 return false;
 305         }
 306
 307         public function isHidden() {
 308                 # Override this!
 309                 return false;
 310         }
 311
 312         public function resetAuthToken() {
 313                 # Override this!
 314                 return true;
 315         }
 316 }