[dokuwiki] Re: Custom auth and required login
- From: "Nelson, Bill" <bill.nelson@xxxxxx>
- To: "dokuwiki@xxxxxxxxxxxxx" <dokuwiki@xxxxxxxxxxxxx>
- Date: Fri, 24 Jul 2015 14:18:18 +0000
Andi,
HTML off - sorry about that.
I assume you've seen https://www.dokuwiki.org/devel:auth_plugins -- yes I have
been using it to convert the code over. It was under the inc folder in the
older system.
Here is the plugin code. As far as I can tell it is working - it is just that
it always is called instead of only when a Login is selected. Still some
cleanup to do on it but should be good enough to review.
<?php
if (!defined('DOKU_INC')) die(); /* must be run from within DokuWiki */
/**
* ITSS authentication backend
*
*/
/************************************/
/* TI Pass Config */
/************************************/
define ("TIPASS_LOGIN_URL", "https://xxxxxx.ti.com/cgi-bin/login/login.pl";);
define ("TIPASS_LOGOUT_URL", "https://xxxxx.ti.com/cgi-bin/login/logout.pl";);
// Validate ID URL
define ("TIPASS_VALIDATE_ID_URL",
"https://xxxx.ext.ti.com/cgi-bin/api/validateid";);
// TIPASS Session Timeout
define ("TIPASS_SESSION_TIMEOUT", 14400);
// JMV 2011-01-24: define the Wiki protocol
$pro = "http";
if ($_SERVER["HTTPS"] == "on")
$pro = "https";
define ("HTTP_PROTOCOL", $pro);
if ($_SERVER["QUERY_STRING"] == "") {
define ("OK_PAGE_LOGIN", HTTP_PROTOCOL . "://" . $_SERVER["SERVER_NAME"] .
$_SERVER["SCRIPT_NAME"]);
}
else {
define ("OK_PAGE_LOGIN", HTTP_PROTOCOL . "://" . $_SERVER["SERVER_NAME"] .
$_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"]);
}
define ("OK_PAGE_LOGOUT", HTTP_PROTOCOL . "://" . $_SERVER["SERVER_NAME"] .
$_SERVER["SCRIPT_NAME"]);
class auth_plugin_authtipass extends DokuWiki_Auth_Plugin {
/*
* Constructor
*
* Carry out sanity checks to ensure the object is
* able to operate. Set capabilities in $this->cando
* array here
*
* Set $this->success to false if checks fail
*
*/
//function auth_tipass() {
function auth_plugin_authtipass() {
$this->cando['external'] = true;
$this->cando['logoff'] = true;
$this->success = true;
}
/*
* trustExternal()
*
* When this function is called, it disables auth_login
*
* @author Eric de Beaumont <e-debeaumont@xxxxxx>
*/
function trustExternal($user, $pass, $sticky = false) {
global $conf;
global $USERINFO;
//Bill - adding this in case it is not running automatically
session_start();
//logOut();
$okPage = OK_PAGE_LOGIN;
// URL for login pages
$login = TIPASS_LOGIN_URL;
// Read the TIPASSID and CREDHASH cookies
$tipassid = $_COOKIE['TIPASSID'];
$credhash = $_COOKIE['CREDHASH'];
//leaving in in case we need to debug more
//$fWrite = fopen("/tmp/dok.log","a");
//$wrote = fwrite($fWrite, "Got to the trusted function\n");
//fclose($fWrite);
//if the Session variable is already set, then it returns its value
if ($_SESSION[$conf['title']]['auth']) {
if ( ((TIPASS_SESSION_TIMEOUT +
$_SESSION[$conf['title']]['auth'][SESS_TIPASS_TIMEOUT]) < time()) || !$tipassid
|| !$credhash )
{
$_SESSION[$conf['title']]['auth'][SESS_TIPASS_TIMEOUT] = time();
#header("Location: $login?URI=$okPage");
header("Location:
$login?URI=".rawurlencode("$okPage"));
//echo "$login?URI=$okPage";
}else{
// Avoid TI Pass check if Web Site session is not expired
if ((TIPASS_SESSION_TIMEOUT +
$_SESSION[$conf['title']]['auth'][SESS_TIPASS_TIMEOUT]) >= time() &&
isset($_SESSION[$conf['title']]['auth']['tipass-uid']))
{
$_SERVER['REMOTE_USER'] =
$_SESSION[$conf['title']]['auth']['tipass-uid'];
$USERINFO = $_SESSION[$conf['title']]['auth']['info'];
return true;
}
$tipassid_enc = rawurlencode($tipassid);
$http_data =
"TIPASSID=".$tipassid_enc."&CREDHASH=".$credhash;
$url = TIPASS_VALIDATE_ID_URL."?".$http_data;
// original - $resp = trim(file_get_contents($url));
$resp = trim(system("curl \"$url\""));
if(strtoupper($resp)=="OK"){
// THE USER IS LOGGED IN
// split $tipassid string at '|' character.
