babolivier
/
moodle_macaroons
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
Moodle authentication plugin for Macaroons
3 Commit
1 分支
目錄樹: 429555b62d
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '429555b62d'
${ noResults }
moodle_macaroons/auth.php

auth.php 5.2KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 
  1. <?php

  2. // This file is part of Moodle - http://moodle.org/

  3. //

  4. // Moodle is free software: you can redistribute it and/or modify

  5. // it under the terms of the GNU General Public License as published by

  6. // the Free Software Foundation, either version 3 of the License, or

  7. // (at your option) any later version.

  8. //

  9. // Moodle is distributed in the hope that it will be useful,

  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of

  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12. // GNU General Public License for more details.

  13. //

  14. // You should have received a copy of the GNU General Public License

  15. // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

  16. 

  17. /**

  18.  * Authentication plugin: Macaroons

  19.  *

  20.  * Macaroons: Cookies with Contextual Caveats for Decentralized Authorization

  21.  *

  22.  * @package auth_macaroons

  23.  * @author Brendan Abolivier

  24.  * @license http://www.gnu.org/copyleft/gpl.html GNU Public License

  25.  */

  26. 

  27. defined('MOODLE_INTERNAL') || die();

  28. 

  29. require_once($CFG->libdir.'/authlib.php');

  30. 

  31. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Macaroon.php');

  32. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Caveat.php');

  33. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Packet.php');

  34. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Utils.php');

  35. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Verifier.php');

  36. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/CaveatUnsatisfiedException.php');

  37. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/InvalidMacaroonKeyException.php');

  38. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/SignatureMismatchException.php');

  39. 

  40. use Macaroons\Macaroon;

  41. use Macaroons\Verifier;

  42. 

  43. 

  44. /**

  45.  * Plugin for no authentication.

  46.  */

  47. class auth_plugin_macaroons extends auth_plugin_base {

  48. 

  49. 	/**

  50. 	 * Constructor.

  51. 	 */

  52. 	public function __construct() {

  53. 		$this->authtype = 'macaroons';

  54. 	}

  55. 

  56. 	function loginpage_hook() {

  57. 		global $message, $DB;

  58. 		$message = "";

  59. 		if(!empty($_COOKIE['das-macaroon'])) {

  60. 			try {

  61. 				$m = Macaroon::deserialize($_COOKIE['das-macaroon']);

  62. 				$v = new Verifier();

  63. 				$v->setCallbacks([

  64. 					function($a) {

  65. 						return !strcmp($a, "status = student");

  66. 					}

  67. 				]);

  68. 				if($v->verify($m, "pocsecret")) {

  69. 					$name = explode(";", $m->getIdentifier());

  70. 					$username = join("", $name);

  71. 					$user = authenticate_user_login($username, sesskey());

  72. 

  73. 

  74. 					if($user) {

  75. 						$user->firstname = $name[0];

  76. 						$user->lastname = $name[1];

  77. 						$user->email = $username."@brendanabolivier.com";

  78. //						var_dump($user);

  79. 						$DB->update_record('user', $user);

  80. 						complete_user_login($user);

  81. 					}

  82. 				}

  83. 			} catch(Exception $e) {

  84. 				$message = $e->getMessage();

  85. 			}

  86. 		}

  87. 	}

  88. 

  89. 	/**

  90. 	 * Old syntax of class constructor. Deprecated in PHP7.

  91. 	 *

  92. 	 * @deprecated since Moodle 3.1

  93. 	 */

  94. 	public function auth_plugin_macaroons() {

  95. 		debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER);

  96. 		self::__construct();

  97. 	}

  98. 

  99. 	/**

  100. 	 * Returns true if the username and password work or don't exist and false

  101. 	 * if the user exists and the password is wrong.

  102. 	 *

  103. 	 * @param string $username The username

  104. 	 * @param string $password The password

  105. 	 * @return bool Authentication success or failure.

  106. 	 */

  107. 	function user_login ($username, $password) {

  108. 		global $message;

  109. 		if(!empty($message)) {

  110. 			return false;

  111. 		} elseif(!empty($_COOKIE['das-macaroon'])) {

  112. 			return true;

  113. 		}

  114. 	}

  115. 

  116. 	/**

  117. 	 * Updates the user's password.

  118. 	 *

  119. 	 * called when the user password is updated.

  120. 	 *

  121. 	 * @param  object  $user		User table object

  122. 	 * @param  string  $newpassword Plaintext password

  123. 	 * @return boolean result

  124. 	 *

  125. 	 */

  126. 	function user_update_password($user, $newpassword) {

  127. 		$user = get_complete_user_data('id', $user->id);

  128. 		// This will also update the stored hash to the latest algorithm

  129. 		// if the existing hash is using an out-of-date algorithm (or the

  130. 		// legacy md5 algorithm).

  131. 		return update_internal_user_password($user, $newpassword);

  132. 	}

  133. 

  134. 	function prevent_local_passwords() {

  135. 		return false;

  136. 	}

  137. 

  138. 	/**

  139. 	 * Returns true if this authentication plugin is 'internal'.

  140. 	 *

  141. 	 * @return bool

  142. 	 */

  143. 	function is_internal() {

  144. 		return false;

  145. 	}

  146. 

  147. 	/**

  148. 	 * Returns true if this authentication plugin can change the user's

  149. 	 * password.

  150. 	 *

  151. 	 * @return bool

  152. 	 */

  153. 	function can_change_password() {

  154. 		return true;

  155. 	}

  156. 

  157. 	/**

  158. 	 * Returns the URL for changing the user's pw, or empty if the default can

  159. 	 * be used.

  160. 	 *

  161. 	 * @return moodle_url

  162. 	 */

  163. 	function change_password_url() {

  164. 		return null;

  165. 	}

  166. 

  167. 	/**

  168. 	 * Returns true if plugin allows resetting of internal password.

  169. 	 *

  170. 	 * @return bool

  171. 	 */

  172. 	function can_reset_password() {

  173. 		return true;

  174. 	}

  175. 

  176. 	/**

  177. 	 * Returns true if plugin can be manually set.

  178. 	 *

  179. 	 * @return bool

  180. 	 */

  181. 	function can_be_manually_set() {

  182. 		return true;

  183. 	}

  184. 

  185. 	/**

  186. 	 * Prints a form for configuring this authentication plugin.

  187. 	 *

  188. 	 * This function is called from admin/auth.php, and outputs a full page with

  189. 	 * a form for configuring this plugin.

  190. 	 *

  191. 	 * @param array $page An object containing all the data for this page.

  192. 	function config_form($config, $err, $user_fields) {

  193. 		include "config.html";

  194. 	}

  195. 	 */

  196. 

  197. 	/**

  198. 	 * Processes and stores configuration data for this authentication plugin.

  199. 	 */

  200. 	function process_config($config) {

  201. 		return true;

  202. 	}

  203. 

  204. }

  205.