Commit ed690615 authored by Craig Andrews's avatar Craig Andrews

Added a User_username table that links the external username with a StatusNet user_id

Added EmailAuthenticationPlugin
Added ReverseUsernameAuthenticationPlugin
Changed the StartChangePassword and EndChangePassword events to take a user, instead of a nickname
User::allowed_nickname was declared non-static, but used as if it was static, so I made the declaration static
parent cefbad01
......@@ -528,12 +528,12 @@ EndCheckPassword: After checking a username/password pair
- $authenticatedUser: User object if credentials match a user, else null.
StartChangePassword: Before changing a password
- $nickname: user's nickname
- $user: user
- $oldpassword: the user's old password
- $newpassword: the desired new password
EndChangePassword: After changing a password
- $nickname: user's nickname
- $user: user
UserDeleteRelated: Specify additional tables to delete entries from when deleting users
- $user: User object
......
......@@ -170,7 +170,7 @@ class PasswordsettingsAction extends AccountSettingsAction
}
$success = false;
if(! Event::handle('StartChangePassword', array($user->nickname, $oldpassword, $newpassword))){
if(! Event::handle('StartChangePassword', array($user, $oldpassword, $newpassword))){
//no handler changed the password, so change the password internally
$original = clone($user);
......@@ -186,7 +186,7 @@ class PasswordsettingsAction extends AccountSettingsAction
$this->serverError(_('Can\'t save new password.'));
return;
}
Event::handle('EndChangePassword', array($nickname));
Event::handle('EndChangePassword', array($user));
}
$this->showForm(_('Password saved.'), true);
......
......@@ -114,7 +114,7 @@ class User extends Memcached_DataObject
return $result;
}
function allowed_nickname($nickname)
static function allowed_nickname($nickname)
{
// XXX: should already be validated for size, content, etc.
$blacklist = common_config('nickname', 'blacklist');
......@@ -190,7 +190,17 @@ class User extends Memcached_DataObject
$profile->query('BEGIN');
if(!empty($email))
{
$email = common_canonical_email($email);
}
$nickname = common_canonical_nickname($nickname);
$profile->nickname = $nickname;
if(! User::allowed_nickname($nickname)){
common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname),
__FILE__);
}
$profile->profileurl = common_profile_url($nickname);
if (!empty($fullname)) {
......@@ -242,6 +252,10 @@ class User extends Memcached_DataObject
}
}
if(isset($email_confirmed) && $email_confirmed) {
$user->email = $email;
}
// This flag is ignored but still set to 1
$user->inboxed = 1;
......
......@@ -566,3 +566,13 @@ modified = 384
user_id = K
token = K
[user_username]
user_id = 129
provider_name = 130
username = 130
created = 142
modified = 384
[user_username__keys]
provider_name = K
username = K
......@@ -68,7 +68,6 @@ function getPath($req)
*/
function handleError($error)
{
//error_log(print_r($error,1));
if ($error->getCode() == DB_DATAOBJECT_ERROR_NODATA) {
return;
}
......
......@@ -1058,6 +1058,7 @@ function common_log($priority, $msg, $filename=null)
}
} else {
common_ensure_syslog();
error_log($msg);
syslog($priority, $msg);
}
}
......
<?php
/**
* Table Definition for user_username
*/
require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
class User_username extends Memcached_DataObject
{
###START_AUTOCODE
/* the code below is auto generated do not remove the above tag */
public $__table = 'user_username'; // table name
public $user_id; // int(4) not_null
public $provider_name; // varchar(255) primary_key not_null
public $username; // varchar(255) primary_key not_null
public $created; // datetime() not_null
public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP
/* Static get */
function staticGet($k,$v=null)
{ return Memcached_DataObject::staticGet('User_username',$k,$v); }
/* the code above is auto generated do not remove the tag below */
###END_AUTOCODE
}
<?php
/**
* StatusNet, the distributed open-source microblogging tool
*
* Plugin that uses the email address as a username, and checks the password as normal
*
* PHP version 5
*
* LICENCE: This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Plugin
* @package StatusNet
* @author Craig Andrews <candrews@integralblue.com>
* @copyright 2009 Craig Andrews http://candrews.integralblue.com
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
if (!defined('STATUSNET') && !defined('LACONICA')) {
exit(1);
}
class EmailAuthenticationPlugin extends Plugin
{
//---interface implementation---//
function onStartCheckPassword($nickname, $password, &$authenticatedUser)
{
if(strpos($nickname, '@'))
{
$user = User::staticGet('email',$nickname);
if($user && isset($user->email))
{
if(common_check_user($user->nickname,$password))
{
$authenticatedUser = $user;
return false;
}
}
}
}
}
The Email Authentication plugin allows users to login using their email address.
The provided email address is used to lookup the user's nickname, then that nickname and the provided password is checked.
