jerry
/
src.dualinventive.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
src.dualinventive.com/devops/ansible/roles/dtap-portal/templates/mediawiki/ExtAuthDB.php.j2

290 lines
8.7 KiB
Django/Jinja
Raw Permalink Blame History

<?php
/**
* {{ ansible_managed }}
*/
$wgExtensionCredits['parserhook'][] = array (
'name' => 'ExtAuthDB',
'author' => 'Rik van der Heijden',
'description' => 'Authenticate to the DI portal',
'url' => 'https://www.mediawiki.org/wiki/Extension:ExtAuthDB',
'version' => '0.2',
);
require_once ( "$IP/includes/AuthPlugin.php" );
class ExtAuthDB extends AuthPlugin
{
/**
* Add into LocalSettings.php the following code:
*
* MySQL Host Name.
* $wgExtAuthDB_MySQL_Host = '';
* MySQL Username.
* $wgExtAuthDB_MySQL_Username = '';
* MySQL Password.
* $wgExtAuthDB_MySQL_Password = '';
* MySQL Database Name.
* $wgExtAuthDB_MySQL_Database = '';
* MySQL Database Table of users data.
* $wgExtAuthDB_MySQL_Table = '';
* MySQL Database username column label.
* $wgExtAuthDB_MySQL_Login = '';
* MySQL Database login password column label
* $wgExtAuthDB_MySQL_Pswrd = '';
* MySQL Database email column label
* $wgExtAuthDB_MySQL_Email = '';
* MySQL Database user real name column label
* $wgExtAuthDB_MySQL_RealN = '';
* require_once("$IP/extensions/ExtAuthDB/ExtAuthDB.php");
* $wgAuth = new ExtAuthDB();
*
* @return Object Database
*/
private function connectToDB()
{
$db = new DatabaseMysqli([
'host' => $GLOBALS['wgExtAuthDB_MySQL_Host'],
'user' => $GLOBALS['wgExtAuthDB_MySQL_Username'],
'password' => $GLOBALS['wgExtAuthDB_MySQL_Password'],
'dbname' => $GLOBALS['wgExtAuthDB_MySQL_Database'],
'tablePrefix' => '',
'schema' => $GLOBALS['wgExtAuthDB_MySQL_Database'],
'cliMode' => false,
'flags' => 0,
'variables' => [],
'profiler' => false,
'trxProfiler' => new TransactionProfiler(),
'queryLogger' => new \Psr\Log\NullLogger(),
'connLogger' => new \Psr\Log\NullLogger(),
'errorLogger' => new \Psr\Log\NullLogger()]);
$this->userTable = $GLOBALS['wgExtAuthDB_MySQL_Table'];
$this->userLogin = $GLOBALS['wgExtAuthDB_MySQL_Login'];
$this->userPswrd = $GLOBALS['wgExtAuthDB_MySQL_Pswrd'];
$this->userEmail = $GLOBALS['wgExtAuthDB_MySQL_Email'];
$this->userRealN = $GLOBALS['wgExtAuthDB_MySQL_RealN'];
wfDebug("ExtAuthDB::connectToDB() : DB failed to open\n");
return $db;
}
/**
* Check whether there exists a user account with the given name.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param $username String: username.
* @return bool
* @public
*/
function userExists( $username ) {
$db = $this->connectToDB();
$ret = $db->selectRow($this->userTable,array ('user_id'), array ('user_name' => $username ), __METHOD__ );
return ($ret !== false);
}
/**
* Check if a username+password pair is a valid login.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param $username String: username.
* @param $password String: user password.
* @return bool
* @public
*/
function authenticate( $username, $password ) {
$db = $this->connectToDB();
$hash_password = $db->selectRow($this->userTable,array ('password', 'user_id'), array ($this->userLogin => $username ), __METHOD__ );
if (password_verify($password, $hash_password->password))
{
$right = $db->selectRow('user_right',array ('right_code'), array ('user_id' => $hash_password->user_id, 'right_code' => 'dip.application.wiki' ), __METHOD__ );
// It returns false when no data
return ($right !== false);
}
return false;
}
/**
* Set the domain this plugin is supposed to use when authenticating.
