Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x

3 files changed, 70 insertions, 29 deletions

diff --git a/plugins/Auth/AuthPlugin.php b/plugins/Auth/AuthPlugin.php
index 71e7ae4fb..cb52730f6 100644
--- a/plugins/Auth/AuthPlugin.php
+++ b/plugins/Auth/AuthPlugin.php
@@ -43,11 +43,17 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
 abstract class AuthPlugin extends Plugin
 {
     //is this plugin authoritative for authentication?
-    protected $authn_authoritative = false;
+    public $authn_authoritative = false;
     
     //should accounts be automatically created after a successful login attempt?
-    protected $autoregistration = false;
-    
+    public $autoregistration = false;
+
+    //can the user change their email address
+    public $email_changeable=true;
+
+    //can the user change their email address
+    public $password_changeable=true;
+
     //------------Auth plugin should implement some (or all) of these methods------------\\
     /**
     * Check if a nickname/password combination is valid
@@ -102,44 +108,65 @@ abstract class AuthPlugin extends Plugin
     }
     
     function StartCheckPassword($nickname, $password, &$authenticatedUser){
-        $authenticated = $this->checkPassword($nickname, $password);
-        if($authenticated){
-            $authenticatedUser = User::staticGet('nickname', $nickname);
-            if(!$authenticatedUser && $this->autoregistration){
-                if($this->autoregister($nickname)){
-                    $authenticatedUser = User::staticGet('nickname', $nickname);
+        if($this->password_changeable){
+            $authenticated = $this->checkPassword($nickname, $password);
+            if($authenticated){
+                $authenticatedUser = User::staticGet('nickname', $nickname);
+                if(!$authenticatedUser && $this->autoregistration){
+                    if($this->autoregister($nickname)){
+                        $authenticatedUser = User::staticGet('nickname', $nickname);
+                    }
+                }
+                return false;
+            }else{
+                if($this->authn_authoritative){
+                    return false;
                 }
             }
-            return false;
+            //we're not authoritative, so let other handlers try
         }else{
             if($this->authn_authoritative){
-                return false;
+                //since we're authoritative, no other plugin could do this
+                throw new Exception(_('Password changing is not allowed'));
             }
         }
-        //we're not authoritative, so let other handlers try
     }
 
     function onStartChangePassword($nickname,$oldpassword,$newpassword)
     {
-        $authenticated = $this->checkPassword($nickname, $oldpassword);
-        if($authenticated){
-            $result = $this->changePassword($nickname,$oldpassword,$newpassword);
-            if($result){
-                //stop handling of other handlers, because what was requested was done
-                return false;
+        if($this->password_changeable){
+            $authenticated = $this->checkPassword($nickname, $oldpassword);
+            if($authenticated){
+                $result = $this->changePassword($nickname,$oldpassword,$newpassword);
+                if($result){
+                    //stop handling of other handlers, because what was requested was done
+                    return false;
+                }else{
+                    throw new Exception(_('Password changing failed'));
+                }
             }else{
-                throw new Exception(_('Password changing failed'));
+                if($this->authn_authoritative){
+                    //since we're authoritative, no other plugin could do this
+                    throw new Exception(_('Password changing failed'));
+                }else{
+                    //let another handler try
+                    return null;
+                }
             }
         }else{
             if($this->authn_authoritative){
                 //since we're authoritative, no other plugin could do this
-                throw new Exception(_('Password changing failed'));
-            }else{
-                //let another handler try
-                return null;
+                throw new Exception(_('Password changing is not allowed'));
             }
         }
-            
+    }
+
+    function onStartAccountSettingsPasswordMenuItem($widget)
+    {
+        if($this->authn_authoritative && !$this->password_changeable){
+            //since we're authoritative, no other plugin could change passwords, so do render the menu item
+            return false;
+        }
     }
 }
 
diff --git a/plugins/Ldap/LdapPlugin.php b/plugins/Ldap/LdapPlugin.php
index 8a416bccc..88ca92b37 100644
--- a/plugins/Ldap/LdapPlugin.php
+++ b/plugins/Ldap/LdapPlugin.php
@@ -36,6 +36,17 @@ require_once 'Net/LDAP2.php';
 
 class LdapPlugin extends AuthPlugin
 {
+    public $host=null;
+    public $port=null;
+    public $version=null;
+    public $starttls=null;
+    public $binddn=null;
+    public $bindpw=null;
+    public $basedn=null;
+    public $options=null;
+    public $filter=null;
+    public $scope=null;
+    public $attributes=array();
 
     function __construct()
     {
@@ -125,7 +136,7 @@ class LdapPlugin extends AuthPlugin
         $keys = array('host','port','version','starttls','binddn','bindpw','basedn','options','filter','scope');
         foreach($keys as $key){
             $value = $this->$key;
-            if($value!==false){
+            if($value!==null){
                 $config[$key]=$value;
             }
         }
diff --git a/plugins/Ldap/README b/plugins/Ldap/README
index 1b6e3e75a..063286cef 100644
--- a/plugins/Ldap/README
+++ b/plugins/Ldap/README
@@ -4,12 +4,12 @@ Installation
 ============
 add "addPlugin('ldap', array('setting'=>'value', 'setting2'=>'value2', ...);" to the bottom of your config.php
 
-
-
 Settings
 ========
-authn_authoritative:  Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database).
-autoregistration: Set to true if users should be automatically created when they attempt to login.
+authn_authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database).
+autoregistration (false): Set to true if users should be automatically created when they attempt to login.
+email_changeable (true): Are users allowed to change their email address? (true or false)
+password_changeable (true): Are users allowed to change their passwords? (true or false)
 
 host*: LDAP server name to connect to. You can provide several hosts in an array in which case the hosts are tried from left to right.. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
 port: Port on the server. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
@@ -30,12 +30,15 @@ attributes: an array with the key being the StatusNet user attribute name, and t
     location
     
 * required
+default values are in (parenthesis)
 
 Example
 =======
 Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory.
 
 addPlugin('ldap', array(
+    'authn_authoritative'=>true,
+    'autoregistration'=>true,
     'binddn'=>'username',
     'bindpw'=>'password',
     'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',