Commit | Line | Data |
---|---|---|
3f6bc75f FB |
1 | <?php |
2 | ||
3f6bc75f | 3 | class xorgAuth extends dcAuth { |
1759942c FB |
4 | public $xorg_infos = array('forlife' => null, |
5 | 'prenom' => null, | |
f525ba66 FB |
6 | 'nom' => null, |
7 | 'grpauth' => null, | |
8 | 'perms' => null); | |
9 | static public function behavior_coreBlogConstruct(&$blog) { | |
10 | global $core; | |
11 | $core->auth->sudo(array($core->auth, 'updateUserPerms'), $blog); | |
12 | } | |
13 | ||
1759942c | 14 | |
e105d162 FB |
15 | public function __construct(&$core) { |
16 | parent::__construct($core); | |
f525ba66 | 17 | $core->addBehavior('coreBlogConstruct', array('xorgAuth', 'behavior_coreBlogConstruct')); |
e105d162 FB |
18 | } |
19 | ||
f33c2acf | 20 | public function buildFromSession() { |
e105d162 | 21 | global $core; |
001b27af | 22 | @header('Last-Modified:'); |
e105d162 FB |
23 | if (!isset($core) || !isset($core->session)) { |
24 | return; | |
25 | } | |
5a64dfac FB |
26 | if (!session_id()) { |
27 | $core->session->start(); | |
28 | } | |
001b27af FB |
29 | $user = @$_SESSION['auth-xorg']; |
30 | if ($user && is_null($this->xorg_infos['forlife'])) { | |
1759942c FB |
31 | foreach ($this->xorg_infos as $key => $val) { |
32 | $this->xorg_infos[$key] = $_SESSION['auth-xorg-' . $key]; | |
33 | } | |
001b27af | 34 | $this->user_id = $user; |
16237aee | 35 | parent::checkUser($this->user_id); |
f4aeade7 | 36 | $core->getUserBlogs(); |
1759942c FB |
37 | } |
38 | } | |
39 | ||
f33c2acf FB |
40 | public function createUser() { |
41 | global $core; | |
42 | if (!$core->userExists($_SESSION['auth-xorg'])) { | |
43 | $cur = new cursor($this->con, 'dc_user'); | |
44 | $cur->user_id = $_SESSION['auth-xorg']; | |
45 | $cur->user_pwd = md5(rand()); | |
46 | $cur->user_lang = 'fr'; | |
47 | $cur->user_name = $_SESSION['auth-xorg-nom']; | |
48 | $cur->user_firstname = $_SESSION['auth-xorg-prenom']; | |
49 | $cur->user_displayname = $cur->user_firstname . ' ' . $cur->user_name; | |
50 | $cur->user_email = $_SESSION['auth-xorg'] . '@polytechnique.org'; | |
51 | $cur->user_options = $core->userDefaults(); | |
52 | $cur->user_options['post_xorg_perms'] = 'public'; | |
53 | $cur->user_default_blog = 'default'; // FIXME | |
54 | $core->addUser($cur); | |
55 | } | |
56 | } | |
57 | ||
f525ba66 | 58 | public function updateUserPerms(&$blog) { |
f33c2acf | 59 | global $core; |
f525ba66 FB |
60 | $this->buildFromSession(); |
61 | if (!isset($_SESSION['auth-xorg'])) { | |
62 | return; | |
63 | } | |
64 | $type = $blog->settings->get('xorg_blog_type'); | |
65 | $owner = $blog->settings->get('xorg_blog_owner'); | |
66 | $level = $this->xorg_infos['grpauth']; | |
67 | if (($type == 'group-admin' || $type == 'group-member') && $level == 'admin') { | |
68 | if ($owner != $_SESSION['xorg-group']) { | |
69 | return; | |
70 | } | |
71 | $perms = array('usage' => true, | |
72 | 'contentadmin' => true, | |
73 | 'admin' => true); | |
74 | } else if ($type == 'group-member' && $level == 'membre') { | |