$elements = split( "\|", $tipassid );
$num = count($elements);
// split key / value pairs at '=' character.
for ($i = 0; $i < $num; $i++)
{
list($key, $value) = split( "=", $elements[$i] );
$pair{$key} = $value;
$fWrite = fopen("/tmp/dok.log","a");
$wrote = fwrite($fWrite, "$key $value\n");
fclose($fWrite);
}
// get principalID.
$principalID = $pair{'uid'};
if ( $principalID ) {
$USERINFO['name'] = $principalID;
$USERINFO['mail'] = '';
$USERINFO['grps'] = array();
//print_r($USERINFO['grps']);
$_SERVER['REMOTE_USER'] = $principalID;
$_SESSION[$conf['title']]['auth']['tipass-uid'] =
$principalID;
$_SESSION[$conf['title']]['auth']['user'] =
$principalID;
$_SESSION[$conf['title']]['auth']['info'] = $USERINFO;
$_SESSION[$conf['title']]['auth'][SESS_TIPASS_TIMEOUT]=time();
return true;
}
}else{
#header("Location: $login?URI=$okPage");
header("Location:
$login?URI=".rawurlencode("$okPage"));
}
}
}else{ //Session has expired
//--------------------------------------------------------
//Check for the existance of
// the TIPASSID and CREDHASH cookies
//--------------------------------------------------------
if ( !$tipassid || !$credhash ) {
//--------------------------------------------------------
// If either the TIPASSID or CREDHASH cookie is not set,
//then redirect the user to the Login Portal
//--------------------------------------------------------
// myportal proxy flow:
#header("Location: $login?URI=$okPage");
header("Location: $login?URI=".rawurlencode("$okPage"));
exit();
// If cookies found, validate them below and build the session
with required informations.
} else {
//Validation
/*$http_data_t = array('TIPASSID'=>$tipassid,
'CREDHASH'=>$credhash
);
$http_data = http_build_query($http_data_t);*/
// Avoid TI Pass check if Web Site session is not expired
$resp = "";
if ((!$_SESSION[$conf['title']]['auth'][SESS_TIPASS_TIMEOUT])
|| (TIPASS_SESSION_TIMEOUT +
$_SESSION[$conf['title']]['auth'][SESS_TIPASS_TIMEOUT]) < time())
{
$tipassid_enc = rawurlencode($tipassid);
$http_data =
"TIPASSID=".$tipassid_enc."&CREDHASH=".$credhash;
$url = TIPASS_VALIDATE_ID_URL."?".$http_data;
$resp = system("curl \"$url\"");
}
else
{
$resp = "OK";
}
// split $tipassid string at '|'
character.
if(strtoupper($resp)=="OK"){
// THE USER IS LOGGED IN
// split $tipassid string at '|'
character.
$elements = split( "\|", $tipassid );
$num = count($elements);
// split key / value pairs at '='
character.
for ($i = 0; $i < $num; $i++)
{
list($key, $value) = split(
"=", $elements[$i] );
$pair{$key} = $value;
}
// get principalID.
$principalID = $pair{'uid'};
if ( $principalID ) {
$USERINFO['name'] = $principalID;
$USERINFO['mail'] = '';
$USERINFO['grps'] = array();
//print_r($USERINFO['grps']);
$_SERVER['REMOTE_USER'] = $principalID;
$_SESSION[$conf['title']]['auth']['tipass-uid'] =
$principalID;
$_SESSION[$conf['title']]['auth']['user'] =
$principalID;
$_SESSION[$conf['title']]['auth']['info'] =
$USERINFO;
$_SESSION[$conf['title']]['auth'][SESS_TIPASS_TIMEOUT]=time();
//loadUserProfile($principalID);
//header("Location: $okPage");
//echo "Location: $okPage";
return true;
}
else{
#header("Location:
$login?URI=$okPage");
header("Location:
$login?URI=".rawurlencode("$okPage"));
exit();
}
}else{
#header("Location:
$login?URI=$okPage");
header("Location:
$login?URI=".rawurlencode("$okPage"));
exit();
}
}
}
}
/*
* logOff()
*
* Note: doku.php has to be updated to prevent
* prevent session_write_close() from being invoked
* before $auth->logOff() (i.e. before act_dispatch().
* Or session variables would not be correctly unset.
*
*/
function logOff() {
global $conf;
global $USERINFO;
$uid = $_SESSION[$conf['title']]['auth']['tipass-uid'];
unset($_SESSION[$conf['title']]['auth']['tipass-uid']);
unset($_SESSION[$conf['title']]['auth']['user']);
unset($_SESSION[$conf['title']]['auth']['info']);
unset($_SERVER['REMOTE_USER']);
$USERINFO = null;
session_write_close();
header("Location: " . TIPASS_LOGOUT_URL);
exit;
}
}
I would like to only use one auth method but I did see something in the old
setup on using split so I asked about that.
Thanks for taking the time to look at this.
Regards,
Bill
��.Z)"����x%��f��������m�����h��"�*+����X��X�
Other related posts:
