dokuwiki-plugin-keksAccount/action.php

<?php
/**
 * DokuWiki Plugin oauth (Action Component)
 *
 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
 * @author  Andreas Gohr <andi@splitbrain.org>
 */

// must be run within Dokuwiki
if(!defined('DOKU_INC')) die();

class action_plugin_oauth extends DokuWiki_Action_Plugin {

    /**
     * Registers a callback function for a given event
     *
     * @param Doku_Event_Handler $controller DokuWiki's event controller object
     * @return void
     */
    public function register(Doku_Event_Handler $controller) {
        global $conf;
        if($conf['authtype'] != 'oauth') return;

        $conf['profileconfirm'] = false; // password confirmation doesn't work with oauth only users

        $controller->register_hook('DOKUWIKI_STARTED', 'BEFORE', $this, 'handle_start');
        $controller->register_hook('HTML_LOGINFORM_OUTPUT', 'BEFORE', $this, 'handle_loginform');
        $controller->register_hook('HTML_UPDATEPROFILEFORM_OUTPUT', 'BEFORE', $this, 'handle_profileform');
        $controller->register_hook('AUTH_USER_CHANGE', 'BEFORE', $this, 'handle_usermod');
        $controller->register_hook('ACTION_ACT_PREPROCESS', 'BEFORE', $this, 'handle_dologin');
    }

    /**
     * Start an oAuth login or restore  environment after successful login
     *
     * @param Doku_Event $event  event object by reference
     * @param mixed      $param  [the parameters passed as fifth argument to register_hook() when this
     *                           handler was registered]
     * @return void
     */
    public function handle_start(Doku_Event &$event, $param) {

        if (isset($_SESSION[DOKU_COOKIE]['oauth-done']['do']) || !empty($_SESSION[DOKU_COOKIE]['oauth-done']['rev'])){
            $this->restoreSessionEnvironment();
            return;
        }

        $this->startOAuthLogin();
    }

    private function startOAuthLogin() {
        global $INPUT, $ID;

        /** @var helper_plugin_oauth $hlp */
        $hlp         = plugin_load('helper', 'oauth');
        $servicename = $INPUT->str('oauthlogin');
        $service     = $hlp->loadService($servicename);
        if(is_null($service)) return;

        // remember service in session
        session_start();
        $_SESSION[DOKU_COOKIE]['oauth-inprogress']['service'] = $servicename;
        $_SESSION[DOKU_COOKIE]['oauth-inprogress']['id']      = $ID;
        session_write_close();

        $service->login();
    }

    private function restoreSessionEnvironment() {
        global $INPUT, $ACT, $TEXT, $PRE, $SUF, $SUM, $RANGE, $DATE_AT, $REV;
        $ACT = $_SESSION[DOKU_COOKIE]['oauth-done']['do'];
        $_REQUEST = $_SESSION[DOKU_COOKIE]['oauth-done']['$_REQUEST'];

        $REV   = $INPUT->int('rev');
        $DATE_AT = $INPUT->str('at');
        $RANGE = $INPUT->str('range');
        if($INPUT->post->has('wikitext')) {
            $TEXT = cleanText($INPUT->post->str('wikitext'));
        }
        $PRE = cleanText(substr($INPUT->post->str('prefix'), 0, -1));
        $SUF = cleanText($INPUT->post->str('suffix'));
        $SUM = $INPUT->post->str('summary');

        unset($_SESSION[DOKU_COOKIE]['oauth-done']);
    }

    /**
     * Save groups for all the services a user has enabled
     *
     * @param Doku_Event $event  event object by reference
     * @param mixed      $param  [the parameters passed as fifth argument to register_hook() when this
     *                           handler was registered]
     * @return void
     */
    public function handle_usermod(Doku_Event &$event, $param) {
        global $ACT;
        global $USERINFO;
        global $auth;
        global $INPUT;

        if($event->data['type'] != 'modify') return;
        if($ACT != 'profile') return;

        // we want to modify the user's groups
        $groups = $USERINFO['grps']; //current groups
        if(isset($event->data['params'][1]['grps'])) {
            // something already defined new groups
            $groups = $event->data['params'][1]['grps'];
        }

        /** @var helper_plugin_oauth $hlp */
        $hlp = plugin_load('helper', 'oauth');

        // get enabled and configured services
        $enabled  = $INPUT->arr('oauth_group');
        $services = $hlp->listServices();
        $services = array_map(array($auth, 'cleanGroup'), $services);

        // add all enabled services as group, remove all disabled services
        foreach($services as $service) {
            if(isset($enabled[$service])) {
                $groups[] = $service;
            } else {
                $idx = array_search($service, $groups);
                if($idx !== false) unset($groups[$idx]);
            }
        }
        $groups = array_unique($groups);

        // add new group array to event data
        $event->data['params'][1]['grps'] = $groups;

    }

    /**
     * Add service selection to user profile
     *
     * @param Doku_Event $event  event object by reference
     * @param mixed      $param  [the parameters passed as fifth argument to register_hook() when this
     *                           handler was registered]
     * @return void
     */
    public function handle_profileform(Doku_Event &$event, $param) {
        global $USERINFO;
        /** @var auth_plugin_authplain $auth */
        global $auth;

        /** @var helper_plugin_oauth $hlp */
        $hlp = plugin_load('helper', 'oauth');

        /** @var Doku_Form $form */
        $form =& $event->data;
        $pos  = $form->findElementByAttribute('type', 'submit');

        $services = $hlp->listServices();
        if(!$services) return;

        $form->insertElement($pos, form_closefieldset());
        $form->insertElement(++$pos, form_openfieldset(array('_legend' => $this->getLang('loginwith'), 'class' => 'plugin_oauth')));
        foreach($services as $service) {
            $group = $auth->cleanGroup($service);
            $elem  = form_makeCheckboxField(
                'oauth_group['.$group.']',
                1, $service, '', 'simple',
                array(
                    'checked' => (in_array($group, $USERINFO['grps'])) ? 'checked' : ''
                )
            );

            $form->insertElement(++$pos, $elem);
        }
        $form->insertElement(++$pos, form_closefieldset());
        $form->insertElement(++$pos, form_openfieldset(array()));
    }

    /**
     * Add the oAuth login links
     *
     * @param Doku_Event $event  event object by reference
     * @param mixed      $param  [the parameters passed as fifth argument to register_hook() when this
     *                           handler was registered]
     * @return void
     */
    public function handle_loginform(Doku_Event &$event, $param) {
        global $conf;

        /** @var helper_plugin_oauth $hlp */
        $hlp = plugin_load('helper', 'oauth');
        $singleService = $this->getConf('singleService');
        $enabledServices = $hlp->listServices();

        /** @var Doku_Form $form */
        $form =& $event->data;
        $html = '';

        $validDomains = $hlp->getValidDomains();

        if (count($validDomains) > 0) {
            $html .= sprintf($this->getLang('eMailRestricted'), join(', ', $validDomains));
        }

        if ($singleService == '') {

            foreach($hlp->listServices() as $service) {
                $html .= $this->service_html($service);
            }
            if(!$html) return;

        }else{
            if (in_array($singleService, $enabledServices, true) === false) {
                msg($this->getLang('wrongConfig'),-1);
                return;
            }
            $form->_content = array();
            $html = $this->service_html($singleService);

        }
        $form->_content[] = form_openfieldset(array('_legend' => $this->getLang('loginwith'), 'class' => 'plugin_oauth'));
        $form->_content[] = $html;
        $form->_content[] = form_closefieldset();
    }

    function service_html ($service){
        global $ID;
        $html = '';
        $html .= '<a href="' . wl($ID, array('oauthlogin' => $service)) . '" class="plugin_oauth_' . $service . '">';
        $html .= $service;
        $html .= '</a> ';
        return $html;

    }

    public function handle_dologin(Doku_Event &$event, $param) {
        global $lang;
        global $ID;

        $singleService = $this->getConf('singleService');
        if ($singleService == '') return true;

        $lang['btn_login'] = $this->getLang('loginButton') . $singleService;

        if($event->data != 'login') return true;


        /** @var helper_plugin_oauth $hlp */
        $hlp = plugin_load('helper', 'oauth');
        $enabledServices = $hlp->listServices();
        if (in_array($singleService, $enabledServices, true) === false) {
            msg($this->getLang('wrongConfig'),-1);
            return false;
        }

        $url = wl($ID, array('oauthlogin' => $singleService), true, '&');
        send_redirect($url);
    }

}
// vim:ts=4:sw=4:et:
initial wizard generated checkin 9 years ago			`<?php`
			`/**`
			`* DokuWiki Plugin oauth (Action Component)`
			`*`
			`* @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html`
			`* @author Andreas Gohr <andi@splitbrain.org>`
			`*/`

			`// must be run within Dokuwiki`
			`if(!defined('DOKU_INC')) die();`

			`class action_plugin_oauth extends DokuWiki_Action_Plugin {`

			`/**`
			`* Registers a callback function for a given event`
			`*`
			`* @param Doku_Event_Handler $controller DokuWiki's event controller object`
			`* @return void`
			`*/`
			`public function register(Doku_Event_Handler $controller) {`
handle action only when plugin is set as auth type 9 years ago			`global $conf;`
			`if($conf['authtype'] != 'oauth') return;`
initial wizard generated checkin 9 years ago
disable profileconfirm option automatically 9 years ago			`$conf['profileconfirm'] = false; // password confirmation doesn't work with oauth only users`

first go at the real auth plugin and new Service classes 9 years ago			`$controller->register_hook('DOKUWIKI_STARTED', 'BEFORE', $this, 'handle_start');`
added services to login form 9 years ago			`$controller->register_hook('HTML_LOGINFORM_OUTPUT', 'BEFORE', $this, 'handle_loginform');`
Allow logins to existing accounts only with associated accounts To prevent people can log into existing account with a newly created social account with a forged email address. We only allow logins with previously approved service providers. When a user logs in for the first time, eg. the email does not exists, then the user is created and the social account is approved automatically. 9 years ago			`$controller->register_hook('HTML_UPDATEPROFILEFORM_OUTPUT', 'BEFORE', $this, 'handle_profileform');`
			`$controller->register_hook('AUTH_USER_CHANGE', 'BEFORE', $this, 'handle_usermod');`
Redirect immedieatly, if chosen single Service login 9 years ago			`$controller->register_hook('ACTION_ACT_PREPROCESS', 'BEFORE', $this, 'handle_dologin');`
initial wizard generated checkin 9 years ago			`}`

			`/**`
Store and reload entire $_REQUEST 8 years ago			`* Start an oAuth login or restore environment after successful login`
initial wizard generated checkin 9 years ago			`*`
			`* @param Doku_Event $event event object by reference`
			`* @param mixed $param [the parameters passed as fifth argument to register_hook() when this`
			`* handler was registered]`
			`* @return void`
			`*/`
first go at the real auth plugin and new Service classes 9 years ago			`public function handle_start(Doku_Event &$event, $param) {`
Relogin if session is lost or auth_sec_timeout If the session is lost, possibly to bad server configuration, try a silent relogin, if an cookie is present that indicates an oauth-session. If auth_security_timeout is triggered try to re-login based on the existing session data. In both cases: Mostly correctly re-set the prvious state after re-login. Some actions do not work as expected, e.g. pagination in old revisions. It was decided not to use refresh-tokens. The desired functionality can be achieved by an online-relogin just as good. Hence this should be prefered to the more user-security invasive refresh-token mechanism. 8 years ago
			`if (isset($_SESSION[DOKU_COOKIE]['oauth-done']['do']) \|\| !empty($_SESSION[DOKU_COOKIE]['oauth-done']['rev'])){`
Store and reload entire $_REQUEST 8 years ago			`$this->restoreSessionEnvironment();`
Relogin if session is lost or auth_sec_timeout If the session is lost, possibly to bad server configuration, try a silent relogin, if an cookie is present that indicates an oauth-session. If auth_security_timeout is triggered try to re-login based on the existing session data. In both cases: Mostly correctly re-set the prvious state after re-login. Some actions do not work as expected, e.g. pagination in old revisions. It was decided not to use refresh-tokens. The desired functionality can be achieved by an online-relogin just as good. Hence this should be prefered to the more user-security invasive refresh-token mechanism. 8 years ago			`return;`
			`}`
Store and reload entire $_REQUEST 8 years ago
			`$this->startOAuthLogin();`
			`}`

			`private function startOAuthLogin() {`
			`global $INPUT, $ID;`

first go at the real auth plugin and new Service classes 9 years ago			`/** @var helper_plugin_oauth $hlp */`
Allow logins to existing accounts only with associated accounts To prevent people can log into existing account with a newly created social account with a forged email address. We only allow logins with previously approved service providers. When a user logs in for the first time, eg. the email does not exists, then the user is created and the social account is approved automatically. 9 years ago			`$hlp = plugin_load('helper', 'oauth');`
remember oAuth logins in session 9 years ago			`$servicename = $INPUT->str('oauthlogin');`
Allow logins to existing accounts only with associated accounts To prevent people can log into existing account with a newly created social account with a forged email address. We only allow logins with previously approved service providers. When a user logs in for the first time, eg. the email does not exists, then the user is created and the social account is approved automatically. 9 years ago			`$service = $hlp->loadService($servicename);`
first go at the real auth plugin and new Service classes 9 years ago			`if(is_null($service)) return;`

store no information in the redirect URL Some providers need an exact matching redirect URL configured (Google) so we can not keep any dynamic info in the URL. Instead we store it in the user's session. 9 years ago			`// remember service in session`
			`session_start();`
			`$_SESSION[DOKU_COOKIE]['oauth-inprogress']['service'] = $servicename;`
			`$_SESSION[DOKU_COOKIE]['oauth-inprogress']['id'] = $ID;`
			`session_write_close();`

first go at the real auth plugin and new Service classes 9 years ago			`$service->login();`
initial wizard generated checkin 9 years ago			`}`

Store and reload entire $_REQUEST 8 years ago			`private function restoreSessionEnvironment() {`
			`global $INPUT, $ACT, $TEXT, $PRE, $SUF, $SUM, $RANGE, $DATE_AT, $REV;`
			`$ACT = $_SESSION[DOKU_COOKIE]['oauth-done']['do'];`
			`$_REQUEST = $_SESSION[DOKU_COOKIE]['oauth-done']['$_REQUEST'];`

			`$REV = $INPUT->int('rev');`
			`$DATE_AT = $INPUT->str('at');`
			`$RANGE = $INPUT->str('range');`
			`if($INPUT->post->has('wikitext')) {`
			`$TEXT = cleanText($INPUT->post->str('wikitext'));`
			`}`
			`$PRE = cleanText(substr($INPUT->post->str('prefix'), 0, -1));`
			`$SUF = cleanText($INPUT->post->str('suffix'));`
			`$SUM = $INPUT->post->str('summary');`

			`unset($_SESSION[DOKU_COOKIE]['oauth-done']);`
			`}`

Allow logins to existing accounts only with associated accounts To prevent people can log into existing account with a newly created social account with a forged email address. We only allow logins with previously approved service providers. When a user logs in for the first time, eg. the email does not exists, then the user is created and the social account is approved automatically. 9 years ago			`/**`
			`* Save groups for all the services a user has enabled`
			`*`
			`* @param Doku_Event $event event object by reference`
			`* @param mixed $param [the parameters passed as fifth argument to register_hook() when this`
			`* handler was registered]`
			`* @return void`
			`*/`
			`public function handle_usermod(Doku_Event &$event, $param) {`
			`global $ACT;`
			`global $USERINFO;`
			`global $auth;`
			`global $INPUT;`

			`if($event->data['type'] != 'modify') return;`
			`if($ACT != 'profile') return;`

			`// we want to modify the user's groups`
			`$groups = $USERINFO['grps']; //current groups`
			`if(isset($event->data['params'][1]['grps'])) {`
			`// something already defined new groups`
			`$groups = $event->data['params'][1]['grps'];`
			`}`

			`/** @var helper_plugin_oauth $hlp */`
			`$hlp = plugin_load('helper', 'oauth');`

			`// get enabled and configured services`
			`$enabled = $INPUT->arr('oauth_group');`
			`$services = $hlp->listServices();`
			`$services = array_map(array($auth, 'cleanGroup'), $services);`

			`// add all enabled services as group, remove all disabled services`
			`foreach($services as $service) {`
			`if(isset($enabled[$service])) {`
			`$groups[] = $service;`
			`} else {`
			`$idx = array_search($service, $groups);`
			`if($idx !== false) unset($groups[$idx]);`
			`}`
			`}`
			`$groups = array_unique($groups);`

			`// add new group array to event data`
			`$event->data['params'][1]['grps'] = $groups;`

			`}`

			`/**`
			`* Add service selection to user profile`
			`*`
			`* @param Doku_Event $event event object by reference`
			`* @param mixed $param [the parameters passed as fifth argument to register_hook() when this`
			`* handler was registered]`
			`* @return void`
			`*/`
			`public function handle_profileform(Doku_Event &$event, $param) {`
			`global $USERINFO;`
			`/** @var auth_plugin_authplain $auth */`
			`global $auth;`

			`/** @var helper_plugin_oauth $hlp */`
			`$hlp = plugin_load('helper', 'oauth');`

			`/** @var Doku_Form $form */`
			`$form =& $event->data;`
			`$pos = $form->findElementByAttribute('type', 'submit');`

			`$services = $hlp->listServices();`
			`if(!$services) return;`

			`$form->insertElement($pos, form_closefieldset());`
			`$form->insertElement(++$pos, form_openfieldset(array('_legend' => $this->getLang('loginwith'), 'class' => 'plugin_oauth')));`
			`foreach($services as $service) {`
			`$group = $auth->cleanGroup($service);`
			`$elem = form_makeCheckboxField(`
			`'oauth_group['.$group.']',`
			`1, $service, '', 'simple',`
			`array(`
			`'checked' => (in_array($group, $USERINFO['grps'])) ? 'checked' : ''`
			`)`
			`);`

