lib/authenticationplugin.php

   1 <?php
   2 /**
   3  * StatusNet, the distributed open-source microblogging tool
   4  *
   5  * Superclass for plugins that do authentication and/or authorization
   6  *
   7  * PHP version 5
   8  *
   9  * LICENCE: This program is free software: you can redistribute it and/or modify
  10  * it under the terms of the GNU Affero General Public License as published by
  11  * the Free Software Foundation, either version 3 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU Affero General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License
  20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21  *
  22  * @category  Plugin
  23  * @package   StatusNet
  24  * @author    Craig Andrews <candrews@integralblue.com>
  25  * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  26  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  27  * @link      http://status.net/
  28  */
  29
  30 if (!defined('STATUSNET') && !defined('LACONICA')) {
  31     exit(1);
  32 }
  33
  34 /**
  35  * Superclass for plugins that do authentication
  36  *
  37  * @category Plugin
  38  * @package  StatusNet
  39  * @author   Craig Andrews <candrews@integralblue.com>
  40  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  41  * @link     http://status.net/
  42  */
  43
  44 abstract class AuthenticationPlugin extends Plugin
  45 {
  46     //is this plugin authoritative for authentication?
  47     public $authoritative = false;
  48
  49     //should accounts be automatically created after a successful login attempt?
  50     public $autoregistration = false;
  51
  52     //can the user change their email address
  53     public $password_changeable=true;
  54
  55     //unique name for this authentication provider
  56     public $provider_name;
  57
  58     //------------Auth plugin should implement some (or all) of these methods------------\\
  59     /**
  60     * Check if a nickname/password combination is valid
  61     * @param username
  62     * @param password
  63     * @return boolean true if the credentials are valid, false if they are invalid.
  64     */
  65     function checkPassword($username, $password)
  66     {
  67         return false;
  68     }
  69
  70     /**
  71     * Automatically register a user when they attempt to login with valid credentials.
  72     * User::register($data) is a very useful method for this implementation
  73     * @param username username (that is used to login and find the user in the authentication provider) of the user to be registered
  74     * @param nickname nickname of the user in the SN system. If nickname is null, then set nickname = username
  75     * @return mixed instance of User, or false (if user couldn't be created)
  76     */
  77     function autoRegister($username, $nickname = null)
  78     {
  79         if(is_null($nickname)){
  80             $nickname = $username;
  81         }
  82         $registration_data = array();
  83         $registration_data['nickname'] = $nickname;
  84         return User::register($registration_data);
  85     }
  86
  87     /**
  88     * Change a user's password
  89     * The old password has been verified to be valid by this plugin before this call is made
  90     * @param username
  91     * @param oldpassword
  92     * @param newpassword
  93     * @return boolean true if the password was changed, false if password changing failed for some reason
  94     */
  95     function changePassword($username,$oldpassword,$newpassword)
  96     {
  97         return false;
  98     }
  99
 100     /**
 101     * Given a username, suggest what the nickname should be
 102     * Used during autoregistration
 103     * Useful if your usernames are ugly, and you want to suggest
 104     * nice looking nicknames when users initially sign on
 105     * All nicknames returned by this function should be valid
 106     *  implementations may want to use common_nicknamize() to ensure validity
 107     * @param username
 108     * @return string nickname
 109     */
 110     function suggestNicknameForUsername($username)
 111     {
 112         return common_nicknamize($username);
 113     }
 114
 115     //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\
 116     function onInitializePlugin(){
 117         if(!isset($this->provider_name)){
 118             throw new Exception("must specify a provider_name for this authentication provider");
 119         }
 120     }
 121
 122     /**
 123     * Internal AutoRegister event handler
 124     * @param nickname
 125     * @param provider_name
 126     * @param user - the newly registered user
 127     */
 128     function onAutoRegister($nickname, $provider_name, &$user)
 129     {
 130         if($provider_name == $this->provider_name && $this->autoregistration){
 131             $suggested_nickname = $this->suggestNicknameForUsername($nickname);
 132             $test_user = User::staticGet('nickname', $suggested_nickname);
 133             if($test_user) {
 134                 //someone already exists with the suggested nickname, so used the passed nickname
 135                 $suggested_nickname = common_nicknamize($nickname);
 136             }
 137             $test_user = User::staticGet('nickname', $suggested_nickname);
 138             if($test_user) {
 139                 //someone already exists with the suggested nickname
 140                 //not much else we can do
 141             }else{
 142                 $user = $this->autoRegister($nickname, $suggested_nickname);
 143                 if($user){
 144                     User_username::register($user,$nickname,$this->provider_name);
 145                     return false;
 146                 }
 147             }
 148         }
 149     }
 150
 151     function onStartCheckPassword($nickname, $password, &$authenticatedUser){
 152         //map the nickname to a username
 153         $user_username = new User_username();
 154         $user_username->username=$nickname;
 155         $user_username->provider_name=$this->provider_name;
 156         if($user_username->find() && $user_username->fetch()){
 157             $authenticated = $this->checkPassword($user_username->username, $password);
 158             if($authenticated){
 159                 $authenticatedUser = User::staticGet('id', $user_username->user_id);
 160                 return false;
 161             }
 162         }else{
 163             //$nickname is the username used to login
 164             //$suggested_nickname is the nickname the auth provider suggests for that username
 165             $suggested_nickname = $this->suggestNicknameForUsername($nickname);
 166             $user = User::staticGet('nickname', $suggested_nickname);
 167             if($user){
 168                 //make sure this user isn't claimed
 169                 $user_username = new User_username();
 170                 $user_username->user_id=$user->id;
 171                 $we_can_handle = false;
 172                 if($user_username->find()){
 173                     //either this provider, or another one, has already claimed this user
 174                     //so we cannot. Let another plugin try.
 175                     return;
 176                 }else{
 177                     //no other provider claims this user, so it's safe for us to handle it
 178                     $authenticated = $this->checkPassword($nickname, $password);
 179                     if($authenticated){
 180                         $authenticatedUser = $user;
 181                         User_username::register($authenticatedUser,$nickname,$this->provider_name);
 182                         return false;
 183                     }
 184                 }
 185             }else{
 186                 $authenticated = $this->checkPassword($nickname, $password);
 187                 if($authenticated){
 188                     if(! Event::handle('AutoRegister', array($nickname, $this->provider_name, &$authenticatedUser))){
 189                         //unlike most Event::handle lines of code, this one has a ! (not)
 190                         //we want to do this if the event *was* handled - this isn't a "default" implementation
 191                         //like most code of this form.
 192                         if($authenticatedUser){
 193                             return false;
 194                         }
 195                     }
 196                 }
 197             }
 198         }
 199         if($this->authoritative){
 200             return false;
 201         }else{
 202             //we're not authoritative, so let other handlers try
 203             return;
 204         }
 205     }
 206
 207     function onStartChangePassword($user,$oldpassword,$newpassword)
 208     {
 209         if($this->password_changeable){
 210             $user_username = new User_username();
 211             $user_username->user_id=$user->id;
 212             $user_username->provider_name=$this->provider_name;
 213             if($user_username->find() && $user_username->fetch()){
 214                 $authenticated = $this->checkPassword($user_username->username, $oldpassword);
 215                 if($authenticated){
 216                     $result = $this->changePassword($user_username->username,$oldpassword,$newpassword);
 217                     if($result){
 218                         //stop handling of other handlers, because what was requested was done
 219                         return false;
 220                     }else{
 221                         throw new Exception(_('Password changing failed'));
 222                     }
 223                 }else{
 224                     if($this->authoritative){
 225                         //since we're authoritative, no other plugin could do this
 226                         throw new Exception(_('Password changing failed'));
 227                     }else{
 228                         //let another handler try
 229                         return null;
 230                     }
 231                 }
 232             }
 233         }else{
 234             if($this->authoritative){
 235                 //since we're authoritative, no other plugin could do this
 236                 throw new Exception(_('Password changing is not allowed'));
 237             }
 238         }
 239     }
 240
 241     function onStartAccountSettingsPasswordMenuItem($widget)
 242     {
 243         if($this->authoritative && !$this->password_changeable){
 244             //since we're authoritative, no other plugin could change passwords, so do not render the menu item
 245             return false;
 246         }
 247     }
 248
 249     function onCheckSchema() {
 250         $schema = Schema::get();
 251         $schema->ensureTable('user_username',
 252                              array(new ColumnDef('provider_name', 'varchar',
 253                                                  '255', false, 'PRI'),
 254                                    new ColumnDef('username', 'varchar',
 255                                                  '255', false, 'PRI'),
 256                                    new ColumnDef('user_id', 'integer',
 257                                                  null, false),
 258                                    new ColumnDef('created', 'datetime',
 259                                                  null, false),
 260                                    new ColumnDef('modified', 'timestamp')));
 261         return true;
 262     }
 263
 264     function onUserDeleteRelated($user, &$tables)
 265     {
 266         $tables[] = 'User_username';
 267         return true;
 268     }
 269 }
 270