diff options
author | Craig Andrews <candrews@integralblue.com> | 2010-01-05 13:56:22 -0500 |
---|---|---|
committer | Craig Andrews <candrews@integralblue.com> | 2010-01-05 13:56:22 -0500 |
commit | 9e2e0605ed6280daa4d74c4b962e4630d1078d90 (patch) | |
tree | ec0d8cacabd02a8b354d034ea076b8ab046eb55b /plugins | |
parent | f3a76bbcb71bcb3c389e55d18a163fa9927bcc06 (diff) |
Move Authorization and Authentication plugin structures into core, instead of as plugins.
This move makes sense as you can addPlugin('Authentication') for example - these are abstract classes designed to be implemented, not used directly.
Diffstat (limited to 'plugins')
7 files changed, 0 insertions, 417 deletions
diff --git a/plugins/Authentication/AuthenticationPlugin.php b/plugins/Authentication/AuthenticationPlugin.php deleted file mode 100644 index 07f14035d..000000000 --- a/plugins/Authentication/AuthenticationPlugin.php +++ /dev/null @@ -1,243 +0,0 @@ -<?php -/** - * StatusNet, the distributed open-source microblogging tool - * - * Superclass for plugins that do authentication and/or authorization - * - * PHP version 5 - * - * LICENCE: This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - * @category Plugin - * @package StatusNet - * @author Craig Andrews <candrews@integralblue.com> - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -if (!defined('STATUSNET') && !defined('LACONICA')) { - exit(1); -} - -/** - * Superclass for plugins that do authentication - * - * @category Plugin - * @package StatusNet - * @author Craig Andrews <candrews@integralblue.com> - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -abstract class AuthenticationPlugin extends Plugin -{ - //is this plugin authoritative for authentication? - public $authoritative = false; - - //should accounts be automatically created after a successful login attempt? - public $autoregistration = false; - - //can the user change their email address - public $password_changeable=true; - - //unique name for this authentication provider - public $provider_name; - - //------------Auth plugin should implement some (or all) of these methods------------\\ - /** - * Check if a nickname/password combination is valid - * @param username - * @param password - * @return boolean true if the credentials are valid, false if they are invalid. - */ - function checkPassword($username, $password) - { - return false; - } - - /** - * Automatically register a user when they attempt to login with valid credentials. - * User::register($data) is a very useful method for this implementation - * @param username - * @return mixed instance of User, or false (if user couldn't be created) - */ - function autoRegister($username) - { - $registration_data = array(); - $registration_data['nickname'] = $username ; - return User::register($registration_data); - } - - /** - * Change a user's password - * The old password has been verified to be valid by this plugin before this call is made - * @param username - * @param oldpassword - * @param newpassword - * @return boolean true if the password was changed, false if password changing failed for some reason - */ - function changePassword($username,$oldpassword,$newpassword) - { - return false; - } - - //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\ - function onInitializePlugin(){ - if(!isset($this->provider_name)){ - throw new Exception("must specify a provider_name for this authentication provider"); - } - } - - /** - * Internal AutoRegister event handler - * @param nickname - * @param provider_name - * @param user - the newly registered user - */ - function onAutoRegister($nickname, $provider_name, &$user) - { - if($provider_name == $this->provider_name && $this->autoregistration){ - $user = $this->autoregister($nickname); - if($user){ - User_username::register($user,$nickname,$this->provider_name); - return false; - } - } - } - - function onStartCheckPassword($nickname, $password, &$authenticatedUser){ - //map the nickname to a username - $user_username = new User_username(); - $user_username->username=$nickname; - $user_username->provider_name=$this->provider_name; - if($user_username->find() && $user_username->fetch()){ - $username = $user_username->username; - $authenticated = $this->checkPassword($username, $password); - if($authenticated){ - $authenticatedUser = User::staticGet('id', $user_username->user_id); - return false; - } - }else{ - $user = User::staticGet('nickname', $nickname); - if($user){ - //make sure a different provider isn't handling this nickname - $user_username = new User_username(); - $user_username->username=$nickname; - if(!