Skip to content
Snippets Groups Projects
Select Git revision
  • 2d0e78c1576b2311bf209461dbd554bccc2f8369
  • master default
2 results

AuthRemoteuser.body.php

Blame
  • user avatar
    Andreas Fink authored
    2d0e78c1
    History
    Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    AuthRemoteuser.body.php 6.47 KiB
    <?php
    /**
     * This program is free software; you can redistribute it and/or modify
     * it under the terms of the GNU General Public License as published by
     * the Free Software Foundation; either version 2 of the License, or
     * (at your option) any later version.
     *
     * This program is distributed in the hope that it will be useful,
     * but WITHOUT ANY WARRANTY; without even the implied warranty of
     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
     * GNU General Public License for more details.
     *
     * You should have received a copy of the GNU General Public License along
     * with this program; if not, write to the Free Software Foundation, Inc.,
     * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
     * http://www.gnu.org/copyleft/gpl.html
     *
     * @file
     */
    
    use MediaWiki\Session\SessionInfo;
    use MediaWiki\Session\UserInfo;
    
    /**
     * Session provider for apache/authz authenticated users.
     *
     * Class AuthRemoteuser
     */
    class AuthRemoteuser extends MediaWiki\Session\ImmutableSessionProviderWithCookie {
    
        /**
         * @param array $params Keys include:
         *  - priority: (required) Set the priority
         *  - sessionCookieName: Session cookie name. Default is '_AuthRemoteuserSession'.
         *  - sessionCookieOptions: Options to pass to WebResponse::setCookie().
         */
        public function __construct(array $params = []) {
            if (!isset($params['sessionCookieName'])) {
                $params['sessionCookieName'] = '_AuthRemoteuserSession';
            }
            parent::__construct( $params );
    
            if ( !isset( $params['priority'] ) ) {
                throw new \InvalidArgumentException(__METHOD__ . ': priority must be specified');
            }
            if ($params['priority'] < SessionInfo::MIN_PRIORITY ||
                $params['priority'] > SessionInfo::MAX_PRIORITY
            ) {
                throw new \InvalidArgumentException(__METHOD__ . ': Invalid priority');
            }
    
            $this->priority = $params['priority'];
        }
    
        /**
         * @inheritDoc
         */
        public function provideSessionInfo(WebRequest $request)
        {
            // Have a session ID?
            $id = $this->getSessionIdFromCookie($request);
            if (null === $id) {
                $username = $this->getRemoteUsername();
                $sessionInfo = $this->newSessionForRequest($username, $request);
    
                return $sessionInfo;
            }
    
            $sessionInfo = new SessionInfo($this->priority, [
                'provider' => $this,
                'id' => $id,
                'persisted' => true
            ]);
    
            return $sessionInfo;
        }
    
        /**
         * @inheritDoc
         */
        public function newSessionInfo($id = null)
        {
            return null;
        }
    
        /**
         * @param $username
         * @param WebRequest $request
         * @return SessionInfo
         */
        protected function newSessionForRequest($username, WebRequest $request)
        {
            $id = $this->getSessionIdFromCookie($request);
    
            $user = User::newFromName($username, 'usable');
            if (!$user) {
                throw new \InvalidArgumentException('Invalid user name');
            }
    
            $this->initUser($user, $username);
    
            $info = new SessionInfo(SessionInfo::MAX_PRIORITY, [
                'provider' => $this,
                'id' => $id,
                'userInfo' => UserInfo::newFromUser($user, true),
                'persisted' => false
            ]);
            $session = $this->getManager()->getSessionFromInfo($info, $request);
            $session->persist();
    
            return $info;
        }
    
        /**
         * When creating a user account, optionally fill in
         * preferences and such.  For instance, you might pull the
         * email address or real name from the external user database.
         *
         * @param $user User object.
         * @param $autocreate bool
         */
        protected function initUser(&$user, $username)
        {
            if (Hooks::run("AuthRemoteUserInitUser",
                array($user, true))
            ) {
                // Check if above hook or some other effect (e.g.: https://phabricator.wikimedia.org/T95839 )
                // already created a user in the db. If so, reuse that one.
                $userFromDb = $user->getInstanceForUpdate();
                if (null !== $userFromDb) {
                    $user = $user->getInstanceForUpdate();
                }
    
                $this->setRealName($user);
    
                $this->setEmail($user, $username);
    
                $user->mEmailAuthenticated = wfTimestampNow();
                $user->setToken();
    
                $this->setNotifications($user);
            }
    
            $user->saveSettings();
        }
    
        /**
         * Sets the real name of the user.
         *
         * @param User
         */
        protected function setRealName(User $user)
        {
            global $wgAuthRemoteuserName;
    
            if ($wgAuthRemoteuserName) {
                $user->setRealName($wgAuthRemoteuserName);
            } else {
                $user->setRealName('');
            }
        }
    
        /**
         * Return the username to be used.  Empty string if none.
         *
         * @return string
         */
        protected function getRemoteUsername()
        {
            global $wgAuthRemoteuserEnvVariable;
            global $wgAuthRemoteuserDomain;
    
            if (isset($_SERVER[$wgAuthRemoteuserEnvVariable])) {
                $username = $_SERVER[$wgAuthRemoteuserEnvVariable];
    
                if ($wgAuthRemoteuserDomain) {
                    $username = str_replace("$wgAuthRemoteuserDomain\\",
                        "", $username);
                    $username = str_replace("@$wgAuthRemoteuserDomain",
                        "", $username);
                }
            } else {
                $username = "";
            }
    
            return $username;
        }
    
        /**
         * Sets the email address of the user.
         *
         * @param User
         * @param String username
         */
        protected function setEmail(User $user, $username)
        {
            global $wgAuthRemoteuserMail, $wgAuthRemoteuserMailDomain;
    
            if ($wgAuthRemoteuserMail) {
                $user->setEmail($wgAuthRemoteuserMail);
            } elseif ($wgAuthRemoteuserMailDomain) {
                $user->setEmail($username . '@' .
                    $wgAuthRemoteuserMailDomain);
            } else {
                $user->setEmail($username . "@example.com");
            }
        }
    
        /**
         * Set up notifications for the user.
         *
         * @param User
         */
        protected function setNotifications(User $user)
        {
            global $wgAuthRemoteuserNotify;
    
            // turn on e-mail notifications
            if ($wgAuthRemoteuserNotify) {
                $user->setOption('enotifwatchlistpages', 1);
                $user->setOption('enotifusertalkpages', 1);
                $user->setOption('enotifminoredits', 1);
                $user->setOption('enotifrevealaddr', 1);
            }
        }
    
    
    }