search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Apply rector fixes to auth plugins
[dokuwiki.git] / lib / plugins / authplain / auth.php
blob8cfe3511542f07b4275cb333b012aa837e8129bd
1 <?php
2
3 use dokuwiki\Logger;
4 use dokuwiki\Utf8\Sort;
5
6 /**
7 * Plaintext authentication backend
8 *
9 * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
10 * @author Andreas Gohr <andi@splitbrain.org>
11 * @author Chris Smith <chris@jalakai.co.uk>
12 * @author Jan Schumann <js@schumann-it.com>
13 */
14 class auth_plugin_authplain extends DokuWiki_Auth_Plugin
15 {
16 /** @var array user cache */
17 protected $users;
18
19 /** @var array filter pattern */
20 protected $pattern = [];
21
22 /** @var bool safe version of preg_split */
23 protected $pregsplit_safe = false;
24
25 /**
26 * Constructor
27 *
28 * Carry out sanity checks to ensure the object is
29 * able to operate. Set capabilities.
30 *
31 * @author Christopher Smith <chris@jalakai.co.uk>
32 */
33 public function __construct()
34 {
35 parent::__construct();
36 global $config_cascade;
37
38 if (!@is_readable($config_cascade['plainauth.users']['default'])) {
39 $this->success = false;
40 } else {
41 if (@is_writable($config_cascade['plainauth.users']['default'])) {
42 $this->cando['addUser'] = true;
43 $this->cando['delUser'] = true;
44 $this->cando['modLogin'] = true;
45 $this->cando['modPass'] = true;
46 $this->cando['modName'] = true;
47 $this->cando['modMail'] = true;
48 $this->cando['modGroups'] = true;
49 }
50 $this->cando['getUsers'] = true;
51 $this->cando['getUserCount'] = true;
52 $this->cando['getGroups'] = true;
53 }
54 }
55
56 /**
57 * Check user+password
58 *
59 * Checks if the given user exists and the given
60 * plaintext password is correct
61 *
62 * @author Andreas Gohr <andi@splitbrain.org>
63 * @param string $user
64 * @param string $pass
65 * @return bool
66 */
67 public function checkPass($user, $pass)
68 {
69 $userinfo = $this->getUserData($user);
70 if ($userinfo === false) return false;
71
72 return auth_verifyPassword($pass, $this->users[$user]['pass']);
73 }
74
75 /**
76 * Return user info
77 *
78 * Returns info about the given user needs to contain
79 * at least these fields:
80 *
81 * name string full name of the user
82 * mail string email addres of the user
83 * grps array list of groups the user is in
84 *
85 * @author Andreas Gohr <andi@splitbrain.org>
86 * @param string $user
87 * @param bool $requireGroups (optional) ignored by this plugin, grps info always supplied
88 * @return array|false
89 */
90 public function getUserData($user, $requireGroups = true)
91 {
92 if ($this->users === null) $this->loadUserData();
93 return $this->users[$user] ?? false;
94 }
95
96 /**
97 * Creates a string suitable for saving as a line
98 * in the file database
99 * (delimiters escaped, etc.)
100 *
101 * @param string $user
102 * @param string $pass
103 * @param string $name
104 * @param string $mail
105 * @param array $grps list of groups the user is in
106 * @return string
107 */
108 protected function createUserLine($user, $pass, $name, $mail, $grps)
109 {
110 $groups = implode(',', $grps);
111 $userline = [$user, $pass, $name, $mail, $groups];
112 $userline = str_replace('\\', '\\\\', $userline); // escape \ as \\
113 $userline = str_replace(':', '\\:', $userline); // escape : as \:
114 $userline = implode(':', $userline)."\n";
115 return $userline;
116 }
117
118 /**
119 * Create a new User
120 *
121 * Returns false if the user already exists, null when an error
122 * occurred and true if everything went well.
123 *
124 * The new user will be added to the default group by this
125 * function if grps are not specified (default behaviour).
