includes/AuthPlugin.php

   1 <?php
   2 # Copyright (C) 2004 Brion Vibber <brion@pobox.com>
   3 # http://www.mediawiki.org/
   4 #
   5 # This program is free software; you can redistribute it and/or modify
   6 # it under the terms of the GNU General Public License as published by
   7 # the Free Software Foundation; either version 2 of the License, or
   8 # (at your option) any later version.
   9 #
  10 # This program is distributed in the hope that it will be useful,
  11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13 # GNU General Public License for more details.
  14 #
  15 # You should have received a copy of the GNU General Public License along
  16 # with this program; if not, write to the Free Software Foundation, Inc.,
  17 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18 # http://www.gnu.org/copyleft/gpl.html
  19
  20 /**
  21  * Authentication plugin interface. Instantiate a subclass of AuthPlugin
  22  * and set $wgAuth to it to authenticate against some external tool.
  23  *
  24  * The default behavior is not to do anything, and use the local user
  25  * database for all authentication. A subclass can require that all
  26  * accounts authenticate externally, or use it only as a fallback; also
  27  * you can transparently create internal wiki accounts the first time
  28  * someone logs in who can be authenticated externally.
  29  */
  30 class AuthPlugin {
  31         /**
  32          * Check whether there exists a user account with the given name.
  33          * The name will be normalized to MediaWiki's requirements, so
  34          * you might need to munge it (for instance, for lowercase initial
  35          * letters).
  36          *
  37          * @param $username String: username.
  38          * @return bool
  39          */
  40         public function userExists( $username ) {
  41                 # Override this!
  42                 return false;
  43         }
  44
  45         /**
  46          * Check if a username+password pair is a valid login.
  47          * The name will be normalized to MediaWiki's requirements, so
  48          * you might need to munge it (for instance, for lowercase initial
  49          * letters).
  50          *
  51          * @param $username String: username.
  52          * @param $password String: user password.
  53          * @return bool
  54          */
  55         public function authenticate( $username, $password ) {
  56                 # Override this!
  57                 return false;
  58         }
  59
  60         /**
  61          * Modify options in the login template.
  62          *
  63          * @param $template UserLoginTemplate object.
  64          * @param $type String 'signup' or 'login'.
  65          */
  66         public function modifyUITemplate( &$template, &$type ) {
  67                 # Override this!
  68                 $template->set( 'usedomain', false );
  69         }
  70
  71         /**
  72          * Set the domain this plugin is supposed to use when authenticating.
  73          *
  74          * @param $domain String: authentication domain.
  75          */
  76         public function setDomain( $domain ) {
  77                 $this->domain = $domain;
  78         }
  79
  80         /**
  81          * Check to see if the specific domain is a valid domain.
  82          *
  83          * @param $domain String: authentication domain.
  84          * @return bool
  85          */
  86         public function validDomain( $domain ) {
  87                 # Override this!
  88                 return true;
  89         }
  90
  91         /**
  92          * When a user logs in, optionally fill in preferences and such.
  93          * For instance, you might pull the email address or real name from the
  94          * external user database.
  95          *
  96          * The User object is passed by reference so it can be modified; don't
  97          * forget the & on your function declaration.
  98          *
  99          * @param $user User object
 100          */
 101         public function updateUser( &$user ) {
 102                 # Override this and do something
 103                 return true;
 104         }
 105
 106         /**
 107          * Return true if the wiki should create a new local account automatically
 108          * when asked to login a user who doesn't exist locally but does in the
 109          * external auth database.
 110          *
 111          * If you don't automatically create accounts, you must still create
 112          * accounts in some way. It's not possible to authenticate without
 113          * a local account.
 114          *
 115          * This is just a question, and shouldn't perform any actions.
 116          *
 117          * @return Boolean
 118          */
 119         public function autoCreate() {
 120                 return false;
 121         }
 122
 123         /**
 124          * Allow a property change? Properties are the same as preferences
 125          * and use the same keys. 'Realname' 'Emailaddress' and 'Nickname'
 126          * all reference this.
