function onStartCheckPassword($nickname, $password, &$authenticatedUser)
{
//map the nickname to a username
$user_username = new User_username();
$user_username->username = $nickname;
$user_username->provider_name = $this->provider_name;
if ($user_username->find() && $user_username->fetch()) {
$authenticated = $this->checkPassword($user_username->username, $password);
if ($authenticated) {
$authenticatedUser = User::getKV('id', $user_username->user_id);
return false;
}
} else {
//$nickname is the username used to login
//$suggested_nickname is the nickname the auth provider suggests for that username
$suggested_nickname = $this->suggestNicknameForUsername($nickname);
$user = User::getKV('nickname', $suggested_nickname);
if ($user) {
//make sure this user isn't claimed
$user_username = new User_username();
$user_username->user_id = $user->id;
$we_can_handle = false;
if ($user_username->find()) {
//either this provider, or another one, has already claimed this user
//so we cannot. Let another plugin try.
return;
} else {
//no other provider claims this user, so it's safe for us to handle it
$authenticated = $this->checkPassword($nickname, $password);
if ($authenticated) {
$authenticatedUser = $user;
User_username::register($authenticatedUser, $nickname, $this->provider_name);
return false;
}
}
} else {
$authenticated = $this->checkPassword($nickname, $password);
if ($authenticated) {
if (!Event::handle('AutoRegister', array($nickname, $this->provider_name, &$authenticatedUser))) {
//unlike most Event::handle lines of code, this one has a ! (not)
//we want to do this if the event *was* handled - this isn't a "default" implementation
//like most code of this form.
if ($authenticatedUser) {
return false;
}
}
}
}
}
if ($this->authoritative) {
return false;
} else {
//we're not authoritative, so let other handlers try
return;
}
}
function onStartChangePassword($user, $oldpassword, $newpassword)
{
if ($this->password_changeable) {
$user_username = new User_username();
$user_username->user_id = $user->id;
$user_username->provider_name = $this->provider_name;
if ($user_username->find() && $user_username->fetch()) {
$authenticated = $this->checkPassword($user_username->username, $oldpassword);
if ($authenticated) {
$result = $this->changePassword($user_username->username, $oldpassword, $newpassword);
if ($result) {
//stop handling of other handlers, because what was requested was done
return false;
} else {
// TRANS: Exception thrown when a password change fails.
throw new Exception(_('Password changing failed.'));
}
} else {
if ($this->authoritative) {
//since we're authoritative, no other plugin could do this
// TRANS: Exception thrown when a password change fails.
throw new Exception(_('Password changing failed.'));
} else {
//let another handler try
return null;
}
}
}
} else {
if ($this->authoritative) {
//since we're authoritative, no other plugin could do this
// TRANS: Exception thrown when a password change attempt fails because it is not allowed.
throw new Exception(_('Password changing is not allowed.'));
}
}
}
function hasRole($profile, $name)
{
$user_username = new User_username();
$user_username->user_id = $profile->id;
$user_username->provider_name = $this->provider_name;
if ($user_username->find() && $user_username->fetch()) {
$entry = $this->ldapCommon->get_user($user_username->username);
if ($entry) {
if (isset($this->roles_to_groups[$name])) {
if (is_array($this->roles_to_groups[$name])) {
foreach ($this->roles_to_groups[$name] as $group) {
if ($this->ldapCommon->is_dn_member_of_group($entry->dn(), $group)) {
return true;
}
}
} else {
if ($this->ldapCommon->is_dn_member_of_group($entry->dn(), $this->roles_to_groups[$name])) {
return true;
}
}
}
}
}
return false;
}