75 | if ($owner != $_SESSION['xorg-group']) { | |
76 | return; | |
77 | } | |
78 | $perms = array('usage' => true); | |
79 | } else if ($type == 'user' && $owner == $this->xorg_infos['forlife']) { | |
80 | $perms = array('usage' => true, | |
81 | 'contentadmin' => true, | |
82 | 'admin' => true); | |
83 | } else { | |
84 | $perms = array(); | |
85 | } | |
86 | /* echo $level; | |
87 | echo "Setting perms : " . $_SESSION['auth-xorg'] . ' ' . $blog->id . '<br/>'; | |
88 | var_dump($perms);*/ | |
f33c2acf | 89 | $core->setUserBlogPermissions($_SESSION['auth-xorg'], |
f525ba66 FB |
90 | $blog->id, |
91 | $perms); | |
f33c2acf FB |
92 | } |
93 | ||
94 | ||
95 | /** Xorg SSO API */ | |
96 | ||
e105d162 FB |
97 | public function callXorg($path = null) { |
98 | if (is_null($path)) { | |
99 | $path = $_SERVER['REQUEST_URI']; | |
100 | } | |
101 | $this->buildFromSession(); | |
be74d9bd | 102 | if (@$_SESSION['auth-xorg']) { |
e105d162 | 103 | return true; |
be74d9bd | 104 | } |
9d447124 | 105 | global $core; |
5a64dfac FB |
106 | if (!session_id()) { |
107 | $core->session->start(); | |
001b27af | 108 | } |
be74d9bd FB |
109 | $_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1)); |
110 | $url = "https://www.polytechnique.org/auth-groupex/utf8"; | |
111 | $url .= "?session=" . session_id(); | |
112 | $url .= "&challenge=" . $_SESSION["auth-x-challenge"]; | |
113 | $url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY); | |
f525ba66 FB |
114 | $type = $core->blog->settings->get('xorg_blog_type'); |
115 | if ($type == 'group-member' || $type == 'group-admin') { | |
116 | $_SESSION['xorg-group'] = $core->blog->settings->get('xorg_blog_owner'); | |
117 | $url .= '&group=' . $core->blog->settings->get('xorg_blog_owner'); | |
118 | } else { | |
119 | unset($_SESSION['xorg-group']); | |
120 | } | |
9d447124 | 121 | $url .= "&url=" . urlencode($core->blog->url . "auth/XorgReturn?path=" . $path); |
be74d9bd FB |
122 | session_write_close(); |
123 | header("Location: $url"); | |
124 | exit; | |
125 | } | |
126 | ||
127 | public function returnXorg() { | |
128 | if (!isset($_GET['auth'])) { | |
129 | return false; | |
130 | } | |
131 | $params = ''; | |
e105d162 | 132 | global $core; |
001b27af FB |
133 | $_COOKIE[DC_SESSION_NAME] = $_GET['PHPSESSID']; |
134 | unset($_GET['PHPSESSID']); | |
fc802c03 | 135 | if (!session_id()) { |
5a64dfac FB |
136 | $core->session->start(); |
137 | } | |
be74d9bd FB |
138 | foreach($this->xorg_infos as $key => $val) { |
139 | if(!isset($_GET[$key])) { | |
140 | return false; | |
141 | } | |
142 | $_SESSION['auth-xorg-' . $key] = $_GET[$key]; | |
be74d9bd FB |
143 | $params .= $_GET[$key]; |
144 | } | |
145 | if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) { | |
146 | unset($_GET['auth']); | |
a1a69528 FB |
147 | $_SESSION['sess_user_id'] = $_SESSION['auth-xorg'] = $_GET['forlife']; |
148 | $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); | |
149 | $_SESSION['sess_blog_id'] = 'default'; | |
