summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--EVENTS.txt40
-rw-r--r--lib/accountsettingsaction.php57
-rw-r--r--plugins/Auth/AuthPlugin.php75
-rw-r--r--plugins/Ldap/LdapPlugin.php13
-rw-r--r--plugins/Ldap/README11
5 files changed, 136 insertions, 60 deletions
diff --git a/EVENTS.txt b/EVENTS.txt
index 97b7de299..f75dcebca 100644
--- a/EVENTS.txt
+++ b/EVENTS.txt
@@ -162,6 +162,42 @@ StartAccountSettingsNav: Before showing the account settings menu
EndAccountSettingsNav: After showing the account settings menu
- $action: the current action
+StartAccountSettingsProfileMenuItem: Before showing the Profile menu item
+- $widget: AccountSettingsNav instance being shown
+
+EndAccountSettingsProfileMenuItem: After showing the Profile menu item
+- $widget: AccountSettingsNav instance being shown
+
+StartAccountSettingsAvatarMenuItem: Before showing the Avatar menu item
+- $widget: AccountSettingsNav instance being shown
+
+EndAccountSettingsAvatarMenuItem: After showing the Avatar menu item
+- $widget: AccountSettingsNav instance being shown
+
+StartAccountSettingsPasswordMenuItem: Before showing the Password menu item
+- $widget: AccountSettingsNav instance being shown
+
+EndAccountSettingsPasswordMenuItem: After showing the Password menu item
+- $widget: AccountSettingsNav instance being shown
+
+StartAccountSettingsEmailMenuItem: Before showing the Email menu item
+- $widget: AccountSettingsNav instance being shown
+
+EndAccountSettingsEmailMenuItem: After showing the Email menu item
+- $widget: AccountSettingsNav instance being shown
+
+StartAccountSettingsDesignMenuItem: Before showing the Design menu item
+- $widget: AccountSettingsNav instance being shown
+
+EndAccountSettingsDesignMenuItem: After showing the Design menu item
+- $widget: AccountSettingsNav instance being shown
+
+StartAccountSettingsOtherMenuItem: Before showing the Other menu item
+- $widget: AccountSettingsNav instance being shown
+
+EndAccountSettingsOtherMenuItem: After showing the Other menu item
+- $widget: AccountSettingsNav instance being shown
+
Autoload: When trying to autoload a class
- $cls: the class being sought. A plugin might require_once the file for the class.
@@ -499,10 +535,6 @@ StartChangePassword: Before changing a password
EndChangePassword: After changing a password
- $nickname: user's nickname
-CanUserChangeField: Determines if a user is allowed to change a specific profile field
-- $nickname: nickname of the user who would like to know which of their profile fields are mutable
-- $field: name of the field the user wants to change (nickname, fullname, password, avatar, etc)
-
UserDeleteRelated: Specify additional tables to delete entries from when deleting users
- $user: User object
- &$related: array of DB_DataObject class names to delete entries on matching user_id.
