gnu-social/plugins/LdapAuthentication/LdapAuthenticationPlugin.php

<?php
/**
 * StatusNet, the distributed open-source microblogging tool
 *
 * Plugin to enable LDAP Authentication
 *
 * PHP version 5
 *
 * LICENCE: This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @category  Plugin
 * @package   StatusNet
 * @author    Craig Andrews <candrews@integralblue.com>
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */

if (!defined('STATUSNET') && !defined('LACONICA')) {
    exit(1);
}

class LdapAuthenticationPlugin extends AuthenticationPlugin
{
    function onInitializePlugin(){
        parent::onInitializePlugin();
        if(!isset($this->attributes['nickname'])){
            // TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration.
            throw new Exception(_m('You must specify a nickname attribute.'));
        }
        if($this->password_changeable && (! isset($this->attributes['password']) || !isset($this->password_encoding))){
            // TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration.
            throw new Exception(_m('If password_changeable is set, the password attribute and password_encoding must also be specified.'));
        }
        $this->ldapCommon = new LdapCommon(get_object_vars($this));
    }

    function onAutoload($cls)
    {
        switch ($cls)
        {
         case 'LdapCommon':
            require_once(INSTALLDIR.'/plugins/LdapCommon/LdapCommon.php');
            return false;
        }

        return parent::onAutoload($cls);
    }

    function onEndShowPageNotice($action)
    {
        $name = $action->trimmed('action');
        $instr = false;

        switch ($name)
        {
         case 'register':
            if($this->autoregistration) {
                // TRANS: Instructions for LDAP authentication.
                $instr = _m('Do you have an LDAP account? Use your standard username and password.');
            }
            break;
         case 'login':
            // TRANS: Instructions for LDAP authentication.
            $instr = _m('Do you have an LDAP account? Use your standard username and password.');
            break;
         default:
            return true;
        }

        if($instr) {
            $output = common_markup_to_html($instr);
            $action->raw($output);
        }
        return true;
    }

    //---interface implementation---//

    function checkPassword($username, $password)
    {
        return $this->ldapCommon->checkPassword($username,$password);
    }

    function autoRegister($username, $nickname)
    {
        if(is_null($nickname)){
            $nickname = $username;
        }
        $entry = $this->ldapCommon->get_user($username,$this->attributes);
        if($entry){
            $registration_data = array();
            foreach($this->attributes as $sn_attribute=>$ldap_attribute){
                //ldap won't let us read a user's password,
                //and we're going to set the password to a random string later anyways,
                //so don't bother trying to read it.
                if($sn_attribute != 'password'){
                    $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single');
                }
            }
            if(isset($registration_data['email']) && !empty($registration_data['email'])){
                $registration_data['email_confirmed']=true;
            }
            $registration_data['nickname'] = $nickname;
            //set the database saved password to a random string.
            $registration_data['password']=common_random_hexstr(16);
            return User::register($registration_data);
        }else{
            //user isn't in ldap, so we cannot register him
            return false;
        }
    }

    function changePassword($username,$oldpassword,$newpassword)
    {
        return $this->ldapCommon->changePassword($username,$oldpassword,$newpassword);
    }

    function suggestNicknameForUsername($username)
    {
        $entry = $this->ldapCommon->get_user($username, $this->attributes);
        if(!$entry){
            //this really shouldn't happen
            $nickname = $username;
        }else{
            $nickname = $entry->getValue($this->attributes['nickname'],'single');
            if(!$nickname){
                $nickname = $username;
            }
        }
        return common_nicknamize($nickname);
    }

