Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

Add some logging and an ominous warning :-)

Browse source
This commit is contained in:
Ricky Zhou (周家杰) 2009-07-26 10:19:31 -04:00
parent 810cc7ef9c
commit d8ef5c36ac
1 changed files with 97 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

185
scripts/Auth_FAS_MediaWiki/Auth_FAS.php
View file

@ -1,115 +1,124 @@
<?php <?php
require_once('AuthPlugin.php'); require_once('AuthPlugin.php');
class Auth_FAS extends AuthPlugin { class Auth_FAS extends AuthPlugin {
function authenticate($username, $password) { function authenticate($username, $password) {
if ( ucfirst(strtolower($username)) != ucfirst($username) ) { if ( ucfirst(strtolower($username)) != ucfirst($username) ) {
return false; return false;
} }
$username = strtolower( $username); $username = strtolower( $username);
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://admin.fedoraproject.org/accounts/json/person_by_username?tg_format=json'); curl_setopt($ch, CURLOPT_URL, 'https://admin.fedoraproject.org/accounts/json/person_by_username?tg_format=json');
curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Auth_FAS 0.9"); curl_setopt($ch, CURLOPT_USERAGENT, "Auth_FAS 0.9");
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login"); curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
# The following two lines need to be enabled when using a test FAS
# with an invalid cert. Otherwise they should be commented (or
# set to True) for security.
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
$response = json_decode(curl_exec($ch), true);
curl_close ($ch);
if (!isset($response["success"])) return false; # WARNING: Never leave this on in production, as it will cause
# plaintext passwords to show up in error logs.
curl_setopt($ch, CURLOPT_VERBOSE, 0);
$groups = $response["person"]["approved_memberships"]; # The following two lines need to be enabled when using a test FAS
# with an invalid cert. Otherwise they should be commented (or
# set to True) for security.
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
#curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
$response = json_decode(curl_exec($ch), true);
curl_close ($ch);
for ($i = 0, $cnt = count($groups); $i < $cnt; $i++) { if (!isset($response["success"])) {
if ($groups[$i]["name"] == "cla_done") { fwrite(STDERR, "FAS auth failed for $username: incorrect username or password\n");
return true; return false;
} }
}
return false;
}
function userExists( $username ) { $groups = $response["person"]["approved_memberships"];
if ( ucfirst(strtolower($username)) != ucfirst($username) ) {
return false;
}
return true;
}
function modifyUITemplate(&$template) { for ($i = 0, $cnt = count($groups); $i < $cnt; $i++) {
$template->set('create', false); if ($groups[$i]["name"] == "cla_done") {
$template->set('useemail', false); fwrite(STDERR, "FAS auth succeeded for $username\n");
$template->set('usedomain', false); return true;
} }
}
function updateUser( &$user ){ fwrite(STDERR, "FAS auth failed for $username: insufficient group membership\n");
$user->mEmail = strtolower($user->getName())."@fedoraproject.org"; return false;
return true; }
}
function autoCreate() { function userExists( $username ) {
return true; if ( ucfirst(strtolower($username)) != ucfirst($username) ) {
} return false;
}
return true;
}
function setPassword($password) { function modifyUITemplate(&$template) {
return false; $template->set('create', false);
} $template->set('useemail', false);
$template->set('usedomain', false);
}
function setDomain( $domain ) { function updateUser( &$user ){
$this->domain = $domain; $user->mEmail = strtolower($user->getName())."@fedoraproject.org";
} return true;
}
function validDomain( $domain ) { function autoCreate() {
return true; return true;
} }
function updateExternalDB($user) { function setPassword($password) {
return true; return false;
} }
function canCreateAccounts() { function setDomain( $domain ) {
return false; $this->domain = $domain;
} }
function addUser($user, $password) { function validDomain( $domain ) {
return true; return true;
} }
function strict() { function updateExternalDB($user) {
return true; return true;
} }
function strictUserAuth( $username ) { function canCreateAccounts() {
return true; return false;
} }
function allowPasswordChange() { function addUser($user, $password) {
return false; return true;
} }
function initUser(&$user) { function strict() {
$user->mEmail = strtolower($user->getName())."@fedoraproject.org"; return true;
$user->mEmailAuthenticated = wfTimestampNow(); }
$user->setToken();
$user->saveSettings(); function strictUserAuth( $username ) {
return true; return true;
} }
}
function allowPasswordChange() {
return false;
}
function initUser(&$user) {
$user->mEmail = strtolower($user->getName())."@fedoraproject.org";
$user->mEmailAuthenticated = wfTimestampNow();
$user->setToken();
$user->saveSettings();
return true;
}
}
/** /**
* Some extension information init * Some extension information init
*/ */
$wgExtensionCredits['other'][] = array( $wgExtensionCredits['other'][] = array(
'name' => 'Auth_FAS', 'name' => 'Auth_FAS',
'version' => '0.9.1', 'version' => '0.9.1',
'author' => 'Nigel Jones', 'author' => 'Nigel Jones',
'description' => 'Authorisation plugin allowing login with FAS2 accounts'#, 'description' => 'Authorisation plugin allowing login with FAS2 accounts'
); );
?> ?>