$user_username->find()){ - //no other provider claims this username, so it's safe for us to handle it - $authenticated = $this->checkPassword($nickname, $password); - if($authenticated){ - $authenticatedUser = User::staticGet('nickname', $nickname); - User_username::register($authenticatedUser,$nickname,$this->provider_name); - return false; - } - } - }else{ - $authenticated = $this->checkPassword($nickname, $password); - if($authenticated){ - if(! Event::handle('AutoRegister', array($nickname, $this->provider_name, &$authenticatedUser))){ - //unlike most Event::handle lines of code, this one has a ! (not) - //we want to do this if the event *was* handled - this isn't a "default" implementation - //like most code of this form. - if($authenticatedUser){ - return false; - } - } - } - } - } - if($this->authoritative){ - return false; - }else{ - //we're not authoritative, so let other handlers try - return; - } - } - - function onStartChangePassword($user,$oldpassword,$newpassword) - { - if($this->password_changeable){ - $user_username = new User_username(); - $user_username->user_id=$user->id; - $user_username->provider_name=$this->provider_name; - if($user_username->find() && $user_username->fetch()){ - $authenticated = $this->checkPassword($user_username->username, $oldpassword); - if($authenticated){ - $result = $this->changePassword($user_username->username,$oldpassword,$newpassword); - if($result){ - //stop handling of other handlers, because what was requested was done - return false; - }else{ - throw new Exception(_('Password changing failed')); - } - }else{ - if($this->authoritative){ - //since we're authoritative, no other plugin could do this - throw new Exception(_('Password changing failed')); - }else{ - //let another handler try - return null; - } - } - } - }else{ - if($this->authoritative){ - //since we're authoritative, no other plugin could do this - throw new Exception(_('Password changing is not allowed')); - } - } - } - - function onStartAccountSettingsPasswordMenuItem($widget) - { - if($this->authoritative && !$this->password_changeable){ - //since we're authoritative, no other plugin could change passwords, so do not render the menu item - return false; - } - } - - function onAutoload($cls) - { - switch ($cls) - { - case 'User_username': - require_once(INSTALLDIR.'/plugins/Authentication/User_username.php'); - return false; - default: - return true; - } - } - - function onCheckSchema() { - $schema = Schema::get(); - $schema->ensureTable('user_username', - array(new ColumnDef('provider_name', 'varchar', - '255', false, 'PRI'), - new ColumnDef('username', 'varchar', - '255', false, 'PRI'), - new ColumnDef('user_id', 'integer', - null, false), - new ColumnDef('created', 'datetime', - null, false), - new ColumnDef('modified', 'timestamp'))); - return true; - } - - function onUserDeleteRelated($user, &$tables) - { - $tables[] = 'User_username'; - return true; - } -} - diff --git a/plugins/Authentication/User_username.php b/plugins/Authentication/User_username.php deleted file mode 100644 index 853fd5cb8..000000000 --- a/plugins/Authentication/User_username.php +++ /dev/null @@ -1,61 +0,0 @@ -<?php -/** - * Table Definition for user_username - */ -require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; - -class User_username extends Memcached_DataObject -{ - ###START_AUTOCODE - /* the code below is auto generated do not remove the above tag */ - - public $__table = 'user_username'; // table name - public $user_id; // int(4) not_null - public $provider_name; // varchar(255) primary_key not_null - public $username; // varchar(255) primary_key not_null - public $created; // datetime() not_null - public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP - - /* Static get */ - function staticGet($k,$v=null) - { return Memcached_DataObject::staticGet('User_username',$k,$v); } - - /* the code above is auto generated do not remove the tag below */ - ###END_AUTOCODE - - /** - * Register a user with a username on a given provider - * @param User User object - * @param string username on the given provider - * @param provider_name string name of the provider - * @return mixed User_username instance if the registration succeeded, false if it did not - */ - static function register($user, $username, $provider_name) - { - $user_username = new User_username(); - $user_username->user_id = $user->id; - $user_username->provider_name = $provider_name; - $user_username->username = $username; - $user_username->created = DB_DataObject_Cast::dateTime(); - if($user_username->insert()){ - return $user_username; - }else{ - return