includes/AuthPlugin.php

   1 <?php
   2 /**
   3  * @package MediaWiki
   4  */
   5 # Copyright (C) 2004 Brion Vibber <brion@pobox.com>
   6 # http://www.mediawiki.org/
   7 #
   8 # This program is free software; you can redistribute it and/or modify
   9 # it under the terms of the GNU General Public License as published by
  10 # the Free Software Foundation; either version 2 of the License, or
  11 # (at your option) any later version.
  12 #
  13 # This program is distributed in the hope that it will be useful,
  14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16 # GNU General Public License for more details.
  17 #
  18 # You should have received a copy of the GNU General Public License along
  19 # with this program; if not, write to the Free Software Foundation, Inc.,
  20 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  21 # http://www.gnu.org/copyleft/gpl.html
  22
  23 /**
  24  * Authentication plugin interface. Instantiate a subclass of AuthPlugin
  25  * and set $wgAuth to it to authenticate against some external tool.
  26  *
  27  * The default behavior is not to do anything, and use the local user
  28  * database for all authentication. A subclass can require that all
  29  * accounts authenticate externally, or use it only as a fallback; also
  30  * you can transparently create internal wiki accounts the first time
  31  * someone logs in who can be authenticated externally.
  32  *
  33  * This interface is new, and might change a bit before 1.4.0 final is
  34  * done...
  35  *
  36  * @package MediaWiki
  37  */
  38 class AuthPlugin {
  39         /**
  40          * Check whether there exists a user account with the given name.
  41          * The name will be normalized to MediaWiki's requirements, so
  42          * you might need to munge it (for instance, for lowercase initial
  43          * letters).
  44          *
  45          * @param $username String: username.
  46          * @return bool
  47          * @public
  48          */
  49         function userExists( $username ) {
  50                 # Override this!
  51                 return false;
  52         }
  53
  54         /**
  55          * Check if a username+password pair is a valid login.
  56          * The name will be normalized to MediaWiki's requirements, so
  57          * you might need to munge it (for instance, for lowercase initial
  58          * letters).
  59          *
  60          * @param $username String: username.
  61          * @param $password String: user password.
  62          * @return bool
  63          * @public
  64          */
  65         function authenticate( $username, $password ) {
  66                 # Override this!
  67                 return false;
  68         }
  69
  70         /**
  71          * Modify options in the login template.
  72          *
  73          * @param $template UserLoginTemplate object.
  74          * @public
  75          */
  76         function modifyUITemplate( &$template ) {
  77                 # Override this!
  78                 $template->set( 'usedomain', false );
  79         }
  80
  81         /**
  82          * Set the domain this plugin is supposed to use when authenticating.
  83          *
  84          * @param $domain String: authentication domain.
  85          * @public
  86          */
  87         function setDomain( $domain ) {
  88                 $this->domain = $domain;
  89         }
  90
  91         /**
  92          * Check to see if the specific domain is a valid domain.
  93          *
  94          * @param $domain String: authentication domain.
  95          * @return bool
  96          * @public
  97          */
  98         function validDomain( $domain ) {
  99                 # Override this!
 100                 return true;
 101         }
 102
 103         /**
 104          * When a user logs in, optionally fill in preferences and such.
 105          * For instance, you might pull the email address or real name from the
 106          * external user database.
 107          *
 108          * The User object is passed by reference so it can be modified; don't
 109          * forget the & on your function declaration.
 110          *
 111          * @param User $user
 112          * @public
 113          */
 114         function updateUser( &$user ) {
 115                 # Override this and do something
 116                 return true;
 117         }
 118
 119
 120         /**
 121          * Return true if the wiki should create a new local account automatically
 122          * when asked to login a user who doesn't exist locally but does in the
 123          * external auth database.
 124          *
 125          * If you don't automatically create accounts, you must still create
 126          * accounts in some way. It's not possible to authenticate without
 127          * a local account.
 128          *
 129          * This is just a question, and shouldn't perform any actions.
 130          *
 131          * @return bool
 132          * @public
 133          */
 134         function autoCreate() {
 135                 return false;
 136         }
 137
 138         /**
 139          * Can users change their passwords?
 140          *
 141          * @return bool
 142          */
 143         function allowPasswordChange() {
 144                 return true;
 145         }
 146
 147         /**
 148          * Set the given password in the authentication database.
 149          * As a special case, the password may be set to null to request
 150          * locking the password to an unusable value, with the expectation
 151          * that it will be set later through a mail reset or other method.
 152          *
 153          * Return true if successful.
 154          *
 155          * @param $user User object.
 156          * @param $password String: password.
 157          * @return bool
 158          * @public
 159          */
 160         function setPassword( $user, $password ) {
 161                 return true;
 162         }
 163
 164         /**
 165          * Update user information in the external authentication database.
 166          * Return true if successful.
 167          *
 168          * @param $user User object.
 169          * @return bool
 170          * @public
 171          */
 172         function updateExternalDB( $user ) {
 173                 return true;
 174         }
 175
 176         /**
 177          * Check to see if external accounts can be created.
 178          * Return true if external accounts can be created.
 179          * @return bool
 180          * @public
 181          */
 182         function canCreateAccounts() {
 183                 return false;
 184         }
 185
 186         /**
 187          * Add a user to the external authentication database.
 188          * Return true if successful.
 189          *
 190          * @param User $user
 191          * @param string $password
 192          * @return bool
 193          * @public
 194          */
 195         function addUser( $user, $password ) {
 196                 return true;
 197         }
 198
 199
 200         /**
 201          * Return true to prevent logins that don't authenticate here from being
 202          * checked against the local database's password fields.
 203          *
 204          * This is just a question, and shouldn't perform any actions.
 205          *
 206          * @return bool
 207          * @public
 208          */
 209         function strict() {
 210                 return false;
 211         }
 212
 213         /**
 214          * When creating a user account, optionally fill in preferences and such.
 215          * For instance, you might pull the email address or real name from the
 216          * external user database.
 217          *
 218          * The User object is passed by reference so it can be modified; don't
 219          * forget the & on your function declaration.
 220          *
 221          * @param $user User object.
 222          * @public
 223          */
 224         function initUser( &$user ) {
 225                 # Override this to do something.
 226         }
 227
 228         /**
 229          * If you want to munge the case of an account name before the final
 230          * check, now is your chance.
 231          */
 232         function getCanonicalName( $username ) {
 233                 return $username;
 234         }
 235 }
 236
 237 ?>