f33c2acf | 150 | $this->sudo(array($this, 'createUser')); |
001b27af | 151 | $path = $_GET['path']; |
c0556a51 | 152 | header("Location: http://murphy.m4x.org" . $_GET['path']); |
e105d162 | 153 | exit; |
be74d9bd | 154 | } |
a1a69528 FB |
155 | unset($_SESSION['auth-xorg']); |
156 | unset($_SESSION['sess_user_id']); | |
be74d9bd | 157 | unset($_GET['auth']); |
e105d162 | 158 | echo "Failed !!!"; |
be74d9bd FB |
159 | return false; |
160 | } | |
161 | ||
162 | public function killSession() { | |
e105d162 | 163 | global $core; |
5a64dfac FB |
164 | if (!session_id()) { |
165 | $core->session->start(); | |
166 | } | |
e105d162 | 167 | $core->session->destroy(); |
9d447124 | 168 | header('Location: ' . $core->blog->url); |
be74d9bd FB |
169 | exit; |
170 | } | |
a1a69528 | 171 | |
f33c2acf FB |
172 | |
173 | /** Dotclear dcAuth API */ | |
174 | ||
ccfabbd3 | 175 | public function checkUser($user_id, $pwd = null, $user_key = null) { |
16237aee | 176 | return $this->callXorg(); |
ccfabbd3 FB |
177 | } |
178 | ||
179 | public function check($permissions, $blog_id) { | |
180 | $this->buildFromSession(); | |
f525ba66 | 181 | return $this->isSuperAdmin() || parent::check($permissions, $blog_id); |
ccfabbd3 FB |
182 | } |
183 | ||
0ff09dcb FB |
184 | public function checkPassword($pwd) { |
185 | $this->buildFromSession(); | |
186 | return !empty($this->user_id); | |
187 | } | |
188 | ||
a1a69528 FB |
189 | public function allowPassChange() { |
190 | return false; | |
191 | } | |
192 | ||
193 | public function userID() { | |
194 | $this->buildFromSession(); | |
ccfabbd3 | 195 | return parent::userID(); |
a1a69528 FB |
196 | } |
197 | ||
198 | public function getPermissions() { | |
ccfabbd3 FB |
199 | $this->buildFromSession(); |
200 | return parent::getPermissions(); | |
a1a69528 FB |
201 | } |
202 | ||
203 | public function getInfo($n) { | |
ccfabbd3 FB |
204 | $this->buildFromSession(); |
205 | return parent::getInfo($n); | |
abb4dd42 FB |
206 | } |
207 | ||
208 | public function getOption($n) { | |
ccfabbd3 FB |
209 | $this->buildFromSession(); |
210 | return parent::getOption($n); | |
a1a69528 | 211 | } |
7d26c37d | 212 | |
a1a69528 | 213 | public function isSuperAdmin() { |
f525ba66 FB |
214 | // var_dump($this->xorg_infos); |
215 | return parent::isSuperAdmin() || $this->xorg_infos['perms'] == 'admin'; | |
abb4dd42 | 216 | } |
7d26c37d | 217 | |
abb4dd42 | 218 | public function getOptions() { |
ccfabbd3 FB |
219 | $this->buildFromSession(); |
220 | return parent::getOptions(); | |
a1a69528 | 221 | } |
001b27af FB |
222 | |
223 | public function authForm() { | |
224 | global $core; | |
225 | $path = "http://murphy.m4x.org/~x2003bruneau/dotclear/"; | |
226 | return '<fieldset>'. | |
227 | '<p><a href="' . $path . 'auth/Xorg?path=/~x2003bruneau/dotclear/admin/index.php">Via Polytechnique.org</a></p>' . | |
001b27af FB |
228 | '</fieldset>'. |
229 | '<p>'.__('You must accept cookies in order to use the private area.').'</p>'; | |
230 | } | |
3f6bc75f FB |
231 | } |
232 | ||
233 | ?> |