AuthenticationPlugin.php 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
  1. <?php
  2. /**
  3. * StatusNet, the distributed open-source microblogging tool
  4. *
  5. * Superclass for plugins that do authentication and/or authorization
  6. *
  7. * PHP version 5
  8. *
  9. * LICENCE: This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as published by
  11. * the Free Software Foundation, either version 3 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. * @category Plugin
  23. * @package StatusNet
  24. * @author Craig Andrews <candrews@integralblue.com>
  25. * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  26. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  27. * @link http://status.net/
  28. */
  29. if (!defined('GNUSOCIAL')) { exit(1); }
  30. /**
  31. * Superclass for plugins that do authentication
  32. *
  33. * @category Module
  34. * @package GNUsocial
  35. * @author Craig Andrews <candrews@integralblue.com>
  36. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  37. * @link http://status.net/
  38. */
  39. abstract class AuthenticationPlugin extends Plugin
  40. {
  41. //is this plugin authoritative for authentication?
  42. public $authoritative = false;
  43. //should accounts be automatically created after a successful login attempt?
  44. public $autoregistration = false;
  45. //can the user change their email address
  46. public $password_changeable=true;
  47. //unique name for this authentication provider
  48. public $provider_name;
  49. //------------Auth plugin should implement some (or all) of these methods------------\\
  50. /**
  51. * Check if a nickname/password combination is valid
  52. * @param username
  53. * @param password
  54. * @return boolean true if the credentials are valid, false if they are invalid.
  55. */
  56. function checkPassword($username, $password)
  57. {
  58. return false;
  59. }
  60. /**
  61. * Automatically register a user when they attempt to login with valid credentials.
  62. * User::register($data) is a very useful method for this implementation
  63. * @param username username (that is used to login and find the user in the authentication provider) of the user to be registered
  64. * @param nickname nickname of the user in the SN system. If nickname is null, then set nickname = username
  65. * @return mixed instance of User, or false (if user couldn't be created)
  66. */
  67. function autoRegister($username, $nickname = null)
  68. {
  69. if(is_null($nickname)){
  70. $nickname = $username;
  71. }
  72. $registration_data = array();
  73. $registration_data['nickname'] = $nickname;
  74. return User::register($registration_data);
  75. }
  76. /**
  77. * Change a user's password
  78. * The old password has been verified to be valid by this plugin before this call is made
  79. * @param username
  80. * @param oldpassword
  81. * @param newpassword
  82. * @return boolean true if the password was changed, false if password changing failed for some reason
  83. */
  84. function changePassword($username,$oldpassword,$newpassword)
  85. {
  86. return false;
  87. }
  88. /**
  89. * Given a username, suggest what the nickname should be
  90. * Used during autoregistration
  91. * Useful if your usernames are ugly, and you want to suggest
  92. * nice looking nicknames when users initially sign on
  93. * All nicknames returned by this function should be valid
  94. * implementations may want to use common_nicknamize() to ensure validity
  95. * @param username
  96. * @return string nickname
  97. */
  98. function suggestNicknameForUsername($username)
  99. {
  100. return common_nicknamize($username);
  101. }
  102. //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\
  103. function onInitializePlugin(){
  104. if(!isset($this->provider_name)){
  105. throw new Exception("must specify a provider_name for this authentication provider");
  106. }
  107. }
  108. /**
  109. * Internal AutoRegister event handler
  110. * @param nickname
  111. * @param provider_name
  112. * @param user - the newly registered user
  113. */
  114. function onAutoRegister($nickname, $provider_name, &$user)
  115. {
  116. if($provider_name == $this->provider_name && $this->autoregistration){
  117. $suggested_nickname = $this->suggestNicknameForUsername($nickname);
  118. $test_user = User::getKV('nickname', $suggested_nickname);
  119. if($test_user) {
  120. //someone already exists with the suggested nickname, so used the passed nickname
  121. $suggested_nickname = common_nicknamize($nickname);
  122. }
  123. $test_user = User::getKV('nickname', $suggested_nickname);
  124. if($test_user) {
  125. //someone already exists with the suggested nickname
  126. //not much else we can do
  127. }else{
  128. $user = $this->autoRegister($nickname, $suggested_nickname);
  129. if ($user instanceof User) {
  130. User_username::register($user,$nickname,$this->provider_name);
  131. return false;
  132. }
  133. }
  134. }
  135. }
  136. function onStartCheckPassword($nickname, $password, &$authenticatedUser){
  137. //map the nickname to a username
  138. $user_username = new User_username();
  139. $user_username->username=$nickname;
  140. $user_username->provider_name=$this->provider_name;
  141. if($user_username->find() && $user_username->fetch()){
  142. $authenticated = $this->checkPassword($user_username->username, $password);
  143. if($authenticated){
  144. $authenticatedUser = User::getKV('id', $user_username->user_id);
  145. return false;
  146. }
  147. }else{
  148. //$nickname is the username used to login
  149. //$suggested_nickname is the nickname the auth provider suggests for that username
  150. $suggested_nickname = $this->suggestNicknameForUsername($nickname);
  151. $user = User::getKV('nickname', $suggested_nickname);
  152. if($user){
  153. //make sure this user isn't claimed
  154. $user_username = new User_username();
  155. $user_username->user_id=$user->id;
  156. $we_can_handle = false;
  157. if($user_username->find()){
  158. //either this provider, or another one, has already claimed this user
  159. //so we cannot. Let another plugin try.
  160. return;
  161. }else{
  162. //no other provider claims this user, so it's safe for us to handle it
  163. $authenticated = $this->checkPassword($nickname, $password);
  164. if($authenticated){
  165. $authenticatedUser = $user;
  166. User_username::register($authenticatedUser,$nickname,$this->provider_name);
  167. return false;
  168. }
  169. }
  170. }else{
  171. $authenticated = $this->checkPassword($nickname, $password);
  172. if($authenticated){
  173. if(! Event::handle('AutoRegister', array($nickname, $this->provider_name, &$authenticatedUser))){
  174. //unlike most Event::handle lines of code, this one has a ! (not)
  175. //we want to do this if the event *was* handled - this isn't a "default" implementation
  176. //like most code of this form.
  177. if($authenticatedUser){
  178. return false;
  179. }
  180. }
  181. }
  182. }
  183. }
  184. if($this->authoritative){
  185. return false;
  186. }else{
  187. //we're not authoritative, so let other handlers try
  188. return;
  189. }
  190. }
  191. function onStartChangePassword(Profile $target ,$oldpassword, $newpassword)
  192. {
  193. if($this->password_changeable){
  194. $user_username = new User_username();
  195. $user_username->user_id = $target->getID();
  196. $user_username->provider_name=$this->provider_name;
  197. if ($user_username->find(true)) {
  198. $authenticated = $this->checkPassword($user_username->username, $oldpassword);
  199. if($authenticated){
  200. $result = $this->changePassword($user_username->username,$oldpassword,$newpassword);
  201. if($result){
  202. //stop handling of other handlers, because what was requested was done
  203. return false;
  204. }else{
  205. // TRANS: Exception thrown when a password change fails.
  206. throw new Exception(_('Password changing failed.'));
  207. }
  208. }else{
  209. if($this->authoritative){
  210. //since we're authoritative, no other plugin could do this
  211. // TRANS: Exception thrown when a password change fails.
  212. throw new Exception(_('Password changing failed.'));
  213. }else{
  214. //let another handler try
  215. return null;
  216. }
  217. }
  218. }
  219. }else{
  220. if($this->authoritative){
  221. //since we're authoritative, no other plugin could do this
  222. // TRANS: Exception thrown when a password change attempt fails because it is not allowed.
  223. throw new Exception(_('Password changing is not allowed.'));
  224. }
  225. }
  226. }
  227. function onStartAccountSettingsPasswordMenuItem($widget)
  228. {
  229. if($this->authoritative && !$this->password_changeable){
  230. //since we're authoritative, no other plugin could change passwords, so do not render the menu item
  231. return false;
  232. }
  233. }
  234. function onCheckSchema() {
  235. $schema = Schema::get();
  236. $schema->ensureTable('user_username', User_username::schemaDef());
  237. return true;
  238. }
  239. function onUserDeleteRelated($user, &$tables)
  240. {
  241. $tables[] = 'User_username';
  242. return true;
  243. }
  244. }