Installation
============
add "addPlugin('emailAuthentication');" to the bottom of your config.php
......@@ -48,20 +48,31 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
public $scope=null;
public $attributes=array();
function __construct()
{
parent::__construct();
function onInitializePlugin(){
parent::onInitializePlugin();
if(!isset($this->host)){
throw new Exception("must specify a host");
}
if(!isset($this->basedn)){
throw new Exception("must specify a basedn");
}
if(!isset($this->attributes['nickname'])){
throw new Exception("must specify a nickname attribute");
}
if(!isset($this->attributes['username'])){
throw new Exception("must specify a username attribute");
}
}
//---interface implementation---//
function checkPassword($nickname, $password)
function checkPassword($username, $password)
{
$ldap = $this->ldap_get_connection();
if(!$ldap){
return false;
}
$entry = $this->ldap_get_user($nickname);
$entry = $this->ldap_get_user($username);
if(!$entry){
return false;
}else{
......@@ -76,48 +87,33 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
}
}
function autoRegister($nickname)
function autoRegister($username)
{
$entry = $this->ldap_get_user($nickname,$this->attributes);
$entry = $this->ldap_get_user($username,$this->attributes);
if($entry){
$registration_data = array();
foreach($this->attributes as $sn_attribute=>$ldap_attribute){
if($sn_attribute=='email'){
$registration_data[$sn_attribute]=common_canonical_email($entry->getValue($ldap_attribute,'single'));
}else if($sn_attribute=='nickname'){
$registration_data[$sn_attribute]=common_canonical_nickname($entry->getValue($ldap_attribute,'single'));
}else{
$registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single');
}
$registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single');
}
if(isset($registration_data['email']) && !empty($registration_data['email'])){
$registration_data['email_confirmed']=true;
}
//set the database saved password to a random string.
$registration_data['password']=common_good_rand(16);
$user = User::register($registration_data);
return true;
return User::register($registration_data);
}else{
//user isn't in ldap, so we cannot register him
return null;
return false;
}
}
function changePassword($nickname,$oldpassword,$newpassword)
function changePassword($username,$oldpassword,$newpassword)
{
//TODO implement this
throw new Exception(_('Sorry, changing LDAP passwords is not supported at this time'));
return false;
}
function canUserChangeField($nickname, $field)
{
switch($field)
{
case 'password':
case 'nickname':
case 'email':
return false;
}
}
//---utility functions---//
function ldap_get_config(){
......@@ -159,7 +155,7 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
*/
function ldap_get_user($username,$attributes=array()){
$ldap = $this->ldap_get_connection();
$filter = Net_LDAP2_Filter::create($this->attributes['nickname'], 'equals', $username);
$filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username);
$options = array(
'scope' => 'sub',
'attributes' => $attributes
......
......@@ -6,7 +6,8 @@ add "addPlugin('ldapAuthentication', array('setting'=>'value', 'setting2'=>'valu
Settings
========
authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check the any other plugins or the internal password database).
provider_name*: a unique name for this authentication provider.
authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check any other plugins or the internal password database).
autoregistration (false): Set to true if users should be automatically created when they attempt to login.
email_changeable (true): Are users allowed to change their email address? (true or false)
password_changeable (true): Are users allowed to change their passwords? (true or false)
......@@ -23,6 +24,7 @@ filter: Default search filter. See http://pear.php.net/manual/en/package.network
scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
attributes: an array with the key being the StatusNet user attribute name, and the value the LDAP attribute name
username*
nickname*
email
fullname
......@@ -37,6 +39,7 @@ Example
Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory.
addPlugin('ldapAuthentication', array(
'provider_name'=>'Example',
'authoritative'=>true,
'autoregistration'=>true,
'binddn'=>'username',
......
The Reverse Username Authentication plugin allows for StatusNet to handle authentication by checking if the provided password is the same as the reverse of the username.
THIS PLUGIN IS FOR TESTING PURPOSES ONLY
Installation
============
add "addPlugin('reverseUsernameAuthentication', array('setting'=>'value', 'setting2'=>'value2', ...);" to the bottom of your config.php
Settings
========
provider_name*: a unique name for this authentication provider.
password_changeable*: must be set to false. This plugin does not support changing passwords.
authoritative (false): Set to true if this plugin's responses are authoritative (meaning if this fails, do check any other plugins or the internal password database).
autoregistration (false): Set to true if users should be automatically created when they attempt to login.
* required
default values are in (parenthesis)
Example
=======
addPlugin('reverseUsernameAuthentication', array(
'provider_name'=>'Example',
'password_changeable'=>false,
'authoritative'=>true,
'autoregistration'=>true
));
<?php
/**
* StatusNet, the distributed open-source microblogging tool
*
* Plugin that checks if the password is the reverse of username
*
* PHP version 5
*
* LICENCE: This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Plugin
* @package StatusNet
* @author Craig Andrews <candrews@integralblue.com>
* @copyright 2009 Craig Andrews http://candrews.integralblue.com
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
if (!defined('STATUSNET') && !defined('LACONICA')) {
exit(1);
}
require_once INSTALLDIR.'/plugins/Authentication/AuthenticationPlugin.php';
class ReverseUsernameAuthenticationPlugin extends AuthenticationPlugin
{
//---interface implementation---//
function onInitializePlugin(){
parent::onInitializePlugin();
if(!isset($this->password_changeable) && $this->password_changeable){
throw new Exception("password_changeable cannot be set to true. This plugin does not support changing passwords.");
}
}
function checkPassword($username, $password)
{
return $username == strrev($password);
}
function autoRegister($username)
{
$registration_data = array();
$registration_data['nickname'] = $username ;
return User::register($registration_data);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment