]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
Added an AutoRegister event
authorCraig Andrews <candrews@integralblue.com>
Thu, 5 Nov 2009 21:39:57 +0000 (16:39 -0500)
committerCraig Andrews <candrews@integralblue.com>
Thu, 5 Nov 2009 21:40:41 +0000 (16:40 -0500)
LDAP plugin can do autoregistration

EVENTS.txt
index.php
lib/util.php
plugins/Ldap/LdapPlugin.php
plugins/Ldap/README
plugins/Ldap/ldap.php

index 7be611c710d86b8aaea29ff8c89dd59fc4e170a3..c52f0e3128b1bb2f3f8dd744151d510503b14aba 100644 (file)
@@ -479,3 +479,7 @@ CheckPassword: Check a username/password
 - $nickname: The nickname to check
 - $password: The password to check
 - &$authenticated: set to true to indicate authentication succeeded.
+
+AutoRegister: Register a new user with the given nickname. Should insert a new User and Profile into the database.
+- $nickname: The nickname to register
+
index 577b491ed05b677dc9480d27fd04cdafe4a7fa21..b1e4f651e4872b1dbf8961a1064c3424fc29972a 100644 (file)
--- a/index.php
+++ b/index.php
@@ -68,6 +68,7 @@ function getPath($req)
  */
 function handleError($error)
 {
+//error_log(print_r($error,1));
     if ($error->getCode() == DB_DATAOBJECT_ERROR_NODATA) {
         return;
     }
index 46aa7f90121f0edfc258e312ae48cf364ab1b3bf..a4865c46c19252211bbe4165100de963c9688533 100644 (file)
@@ -119,22 +119,41 @@ function common_munge_password($password, $id)
 // check if a username exists and has matching password
 function common_check_user($nickname, $password)
 {
-    // NEVER allow blank passwords, even if they match the DB
-    if (mb_strlen($password) == 0) {
-        return false;
-    }
+    $authenticated = false;
+    $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
     $user = User::staticGet('nickname', $nickname);
     if (is_null($user) || $user === false) {
-        return false;
+        //user does not exist
+        if($authenticated){
+            //a handler said these are valid credentials, so see if a plugin wants to auto register the user
+            if(Event::handle('AutoRegister', array($nickname))){
+                //no handler registered the user
+                return false;
+            }else{
+                $user = User::staticGet('nickname', $nickname);
+                if (is_null($user) || $user === false) {
+                    common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname");
+                    return false;
+                }else{
+                    return $user;
+                }
+            }
+        }else{
+            //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database
+            return false;
+        }
     } else {
-        $authenticated = false;
-        Event::handle('CheckPassword', array($nickname, $password, &$authenticated));
-        if(! $authenticated){
-            //no handler asserted the user, so check ourselves
-            if (0 == strcmp(common_munge_password($password, $user->id),
-                            $user->password)) {
-                //internal checking passed
-                $authenticated = true;
+        if($eventResult && ! $authenticated){
+            //no handler was authoritative
+            if (mb_strlen($password) == 0) {
+                // NEVER allow blank passwords, even if they match the DB
+                return false;
+            }else{
+                if (0 == strcmp(common_munge_password($password, $user->id),
+                                $user->password)) {
+                    //internal checking passed
+                    $authenticated = true;
+                }
             }
         }
         if($authenticated){
index ec2b7977da50c0e14e183ad8fe2a75f21f23440a..8c2d45b8599b6990ca20947182bb813180dc2104 100644 (file)
@@ -46,6 +46,43 @@ class LdapPlugin extends Plugin
     {
         if(ldap_check_password($nickname, $password)){
             $authenticated = true;
+            //stop handling of other events, because we have an answer
+            return false;
+        }
+        if(common_config('ldap','authoritative')){
+            //a false return stops handler processing
+            return false;
+        }
+    }
+
+    function onAutoRegister($nickname)
+    {
+        $user = User::staticGet('nickname', $nickname);
+        if (! is_null($user) && $user !== false) {
+            common_log(LOG_WARNING, "An attempt was made to autoregister an existing user with nickname: $nickname");
+            return;
+        }
+
+        $attributes=array();
+        $config_attributes = array('nickname','email','fullname','homepage','location');
+        foreach($config_attributes as $config_attribute){
+            $value = common_config('ldap', $config_attribute.'_attribute');
+            if($value!==false){
+                array_push($attributes,$value);
+            }
+        }
+        $entry = ldap_get_user($nickname,$attributes);
+        if($entry){
+            $registration_data = array();
+            foreach($config_attributes as $config_attribute){
+                $value = common_config('ldap', $config_attribute.'_attribute');
+                if($value!==false){
+                    $registration_data[$config_attribute]=$entry->getValue($value,'single');
+                }
+            }
+            //error_log(print_r($registration_data,1));
+            $user = User::register($registration_data);
+            //prevent other handlers from running, as we have registered the user
             return false;
         }
     }
index 8a5095a5dfd9918dd494afd4a0269796a6704411..617738e0bad5d4365ed1452e0c490e1ff7db62d5 100644 (file)
@@ -11,6 +11,13 @@ $config['ldap']['basedn']
 $config['ldap']['host']
 
 $config['ldap']['nickname_attribute'] Set this to the name of the ldap attribute that holds the username. For example, on Microsoft's Active Directory, this should be set to 'sAMAccountName'
+$config['ldap']['nickname_email'] Set this to the name of the ldap attribute that holds the user's email address. For example, on Microsoft's Active Directory, this should be set to 'mail'
+$config['ldap']['nickname_fullname'] Set this to the name of the ldap attribute that holds the user's full name. For example, on Microsoft's Active Directory, this should be set to 'displayName'
+$config['ldap']['nickname_homepage'] Set this to the name of the ldap attribute that holds the the url of the user's home page.
+$config['ldap']['nickname_location'] Set this to the name of the ldap attribute that holds the user's location.
+
+$config['ldap']['authoritative'] Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database)
+$config['ldap']['autoregister'] Set to true if users should be automatically created when they attempt to login
 
 Finally, add "addPlugin('ldap');" to the bottom of your config.php
 
index fcb84610a6e23f0bde6c1d3a7aa7d4a0d2363ddd..d92a058fb9e76ae87497ff2846f527888ed38b82 100644 (file)
@@ -38,19 +38,20 @@ function ldap_get_config(){
 
 function ldap_get_connection($config = null){
     if($config == null){
-        static $ldap = null;
-        if($ldap!=null){
-            return $ldap;
-        }
         $config = ldap_get_config();
     }
-    $ldap = Net_LDAP2::connect($config);
-    if (PEAR::isError($ldap)) {
-        common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$ldap->getMessage());
+    
+    //cannot use Net_LDAP2::connect() as StatusNet uses
+    //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError');
+    //PEAR handling can be overridden on instance objects, so we do that.
+    $ldap = new Net_LDAP2($config);
+    $ldap->setErrorHandling(PEAR_ERROR_RETURN);
+    $err=$ldap->bind();
+    if (Net_LDAP2::isError($err)) {
+        common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage());
         return false;
-    }else{
-        return $ldap;
     }
+    return $ldap;
 }
 
 function ldap_check_password($username, $password){
@@ -58,12 +59,12 @@ function ldap_check_password($username, $password){
     if(!$ldap){
         return false;
     }
-    $dn = ldap_get_user_dn($username);
-    if(!$dn){
+    $entry = ldap_get_user($username);
+    if(!$entry){
         return false;
     }else{
         $config = ldap_get_config();
-        $config['binddn']=$dn;
+        $config['binddn']=$entry->dn();
         $config['bindpw']=$password;
         if(ldap_get_connection($config)){
             return true;
@@ -74,17 +75,18 @@ function ldap_check_password($username, $password){
 }
 
 /**
- * get an LDAP user's DN given the user's username
+ * get an LDAP entry for a user with a given username
  * 
  * @param string $username
+ * $param array $attributes LDAP attributes to retrieve
  * @return string DN
  */
-function ldap_get_user_dn($username){
+function ldap_get_user($username,$attributes=array()){
     $ldap = ldap_get_connection();
     $filter = Net_LDAP2_Filter::create(common_config('ldap','nickname_attribute'), 'equals',  $username);
     $options = array(
         'scope' => 'sub',
-        'attributes' => array()
+        'attributes' => $attributes
     );
     $search = $ldap->search(null,$filter,$options);
     
@@ -97,7 +99,7 @@ function ldap_get_user_dn($username){
         return false;
     }else if($search->count()==1){
         $entry = $search->shiftEntry();
-        return $entry->dn();
+        return $entry;
     }else{
         common_log(LOG_WARNING, 'Found ' . $search->count() . ' ldap user with the username: ' . $username);
         return false;