    function onPluginVersion(array &$versions)
    {
        $versions[] = array('name' => 'LDAP Authentication',
                            'version' => GNUSOCIAL_VERSION,
                            'author' => 'Craig Andrews',
                            'homepage' => 'http://status.net/wiki/Plugin:LdapAuthentication',
                            'rawdescription' =>
                            // TRANS: Plugin description.
                            _m('The LDAP Authentication plugin allows for StatusNet to handle authentication through LDAP.'));
        return true;
    }
}
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00			`<?php`
			`/**`
			`* StatusNet, the distributed open-source microblogging tool`
			`*`
Added Authorization plugin Added LDAPAuthorization plugin 2009-11-18 14:19:43 -05:00			`* Plugin to enable LDAP Authentication`
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00			`*`
			`* PHP version 5`
			`*`
			`* LICENCE: This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`* @category Plugin`
			`* @package StatusNet`
			`* @author Craig Andrews <candrews@integralblue.com>`
Assigning my copyrights to the Free Software Foundation 2010-05-27 18:26:47 -04:00			`* @copyright 2009 Free Software Foundation, Inc http://www.fsf.org`
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00			`* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0`
			`* @link http://status.net/`
			`*/`

			`if (!defined('STATUSNET') && !defined('LACONICA')) {`
			`exit(1);`
			`}`

Correct stupid spelling errors 2009-11-11 14:04:32 -05:00			`class LdapAuthenticationPlugin extends AuthenticationPlugin`
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00			`{`
Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static 2009-11-12 20:12:00 -05:00			`function onInitializePlugin(){`
			`parent::onInitializePlugin();`
			`if(!isset($this->attributes['nickname'])){`
Update translator documentation. L10n/i18n updates. Whitespace updates. Break long lines in README files. 2011-04-24 19:28:26 +02:00			`// TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration.`
			`throw new Exception(_m('You must specify a nickname attribute.'));`
Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static 2009-11-12 20:12:00 -05:00			`}`
Improved parameter checking 2009-11-18 12:57:37 -05:00			`if($this->password_changeable && (! isset($this->attributes['password']) \|\| !isset($this->password_encoding))){`
Update translator documentation. L10n/i18n updates. Whitespace updates. Break long lines in README files. 2011-04-24 19:28:26 +02:00			`// TRANS: Exception thrown when initialising the LDAP Auth plugin fails because of an incorrect configuration.`
			`throw new Exception(_m('If password_changeable is set, the password attribute and password_encoding must also be specified.'));`
Added Authorization plugin Added LDAPAuthorization plugin 2009-11-18 14:19:43 -05:00			`}`
Refactor common parts of LdapAuthorization and LdapAuthentication plugins into a separate class LdapAuthorization should get a performance improvement as LDAP schema caching is now used 2010-03-21 23:05:23 -04:00			`$this->ldapCommon = new LdapCommon(get_object_vars($this));`
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00			`}`
Cache the LDAP schema in memcache (if memcache is available) 2009-12-19 15:10:57 -05:00
			`function onAutoload($cls)`
Update translator documentation. L10n/i18n updates. Whitespace updates. Break long lines in README files. 2011-04-24 19:28:26 +02:00			`{`
Cache the LDAP schema in memcache (if memcache is available) 2009-12-19 15:10:57 -05:00			`switch ($cls)`
			`{`
Refactor common parts of LdapAuthorization and LdapAuthentication plugins into a separate class LdapAuthorization should get a performance improvement as LDAP schema caching is now used 2010-03-21 23:05:23 -04:00			`case 'LdapCommon':`
			`require_once(INSTALLDIR.'/plugins/LdapCommon/LdapCommon.php');`
Cache the LDAP schema in memcache (if memcache is available) 2009-12-19 15:10:57 -05:00			`return false;`
			`}`
plugins onAutoload now only overloads if necessary (extlibs etc.) lib/plugin.php now has a parent onAutoload function that finds most common files that are used in plugins (actions, dataobjects, forms, libs etc.) if they are put in the standardised directories ('actions', 'classes', 'forms', 'lib' and perhaps some others in the future). 2013-08-28 15:54:26 +02:00
			`return parent::onAutoload($cls);`
Cache the LDAP schema in memcache (if memcache is available) 2009-12-19 15:10:57 -05:00			`}`
Show messaging on the login and registration forms informing users that they may use their LDAP credentials 2010-02-26 15:50:51 -05:00
			`function onEndShowPageNotice($action)`
			`{`
			`$name = $action->trimmed('action');`
			`$instr = false;`

