. /** * Anobody can login with any password. * * @package auth_macaroons * @author Brendan Abolivier * @license http://www.gnu.org/copyleft/gpl.html GNU Public License */ defined('MOODLE_INTERNAL') || die(); require_once($CFG->libdir.'/authlib.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Macaroon.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Caveat.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Packet.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Utils.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Verifier.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/CaveatUnsatisfiedException.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/InvalidMacaroonKeyException.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/SignatureMismatchException.php'); use Macaroons\Macaroon; use Macaroons\Verifier; /** * Plugin for no authentication. */ class auth_plugin_macaroons extends auth_plugin_base { /** * Constructor. */ public function __construct() { $this->authtype = 'macaroons'; } function loginpage_hook() { global $message; $message = ""; if(!empty($_COOKIE['das-macaroon'])) { try { $m = Macaroon::deserialize($_COOKIE['das-macaroon']); $frm = new stdClass(); $frm->username = $m->getIdentifier(); $frm->password = 'passwdMacaroons'; $v = new Verifier(); $v->setCallbacks([ function($a) { return !strcmp($a, "status = student"); } ]); if($v->verify($m, "pocsecret")) { $frm = new stdClass(); $frm->username = $m->getIdentifier(); $frm->password = 'passwdMacaroons'; } } catch(Exception $e) { $message = $e->getMessage(); } authenticate_user_login($frm->username, sesskey()); } } /** * Old syntax of class constructor. Deprecated in PHP7. * * @deprecated since Moodle 3.1 */ public function auth_plugin_macaroons() { debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER); self::__construct(); } /** * Returns true if the username and password work or don't exist and false * if the user exists and the password is wrong. * * @param string $username The username * @param string $password The password * @return bool Authentication success or failure. */ function user_login ($username, $password) { global $message; if(!empty($message)) { return false; } elseif(!empty($_COOKIE['das-macaroon'])) { return true; } } /** * Updates the user's password. * * called when the user password is updated. * * @param object $user User table object * @param string $newpassword Plaintext password * @return boolean result * */ function user_update_password($user, $newpassword) { $user = get_complete_user_data('id', $user->id); // This will also update the stored hash to the latest algorithm // if the existing hash is using an out-of-date algorithm (or the // legacy md5 algorithm). return update_internal_user_password($user, $newpassword); } function prevent_local_passwords() { return false; } /** * Returns true if this authentication plugin is 'internal'. * * @return bool */ function is_internal() { return false; } /** * Returns true if this authentication plugin can change the user's * password. * * @return bool */ function can_change_password() { return true; } /** * Returns the URL for changing the user's pw, or empty if the default can * be used. * * @return moodle_url */ function change_password_url() { return null; } /** * Returns true if plugin allows resetting of internal password. * * @return bool */ function can_reset_password() { return true; } /** * Returns true if plugin can be manually set. * * @return bool */ function can_be_manually_set() { return true; } /** * Prints a form for configuring this authentication plugin. * * This function is called from admin/auth.php, and outputs a full page with * a form for configuring this plugin. * * @param array $page An object containing all the data for this page. function config_form($config, $err, $user_fields) { include "config.html"; } */ /** * Processes and stores configuration data for this authentication plugin. */ function process_config($config) { return true; } }