126 *
127 * @author Andreas Gohr <andi@splitbrain.org>
128 * @author Chris Smith <chris@jalakai.co.uk>
129 *
130 * @param string $user
131 * @param string $pwd
132 * @param string $name
133 * @param string $mail
134 * @param array $grps
135 * @return bool|null|string
136 */
137 public function createUser($user, $pwd, $name, $mail, $grps = null)
138 {
139 global $conf;
140 global $config_cascade;
141
142 // user mustn't already exist
143 if ($this->getUserData($user) !== false) {
144 msg($this->getLang('userexists'), -1);
145 return false;
146 }
147
148 $pass = auth_cryptPassword($pwd);
149
150 // set default group if no groups specified
151 if (!is_array($grps)) $grps = [$conf['defaultgroup']];
152
153 // prepare user line
154 $userline = $this->createUserLine($user, $pass, $name, $mail, $grps);
155
156 if (!io_saveFile($config_cascade['plainauth.users']['default'], $userline, true)) {
157 msg($this->getLang('writefail'), -1);
158 return null;
159 }
160
161 $this->users[$user] = [
162 'pass' => $pass,
163 'name' => $name,
164 'mail' => $mail,
165 'grps' => $grps
166 ];
167 return $pwd;
168 }
169
170 /**
171 * Modify user data
172 *
173 * @author Chris Smith <chris@jalakai.co.uk>
174 * @param string $user nick of the user to be changed
175 * @param array $changes array of field/value pairs to be changed (password will be clear text)
176 * @return bool
177 */
178 public function modifyUser($user, $changes)
179 {
180 global $ACT;
181 global $config_cascade;
182
183 // sanity checks, user must already exist and there must be something to change
184 if (($userinfo = $this->getUserData($user)) === false) {
185 msg($this->getLang('usernotexists'), -1);
186 return false;
187 }
188
189 // don't modify protected users
190 if (!empty($userinfo['protected'])) {
191 msg(sprintf($this->getLang('protected'), hsc($user)), -1);
192 return false;
193 }
194
195 if (!is_array($changes) || $changes === []) return true;
196
197 // update userinfo with new data, remembering to encrypt any password
198 $newuser = $user;
199 foreach ($changes as $field => $value) {
200 if ($field == 'user') {
201 $newuser = $value;
202 continue;
203 }
204 if ($field == 'pass') $value = auth_cryptPassword($value);
205 $userinfo[$field] = $value;
206 }
207
208 $userline = $this->createUserLine(
209 $newuser,
210 $userinfo['pass'],
211 $userinfo['name'],
212 $userinfo['mail'],
213 $userinfo['grps']
214 );
215
216 if (!io_replaceInFile($config_cascade['plainauth.users']['default'], '/^'.$user.':/', $userline, true)) {
217 msg('There was an error modifying your user data. You may need to register again.', -1);
218 // FIXME, io functions should be fail-safe so existing data isn't lost
219 $ACT = 'register';
220 return false;
221 }
222
223 if(isset($this->users[$user])) unset($this->users[$user]);
224 $this->users[$newuser] = $userinfo;
225 return true;
226 }
227
228 /**
229 * Remove one or more users from the list of registered users
230 *
231 * @author Christopher Smith <chris@jalakai.co.uk>
232 * @param array $users array of users to be deleted
233 * @return int the number of users deleted
234 */
235 public function deleteUsers($users)
236 {
237 global $config_cascade;
238
239 if (!is_array($users) || $users === []) return 0;
240
241 if ($this->users === null) $this->loadUserData();
242
243 $deleted = [];
244 foreach ($users as $user) {
245 // don't delete protected users
246 if (!empty($this->users[$user]['protected'])) {
247 msg(sprintf($this->getLang('protected'), hsc($user)), -1);
248 continue;
249 }
250 if (isset($this->users[$user])) $deleted[] = preg_quote($user, '/');
251 }
252
253 if ($deleted === []) return 0;
254
255 $pattern = '/^('.implode('|', $deleted).'):/';
256 if (!io_deleteFromFile($config_cascade['plainauth.users']['default'], $pattern, true)) {
257 msg($this->getLang('writefail'), -1);
258 return 0;
259 }
260
261 // reload the user list and count the difference
262 $count = count($this->users);
263 $this->loadUserData();
264 $count -= count($this->users);
265 return $count;
266 }
267
268 /**
269 * Return a count of the number of user which meet $filter criteria
270 *
271 * @author Chris Smith <chris@jalakai.co.uk>
272 *
273 * @param array $filter
274 * @return int
275 */
276 public function getUserCount($filter = [])
277 {
278
279 if ($this->users === null) $this->loadUserData();
280
281 if ($filter === []) return count($this->users);
282
283 $count = 0;
284 $this->constructPattern($filter);
285
286 foreach ($this->users as $user => $info) {
287 $count += $this->filter($user, $info);
288 }
289
290 return $count;
291 }
292
293 /**
294 * Bulk retrieval of user data
295 *
296 * @author Chris Smith <chris@jalakai.co.uk>
297 *
298 * @param int $start index of first user to be returned
299 * @param int $limit max number of users to be returned
300 * @param array $filter array of field/pattern pairs
301 * @return array userinfo (refer getUserData for internal userinfo details)
302 */
303 public function retrieveUsers($start = 0, $limit = 0, $filter = [])
304 {
305
306 if ($this->users === null) $this->loadUserData();
307
308 Sort::ksort($this->users);
309
310 $i = 0;
311 $count = 0;
312 $out = [];
313 $this->constructPattern($filter);
314
315 foreach ($this->users as $user => $info) {
316 if ($this->filter($user, $info)) {
317 if ($i >= $start) {
318 $out[$user] = $info;
319 $count++;
320 if (($limit > 0) && ($count >= $limit)) break;
321 }
322 $i++;
323 }
324 }
325
326 return $out;
327 }
328
329 /**
330 * Retrieves groups.
331 * Loads complete user data into memory before searching for groups.
332 *
333 * @param int $start index of first group to be returned
334 * @param int $limit max number of groups to be returned
335 * @return array
336 */
337 public function retrieveGroups($start = 0, $limit = 0)
338 {
339 $groups = [];
340
341 if ($this->users === null) $this->loadUserData();
342 foreach($this->users as $info) {
343 $groups = array_merge($groups, array_diff($info['grps'], $groups));
344 }
345 Sort::ksort($groups);
346
347 if($limit > 0) {
348 return array_splice($groups, $start, $limit);
349 }
350 return array_splice($groups, $start);
351 }
352
353 /**
354 * Only valid pageid's (no namespaces) for usernames
355 *
356 * @param string $user
357 * @return string
358 */
359 public function cleanUser($user)
360 {
361 global $conf;
362
363 return cleanID(str_replace([':', '/', ';'], $conf['sepchar'], $user));
364 }
365
366 /**
367 * Only valid pageid's (no namespaces) for groupnames
368 *
369 * @param string $group
370 * @return string
371 */
372 public function cleanGroup($group)
373 {
374 global $conf;
375
376 return cleanID(str_replace([':', '/', ';'], $conf['sepchar'], $group));
377 }
378
379 /**
380 * Load all user data
381 *
382 * loads the user file into a datastructure
383 *
384 * @author Andreas Gohr <andi@splitbrain.org>
385 */
386 protected function loadUserData()
387 {
388 global $config_cascade;
389
390 $this->users = $this->readUserFile($config_cascade['plainauth.users']['default']);
391
392 // support protected users
393 if (!empty($config_cascade['plainauth.users']['protected'])) {
394 $protected = $this->readUserFile($config_cascade['plainauth.users']['protected']);
395 foreach (array_keys($protected) as $key) {
396 $protected[$key]['protected'] = true;
397 }
398 $this->users = array_merge($this->users, $protected);
399 }
400 }
401
402 /**
403 * Read user data from given file
404 *
405 * ignores non existing files
406 *
407 * @param string $file the file to load data from
408 * @return array
409 */
410 protected function readUserFile($file)
411 {
412 $users = [];
413 if (!file_exists($file)) return $users;
414
415 $lines = file($file);
416 foreach ($lines as $line) {
417 $line = preg_replace('/#.*$/', '', $line); //ignore comments
418 $line = trim($line);
419 if (empty($line)) continue;
420
421 $row = $this->splitUserData($line);
422 $row = str_replace('\\:', ':', $row);
423 $row = str_replace('\\\\', '\\', $row);
424
425 $groups = array_values(array_filter(explode(",", $row[4])));
426
427 $users[$row[0]]['pass'] = $row[1];
428 $users[$row[0]]['name'] = urldecode($row[2]);
429 $users[$row[0]]['mail'] = $row[3];
430 $users[$row[0]]['grps'] = $groups;
431 }
432 return $users;
433 }
434
435 /**
436 * Get the user line split into it's parts
437 *
438 * @param string $line
439 * @return string[]
440 */
441 protected function splitUserData($line)
442 {
443 $data = preg_split('/(?<![^\\\\]\\\\)\:/', $line, 5); // allow for : escaped as \:
444 if(count($data) < 5) {
445 $data = array_pad($data, 5, '');
446 Logger::error('User line with less than 5 fields. Possibly corruption in your user file', $data);
447 }
448 return $data;
449 }
450
451 /**
452 * return true if $user + $info match $filter criteria, false otherwise
453 *
454 * @author Chris Smith <chris@jalakai.co.uk>
455 *
456 * @param string $user User login
457 * @param array $info User's userinfo array
458 * @return bool
459 */
460 protected function filter($user, $info)
461 {
462 foreach ($this->pattern as $item => $pattern) {
463 if ($item == 'user') {
464 if (!preg_match($pattern, $user)) return false;
465 } elseif ($item == 'grps') {
466 if (!count(preg_grep($pattern, $info['grps']))) return false;
467 } elseif (!preg_match($pattern, $info[$item])) {
468 return false;
469 }
470 }
471 return true;
472 }
473
474 /**
475 * construct a filter pattern
476 *
477 * @param array $filter
478 */
479 protected function constructPattern($filter)
480 {
481 $this->pattern = [];
482 foreach ($filter as $item => $pattern) {
483 $this->pattern[$item] = '/'.str_replace('/', '\/', $pattern).'/i'; // allow regex characters
484 }
485 }
486 }