			`switch ($name)`
			`{`
			`case 'register':`
			`if($this->autoregistration) {`
Update translator documentation. L10n/i18n updates. Whitespace updates. Break long lines in README files. 2011-04-24 19:28:26 +02:00			`// TRANS: Instructions for LDAP authentication.`
			`$instr = _m('Do you have an LDAP account? Use your standard username and password.');`
Show messaging on the login and registration forms informing users that they may use their LDAP credentials 2010-02-26 15:50:51 -05:00			`}`
			`break;`
			`case 'login':`
Update translator documentation. L10n/i18n updates. Whitespace updates. Break long lines in README files. 2011-04-24 19:28:26 +02:00			`// TRANS: Instructions for LDAP authentication.`
			`$instr = _m('Do you have an LDAP account? Use your standard username and password.');`
Show messaging on the login and registration forms informing users that they may use their LDAP credentials 2010-02-26 15:50:51 -05:00			`break;`
			`default:`
			`return true;`
			`}`

			`if($instr) {`
			`$output = common_markup_to_html($instr);`
			`$action->raw($output);`
			`}`
			`return true;`
			`}`
Update translator documentation. L10n/i18n updates. Whitespace updates. Break long lines in README files. 2011-04-24 19:28:26 +02:00
Changed to Evan's event style and added an AuthPlugin superclass 2009-11-10 16:27:20 -05:00			`//---interface implementation---//`
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00
Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static 2009-11-12 20:12:00 -05:00			`function checkPassword($username, $password)`
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00			`{`
Need to pass the password parameter to checkPassword 2010-03-22 16:04:06 -04:00			`return $this->ldapCommon->checkPassword($username,$password);`
Added an AutoRegister event LDAP plugin can do autoregistration 2009-11-05 16:39:57 -05:00			`}`

