includes/auth/AuthManagerAuthPlugin.php

   1 <?php
   2 /**
   3  * This program is free software; you can redistribute it and/or modify
   4  * it under the terms of the GNU General Public License as published by
   5  * the Free Software Foundation; either version 2 of the License, or
   6  * (at your option) any later version.
   7  *
   8  * This program is distributed in the hope that it will be useful,
   9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11  * GNU General Public License for more details.
  12  *
  13  * You should have received a copy of the GNU General Public License along
  14  * with this program; if not, write to the Free Software Foundation, Inc.,
  15  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  16  * http://www.gnu.org/copyleft/gpl.html
  17  *
  18  * @file
  19  */
  20
  21 namespace MediaWiki\Auth;
  22
  23 use User;
  24
  25 /**
  26  * Backwards-compatibility wrapper for AuthManager via $wgAuth
  27  * @since 1.27
  28  * @deprecated since 1.27
  29  */
  30 class AuthManagerAuthPlugin extends \AuthPlugin {
  31         /** @var string|null */
  32         protected $domain = null;
  33
  34         /** @var \\Psr\\Log\\LoggerInterface */
  35         protected $logger = null;
  36
  37         public function __construct() {
  38                 $this->logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' );
  39         }
  40
  41         public function userExists( $name ) {
  42                 return AuthManager::singleton()->userExists( $name );
  43         }
  44
  45         public function authenticate( $username, $password ) {
  46                 $data = [
  47                         'username' => $username,
  48                         'password' => $password,
  49                 ];
  50                 if ( $this->domain !== null && $this->domain !== '' ) {
  51                         $data['domain'] = $this->domain;
  52                 }
  53                 $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_LOGIN );
  54                 $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
  55
  56                 $res = AuthManager::singleton()->beginAuthentication( $reqs, 'null:' );
  57                 switch ( $res->status ) {
  58                         case AuthenticationResponse::PASS:
  59                                 return true;
  60                         case AuthenticationResponse::FAIL:
  61                                 // Hope it's not a PreAuthenticationProvider that failed...
  62                                 $msg = $res->message instanceof \Message ? $res->message : new \Message( $res->message );
  63                                 $this->logger->info( __METHOD__ . ': Authentication failed: ' . $msg->plain() );
  64                                 return false;
  65                         default:
  66                                 throw new \BadMethodCallException(
  67                                         'AuthManager does not support such simplified authentication'
  68                                 );
  69                 }
  70         }
  71
  72         public function modifyUITemplate( &$template, &$type ) {
  73                 // AuthManager does not support direct UI screwing-around-with
  74         }
  75
  76         public function setDomain( $domain ) {
  77                 $this->domain = $domain;
  78         }
  79
  80         public function getDomain() {
  81                 if ( isset( $this->domain ) ) {
  82                         return $this->domain;
  83                 } else {
  84                         return 'invaliddomain';
  85                 }
  86         }
  87
  88         public function validDomain( $domain ) {
  89                 $domainList = $this->domainList();
  90                 return $domainList ? in_array( $domain, $domainList, true ) : $domain === '';
  91         }
  92
  93         public function updateUser( &$user ) {
  94                 \Hooks::run( 'UserLoggedIn', [ $user ] );
  95                 return true;
  96         }
  97
  98         public function autoCreate() {
  99                 return true;
 100         }
 101
 102         public function allowPropChange( $prop = '' ) {
 103                 return AuthManager::singleton()->allowsPropertyChange( $prop );
 104         }
 105
 106         public function allowPasswordChange() {
 107                 $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CHANGE );
 108                 foreach ( $reqs as $req ) {
 109                         if ( $req instanceof PasswordAuthenticationRequest ) {
 110                                 return true;
 111                         }
 112                 }
 113
 114                 return false;
 115         }
 116
 117         public function allowSetLocalPassword() {
 118                 // There should be a PrimaryAuthenticationProvider that does this, if necessary
 119                 return false;
 120         }
 121
 122         public function setPassword( $user, $password ) {
 123                 $data = [
 124                         'username' => $user->getName(),
 125                         'password' => $password,
 126                 ];
 127                 if ( $this->domain !== null && $this->domain !== '' ) {
 128                         $data['domain'] = $this->domain;
 129                 }
 130                 $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CHANGE );
 131                 $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
 132                 foreach ( $reqs as $req ) {
 133                         $status = AuthManager::singleton()->allowsAuthenticationDataChange( $req );
 134                         if ( !$status->isGood() ) {
 135                                 $this->logger->info( __METHOD__ . ': Password change rejected: {reason}', [
 136                                         'username' => $data['username'],
 137                                         'reason' => $status->getWikiText( null, null, 'en' ),
 138                                 ] );
 139                                 return false;
 140                         }
 141                 }
 142                 foreach ( $reqs as $req ) {
 143                         AuthManager::singleton()->changeAuthenticationData( $req );
 144                 }
 145                 return true;
 146         }
 147
 148         public function updateExternalDB( $user ) {
 149                 // This fires the necessary hook
 150                 $user->saveSettings();
 151                 return true;
 152         }
 153
 154         public function updateExternalDBGroups( $user, $addgroups, $delgroups = [] ) {
 155                 throw new \BadMethodCallException(
 156                         'Update of user groups via AuthPlugin is not supported with AuthManager.'
 157                 );
 158         }
 159
 160         public function canCreateAccounts() {
 161                 return AuthManager::singleton()->canCreateAccounts();
 162         }
 163
 164         public function addUser( $user, $password, $email = '', $realname = '' ) {
 165                 throw new \BadMethodCallException(
 166                         'Creation of users via AuthPlugin is not supported with '
 167                         . 'AuthManager. Generally, user creation should be left to either '
 168                         . 'Special:CreateAccount, auto-creation when triggered by a '
 169                         . 'SessionProvider or PrimaryAuthenticationProvider, or '
 170                         . 'User::newSystemUser().'
 171                 );
 172         }
 173
 174         public function strict() {
 175                 // There should be a PrimaryAuthenticationProvider that does this, if necessary
 176                 return true;
 177         }
 178
 179         public function strictUserAuth( $username ) {
 180                 // There should be a PrimaryAuthenticationProvider that does this, if necessary
 181                 return true;
 182         }
 183
 184         public function initUser( &$user, $autocreate = false ) {
 185                 \Hooks::run( 'LocalUserCreated', [ $user, $autocreate ] );
 186         }
 187
 188         public function getCanonicalName( $username ) {
 189                 // AuthManager doesn't support restrictions beyond MediaWiki's
 190                 return $username;
 191         }
 192
 193         public function getUserInstance( User &$user ) {
 194                 return new AuthManagerAuthPluginUser( $user );
 195         }
 196
 197         public function domainList() {
 198                 return [];
 199         }
 200 }
 201
 202 /**
 203  * @since 1.27
 204  * @deprecated since 1.27
 205  */
 206 class AuthManagerAuthPluginUser extends \AuthPluginUser {
 207         /** @var User */
 208         private $user;
 209
 210         function __construct( $user ) {
 211                 $this->user = $user;
 212         }
 213
 214         public function getId() {
 215                 return $this->user->getId();
 216         }
 217
 218         public function isLocked() {
 219                 return $this->user->isLocked();
 220         }
 221
 222         public function isHidden() {
 223                 return $this->user->isHidden();
 224         }
 225
 226         public function resetAuthToken() {
 227                 \MediaWiki\Session\SessionManager::singleton()->invalidateSessionsForUser( $this->user );
 228                 return true;
 229         }
 230 }