diff --git a/lib/accountsettingsaction.php b/lib/accountsettingsaction.php
index 9865e1748..c79a1f5d7 100644
--- a/lib/accountsettingsaction.php
+++ b/lib/accountsettingsaction.php
@@ -104,35 +104,29 @@ class AccountSettingsNav extends Widget
if (Event::handle('StartAccountSettingsNav', array(&$this->action))) {
$user = common_current_user();
- $menu = array();
- $menu['profilesettings'] =
- array(_('Profile'),
- _('Change your profile settings'));
- if(Event::handle('CanUserChangeField', array($user->nickname, 'avatar'))){
- $menu['avatarsettings'] =
- array(_('Avatar'),
- _('Upload an avatar'));
+ if(Event::handle('StartAccountSettingsProfileMenuItem', array($this, &$menu))){
+ $this->showMenuItem('profilesettings',_('Profile'),_('Change your profile settings'));
+ Event::handle('EndAccountSettingsProfileMenuItem', array($this, &$menu));
}
- if(Event::handle('CanUserChangeField', array($user->nickname, 'password'))){
- $menu['passwordsettings'] =
- array(_('Password'),
- _('Change your password'));
+ if(Event::handle('StartAccountSettingsAvatarMenuItem', array($this, &$menu))){
+ $this->showMenuItem('avatarsettings',_('Avatar'),_('Upload an avatar'));
+ Event::handle('EndAccountSettingsAvatarMenuItem', array($this, &$menu));
}
- $menu['emailsettings'] =
- array(_('Email'),
- _('Change email handling'));
- $menu['userdesignsettings'] =
- array(_('Design'),
- _('Design your profile'));
- $menu['othersettings'] =
- array(_('Other'),
- _('Other options'));
-
- foreach ($menu as $menuaction => $menudesc) {
- $this->action->menuItem(common_local_url($menuaction),
- $menudesc[0],
- $menudesc[1],
- $action_name === $menuaction);
+ if(Event::handle('StartAccountSettingsPasswordMenuItem', array($this, &$menu))){
+ $this->showMenuItem('passwordsettings',_('Password'),_('Change your password'));
+ Event::handle('EndAccountSettingsPasswordMenuItem', array($this, &$menu));
+ }
+ if(Event::handle('StartAccountSettingsEmailMenuItem', array($this, &$menu))){
+ $this->showMenuItem('emailsettings',_('Email'),_('Change email handling'));
+ Event::handle('EndAccountSettingsEmailMenuItem', array($this, &$menu));
+ }
+ if(Event::handle('StartAccountSettingsDesignMenuItem', array($this, &$menu))){
+ $this->showMenuItem('userdesignsettings',_('Design'),_('Design your profile'));
+ Event::handle('EndAccountSettingsDesignMenuItem', array($this, &$menu));
+ }
+ if(Event::handle('StartAccountSettingsOtherMenuItem', array($this, &$menu))){
+ $this->showMenuItem('othersettings',_('Other'),_('Other options'));
+ Event::handle('EndAccountSettingsOtherMenuItem', array($this, &$menu));
}
Event::handle('EndAccountSettingsNav', array(&$this->action));
@@ -140,4 +134,13 @@ class AccountSettingsNav extends Widget
$this->action->elementEnd('ul');
}
+
+ function showMenuItem($menuaction, $desc1, $desc2)
+ {
+ $action_name = $this->action->trimmed('action');
+ $this->action->menuItem(common_local_url($menuaction),
+ $desc1,
+ $desc2,
+ $action_name === $menuaction);
+ }
}
diff --git a/plugins/Auth/AuthPlugin.php b/plugins/Auth/AuthPlugin.php
index 71e7ae4fb..cb52730f6 100644
--- a/plugins/Auth/AuthPlugin.php
+++ b/plugins/Auth/AuthPlugin.php
@@ -43,11 +43,17 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
abstract class AuthPlugin extends Plugin
{
//is this plugin authoritative for authentication?
- protected $authn_authoritative = false;
+ public $authn_authoritative = false;
//should accounts be automatically created after a successful login attempt?
