/**
* new user, create him - making sure the login is unique by adding a number if needed
*
* @param array $uinfo user info received from the oAuth service
* @param string $servicename
*
* @return bool
*/
protected function addUser(&$uinfo, $servicename)
{
global $conf;
$user = $uinfo['user'];
$count = '';
while ($this->getUserData($user . $count)) {
if ($count) {
$count++;
} else {
$count = 1;
}
}
$user = $user . $count;
$uinfo['user'] = $user;
$groups_on_creation = array();
$groups_on_creation[] = $conf['defaultgroup'];
$groups_on_creation[] = $this->cleanGroup($servicename);
// add service as group
$uinfo['grps'] = array_merge((array) $uinfo['grps'], $groups_on_creation);
$ok = $this->triggerUserMod('create', array($user, auth_pwgen($user), $uinfo['name'], $uinfo['mail'], $groups_on_creation));
if (!$ok) {
return false;
}
// send notification about the new user
$subscription = new Subscription();
$subscription->send_register($user, $uinfo['name'], $uinfo['mail']);
return true;
}
/**
* Register a new user
*
* This registers a new user - Data is read directly from $_POST
*
* @author Andreas Gohr <*****@*****.**>
* @return bool true on success, false on any error
*/
function register()
{
global $lang;
global $conf;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
global $INPUT;
if (!$INPUT->post->bool('save')) {
return false;
}
if (!actionOK('register')) {
return false;
}
// gather input
$login = trim($auth->cleanUser($INPUT->post->str('login')));
$fullname = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $INPUT->post->str('fullname')));
$email = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $INPUT->post->str('email')));
$pass = $INPUT->post->str('pass');
$passchk = $INPUT->post->str('passchk');
if (empty($login) || empty($fullname) || empty($email)) {
msg($lang['regmissing'], -1);
return false;
}
if ($conf['autopasswd']) {
$pass = auth_pwgen($login);
// automatically generate password
} elseif (empty($pass) || empty($passchk)) {
msg($lang['regmissing'], -1);
// complain about missing passwords
return false;
} elseif ($pass != $passchk) {
msg($lang['regbadpass'], -1);
// complain about misspelled passwords
return false;
}
//check mail
if (!mail_isvalid($email)) {
msg($lang['regbadmail'], -1);
return false;
}
//okay try to create the user
if (!$auth->triggerUserMod('create', array($login, $pass, $fullname, $email))) {
msg($lang['reguexists'], -1);
return false;
}
// send notification about the new user
$subscription = new Subscription();
$subscription->send_register($login, $fullname, $email);
// are we done?
if (!$conf['autopasswd']) {
msg($lang['regsuccess2'], 1);
return true;
}
// autogenerated password? then send password to user
if (auth_sendPassword($login, $pass)) {
msg($lang['regsuccess'], 1);
return true;
} else {
msg($lang['regmailfail'], -1);
return false;
}
}
/**
* Handle the login
*
* This either trusts the session data (if any), processes the second oAuth step or simply
* executes a normal plugin against local users.
*
* @param string $user
* @param string $pass
* @param bool $sticky
* @return bool
*/
function trustExternal($user, $pass, $sticky = false)
{
global $conf;
global $USERINFO;
// are we in login progress?
if (isset($_SESSION[DOKU_COOKIE]['oauth-inprogress'])) {
$servicename = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['service'];
$page = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['id'];
unset($_SESSION[DOKU_COOKIE]['oauth-inprogress']);
}
// check session for existing oAuth login data
$session = $_SESSION[DOKU_COOKIE]['auth'];
if (!isset($servicename) && isset($session['oauth'])) {
$servicename = $session['oauth'];
// check if session data is still considered valid
if ($session['time'] >= time() - $conf['auth_security_timeout'] && $session['buid'] == auth_browseruid()) {
$_SERVER['REMOTE_USER'] = $session['user'];
$USERINFO = $session['info'];
return true;
}
}
// either we're in oauth login or a previous log needs to be rechecked
if (isset($servicename)) {
/** @var helper_plugin_oauth $hlp */
$hlp = plugin_load('helper', 'oauth');
$service = $hlp->loadService($servicename);
if (is_null($service)) {
return false;
}
if ($service->checkToken()) {
$uinfo = $service->getUser();
$uinfo['user'] = $this->cleanUser((string) $uinfo['user']);
if (!$uinfo['name']) {
$uinfo['name'] = $uinfo['user'];
}
if (!$uinfo['user'] || !$uinfo['mail']) {
msg("{$servicename} did not provide the needed user info. Can't log you in", -1);
return false;
}
// see if the user is known already
$user = $this->getUserByEmail($uinfo['mail']);
if ($user) {
$sinfo = $this->getUserData($user);
// check if the user allowed access via this service
if (!in_array($this->cleanGroup($servicename), $sinfo['grps'])) {
msg(sprintf($this->getLang('authnotenabled'), $servicename), -1);
return false;
}
$uinfo['user'] = $user;
$uinfo['name'] = $sinfo['name'];
$uinfo['grps'] = array_merge((array) $uinfo['grps'], $sinfo['grps']);
} else {
// new user, create him - making sure the login is unique by adding a number if needed
$user = $uinfo['user'];
$count = '';
while ($this->getUserData($user . $count)) {
if ($count) {
$count++;
} else {
$count = 1;
}
}
$user = $user . $count;
$uinfo['user'] = $user;
$groups_on_creation = array();
$groups_on_creation[] = $conf['defaultgroup'];
$groups_on_creation[] = $this->cleanGroup($servicename);
// add service as group
$uinfo['grps'] = array_merge((array) $uinfo['grps'], $groups_on_creation);
$ok = $this->triggerUserMod('create', array($user, auth_pwgen($user), $uinfo['name'], $uinfo['mail'], $groups_on_creation));
if (!$ok) {
msg('something went wrong creating your user account. please try again later.', -1);
return false;
}
// send notification about the new user
$subscription = new Subscription();
$subscription->send_register($user, $uinfo['name'], $uinfo['mail']);
}
// set user session
$this->setUserSession($uinfo, $servicename);
$cookie = base64_encode($user) . '|' . (int) $sticky . '|' . base64_encode('oauth') . '|' . base64_encode($servicename);
$cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
$time = $sticky ? time() + 60 * 60 * 24 * 365 : 0;
setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', $conf['securecookie'] && is_ssl(), true);
if (isset($page)) {
send_redirect(wl($page));
}
return true;
} else {
$this->relogin($servicename);
}
unset($_SESSION[DOKU_COOKIE]['auth']);
return false;
// something went wrong during oAuth login
} elseif (isset($_COOKIE[DOKU_COOKIE])) {
global $INPUT;
//try cookie
list($cookieuser, $cookiesticky, $auth, $servicename) = explode('|', $_COOKIE[DOKU_COOKIE]);
$cookieuser = base64_decode($cookieuser, true);
$auth = base64_decode($auth, true);
$servicename = base64_decode($servicename, true);
if ($auth === 'oauth') {
$this->relogin($servicename);
}
}
// do the "normal" plain auth login via form
return auth_login($user, $pass, $sticky);
}
