lib/authenticationplugin.php

   1 <?php
   2 /**
   3  * StatusNet, the distributed open-source microblogging tool
   4  *
   5  * Superclass for plugins that do authentication and/or authorization
   6  *
   7  * PHP version 5
   8  *
   9  * LICENCE: This program is free software: you can redistribute it and/or modify
  10  * it under the terms of the GNU Affero General Public License as published by
  11  * the Free Software Foundation, either version 3 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU Affero General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License
  20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21  *
  22  * @category  Plugin
  23  * @package   StatusNet
  24  * @author    Craig Andrews <candrews@integralblue.com>
  25  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  26  * @link      http://status.net/
  27  */
  28
  29 if (!defined('STATUSNET') && !defined('LACONICA')) {
  30     exit(1);
  31 }
  32
  33 /**
  34  * Superclass for plugins that do authentication
  35  *
  36  * @category Plugin
  37  * @package  StatusNet
  38  * @author   Craig Andrews <candrews@integralblue.com>
  39  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  40  * @link     http://status.net/
  41  */
  42
  43 abstract class AuthenticationPlugin extends Plugin
  44 {
  45     //is this plugin authoritative for authentication?
  46     public $authoritative = false;
  47
  48     //should accounts be automatically created after a successful login attempt?
  49     public $autoregistration = false;
  50
  51     //can the user change their email address
  52     public $password_changeable=true;
  53
  54     //unique name for this authentication provider
  55     public $provider_name;
  56
  57     //------------Auth plugin should implement some (or all) of these methods------------\\
  58     /**
  59     * Check if a nickname/password combination is valid
  60     * @param username
  61     * @param password
  62     * @return boolean true if the credentials are valid, false if they are invalid.
  63     */
  64     function checkPassword($username, $password)
  65     {
  66         return false;
  67     }
  68
  69     /**
  70     * Automatically register a user when they attempt to login with valid credentials.
  71     * User::register($data) is a very useful method for this implementation
  72     * @param username username (that is used to login and find the user in the authentication provider) of the user to be registered
  73     * @param nickname nickname of the user in the SN system. If nickname is null, then set nickname = username
  74     * @return mixed instance of User, or false (if user couldn't be created)
  75     */
  76     function autoRegister($username, $nickname = null)
  77     {
  78         if(is_null($nickname)){
  79             $nickname = $username;
  80         }
  81         $registration_data = array();
  82         $registration_data['nickname'] = $nickname ;
  83         return User::register($registration_data);
  84     }
  85
  86     /**
  87     * Change a user's password
  88     * The old password has been verified to be valid by this plugin before this call is made
  89     * @param username
  90     * @param oldpassword
  91     * @param newpassword
  92     * @return boolean true if the password was changed, false if password changing failed for some reason
  93     */
  94     function changePassword($username,$oldpassword,$newpassword)
  95     {
  96         return false;
  97     }
  98
  99     /**
 100     * Given a username, suggest what the nickname should be
 101     * Used during autoregistration
 102     * Useful if your usernames are ugly, and you want to suggest
 103     * nice looking nicknames when users initially sign on
 104     * @param username
 105     * @return string nickname
 106     */
 107     function suggestNicknameForUsername($username)
 108     {
 109         return $username;
 110     }
 111
 112     //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\
 113     function onInitializePlugin(){
 114         if(!isset($this->provider_name)){
 115             throw new Exception("must specify a provider_name for this authentication provider");
 116         }
 117     }
 118
 119     /**
 120     * Internal AutoRegister event handler
 121     * @param nickname
 122     * @param provider_name
 123     * @param user - the newly registered user
 124     */
 125     function onAutoRegister($nickname, $provider_name, &$user)
 126     {
 127         if($provider_name == $this->provider_name && $this->autoregistration){
 128             $suggested_nickname = $this->suggestNicknameForUsername($nickname);
 129             $test_user = User::staticGet('nickname', $suggested_nickname);
 130             if($test_user) {
 131                 //someone already exists with the suggested nickname, so used the passed nickname
 132                 $suggested_nickname = $nickname;
 133             }
 134             $test_user = User::staticGet('nickname', $suggested_nickname);
 135             if($test_user) {
 136                 //someone already exists with the suggested nickname
 137                 //not much else we can do
 138             }else{
 139                 $user = $this->autoRegister($nickname, $suggested_nickname);
 140                 if($user){
 141                     User_username::register($user,$nickname,$this->provider_name);
 142                     return false;
 143                 }
 144             }
 145         }
 146     }
 147
 148     function onStartCheckPassword($nickname, $password, &$authenticatedUser){
 149         //map the nickname to a username
 150         $user_username = new User_username();
 151         $user_username->username=$nickname;
 152         $user_username->provider_name=$this->provider_name;
 153         if($user_username->find() && $user_username->fetch()){
 154             $authenticated = $this->checkPassword($user_username->username, $password);
 155             if($authenticated){
 156                 $authenticatedUser = User::staticGet('id', $user_username->user_id);
 157                 return false;
 158             }
 159         }else{
 160             //$nickname is the username used to login
 161             //$suggested_nickname is the nickname the auth provider suggests for that username
 162             $suggested_nickname = $this->suggestNicknameForUsername($nickname);
 163             $user = User::staticGet('nickname', $suggested_nickname);
 164             if($user){
 165                 //make sure this user isn't claimed
 166                 $user_username = new User_username();
 167                 $user_username->user_id=$user->id;
 168                 $we_can_handle = false;
 169                 if($user_username->find()){
 170                     //either this provider, or another one, has already claimed this user
 171                     //so we cannot. Let another plugin try.
 172                     return;
 173                 }else{
 174                     //no other provider claims this user, so it's safe for us to handle it
 175                     $authenticated = $this->checkPassword($nickname, $password);
 176                     if($authenticated){
 177                         $authenticatedUser = $user;
 178                         User_username::register($authenticatedUser,$nickname,$this->provider_name);
 179                         return false;
 180                     }
 181                 }
 182             }else{
 183                 $authenticated = $this->checkPassword($nickname, $password);
 184                 if($authenticated){
 185                     if(! Event::handle('AutoRegister', array($nickname, $this->provider_name, &$authenticatedUser))){
 186                         //unlike most Event::handle lines of code, this one has a ! (not)
 187                         //we want to do this if the event *was* handled - this isn't a "default" implementation
 188                         //like most code of this form.
 189                         if($authenticatedUser){
 190                             return false;
 191                         }
 192                     }
 193                 }
 194             }
 195         }
 196         if($this->authoritative){
 197             return false;
 198         }else{
 199             //we're not authoritative, so let other handlers try
 200             return;
 201         }
 202     }
 203
 204     function onStartChangePassword($user,$oldpassword,$newpassword)
 205     {
 206         if($this->password_changeable){
 207             $user_username = new User_username();
 208             $user_username->user_id=$user->id;
 209             $user_username->provider_name=$this->provider_name;
 210             if($user_username->find() && $user_username->fetch()){
 211                 $authenticated = $this->checkPassword($user_username->username, $oldpassword);
 212                 if($authenticated){
 213                     $result = $this->changePassword($user_username->username,$oldpassword,$newpassword);
 214                     if($result){
 215                         //stop handling of other handlers, because what was requested was done
 216                         return false;
 217                     }else{
 218                         throw new Exception(_('Password changing failed'));
 219                     }
 220                 }else{
 221                     if($this->authoritative){
 222                         //since we're authoritative, no other plugin could do this
 223                         throw new Exception(_('Password changing failed'));
 224                     }else{
 225                         //let another handler try
 226                         return null;
 227                     }
 228                 }
 229             }
 230         }else{
 231             if($this->authoritative){
 232                 //since we're authoritative, no other plugin could do this
 233                 throw new Exception(_('Password changing is not allowed'));
 234             }
 235         }
 236     }
 237
 238     function onStartAccountSettingsPasswordMenuItem($widget)
 239     {
 240         if($this->authoritative && !$this->password_changeable){
 241             //since we're authoritative, no other plugin could change passwords, so do not render the menu item
 242             return false;
 243         }
 244     }
 245
 246     function onCheckSchema() {
 247         $schema = Schema::get();
 248         $schema->ensureTable('user_username',
 249                              array(new ColumnDef('provider_name', 'varchar',
 250                                                  '255', false, 'PRI'),
 251                                    new ColumnDef('username', 'varchar',
 252                                                  '255', false, 'PRI'),
 253                                    new ColumnDef('user_id', 'integer',
 254                                                  null, false),
 255                                    new ColumnDef('created', 'datetime',
 256                                                  null, false),
 257                                    new ColumnDef('modified', 'timestamp')));
 258         return true;
 259     }
 260
 261     function onUserDeleteRelated($user, &$tables)
 262     {
 263         $tables[] = 'User_username';
 264         return true;
 265     }
 266 }
 267