- protected $autoregistration = false;
-
+ public $autoregistration = false;
+
+ //can the user change their email address
+ public $email_changeable=true;
+
+ //can the user change their email address
+ public $password_changeable=true;
+
//------------Auth plugin should implement some (or all) of these methods------------\\
/**
* Check if a nickname/password combination is valid
@@ -102,44 +108,65 @@ abstract class AuthPlugin extends Plugin
}
function StartCheckPassword($nickname, $password, &$authenticatedUser){
- $authenticated = $this->checkPassword($nickname, $password);
- if($authenticated){
- $authenticatedUser = User::staticGet('nickname', $nickname);
- if(!$authenticatedUser && $this->autoregistration){
- if($this->autoregister($nickname)){
- $authenticatedUser = User::staticGet('nickname', $nickname);
+ if($this->password_changeable){
+ $authenticated = $this->checkPassword($nickname, $password);
+ if($authenticated){
+ $authenticatedUser = User::staticGet('nickname', $nickname);
+ if(!$authenticatedUser && $this->autoregistration){
+ if($this->autoregister($nickname)){
+ $authenticatedUser = User::staticGet('nickname', $nickname);
+ }
+ }
+ return false;
+ }else{
+ if($this->authn_authoritative){
+ return false;
}
}
- return false;
+ //we're not authoritative, so let other handlers try
}else{
if($this->authn_authoritative){
- return false;
+ //since we're authoritative, no other plugin could do this
+ throw new Exception(_('Password changing is not allowed'));
}
}
- //we're not authoritative, so let other handlers try
}
function onStartChangePassword($nickname,$oldpassword,$newpassword)
{
- $authenticated = $this->checkPassword($nickname, $oldpassword);
- if($authenticated){
- $result = $this->changePassword($nickname,$oldpassword,$newpassword);
- if($result){
- //stop handling of other handlers, because what was requested was done
- return false;
+ if($this->password_changeable){
+ $authenticated = $this->checkPassword($nickname, $oldpassword);
+ if($authenticated){
+ $result = $this->changePassword($nickname,$oldpassword,$newpassword);
+ if($result){
+ //stop handling of other handlers, because what was requested was done
+ return false;
+ }else{
+ throw new Exception(_('Password changing failed'));
+ }
}else{
- throw new Exception(_('Password changing failed'));
+ if($this->authn_authoritative){
+ //since we're authoritative, no other plugin could do this
+ throw new Exception(_('Password changing failed'));
+ }else{
+ //let another handler try
+ return null;
+ }
}
}else{
if($this->authn_authoritative){
//since we're authoritative, no other plugin could do this
- throw new Exception(_('Password changing failed'));
- }else{
- //let another handler try
- return null;
+ throw new Exception(_('Password changing is not allowed'));
}
}
-
+ }
+
+ function onStartAccountSettingsPasswordMenuItem($widget)
+ {
+ if($this->authn_authoritative && !$this->password_changeable){
+ //since we're authoritative, no other plugin could change passwords, so do render the menu item
+ return false;
+ }
}
}
diff --git a/plugins/Ldap/LdapPlugin.php b/plugins/Ldap/LdapPlugin.php
index 8a416bccc..88ca92b37 100644
--- a/plugins/Ldap/LdapPlugin.php
+++ b/plugins/Ldap/LdapPlugin.php
@@ -36,6 +36,17 @@ require_once 'Net/LDAP2.php';
class LdapPlugin extends AuthPlugin
{
+ public $host=null;
+ public $port=null;
+ public $version=null;
+ public $starttls=null;
+ public $binddn=null;
+ public $bindpw=null;
+ public $basedn=null;
+ public $options=null;
+ public $filter=null;
+ public $scope=null;
+ public $attributes=array();
function __construct()
{
@@ -125,7 +136,7 @@ class LdapPlugin extends AuthPlugin
$keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope');
foreach($keys as $key){
$value = $this->$key;
- if($value!==false){
+ if($value!==null){
$config[$key]=$value;
}
}
diff --git a/plugins/Ldap/README b/plugins/Ldap/README
index 1b6e3e75a..063286cef 100644
--- a/plugins/Ldap/README
+++ b/plugins/Ldap/README
@@ -4,12 +4,12 @@ Installation
============
add "addPlugin('ldap', array('setting'=>'value', 'setting2'=>'value2', ...);" to the bottom of your config.php
-
-
Settings
========
-authn_authoritative: Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database).
-autoregistration: Set to true if users should be automatically created when they attempt to login.
+authn_authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database).
+autoregistration (false): Set to true if users should be automatically created when they attempt to login.
+email_changeable (true): Are users allowed to change their email address? (true or false)
+password_changeable (true): Are users allowed to change their passwords? (true or false)
host*: LDAP server name to connect to. You can provide several hosts in an array in which case the hosts are tried from left to right.. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
port: Port on the server. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
@@ -30,12 +30,15 @@ attributes: an array with the key being the StatusNet user attribute name, and t
location
* required
+default values are in (parenthesis)
Example
=======
Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory.
addPlugin('ldap', array(
+ 'authn_authoritative'=>true,
+ 'autoregistration'=>true,
'binddn'=>'username',
'bindpw'=>'password',
'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',