diff options
author | Zach Copley <zach@status.net> | 2009-11-10 15:25:43 -0800 |
---|---|---|
committer | Zach Copley <zach@status.net> | 2009-11-10 15:25:43 -0800 |
commit | db64b612961c37477d0729e9ff4f882fb5df7b8d (patch) | |
tree | 9ae5a31b58a289fc838c29c34230edd3962c231f /plugins/Auth/AuthPlugin.php | |
parent | ee3fc8ba03ddd8451cac60547af72ea2cef7dc6a (diff) | |
parent | 91332cdadc20e721c22fcf22ca1773cedbde95c5 (diff) |
Merge branch '0.9.x' into finish-account-api
* 0.9.x:
Added a events for the settings menu items
Bringing Sphinx search support up to code: broken out to a plugin, now supports multiple sites on a single server.
Changed to Evan's event style and added an AuthPlugin superclass
add geo output to statuses in json, xml, atom, rss in API
Localisation updates from translatewiki.net (2009-11-10)
Localisation updates from translatewiki.net
Update pot
add lat and long parameters to api/statuses/update
change credential check to work more like other events
fixup output of object attributes in db error code
Performance fix for subscription/subscriber lists based on feedback from ops.
Adjusting indexes to make favorites query more efficient, based on feedback from ops.
Revert untested code; spews PHP notice warnings on every page view: "just sent a http 200 for the check-fancy from install.php"
Added hook for the Group navigation items
Updated block @title text (shouldn't say from group)
Updated group block markup
Revert "Remove more contractions"
Diffstat (limited to 'plugins/Auth/AuthPlugin.php')
-rw-r--r-- | plugins/Auth/AuthPlugin.php | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/plugins/Auth/AuthPlugin.php b/plugins/Auth/AuthPlugin.php new file mode 100644 index 000000000..cb52730f6 --- /dev/null +++ b/plugins/Auth/AuthPlugin.php @@ -0,0 +1,172 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Superclass for plugins that do authentication and/or authorization + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews <candrews@integralblue.com> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Superclass for plugins that do authentication + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews <candrews@integralblue.com> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +abstract class AuthPlugin extends Plugin +{ + //is this plugin authoritative for authentication? + public $authn_authoritative = false; + + //should accounts be automatically created after a successful login attempt? + public $autoregistration = false; + + //can the user change their email address + public $email_changeable=true; + + //can the user change their email address + public $password_changeable=true; + + //------------Auth plugin should implement some (or all) of these methods------------\\ + /** + * Check if a nickname/password combination is valid + * @param nickname + * @param password + * @return boolean true if the credentials are valid, false if they are invalid. + */ + function checkPassword($nickname, $password) + { + return false; + } + + /** + * Automatically register a user when they attempt to login with valid credentials. + * User::register($data) is a very useful method for this implementation + * @param nickname + * @return boolean true if the user was created, false if autoregistration is not allowed, null if this plugin is not responsible for this nickname + */ + function autoRegister($nickname) + { + return null; + } + + /** + * Change a user's password + * The old password has been verified to be valid by this plugin before this call is made + * @param nickname + * @param oldpassword + * @param newpassword + * @return boolean true if the password was changed, false if password changing failed for some reason, null if this plugin is not responsible for this nickname + */ + function changePassword($nickname,$oldpassword,$newpassword) + { + return null; + } + + /** + * Can a user change this field in his own profile? + * @param nickname + * @param field + * @return boolean true if the field can be changed, false if not allowed to change it, null if this plugin is not responsible for this nickname + */ + function canUserChangeField($nickname, $field) + { + return null; + } + + //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\ + function __construct() + { + parent::__construct(); + } + + function StartCheckPassword($nickname, $password, &$authenticatedUser){ + if($this->password_changeable){ + $authenticated = $this->checkPassword($nickname, $password); + if($authenticated){ + $authenticatedUser = User::staticGet('nickname', $nickname); + if(!$authenticatedUser && $this->autoregistration){ + if($this->autoregister($nickname)){ + $authenticatedUser = User::staticGet('nickname', $nickname); + } + } + return false; + }else{ + if($this->authn_authoritative){ + return false; + } + } + //we're not authoritative, so let other handlers try + }else{ + if($this->authn_authoritative){ + //since we're authoritative, no other plugin could do this + throw new Exception(_('Password changing is not allowed')); + } + } + } + + function onStartChangePassword($nickname,$oldpassword,$newpassword) + { + if($this->password_changeable){ + $authenticated = $this->checkPassword($nickname, $oldpassword); + if($authenticated){ + $result = $this->changePassword($nickname,$oldpassword,$newpassword); + if($result){ + //stop handling of other handlers, because what was requested was done + return false; + }else{ + throw new Exception(_('Password changing failed')); + } + }else{ + if($this->authn_authoritative){ + //since we're authoritative, no other plugin could do this + throw new Exception(_('Password changing failed')); + }else{ + //let another handler try + return null; + } + } + }else{ + if($this->authn_authoritative){ + //since we're authoritative, no other plugin could do this + throw new Exception(_('Password changing is not allowed')); + } + } + } + + function onStartAccountSettingsPasswordMenuItem($widget) + { + if($this->authn_authoritative && !$this->password_changeable){ + //since we're authoritative, no other plugin could change passwords, so do render the menu item + return false; + } + } +} + |