plugins/Authentication/AuthenticationPlugin.php

   1 <?php
   2 /**
   3  * StatusNet, the distributed open-source microblogging tool
   4  *
   5  * Superclass for plugins that do authentication and/or authorization
   6  *
   7  * PHP version 5
   8  *
   9  * LICENCE: This program is free software: you can redistribute it and/or modify
  10  * it under the terms of the GNU Affero General Public License as published by
  11  * the Free Software Foundation, either version 3 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU Affero General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Affero General Public License
  20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21  *
  22  * @category  Plugin
  23  * @package   StatusNet
  24  * @author    Craig Andrews <candrews@integralblue.com>
  25  * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  26  * @link      http://status.net/
  27  */
  28
  29 if (!defined('STATUSNET') && !defined('LACONICA')) {
  30     exit(1);
  31 }
  32
  33 /**
  34  * Superclass for plugins that do authentication
  35  *
  36  * @category Plugin
  37  * @package  StatusNet
  38  * @author   Craig Andrews <candrews@integralblue.com>
  39  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  40  * @link     http://status.net/
  41  */
  42
  43 abstract class AuthenticationPlugin extends Plugin
  44 {
  45     //is this plugin authoritative for authentication?
  46     public $authoritative = false;
  47
  48     //should accounts be automatically created after a successful login attempt?
  49     public $autoregistration = false;
  50
  51     //can the user change their email address
  52     public $password_changeable=true;
  53
  54     //unique name for this authentication provider
  55     public $provider_name;
  56
  57     //------------Auth plugin should implement some (or all) of these methods------------\\
  58     /**
  59     * Check if a nickname/password combination is valid
  60     * @param username
  61     * @param password
  62     * @return boolean true if the credentials are valid, false if they are invalid.
  63     */
  64     function checkPassword($username, $password)
  65     {
  66         return false;
  67     }
  68
  69     /**
  70     * Automatically register a user when they attempt to login with valid credentials.
  71     * User::register($data) is a very useful method for this implementation
  72     * @param username
  73     * @return mixed instance of User, or false (if user couldn't be created)
  74     */
  75     function autoRegister($username)
  76     {
  77         $registration_data = array();
  78         $registration_data['nickname'] = $username ;
  79         return User::register($registration_data);
  80     }
  81
  82     /**
  83     * Change a user's password
  84     * The old password has been verified to be valid by this plugin before this call is made
  85     * @param username
  86     * @param oldpassword
  87     * @param newpassword
  88     * @return boolean true if the password was changed, false if password changing failed for some reason
  89     */
  90     function changePassword($username,$oldpassword,$newpassword)
  91     {
  92         return false;
  93     }
  94
  95     //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\
  96     function onInitializePlugin(){
  97         if(!isset($this->provider_name)){
  98             throw new Exception("must specify a provider_name for this authentication provider");
  99         }
 100     }
 101
 102     /**
 103     * Internal AutoRegister event handler
 104     * @param nickname
 105     * @param provider_name
 106     * @param user - the newly registered user
 107     */
 108     function onAutoRegister($nickname, $provider_name, &$user)
 109     {
 110         if($provider_name == $this->provider_name && $this->autoregistration){
 111             $user = $this->autoregister($nickname);
 112             if($user){
 113                 User_username::register($user,$nickname,$this->provider_name);
 114                 return false;
 115             }
 116         }
 117     }
 118
 119     function onStartCheckPassword($nickname, $password, &$authenticatedUser){
 120         //map the nickname to a username
 121         $user_username = new User_username();
 122         $user_username->username=$nickname;
 123         $user_username->provider_name=$this->provider_name;
 124         if($user_username->find() && $user_username->fetch()){
 125             $username = $user_username->username;
 126             $authenticated = $this->checkPassword($username, $password);
 127             if($authenticated){
 128                 $authenticatedUser = User::staticGet('id', $user_username->user_id);
 129                 return false;
 130             }
 131         }else{
 132             $user = User::staticGet('nickname', $nickname);
 133             if($user){
 134                 //make sure a different provider isn't handling this nickname
 135                 $user_username = new User_username();
 136                 $user_username->username=$nickname;
 137                 if(!$user_username->find()){
 138                     //no other provider claims this username, so it's safe for us to handle it
 139                     $authenticated = $this->checkPassword($nickname, $password);
 140                     if($authenticated){
 141                         $authenticatedUser = User::staticGet('nickname', $nickname);
 142                         User_username::register($authenticatedUser,$nickname,$this->provider_name);
 143                         return false;
 144                     }
 145                 }
 146             }else{
 147                 $authenticated = $this->checkPassword($nickname, $password);
 148                 if($authenticated){
 149                     if(Event::handle('AutoRegister', array($nickname, $this->provider_name, &$authenticatedUser))){
 150                         if($authenticatedUser){
 151                             return false;
 152                         }
 153                     }
 154                 }
 155             }
 156         }
 157         if($this->authoritative){
 158             return false;
 159         }else{
 160             //we're not authoritative, so let other handlers try
 161             return;
 162         }
 163     }
 164
 165     function onStartChangePassword($user,$oldpassword,$newpassword)
 166     {
 167         if($this->password_changeable){
 168             $user_username = new User_username();
 169             $user_username->user_id=$user->id;
 170             $user_username->provider_name=$this->provider_name;
 171             if($user_username->find() && $user_username->fetch()){
 172                 $authenticated = $this->checkPassword($user_username->username, $oldpassword);
 173                 if($authenticated){
 174                     $result = $this->changePassword($user_username->username,$oldpassword,$newpassword);
 175                     if($result){
 176                         //stop handling of other handlers, because what was requested was done
 177                         return false;
 178                     }else{
 179                         throw new Exception(_('Password changing failed'));
 180                     }
 181                 }else{
 182                     if($this->authoritative){
 183                         //since we're authoritative, no other plugin could do this
 184                         throw new Exception(_('Password changing failed'));
 185                     }else{
 186                         //let another handler try
 187                         return null;
 188                     }
 189                 }
 190             }
 191         }else{
 192             if($this->authoritative){
 193                 //since we're authoritative, no other plugin could do this
 194                 throw new Exception(_('Password changing is not allowed'));
 195             }
 196         }
 197     }
 198
 199     function onStartAccountSettingsPasswordMenuItem($widget)
 200     {
 201         if($this->authoritative && !$this->password_changeable){
 202             //since we're authoritative, no other plugin could change passwords, so do not render the menu item
 203             return false;
 204         }
 205     }
 206
 207     function onAutoload($cls)
 208     {
 209         switch ($cls)
 210         {
 211          case 'User_username':
 212             require_once(INSTALLDIR.'/plugins/Authentication/User_username.php');
 213             return false;
 214          default:
 215             return true;
 216         }
 217     }
 218
 219     function onCheckSchema() {
 220         $schema = Schema::get();
 221         $schema->ensureTable('user_username',
 222                              array(new ColumnDef('provider_name', 'varchar',
 223                                                  '255', false, 'PRI'),
 224                                    new ColumnDef('username', 'varchar',
 225                                                  '255', false, 'PRI'),
 226                                    new ColumnDef('user_id', 'integer',
 227                                                  null, false),
 228                                    new ColumnDef('created', 'datetime',
 229                                                  null, false),
 230                                    new ColumnDef('modified', 'timestamp')));
 231         return true;
 232     }
 233
 234     function onUserDeleteRelated($user, &$tables)
 235     {
 236         $tables[] = 'User_username';
 237         return true;
 238     }
 239 }
 240