Created
November 1, 2015 19:24
-
-
Save gautiermichelin/f076c3f874b00fedf598 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** --------------------------------------------------------------------- | |
* app/lib/core/Auth/Adapters/PafiPlatformExternalDB.php : External database authentication backend using Joomla for CollectiveAccess | |
* ---------------------------------------------------------------------- | |
* CollectiveAccess | |
* Open-source collections management software | |
* ---------------------------------------------------------------------- | |
* | |
* Software by Whirl-i-Gig (http://www.whirl-i-gig.com) | |
* Copyright 2014 Whirl-i-Gig | |
* This file was created by Idéesculture for Project PAFI, LAUM & ENSIM - University of Le Mans, France | |
* | |
* For more information visit http://www.CollectiveAccess.org | |
* | |
* This program is free software; you may redistribute it and/or modify it under | |
* the terms of the provided license as published by Whirl-i-Gig | |
* | |
* CollectiveAccess is distributed in the hope that it will be useful, but | |
* WITHOUT ANY WARRANTIES whatsoever, including any implied warranty of | |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
* | |
* This source code is free and modifiable under the terms of | |
* GNU General Public License. (http://www.gnu.org/copyleft/gpl.html). See | |
* the "license.txt" file for details, or visit the CollectiveAccess web site at | |
* http://www.CollectiveAccess.org | |
* | |
* @package CollectiveAccess | |
* @subpackage Auth | |
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License version 3 | |
* | |
* ---------------------------------------------------------------------- | |
*/ | |
require_once(__CA_LIB_DIR__.'/core/Auth/BaseAuthAdapter.php'); | |
require_once(__CA_LIB_DIR__.'/core/Auth/PasswordHash.php'); | |
class PafiPlatformExternalDBAuthAdapter extends BaseAuthAdapter implements IAuthAdapter { | |
# -------------------------------------------------------------------------------- | |
public function getCurrentPafiUser() { | |
$o_auth_config = Configuration::load(Configuration::load()->get('authentication_config')); | |
$pafi_ext_db_params = $o_auth_config->get("pafi_ext_db_params"); | |
$vs_joomla_path = $pafi_ext_db_params["joomla_path"]; | |
define( '_JEXEC', 1 ); | |
define('JPATH_BASE', $vs_joomla_path); | |
define( 'DS', DIRECTORY_SEPARATOR ); | |
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' ); | |
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' ); | |
/* Create the Application */ | |
$app = JFactory::getApplication('site'); | |
// JFactory | |
require_once (JPATH_BASE .'/libraries/joomla/factory.php'); | |
/* Make sure we are logged in at all. */ | |
if (JFactory::getUser()->id == 0) { | |
return false; | |
} else { | |
return JFactory::getUser()->username; | |
} | |
} | |
public function getLogoutUrl() { | |
$o_auth_config = Configuration::load(Configuration::load()->get('authentication_config')); | |
$pafi_ext_db_params = $o_auth_config->get("pafi_ext_db_params"); | |
$vs_joomla_path = $pafi_ext_db_params["joomla_path"]; | |
$vs_joomla_url_base = $pafi_ext_db_params["joomla_url_base"]; | |
define( '_JEXEC', 1 ); | |
define('JPATH_BASE', $vs_joomla_path); | |
define( 'DS', DIRECTORY_SEPARATOR ); | |
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' ); | |
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' ); | |
/* Create the Application */ | |
$app = JFactory::getApplication('site'); | |
// JFactory | |
require_once (JPATH_BASE .'/libraries/joomla/factory.php'); | |
$user = JFactory::getUser(); | |
if ($user->guest) | |
{ | |
die("user is not logged in, please go to <a href=".$vs_joomla_url_base.">login screen</a>"); | |
} | |
else | |
{ | |
$userToken = JSession::getFormToken(); | |
return $vs_joomla_url_base.'/index.php?option=com_users&task=user.logout&' . $userToken . '=1'; | |
} | |
} | |
public function getCurrentPafiUserInstanceAndGroups() { | |
$o_auth_config = Configuration::load(Configuration::load()->get('authentication_config')); | |
$pafi_ext_db_params = $o_auth_config->get("pafi_ext_db_params"); | |
$vs_joomla_path = $pafi_ext_db_params["joomla_path"]; | |
define( '_JEXEC', 1 ); | |
define('JPATH_BASE', $vs_joomla_path); | |
define( 'DS', DIRECTORY_SEPARATOR ); | |
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' ); | |
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' ); | |
/* Create the Application */ | |
$app = JFactory::getApplication('site'); | |
// JFactory | |
require_once (JPATH_BASE .'/libraries/joomla/factory.php'); | |
/* Make sure we are logged in at all. */ | |
if (JFactory::getUser()->id == 0) { | |
return false; | |
} else { | |
//getting group names | |
$va_groups = JUserHelper::getUserGroups(JFactory::getUser()->id); | |
if (empty($va_groups)) { | |
echo "no groups!!!!"; | |
return; | |
} | |
$db = JFactory::getDbo(); | |
$query = $db->getQuery(true); | |
$query->select('title')->from('#__usergroups')->where('id IN (' . implode(',', $va_groups) . ')'); | |
$db->setQuery($query); | |
$va_groupnames = $db->loadColumn(); | |
$vt_instance = JUser::getInstance(JFactory::getUser()->id); | |
// creating answer array | |
$va_juser_infos = array( | |
"id" => JFactory::getUser()->id, | |
"groups" => $va_groupnames, | |
"instance" => $vt_instance | |
); | |
return $va_juser_infos; | |
} | |
} | |
public function getPafiUser($ps_username) { | |
global $pafi_ext_db_params; | |
if(!$ps_username) { | |
return false; | |
} | |
$o_auth_config = Configuration::load(Configuration::load()->get('authentication_config')); | |
$o_log = new Eventlog(); | |
$pafi_ext_db_params = $o_auth_config->get("pafi_ext_db_params"); | |
$o_ext_db = new Db(null, array( | |
'host' => $pafi_ext_db_params["host"], | |
'username' => $pafi_ext_db_params["username"], | |
'password' => $pafi_ext_db_params["password"], | |
'database' => $pafi_ext_db_params["database"], | |
'type' => $pafi_ext_db_params["type"], | |
'persistent_connections' => ($pafi_ext_db_params["persistent_connections"] == "1") | |
), false); | |
$vs_joomla_path = $pafi_ext_db_params["joomla_path"]; | |
// couldn't connect to external database | |
if(!$o_ext_db->connected()) { | |
$o_log->log(array( | |
'CODE' => 'LOGF', 'SOURCE' => 'PafiPlatformExternalDBAuthAdapter', | |
'MESSAGE' => _t('Could not login user %1 using PAFI external database because login to external database failed [%2]', $ps_username, $_SERVER['REMOTE_ADDR']) | |
)); | |
return false; | |
} | |
// TODO GM : Clear text : need to encode through Joomla salting process | |
$ps_password_proc = $ps_password; | |
define('_JEXEC', 1); | |
if (file_exists($vs_joomla_path . '/defines.php')) include_once $vs_joomla_path . '/defines.php'; | |
if (!defined('_JDEFINES')) { | |
define('JPATH_BASE', $vs_joomla_path); | |
require_once JPATH_BASE . '/includes/defines.php'; | |
} | |
require_once JPATH_BASE . '/includes/framework.php'; | |
// Instantiate the application. | |
$app = JFactory::getApplication('site'); | |
// JFactory | |
require_once (JPATH_BASE .'/libraries/joomla/factory.php'); | |
// Get a database object | |
$db = JFactory::getDbo(); | |
$query = $db->getQuery(true) | |
->select('id, password') | |
->from('#__users') | |
->where('username=' . $db->quote($ps_username)); | |
$db->setQuery($query); | |
$result = $db->loadObject(); | |
// We have a result | |
if ($result) { | |
// We don't need to check password as nothing is typed in the public area | |
$match == true; | |
if ($match === true) { | |
// Password is OK | |
//echo 'Joomla! Authentication was successful!'; | |
//getting group names | |
$va_groups = JUserHelper::getUserGroups($result->id); | |
if (empty($va_groups)) { | |
echo "no groups!!!!"; | |
return; | |
} | |
$db = JFactory::getDbo(); | |
$query = $db->getQuery(true); | |
$query->select('title')->from('#__usergroups')->where('id IN (' . implode(',', $va_groups) . ')'); | |
$db->setQuery($query); | |
$va_groupnames = $db->loadColumn(); | |
// creating answer array | |
$va_juser_infos = array( | |
"id" => $result->id, | |
"groups" => $va_groupnames, | |
"instance" => JUser::getInstance($result->id) | |
); | |
// if the user is already inside the CA DB, update the group he's linked to | |
PafiPlatformExternalDBAuthAdapter::updateUserGroups($ps_username, $va_groupnames); | |
return $va_juser_infos; | |
} | |
} else { | |
// Invalid user | |
// Prmitive error handling | |
die('Couldnt find user in the database'); | |
return false; | |
} | |
} | |
# -------------------------------------------------------------------------------- | |
public static function authenticate($ps_username, $ps_password = '', $pa_options=null) { | |
if($ps_password === null) { | |
// On essaie de voir si l'utilisateur est identifié dans Joomla | |
$vs_username = PafiPlatformExternalDBAuthAdapter::getCurrentPafiUser(); | |
if($vs_username) { | |
// Utilisateur connecté dans Joomla, on le connecte dans CollectiveAccess | |
$vt_user_info = PafiPlatformExternalDBAuthAdapter::getUserInfo(); | |
//var_dump($vt_user_info); | |
}; | |
//die("pas de mot de passe transmis"); | |
}; | |
$vt_user_info = PafiPlatformExternalDBAuthAdapter::getPafiUser($ps_username, $ps_password, $pa_options); | |
// Launching session | |
