-
Notifications
You must be signed in to change notification settings - Fork 5
/
action.php
173 lines (156 loc) · 7.13 KB
/
action.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
<?php
/**
* DokuWiki HTTP authentication plugin
* https://www.dokuwiki.org/plugin:authhttp
*
* This is authhttp's action plugin which
* a.) skips the 'login' action as it does not make sense with HTTP
* authentication.
* b.) modifies DokuWiki's register form so that
* i.) the username is hard-coded to match the username from the
* HTTP authentication.
* ii.) the password text fields are replaced by hidden fields with
* a random password that won't do any harm.
*
* All of this code ONLY applies when DokuWiki's configured auth plugin is authsplit
* (https://www.dokuwiki.org/plugin:authsplit) and authhttp is its primary auth plugin.
* If authhttp is used on its own (ie. as DokuWiki's auth plugin), users will never
* see a login or a register screen anyway.
*
* @license GPL 3 http://www.gnu.org/licenses/gpl-3.0.html
* @author Pieter Hollants <[email protected]>
*/
// must be run within Dokuwiki
if (!defined('DOKU_INC'))
die();
use dokuwiki\Extension\ActionPlugin;
class action_plugin_authhttp extends ActionPlugin {
public function __construct() {
global $conf;
/* We have to distinguish between the plugin being loaded and the plugin
actually being used for authentication. */
$this->active = (
$conf['authtype'] == 'authhttp' ||
(
$conf['authtype'] == 'authsplit' &&
$conf['plugin']['authsplit']['primary_authplugin'] == 'authhttp'
)
);
if ($this->active) {
/* We register an event handler to skip the login action below, but
we also don't want the template to show a 'login' link in the
first place.
DokuWiki has no capability setting for 'login', so we need a
little hack that pretends the admin disabled the login action
himself. */
$disableactions = explode(',', $conf['disableactions']);
$disableactions = array_map('trim', $disableactions);
if (!in_array('login', $disableactions)) {
$disableactions[] = 'login';
}
$conf['disableactions'] = implode(',', $disableactions);
/* We also don't want DokuWiki to generate passwords on its own and
mail them to the users upon registration. We need to use the same
hack as above, pretending the admin disabled password generation
himself. */
$conf['autopasswd'] = 0;
}
}
/**
* Register the event handlers
*/
function register(Doku_Event_Handler $controller){
if ($this->active) {
$controller->register_hook('ACTION_ACT_PREPROCESS',
'AFTER',
$this,
'skip_login_action',
NULL);
/* Legacy DokuWiki releases with old form class */
$controller->register_hook('HTML_REGISTERFORM_OUTPUT',
'BEFORE',
$this,
'modify_register_form_legacy',
NULL);
/* Newer DokuWiki releases with rewritten form class */
$controller->register_hook('REGISTERFORM_OUTPUT',
'BEFORE',
$this,
'modify_register_form',
NULL);
}
}
/**
* Event handler to skip the 'login' action
*/
function skip_login_action(&$event, $param) {
/* Some actions handled in inc/actions.php:act_dispatch() result in $ACT
being modified to 'login', eg. 'register'. */
if ($event->data == 'login') {
/* With HTTP authentication, there is no sense in showing a login form,
so we directly redirect to a 'show' action instead. By using
act_redirect() instead of modifying $event->data, we make sure
DokuWiki's entire auth logic can work, which is eg. required so that
after a user's registration he gets logged in automatically. */
act_redirect($ID, 'show');
}
}
/**
* Event handler to modify the registration form
* Version for legacy DokuWiki releases with old form class
*/
function modify_register_form_legacy(&$event, $param) {
$form = $event->data;
/* Hard-code the HTTP authentication user name as login name for registration as
registering as anyone else than the already externally authenticated user does
not make much sense. */
$pos = $form->findElementByAttribute('name', 'login');
if (!$pos)
return;
$elem = $form->getElementAt($pos);
$elem['value'] = $_SERVER['PHP_AUTH_USER'];
$elem['readonly'] = 'readonly';
$form->replaceElement($pos, $elem);
/* We do not want DokuWiki to auto-generate a password and mail it to the user.
Then, however, inc/auth.php's register() will insist on a non-null password,
so we supply a random one in hidden form fields. As this code only runs when
both authhttp AND authsplit are active, the password won't end up anywhere
since authhttp is the primary auth plugin in that case and does not offer the
modPass capability. */
$pwd = auth_pwgen();
foreach (array('pass', 'passchk') as $name) {
$pos = $form->findElementByAttribute('name', $name);
$form->replaceElement($pos, NULL);
$form->addHidden($name, $pwd);
}
}
/**
* Event handler to modify the registration form
* Version for newer DokuWiki releases with rewritten form class
*/
function modify_register_form(&$event, $param) {
$form = $event->data;
/* Hard-code the HTTP authentication user name as login name for registration as
registering as anyone else than the already externally authenticated user does
not make much sense. */
$pos = $form->findPositionByAttribute('name', 'login');
if (!$pos)
return;
$elem = $form->getElementAt($pos);
$elem['value'] = $_SERVER['PHP_AUTH_USER'];
$elem['readonly'] = 'readonly';
$form->replaceElement($elem, $pos);
/* We do not want DokuWiki to auto-generate a password and mail it to the user.
Then, however, inc/auth.php's register() will insist on a non-null password,
so we supply a random one in hidden form fields. As this code only runs when
both authhttp AND authsplit are active, the password won't end up anywhere
since authhttp is the primary auth plugin in that case and does not offer the
modPass capability. */
$pwd = auth_pwgen();
foreach (array('pass', 'passchk') as $name) {
$pos = $form->findPositionByAttribute('name', $name);
$form->replaceElement(NULL, $pos);
$form->setHiddenField($name, $pwd);
}
}
}