false; - } - } - - function table() { - return array( - 'user_id' => DB_DATAOBJECT_INT, - 'username' => DB_DATAOBJECT_STR, - 'provider_name' => DB_DATAOBJECT_STR , - 'created' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME - ); - } - - // now define the keys. - function keys() { - return array('provider_name', 'username'); - } - -} diff --git a/plugins/Authorization/AuthorizationPlugin.php b/plugins/Authorization/AuthorizationPlugin.php deleted file mode 100644 index e4e046d08..000000000 --- a/plugins/Authorization/AuthorizationPlugin.php +++ /dev/null @@ -1,108 +0,0 @@ -<?php -/** - * StatusNet, the distributed open-source microblogging tool - * - * Superclass for plugins that do authorization - * - * PHP version 5 - * - * LICENCE: This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - * @category Plugin - * @package StatusNet - * @author Craig Andrews <candrews@integralblue.com> - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -if (!defined('STATUSNET') && !defined('LACONICA')) { - exit(1); -} - -/** - * Superclass for plugins that do authorization - * - * @category Plugin - * @package StatusNet - * @author Craig Andrews <candrews@integralblue.com> - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -abstract class AuthorizationPlugin extends Plugin -{ - //is this plugin authoritative for authorization? - public $authoritative = false; - - //------------Auth plugin should implement some (or all) of these methods------------\\ - - /** - * Is a user allowed to log in? - * @param user - * @return boolean true if the user is allowed to login, false if explicitly not allowed to login, null if we don't explicitly allow or deny login - */ - function loginAllowed($user) { - return null; - } - - /** - * Does a profile grant the user a named role? - * @param profile - * @return boolean true if the profile has the role, false if not - */ - function hasRole($profile, $name) { - return false; - } - - //------------Below are the methods that connect StatusNet to the implementing Auth plugin------------\\ - function onInitializePlugin(){ - - } - - function onStartSetUser(&$user) { - $loginAllowed = $this->loginAllowed($user); - if($loginAllowed === true){ - return; - }else if($loginAllowed === false){ - $user = null; - return false; - }else{ - if($this->authoritative) { - $user = null; - return false; - }else{ - return; - } - } - } - - function onStartSetApiUser(&$user) { - return $this->onStartSetUser(&$user); - } - - function onStartHasRole($profile, $name, &$has_role) { - if($this->hasRole($profile, $name)){ - $has_role = true; - return false; - }else{ - if($this->authoritative) { - $has_role = false; - return false; - }else{ - return; - } - } - } -} - diff --git a/plugins/CasAuthentication/CasAuthenticationPlugin.php b/plugins/CasAuthentication/CasAuthenticationPlugin.php index 8f29c7d2a..26f21af16 100644 --- a/plugins/CasAuthentication/CasAuthenticationPlugin.php +++ b/plugins/CasAuthentication/CasAuthenticationPlugin.php @@ -34,7 +34,6 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { // We bundle the phpCAS library... set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/extlib/CAS'); -require_once INSTALLDIR.'/plugins/Authentication/AuthenticationPlugin.php'; class CasAuthenticationPlugin extends AuthenticationPlugin { public $server; diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php index 39967fe42..af42be761 100644 --- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php +++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php @@ -31,7 +31,6 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/plugins/Authentication/AuthenticationPlugin.php'; require_once 'Net/LDAP2.php'; class LdapAuthenticationPlugin extends AuthenticationPlugin diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 5e759c379..7673e61ef 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -31,7 +31,6 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/plugins/Authorization/AuthorizationPlugin.php'; require_once 'Net/LDAP2.php'; class LdapAuthorizationPlugin extends AuthorizationPlugin diff --git a/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php b/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php index d48283b2e..d157ea067 100644 --- a/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php +++ b/plugins/ReverseUsernameAuthentication/ReverseUsernameAuthenticationPlugin.php @@ -31,8 +31,6 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/plugins/Authentication/AuthenticationPlugin.php'; - class ReverseUsernameAuthenticationPlugin extends AuthenticationPlugin { //---interface implementation---// |