*
* @param $domain String: authentication domain.
* @public
*/
function setDomain( $domain ) {
$this->domain = $domain;
}
/**
* Check to see if the specific domain is a valid domain.
*
* @param $domain String: authentication domain.
* @return bool
* @public
*/
function validDomain( $domain ) {
return true;
}
/**
* When a user logs in, optionally fill in preferences and such.
* For instance, you might pull the email address or real name from the
* external user database.
*
* The User object is passed by reference so it can be modified; don't
* forget the & on your function declaration.
*
* @param User $user
* @public
*/
function updateUser( &$user )
{
$db = $this->connectToDB();
$euser = $db->selectRow($this->userTable, array ( '*' ), array ($this->userLogin => $user->mName ), __METHOD__ );
//$user->setName($euser->user_name);
$user->setRealName($euser->first_name . ' ' . $euser->last_name);
$user->setEmail($euser->email);
$user->mEmailAuthenticated = wfTimestampNow();
$user->saveSettings();
return true;
}
function disallowPrefsEditByUser() {
return array (
'wpRealName' => true,
'wpUserEmail' => true,
'wpNick' => true
);
}
/**
* Return true if the wiki should create a new local account automatically
* when asked to login a user who doesn't exist locally but does in the
* external auth database.
*
* If you don't automatically create accounts, you must still create
* accounts in some way. It's not possible to authenticate without
* a local account.
*
* This is just a question, and shouldn't perform any actions.
*
* @return bool
* @public
*/
function autoCreate() {
return true;
}
/**
* Can users change their passwords?
*
* @return bool
*/
function allowPasswordChange() {
return false;
}
/**
* Set the given password in the authentication database.
* As a special case, the password may be set to null to request
* locking the password to an unusable value, with the expectation
* that it will be set later through a mail reset or other method.
0 *
* Return true if successful.
*
* @param $user User object.
* @param $password String: password.
* @return bool
* @public
*/
function setPassword( $user, $password ) {
return true;
}
/**
* Update user information in the external authentication database.
* Return true if successful.
*
* @param $user User object.
* @return bool
* @public
*/
function updateExternalDB( $user ) {
/*$db = $this->connectToDB();
$euser = $db->selectRow($this->userTable,array ( '*' ), array ($this->userLogin => $user->mName ), __METHOD__ );
$user->setRealName($euser->{$this->userRealN});
$user->setEmail($euser->{$this->userEmail});
$user->mEmailAuthenticated = wfTimestampNow();
$user->saveSettings();
return true;*/
return false;
}
/**
* Check to see if external accounts can be created.
* Return true if external accounts can be created.
* @return bool
* @public
*/
function canCreateAccounts() {
return false;
}
/**
* Add a user to the external authentication database.
* Return true if successful.
*
* @param User $user - only the name should be assumed valid at this point
* @param string $password
* @param string $email
* @param string $realname
* @return bool
* @public
*/
function addUser( $user, $password, $email='', $realname='' ) {
return false;
}
/**
* Return true to prevent logins that don't authenticate here from being
* checked against the local database's password fields.
*
* This is just a question, and shouldn't perform any actions.
*
* @return bool
* @public
*/
function strict() {
return true;
}
/**
* When creating a user account, optionally fill in preferences and such.
* For instance, you might pull the email address or real name from the
* external user database.
*
* The User object is passed by reference so it can be modified; don't
* forget the & on your function declaration.
*
* @param $user User object.
* @param $autocreate bool True if user is being autocreated on login
* @public
*/
function initUser(&$user, $autocreate=false ) {
# Override this to do something.
}
/**
* If you want to munge the case of an account name before the final
* check, now is your chance.
*/
function getCanonicalName( $username ) {
return $username;
}
}
Reference in New Issue View Git Blame Copy Permalink