-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathauth.php
181 lines (138 loc) · 5.77 KB
/
auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
<?php
/**
* django auth backend
*
* @author Andreas Gohr <[email protected]>
* @author Michael Luggen <michael.luggen at unifr.ch>
* @author Robert Czechowski <zgtm at zgtm.de>
*/
define('DOKU_AUTH', dirname(__FILE__));
define('AUTH_USERFILE',DOKU_CONF.'users.auth.php');
class auth_plugin_authdjango extends DokuWiki_Auth_Plugin {
var $dbh = null; // db handle
/**
* Constructor.
*
* Sets additional capabilities and config strings
* @author Michael Luggen <michael.luggen at rhone.ch>
* @author Robert Czechowski <zgtm at zgtm.de>
*/
public function __construct()
{
parent::__construct();
global $config_cascade;
global $dbh;
$this->cando['external'] = true;
$this->cando['getGroups'] = true;
$this->cando['logout'] = !empty($this->getConf('logoff_uri'));
try {
// Connecting, selecting database
if ($this->getConf('protocol') == 'sqlite') {
$this->dbh = new PDO('sqlite:' . $this->getConf('server'));
}
else {
$this->dbh = new PDO($this->getConf('protocol') . ':host=' . $this->getConf('server') . ';dbname=' . $this->getConf('db'), $this->getConf('user'), $this->getConf('password'));
}
} catch (PDOException $e) {
msg("Can not connect to database!", -1);
dbg($e);
$this->success = false;
}
$this->success = true;
}
function trustExternal($user,$pass,$sticky=false){
global $USERINFO;
global $conf;
global $dbh;
$sticky ? $sticky = true : $sticky = false; //sanity check
/**
* Just checks against the django sessionid variable,
* gets user info from django-database
*/
if (isset($_COOKIE['sessionid']) && $this->dbh) {
$s_id = $_COOKIE['sessionid'];
// Look the cookie up in the db
$query = 'SELECT session_data FROM django_session WHERE session_key=' . $this->dbh->quote($s_id) . ' LIMIT 1;';
$result = $this->dbh->query($query) or die('Query failed1: ' . $this->dbh->errorInfo());
$ar = $result->fetch(PDO::FETCH_ASSOC);
$session_data = $ar['session_data'];
// TODO: $session_data can now be empty if the session does not exist in database, handle correctly instead of just dying
if (strlen($session_data) == 0) {
return false;
}
$compressed = false;
if (str_contains($session_data, ":")) {
// New django session encoding since django 4
if ($session_data[0] == '.') {
$compressed = true;
$session_data = substr($session_data, 1);
}
$session_json = base64_decode(strtr(preg_split('/:/', $session_data, 2)[0], "-_", "+/"), true);
if ($compressed) {
$session_json = zlib_decode($session_json);
}
} else {
// Old django session enconding until django 3
// Decoding the session data:
$session_json = preg_split('/:/', base64_decode($session_data), 2)[1];
}
$userid = json_decode($session_json, true)['_auth_user_id'];
$query2 = 'SELECT username, first_name, last_name, email, is_superuser, is_staff FROM auth_user WHERE id=' . $this->dbh->quote($userid) . ' LIMIT 1;';
$result2 = $this->dbh->query($query2) or die('Query failed2: ' . print_r($this->dbh->errorInfo()));
$user = $result2->fetch(PDO::FETCH_ASSOC);
$username = $user['username'];
$userfullname = $user['first_name'] . " " . $user['last_name'];
$useremail = $user['email'];
// okay we're logged in - set the globals
$groups = $this->_getUserGroups($username);
$USERINFO['name'] = $username;
$USERINFO['pass'] = '';
$USERINFO['mail'] = $useremail;
if (($user['is_superuser'] && $this->getConf('admin_admin') == 1)
|| ($user['is_staff'] && $this->getConf('staff_admin') == 1))
{
$groups[] = 'admin';
}
$USERINFO['grps'] = $groups;
$_SERVER['REMOTE_USER'] = $username;
$_SESSION[DOKU_COOKIE]['auth']['user'] = $username;
$_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
return true;
}
return false;
}
function _getUserGroups($user){
$query = 'SELECT auth_group.name FROM auth_user, auth_user_groups, auth_group where auth_user.username = ' . $this->dbh->quote($user) . ' AND auth_user.id = auth_user_groups.user_id AND auth_user_groups.group_id = auth_group.id;';
$result = $this->dbh->query($query) or die('Query failed3: ' . $this->dbh->errorInfo());
$groups = [];
foreach ($result as $row) {
$groups[] = $row[0];
};
if (!in_array("user", $groups)) {
$groups[] = "user";
}
return $groups;
}
function retrieveGroups($start=0,$limit=0){
$query = 'SELECT auth_group.name FROM auth_group';
$result = $this->dbh->query($query) or die('Query failed4: ' . $this->dbh->errorInfo());
$groups = [];
foreach ($result as $row) {
$groups[] = $row[0];
};
if (!in_array("user", $groups)) {
$groups[] = "user";
}
if (!in_array("admin", $groups)) {
$groups[] = "admin";
}
return $groups;
}
function logOff() {
header("Location: " . $this->getConf('logoff_uri'));
die();
}
function __destruct() {
$this->dbh = null;
}
}