/**
* @param $user
* @param $result
* @return bool
*/
public function AutoAuthenticateOverSymfony($user, &$result)
{
$symfonyToken = $this->symfonyConatiner->get('security.token_storage')->getToken();
if (!$symfonyToken || !is_object($symfonyToken)) {
return false;
}
$symfonyUser = $symfonyToken->getUser();
if (!$symfonyUser || !is_object($symfonyUser)) {
return false;
}
$dbr =& wfGetDB(DB_SLAVE);
$s = $dbr->selectRow('user', array('user_id'), array('user_name' => $symfonyUser->getUsername()), "UserAuthSymfony::AutoAuthenticateOverSymfony");
if ($s === false) {
$username = $symfonyUser->getUsername();
$newUser = new \User();
$newUser->loadDefaults($username);
// Added as it's done this way in CentralAuth.
$newUser->setEmail($symfonyUser->getEmail());
$newUser->setName($username);
$newUser->confirmEmail();
$newUser->mTouched = wfTimestamp();
$newUser->addToDatabase();
$user =& $newUser;
} else {
$user->mId = $s->user_id;
}
$sfGroups = array();
if (method_exists($symfonyUser, 'getGroups')) {
$sfGroups = $symfonyUser->getGroups();
}
$oldGroups = $user->getGroups();
// previous groups
foreach ($oldGroups as $group) {
//ignore wiki groups and remove only non wiki groups
if (!in_array($group, array('sysop', 'bureaucrat'))) {
$user->removeGroup($group);
// remove it
}
}
// readd current groups
foreach ($sfGroups as $sfGroup) {
$user->addGroup(GroupBridge::getGroupAlias($sfGroup));
}
if ($user->loadFromDatabase()) {
$user->saveToCache();
}
$result = true;
return true;
}
/**
* Updates the user's details according to what was given from the SSO
* library.
* Note that this will be called every time after authenticating
* to the IdP.
*
* @param User $user
* User object from MW
* @param Array $attrs
* Attribute array
*/
private function modifyUserIfNeeded(&$user, $attrs)
{
$username = $user->getName();
$dirty = false;
/*
* Email
*/
if (isset($attrs['email'])) {
$new = $attrs['email'];
$old = $user->getEmail();
if ($new != $old) {
$user->setEmail($new);
$user->confirmEmail();
wfDebugLog('MultiAuthPlugin', __METHOD__ . ': ' . "Updated email for user '{$username}' from '{$old}' to '{$new}'");
$dirty = true;
}
}
/*
* Fullname
*/
if (isset($attrs['fullname'])) {
$new = $attrs['fullname'];
$old = $user->getRealName();
if ($new != $old) {
$user->setRealName($new);
wfDebugLog('MultiAuthPlugin', __METHOD__ . ': ' . "Updated realName for user '{$username}' from '{$old}' to '{$new}'");
$dirty = true;
}
}
if ($dirty) {
$user->saveSettings();
}
}
private function onAuthenticateUserDataResetPass(User $u)
{
// The e-mailed temporary password should not be used for actu-
// al logins; that's a very sloppy habit, and insecure if an
// attacker has a few seconds to click "search" on someone's o-
// pen mail reader.
//
// Allow it to be used only to reset the password a single time
// to a new value, which won't be in the user's e-mail ar-
// chives.
//
// For backwards compatibility, we'll still recognize it at the
// login form to minimize surprises for people who have been
// logging in with a temporary password for some time.
//
// As a side-effect, we can authenticate the user's e-mail ad-
// dress if it's not already done, since the temporary password
// was sent via e-mail.
if (!$u->isEmailConfirmed()) {
$u->confirmEmail();
$u->saveSettings();
}
}
/**
* When a user logs in, optionally fill in preferences and such.
* For instance, you might pull the email address or real name from the
* external user database.
*
* The User object is passed by reference so it can be modified; don't
* forget the & on your function declaration.
*
* @param User $user
* @public
*/
function updateUser(&$user)
{
if ($this->debug) {
echo 'updateUser';
}
$username = addslashes($user->getName());
$find_user_query = "SELECT\n\t\t\tuser_id,\n\t\t\tuser_accesslevel, user_email, \n\t\t\tuser_name_short, user_name\n\t\t\tFROM users WHERE lower(user_name_short)=lower('{$username}')";
$find_result = mysql_query($find_user_query, $this->database);
// make sure that there is only one person with the username
if (mysql_num_rows($find_result) == 1) {
$userinfo = mysql_fetch_assoc($find_result);
mysql_free_result($find_result);
$user->setEmail($userinfo['user_email']);
$user->confirmEmail();
$user->setRealName($userinfo['user_name']);
// Accessrights
if ($userinfo['user_accesslevel'] > 2) {
$user->addGroup('sysop');
}
$user->saveSettings();
return true;
}
return false;
}
/**
* When a user logs in, update user with information from LDAP.
*
* @param User $user
* @access public
* TODO: fix the setExternalID stuff
*/
function updateUser(&$user)
{
global $wgLDAPRetrievePrefs, $wgLDAPPreferences;
global $wgLDAPUseLDAPGroups;
global $wgLDAPUniqueBlockLogin, $wgLDAPUniqueRenameUser;
$this->printDebug("Entering updateUser", NONSENSITIVE);
if ($this->authFailed) {
$this->printDebug("User didn't successfully authenticate, exiting.", NONSENSITIVE);
return;
}
$saveSettings = false;
//If we aren't pulling preferences, we don't want to accidentally
//overwrite anything.
if (isset($wgLDAPRetrievePrefs[$_SESSION['wsDomain']]) && $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] || isset($wgLDAPPreferences[$_SESSION['wsDomain']])) {
$this->printDebug("Setting user preferences.", NONSENSITIVE);
if ('' != $this->lang) {
$this->printDebug("Setting language.", NONSENSITIVE);
$user->setOption('language', $this->lang);
}
if ('' != $this->nickname) {
$this->printDebug("Setting nickname.", NONSENSITIVE);
$user->setOption('nickname', $this->nickname);
}
if ('' != $this->realname) {
$this->printDebug("Setting realname.", NONSENSITIVE);
$user->setRealName($this->realname);
}
if ('' != $this->email) {
$this->printDebug("Setting email.", NONSENSITIVE);
$user->setEmail($this->email);
$user->confirmEmail();
}
if (isset($wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']]) && $wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']] || isset($wgLDAPUniqueRenameUser[$_SESSION['wsDomain']]) && $wgLDAPUniqueRenameUser[$_SESSION['wsDomain']]) {
if ('' != $this->externalid) {
$user->setExternalID($this->externalid);
}
}
$saveSettings = true;
}
if (isset($wgLDAPUseLDAPGroups[$_SESSION['wsDomain']]) && $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']]) {
$this->printDebug("Setting user groups.", NONSENSITIVE);
$this->setGroups($user);
$saveSettings = true;
}
if ($saveSettings) {
$this->printDebug("Saving user settings.", NONSENSITIVE);
$user->saveSettings();
}
}
/**
* Confirm the user and set their cookies. This is used when a user already has an
* email registered with Facebook.
* @param User $user
*/
private function confirmUser(User $user)
{
$user->confirmEmail();
wfRunHooks('SignupConfirmEmailComplete', [$user]);
$user->saveSettings();
}
