summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/Auth/AuthPlugin.php75
-rw-r--r--plugins/Ldap/LdapPlugin.php13
-rw-r--r--plugins/Ldap/README11
3 files changed, 70 insertions, 29 deletions
diff --git a/plugins/Auth/AuthPlugin.php b/plugins/Auth/AuthPlugin.php
index 71e7ae4fb..cb52730f6 100644
--- a/plugins/Auth/AuthPlugin.php
+++ b/plugins/Auth/AuthPlugin.php
@@ -43,11 +43,17 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
abstract class AuthPlugin extends Plugin
{
//is this plugin authoritative for authentication?
- protected $authn_authoritative = false;
+ public $authn_authoritative = false;
//should accounts be automatically created after a successful login attempt?
- protected $autoregistration = false;
-
+ public $autoregistration = false;
+
+ //can the user change their email address
+ public $email_changeable=true;
+
+ //can the user change their email address
+ public $password_changeable=true;
+
//------------Auth plugin should implement some (or all) of these methods------------\\
/**
* Check if a nickname/password combination is valid
@@ -102,44 +108,65 @@ abstract class AuthPlugin extends Plugin
}
function StartCheckPassword($nickname, $password, &$authenticatedUser){
- $authenticated = $this->checkPassword($nickname, $password);
- if($authenticated){
- $authenticatedUser = User::staticGet('nickname', $nickname);
- if(!$authenticatedUser && $this->autoregistration){
- if($this->autoregister($nickname)){
- $authenticatedUser = User::staticGet('nickname', $nickname);
+ if($this->password_changeable){
+ $authenticated = $this->checkPassword($nickname, $password);
+ if($authenticated){
+ $authenticatedUser = User::staticGet('nickname', $nickname);
+ if(!$authenticatedUser && $this->autoregistration){
+ if($this->autoregister($nickname)){
+ $authenticatedUser = User::staticGet('nickname', $nickname);
+ }
+ }
+ return false;
+ }else{
+ if($this->authn_authoritative){
+ return false;
}
}
- return false;
+ //we're not authoritative, so let other handlers try
}else{
if($this->authn_authoritative){
- return false;
+ //since we're authoritative, no other plugin could do this
+ throw new Exception(_('Password changing is not allowed'));
}
}
- //we're not authoritative, so let other handlers try
}
function onStartChangePassword($nickname,$oldpassword,$newpassword)
{
- $authenticated = $this->checkPassword($nickname, $oldpassword);
- if($authenticated){
- $result = $this->changePassword($nickname,$oldpassword,$newpassword);
- if($result){
- //stop handling of other handlers, because what was requested was done
- return false;
+ if($this->password_changeable){
+ $authenticated = $this->checkPassword($nickname, $oldpassword);
+ if($authenticated){
+ $result = $this->changePassword($nickname,$oldpassword,$newpassword);
+ if($result){
+ //stop handling of other handlers, because what was requested was done
+ return false;
+ }else{
+ throw new Exception(_('Password changing failed'));
+ }
}else{
- throw new Exception(_('Password changing failed'));
+ if($this->authn_authoritative){
+ //since we're authoritative, no other plugin could do this
+ throw new Exception(_('Password changing failed'));
+ }else{
+ //let another handler try
+ return null;
+ }
}
}else{
if($this->authn_authoritative){
//since we're authoritative, no other plugin could do this
- throw new Exception(_('Password changing failed'));
- }else{
- //let another handler try
- return null;
+ throw new Exception(_('Password changing is not allowed'));
}
}
-
+ }
+
+ function onStartAccountSettingsPasswordMenuItem($widget)
+ {
+ if($this->authn_authoritative && !$this->password_changeable){
+ //since we're authoritative, no other plugin could change passwords, so do render the menu item
+ return false;
+ }
}
}
diff --git a/plugins/Ldap/LdapPlugin.php b/plugins/Ldap/LdapPlugin.php
index 8a416bccc..88ca92b37 100644
--- a/plugins/Ldap/LdapPlugin.php
+++ b/plugins/Ldap/LdapPlugin.php
@@ -36,6 +36,17 @@ require_once 'Net/LDAP2.php';
class LdapPlugin extends AuthPlugin
{
+ public $host=null;
+ public $port=null;
+ public $version=null;
+ public $starttls=null;
+ public $binddn=null;
+ public $bindpw=null;
+ public $basedn=null;
+ public $options=null;
+ public $filter=null;
+ public $scope=null;
+ public $attributes=array();
function __construct()
{
@@ -125,7 +136,7 @@ class LdapPlugin extends AuthPlugin
$keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope');
foreach($keys as $key){
$value = $this->$key;
- if($value!==false){
+ if($value!==null){
$config[$key]=$value;
}
}
diff --git a/plugins/Ldap/README b/plugins/Ldap/README
index 1b6e3e75a..063286cef 100644
--- a/plugins/Ldap/README
+++ b/plugins/Ldap/README
@@ -4,12 +4,12 @@ Installation
============
add "addPlugin('ldap', array('setting'=>'value', 'setting2'=>'value2', ...);" to the bottom of your config.php
-
-
Settings
========
-authn_authoritative: Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database).
-autoregistration: Set to true if users should be automatically created when they attempt to login.
+authn_authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database).
+autoregistration (false): Set to true if users should be automatically created when they attempt to login.
+email_changeable (true): Are users allowed to change their email address? (true or false)
+password_changeable (true): Are users allowed to change their passwords? (true or false)
host*: LDAP server name to connect to. You can provide several hosts in an array in which case the hosts are tried from left to right.. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
port: Port on the server. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
@@ -30,12 +30,15 @@ attributes: an array with the key being the StatusNet user attribute name, and t
location
* required
+default values are in (parenthesis)
Example
=======
Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory.
addPlugin('ldap', array(
+ 'authn_authoritative'=>true,
+ 'autoregistration'=>true,
'binddn'=>'username',
'bindpw'=>'password',
'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',