Pass username and nickname to autoregister so auth plugins can set the nickname correct when creating a new user. Continues fixing what Eric Helgeson pointed out in 01eb4e8f003bf62575ec16dfb6127d7534be9c88 2010-01-29 20:43:16 -05:00			`function autoRegister($username, $nickname)`
Added an AutoRegister event LDAP plugin can do autoregistration 2009-11-05 16:39:57 -05:00			`{`
Pass username and nickname to autoregister so auth plugins can set the nickname correct when creating a new user. Continues fixing what Eric Helgeson pointed out in 01eb4e8f003bf62575ec16dfb6127d7534be9c88 2010-01-29 20:43:16 -05:00			`if(is_null($nickname)){`
			`$nickname = $username;`
			`}`
Refactor common parts of LdapAuthorization and LdapAuthentication plugins into a separate class LdapAuthorization should get a performance improvement as LDAP schema caching is now used 2010-03-21 23:05:23 -04:00			`$entry = $this->ldapCommon->get_user($username,$this->attributes);`
Added an AutoRegister event LDAP plugin can do autoregistration 2009-11-05 16:39:57 -05:00			`if($entry){`
			`$registration_data = array();`
Don't use common_config anymore 2009-11-11 15:08:17 -05:00			`foreach($this->attributes as $sn_attribute=>$ldap_attribute){`
don't attempt to read a user's ldap password 2010-04-17 15:09:56 -04:00			`//ldap won't let us read a user's password,`
			`//and we're going to set the password to a random string later anyways,`
			`//so don't bother trying to read it.`
			`if($sn_attribute != 'password'){`
			`$registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single');`
			`}`
Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static 2009-11-12 20:12:00 -05:00			`}`
			`if(isset($registration_data['email']) && !empty($registration_data['email'])){`
			`$registration_data['email_confirmed']=true;`
Added an AutoRegister event LDAP plugin can do autoregistration 2009-11-05 16:39:57 -05:00			`}`
Pass username and nickname to autoregister so auth plugins can set the nickname correct when creating a new user. Continues fixing what Eric Helgeson pointed out in 01eb4e8f003bf62575ec16dfb6127d7534be9c88 2010-01-29 20:43:16 -05:00			`$registration_data['nickname'] = $nickname;`
Add ChangePassword event 2009-11-05 23:27:18 -05:00			`//set the database saved password to a random string.`
Replace common_good_random with common_random_hexstr 2013-10-21 13:20:30 +02:00			`$registration_data['password']=common_random_hexstr(16);`
Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static 2009-11-12 20:12:00 -05:00			`return User::register($registration_data);`
Changed to Evan's event style and added an AuthPlugin superclass 2009-11-10 16:27:20 -05:00			`}else{`
			`//user isn't in ldap, so we cannot register him`
Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static 2009-11-12 20:12:00 -05:00			`return false;`
Made the ldap plugin work, and add a readme 2009-11-05 13:59:19 -05:00			`}`
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00			`}`
Add ChangePassword event 2009-11-05 23:27:18 -05:00
Added a User_username table that links the external username with a StatusNet user_id Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static 2009-11-12 20:12:00 -05:00			`function changePassword($username,$oldpassword,$newpassword)`
Add ChangePassword event 2009-11-05 23:27:18 -05:00			`{`
Refactor common parts of LdapAuthorization and LdapAuthentication plugins into a separate class LdapAuthorization should get a performance improvement as LDAP schema caching is now used 2010-03-21 23:05:23 -04:00			`return $this->ldapCommon->changePassword($username,$oldpassword,$newpassword);`
Add ChangePassword event 2009-11-05 23:27:18 -05:00			`}`
Add nickname suggestion capability for use during autoregistration. 2010-01-14 19:43:03 -05:00
			`function suggestNicknameForUsername($username)`
			`{`
Fix some regressions caused by refactor of LDAP plugin 2010-03-23 21:50:31 -04:00			`$entry = $this->ldapCommon->get_user($username, $this->attributes);`
Add nickname suggestion capability for use during autoregistration. 2010-01-14 19:43:03 -05:00			`if(!$entry){`
			`//this really shouldn't happen`
Use common_nicknamize() in better places. 2010-03-01 11:48:46 -05:00			`$nickname = $username;`
Add nickname suggestion capability for use during autoregistration. 2010-01-14 19:43:03 -05:00			`}else{`
			`$nickname = $entry->getValue($this->attributes['nickname'],'single');`
Use common_nicknamize() in better places. 2010-03-01 11:48:46 -05:00			`if(!$nickname){`
			`$nickname = $username;`
Add nickname suggestion capability for use during autoregistration. 2010-01-14 19:43:03 -05:00			`}`
			`}`
Use common_nicknamize() in better places. 2010-03-01 11:48:46 -05:00			`return common_nicknamize($nickname);`
Add nickname suggestion capability for use during autoregistration. 2010-01-14 19:43:03 -05:00			`}`
Add version information to a bunch of plugins 2010-01-09 18:58:40 -05:00
Plugins didn't match lib/plugin.php onPluginVersion function definition I ran: for i in `grep -R onPluginVersion...version plugins/\|cut -d: -f1`; do sed -i '{ s/\(onPluginVersion(\)\(\&\$versions\)/\1array \2/ }' $i; done 2015-06-06 22:04:01 +02:00			`function onPluginVersion(array &$versions)`
Add version information to a bunch of plugins 2010-01-09 18:58:40 -05:00			`{`
			`$versions[] = array('name' => 'LDAP Authentication',`
Using GNUSOCIAL_VERSION instead of STATUSNET_VERSION 2013-11-01 13:51:41 +01:00			`'version' => GNUSOCIAL_VERSION,`
Add version information to a bunch of plugins 2010-01-09 18:58:40 -05:00			`'author' => 'Craig Andrews',`
			`'homepage' => 'http://status.net/wiki/Plugin:LdapAuthentication',`
			`'rawdescription' =>`
Update translator documentation. L10n/i18n updates. Whitespace updates. Break long lines in README files. 2011-04-24 19:28:26 +02:00			`// TRANS: Plugin description.`
Add version information to a bunch of plugins 2010-01-09 18:58:40 -05:00			`_m('The LDAP Authentication plugin allows for StatusNet to handle authentication through LDAP.'));`
			`return true;`
			`}`
Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin 2009-11-04 13:39:56 -05:00			`}`