			`$form->insertElement(++$pos, $elem);`
			`}`
			`$form->insertElement(++$pos, form_closefieldset());`
			`$form->insertElement(++$pos, form_openfieldset(array()));`
			`}`

added services to login form 9 years ago			`/**`
			`* Add the oAuth login links`
			`*`
			`* @param Doku_Event $event event object by reference`
			`* @param mixed $param [the parameters passed as fifth argument to register_hook() when this`
			`* handler was registered]`
			`* @return void`
			`*/`
			`public function handle_loginform(Doku_Event &$event, $param) {`
Add option to limit possible login services As requested in issue 10, add an option to only allow a single external Service for login, while also deactivating authentication against local database. 9 years ago			`global $conf;`
added services to login form 9 years ago
			`/** @var helper_plugin_oauth $hlp */`
			`$hlp = plugin_load('helper', 'oauth');`
Fix getting conf 9 years ago			`$singleService = $this->getConf('singleService');`
Add option to limit possible login services As requested in issue 10, add an option to only allow a single external Service for login, while also deactivating authentication against local database. 9 years ago			`$enabledServices = $hlp->listServices();`
added services to login form 9 years ago
			`/** @var Doku_Form $form */`
			`$form =& $event->data;`
fix whitespace 9 years ago			`$html = '';`
added services to login form 9 years ago
Allow mailRestriction to multiple domains 8 years ago			`$validDomains = $hlp->getValidDomains();`

Make getValidDomains more consistent and intuitive 8 years ago			`if (count($validDomains) > 0) {`
Use more existing functions 8 years ago			`$html .= sprintf($this->getLang('eMailRestricted'), join(', ', $validDomains));`
Do not use hd and only check user afterwards Add error message for denied login. 8 years ago			`}`

Change default value from 'AllowAll' to '' 9 years ago			`if ($singleService == '') {`
Add option to limit possible login services As requested in issue 10, add an option to only allow a single external Service for login, while also deactivating authentication against local database. 9 years ago
			`foreach($hlp->listServices() as $service) {`
			`$html .= $this->service_html($service);`
			`}`
			`if(!$html) return;`

			`}else{`
in_array is enough 9 years ago			`if (in_array($singleService, $enabledServices, true) === false) {`
Add option to limit possible login services As requested in issue 10, add an option to only allow a single external Service for login, while also deactivating authentication against local database. 9 years ago			`msg($this->getLang('wrongConfig'),-1);`
			`return;`
			`}`
			`$form->_content = array();`
			`$html = $this->service_html($singleService);`

			`}`
			`$form->_content[] = form_openfieldset(array('_legend' => $this->getLang('loginwith'), 'class' => 'plugin_oauth'));`
			`$form->_content[] = $html;`
			`$form->_content[] = form_closefieldset();`
			`}`

			`function service_html ($service){`
			`global $ID;`
			`$html = '';`
			`$html .= '<a href="' . wl($ID, array('oauthlogin' => $service)) . '" class="plugin_oauth_' . $service . '">';`
			`$html .= $service;`
			`$html .= '</a> ';`
			`return $html;`

added services to login form 9 years ago			`}`

Redirect immedieatly, if chosen single Service login 9 years ago			`public function handle_dologin(Doku_Event &$event, $param) {`
Change login-button according to SingleLogin value 9 years ago			`global $lang;`
Redirect immedieatly, if chosen single Service login 9 years ago			`global $ID;`

			`$singleService = $this->getConf('singleService');`
Change default value from 'AllowAll' to '' 9 years ago			`if ($singleService == '') return true;`
Redirect immedieatly, if chosen single Service login 9 years ago
Change login-button according to SingleLogin value 9 years ago			`$lang['btn_login'] = $this->getLang('loginButton') . $singleService;`

			`if($event->data != 'login') return true;`



Redirect immedieatly, if chosen single Service login 9 years ago			`/** @var helper_plugin_oauth $hlp */`
			`$hlp = plugin_load('helper', 'oauth');`
			`$enabledServices = $hlp->listServices();`
			`if (in_array($singleService, $enabledServices, true) === false) {`
			`msg($this->getLang('wrongConfig'),-1);`
			`return false;`
			`}`

			`$url = wl($ID, array('oauthlogin' => $singleService), true, '&');`
			`send_redirect($url);`
			`}`

added services to login form 9 years ago			`}`
initial wizard generated checkin 9 years ago			`// vim:ts=4:sw=4:et:`