 127          *
 128          * @return Boolean
 129          */
 130         public function allowPropChange( $prop = '' ) {
 131                 if ( $prop == 'realname' && is_callable( array( $this, 'allowRealNameChange' ) ) ) {
 132                         return $this->allowRealNameChange();
 133                 } elseif ( $prop == 'emailaddress' && is_callable( array( $this, 'allowEmailChange' ) ) ) {
 134                         return $this->allowEmailChange();
 135                 } elseif ( $prop == 'nickname' && is_callable( array( $this, 'allowNickChange' ) ) ) {
 136                         return $this->allowNickChange();
 137                 } else {
 138                         return true;
 139                 }
 140         }
 141
 142         /**
 143          * Can users change their passwords?
 144          *
 145          * @return bool
 146          */
 147         public function allowPasswordChange() {
 148                 return true;
 149         }
 150
 151         /**
 152          * Set the given password in the authentication database.
 153          * As a special case, the password may be set to null to request
 154          * locking the password to an unusable value, with the expectation
 155          * that it will be set later through a mail reset or other method.
 156          *
 157          * Return true if successful.
 158          *
 159          * @param $user User object.
 160          * @param $password String: password.
 161          * @return bool
 162          */
 163         public function setPassword( $user, $password ) {
 164                 return true;
 165         }
 166
 167         /**
 168          * Update user information in the external authentication database.
 169          * Return true if successful.
 170          *
 171          * @param $user User object.
 172          * @return Boolean
 173          */
 174         public function updateExternalDB( $user ) {
 175                 return true;
 176         }
 177
 178         /**
 179          * Check to see if external accounts can be created.
 180          * Return true if external accounts can be created.
 181          * @return Boolean
 182          */
 183         public function canCreateAccounts() {
 184                 return false;
 185         }
 186
 187         /**
 188          * Add a user to the external authentication database.
 189          * Return true if successful.
 190          *
 191          * @param $user User: only the name should be assumed valid at this point
 192          * @param $password String
 193          * @param $email String
 194          * @param $realname String
 195          * @return Boolean
 196          */
 197         public function addUser( $user, $password, $email = '', $realname = '' ) {
 198                 return true;
 199         }
 200
 201         /**
 202          * Return true to prevent logins that don't authenticate here from being
 203          * checked against the local database's password fields.
 204          *
 205          * This is just a question, and shouldn't perform any actions.
 206          *
 207          * @return Boolean
 208          */
 209         public function strict() {
 210                 return false;
 211         }
 212
 213         /**
 214          * Check if a user should authenticate locally if the global authentication fails.
 215          * If either this or strict() returns true, local authentication is not used.
 216          *
 217          * @param $username String: username.
 218          * @return Boolean
 219          */
 220         public function strictUserAuth( $username ) {
 221                 return false;
 222         }
 223
 224         /**
 225          * When creating a user account, optionally fill in preferences and such.
 226          * For instance, you might pull the email address or real name from the
 227          * external user database.
 228          *
 229          * The User object is passed by reference so it can be modified; don't
 230          * forget the & on your function declaration.
 231          *
 232          * @param $user User object.
 233          * @param $autocreate Boolean: True if user is being autocreated on login
 234          */
 235         public function initUser( &$user, $autocreate = false ) {
 236                 # Override this to do something.
 237         }
 238
 239         /**
 240          * If you want to munge the case of an account name before the final
 241          * check, now is your chance.
 242          */
 243         public function getCanonicalName( $username ) {
 244                 return $username;
 245         }
 246
 247         /**
 248          * Get an instance of a User object
 249          *
 250          * @param $user User
 251          */
 252         public function getUserInstance( User &$user ) {
 253                 return new AuthPluginUser( $user );
 254         }
 255 }
 256
 257 class AuthPluginUser {
 258         function __construct( $user ) {
 259                 # Override this!
 260         }
 261
 262         public function getId() {
 263                 # Override this!
 264                 return -1;
 265         }
 266
 267         public function isLocked() {
 268                 # Override this!
 269                 return false;
 270         }
 271
 272         public function isHidden() {
 273                 # Override this!
 274                 return false;
 275         }
 276
 277         public function resetAuthToken() {
 278                 # Override this!
 279                 return true;
 280         }
 281 }