//$vb_auth_success = ->doAuthentication(array('noPublicUsers' => true)); | |
if($vt_user_info !== false) { | |
return true; | |
} else { | |
return false; | |
} | |
} | |
# -------------------------------------------------------------------------------- | |
public static function createUserAndGetPassword($ps_username, $ps_password) { | |
//die("createUserAndGetPassword"); | |
global $pafi_ext_db_params; | |
// We don't create users in external databases, we assume they're already there | |
// We will create a password hash that is compatible with the CaUsers authentication adapter though | |
// That way users could, in theory, turn off external db authentication later. The hash will not be used | |
// for authentication in this adapter though. | |
return create_hash($ps_password); | |
} | |
public function updateUserGroups($ps_username, $pa_groups) { | |
//die("updateUserGroups"); | |
$t_user = new ca_users(); | |
if($t_user->load($ps_username)) { | |
$t_user->setMode(ACCESS_WRITE); | |
$t_user->removeFromAllGroups(); | |
$t_user->addToGroups($pa_groups); | |
return true; | |
} else { | |
return false; | |
} | |
} | |
# -------------------------------------------------------------------------------- | |
# getUserInfo : this function is only called if the user is not already inside the CA DB | |
# -------------------------------------------------------------------------------- | |
public static function getUserInfo($ps_username, $ps_password="") { | |
//die("getUserInfo"); | |
$vt_user_info = PafiPlatformExternalDBAuthAdapter::getCurrentPafiUserInstanceAndGroups(); | |
$o_log = new Eventlog(); | |
// user role and group membership syncing with directory | |
$t_user = new ca_users(); | |
if(!$t_user->load($ps_username)) { | |
// Non existing user, inserting him inside the DB | |
$vt_user_instance =$vt_user_info["instance"]; | |
//var_dump($vt_user_instance); | |
$t_user->setMode(ACCESS_WRITE); | |
$t_user->set("user_name",$vt_user_instance->username); | |
$t_user->set('userclass', 0); // 1=public user 0=back-end login allowed | |
$t_user->set("fname","_"); | |
$t_user->set("lname",$vt_user_instance->name); | |
$t_user->set("email",$vt_user_instance->email); | |
$t_user->set("active", 1); | |
$t_user->insert(); | |
if ($t_user->numErrors()) { | |
$o_log->log(array( | |
'CODE' => 'LOGF', 'SOURCE' => 'PafiPlatformExternalDBAuthAdapter', | |
'MESSAGE' => _t('Errors occurred when creating new user: %1', join('; ', $t_user->getErrors())) | |
)); | |
} else { | |
$vn_user_id = $t_user->getPrimaryKey(); | |
$o_log->log(array( | |
'CODE' => 'LOGF', 'SOURCE' => 'PafiPlatformExternalDBAuthAdapter', | |
'MESSAGE' => _t('Created new client login for <em>%1</em>. Login name is <em>%2</em>', $vs_fname.' '.$vs_lname, $vs_user_name) | |
)); | |
} | |
PafiPlatformExternalDBAuthAdapter::updateUserGroups($ps_username, $vt_user_info["groups"]); | |
} | |
// User was already there or has been loaded, updating groups | |
$va_return['user_name'] = $vt_user_instance->username; | |
$va_return['active'] = $t_user->get("active"); | |
$va_return['userclass'] = $t_user->get("userclass"); //$vn_user_class; | |
// map fields : no fields | |
// map preferences : no preferences | |
// user roles : no role, everything is handled through groups | |
$va_return['roles'] = array(); | |
// set user groups | |
$va_return['groups'] = $vt_user_info["groups"]; | |
return $va_return; | |
} | |
# -------------------------------------------------------------------------------- | |
public static function supports($pn_feature) { | |
global $pafi_ext_db_params; | |
switch($pn_feature){ | |
case __CA_AUTH_ADAPTER_FEATURE_AUTOCREATE_USERS__: | |
return true; | |
case __CA_AUTH_ADAPTER_FEATURE_RESET_PASSWORDS__: | |
case __CA_AUTH_ADAPTER_FEATURE_UPDATE_PASSWORDS__: | |
default: | |
return false; | |
} | |
} | |
# -------------------------------------------------------------------------------- | |
public static function deleteUser($ps_username) { | |
global $pafi_ext_db_params; | |
// do something? | |
return true; | |
} | |
# -------------------------------------------------------------------------------- | |
public static function getAccountManagementLink() { | |
global $pafi_ext_db_params; | |
$o_auth_cfg = Configuration::load(Configuration::load()->get('authentication_config')); | |
if($vs_link = $o_auth_cfg->get('extdb_manage_account_url')) { | |
return $vs_link; | |
} | |
return false; | |
} | |
# -------------------------------------------------------------------------------- | |
} | |
class ExternalDBException extends Exception {} |
Author
gautiermichelin
commented
Nov 1, 2015
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment