Added a User_username table that links the external username with a StatusNet user_id

Added EmailAuthenticationPlugin Added ReverseUsernameAuthenticationPlugin Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static
2009-11-12 20:12:00 -05:00
parent cefbad0159
commit ed690615de
14 changed files with 358 additions and 104 deletions
--- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
+++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
@@ -48,20 +48,31 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
    public $scope=null;
    public $attributes=array();

-    function __construct()
-    {
-        parent::__construct();
+    function onInitializePlugin(){
+        parent::onInitializePlugin();
+        if(!isset($this->host)){
+            throw new Exception("must specify a host");
+        }
+        if(!isset($this->basedn)){
+            throw new Exception("must specify a basedn");
+        }
+        if(!isset($this->attributes['nickname'])){
+            throw new Exception("must specify a nickname attribute");
+        }
+        if(!isset($this->attributes['username'])){
+            throw new Exception("must specify a username attribute");
+        }
    }
    
    //---interface implementation---//

-    function checkPassword($nickname, $password)
+    function checkPassword($username, $password)
    {
        $ldap = $this->ldap_get_connection();
        if(!$ldap){
            return false;
        }
-        $entry = $this->ldap_get_user($nickname);
+        $entry = $this->ldap_get_user($username);
        if(!$entry){
            return false;
        }else{
@@ -76,48 +87,33 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
        }
    }

-    function autoRegister($nickname)
+    function autoRegister($username)
    {
-        $entry = $this->ldap_get_user($nickname,$this->attributes);
+        $entry = $this->ldap_get_user($username,$this->attributes);
        if($entry){
            $registration_data = array();
            foreach($this->attributes as $sn_attribute=>$ldap_attribute){
-                if($sn_attribute=='email'){
-                    $registration_data[$sn_attribute]=common_canonical_email($entry->getValue($ldap_attribute,'single'));
-                }else if($sn_attribute=='nickname'){
-                    $registration_data[$sn_attribute]=common_canonical_nickname($entry->getValue($ldap_attribute,'single'));
-                }else{
-                    $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single');
-                }
+                $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single');
+            }
+            if(isset($registration_data['email']) && !empty($registration_data['email'])){
+                $registration_data['email_confirmed']=true;
            }
            //set the database saved password to a random string.
            $registration_data['password']=common_good_rand(16);
-            $user = User::register($registration_data);
-            return true;
+            return User::register($registration_data);
        }else{
            //user isn't in ldap, so we cannot register him
-            return null;
+            return false;
        }
    }

-    function changePassword($nickname,$oldpassword,$newpassword)
+    function changePassword($username,$oldpassword,$newpassword)
    {
        //TODO implement this
        throw new Exception(_('Sorry, changing LDAP passwords is not supported at this time'));

        return false;
    }
-
-    function canUserChangeField($nickname, $field)
-    {
-        switch($field)
-        {
-            case 'password':
-            case 'nickname':
-            case 'email':
-                return false;
-        }
-    }
    
    //---utility functions---//
    function ldap_get_config(){
@@ -159,7 +155,7 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
     */
    function ldap_get_user($username,$attributes=array()){
        $ldap = $this->ldap_get_connection();
-        $filter = Net_LDAP2_Filter::create($this->attributes['nickname'], 'equals',  $username);
+        $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals',  $username);
        $options = array(
            'scope' => 'sub',
            'attributes' => $attributes
--- a/plugins/LdapAuthentication/README
+++ b/plugins/LdapAuthentication/README
@@ -6,7 +6,8 @@ add "addPlugin('ldapAuthentication', array('setting'=>'value', 'setting2'=>'valu

 Settings
 ========
-authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database).
+provider_name*: a unique name for this authentication provider.
+authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check any other plugins or the internal password database).
 autoregistration (false): Set to true if users should be automatically created when they attempt to login.
 email_changeable (true): Are users allowed to change their email address? (true or false)
 password_changeable (true): Are users allowed to change their passwords? (true or false)
@@ -23,6 +24,7 @@ filter: Default search filter. See http://pear.php.net/manual/en/package.network
 scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php

 attributes: an array with the key being the StatusNet user attribute name, and the value the LDAP attribute name
+    username*
    nickname*
    email
    fullname
@@ -37,6 +39,7 @@ Example
 Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory.

 addPlugin('ldapAuthentication', array(
+    'provider_name'=>'Example',
    'authoritative'=>true,
    'autoregistration'=>true,
    'binddn'=>'username',