. /** * Authentication plugin: Macaroons * * Macaroons: Cookies with Contextual Caveats for Decentralized Authorization * * @package auth_macaroons * @author Brendan Abolivier * @license http://www.gnu.org/copyleft/gpl.html GNU Public License */ defined('MOODLE_INTERNAL') || die(); require_once($CFG->libdir.'/authlib.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Macaroon.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Caveat.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Packet.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Utils.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Verifier.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/CaveatUnsatisfiedException.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/InvalidMacaroonKeyException.php'); require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/SignatureMismatchException.php'); use Macaroons\Macaroon; use Macaroons\Verifier; /** * Plugin for no authentication. */ class auth_plugin_macaroons extends auth_plugin_base { /** * Constructor. */ public function __construct() { $this->authtype = 'macaroons'; } function loginpage_hook() { global $message, $DB; $message = ""; if(!empty($_COOKIE['das-macaroon'])) { try { $m = Macaroon::deserialize($_COOKIE['das-macaroon']); $v = new Verifier(); $v->setCallbacks([ function($a) { return !strcmp($a, "status = student"); } ]); if($v->verify($m, "pocsecret")) { $name = explode(";", $m->getIdentifier()); $username = join("", $name); $user = authenticate_user_login($username, null); if($user) { $user->firstname = $name[0]; $user->lastname = $name[1]; $user->email = $username."@brendanabolivier.com"; // var_dump($user); $DB->update_record('user', $user); complete_user_login($user); } } } catch(Exception $e) { $message = $e->getMessage(); } } } /** * Old syntax of class constructor. Deprecated in PHP7. * * @deprecated since Moodle 3.1 */ public function auth_plugin_macaroons() { debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER); self::__construct(); } /** * Returns true if the username and password work or don't exist and false * if the user exists and the password is wrong. * * @param string $username The username * @param string $password The password * @return bool Authentication success or failure. */ function user_login ($username, $password) { global $message; if(!empty($message)) { return false; } elseif(!empty($_COOKIE['das-macaroon'])) { return true; } } /** * Updates the user's password. * * called when the user password is updated. * * @param object $user User table object * @param string $newpassword Plaintext password * @return boolean result * */ function user_update_password($user, $newpassword) { $user = get_complete_user_data('id', $user->id); // This will also update the stored hash to the latest algorithm // if the existing hash is using an out-of-date algorithm (or the // legacy md5 algorithm). return update_internal_user_password($user, $newpassword); } function prevent_local_passwords() { return false; } /** * Returns true if this authentication plugin is 'internal'. * * @return bool */ function is_internal() { return false; } /** * Returns true if this authentication plugin can change the user's * password. * * @return bool */ function can_change_password() { return true; } /** * Returns the URL for changing the user's pw, or empty if the default can * be used. * * @return moodle_url */ function change_password_url() { return null; } /** * Returns true if plugin allows resetting of internal password. * * @return bool */ function can_reset_password() { return true; } /** * Returns true if plugin can be manually set. * * @return bool */ function can_be_manually_set() { return true; } /** * Prints a form for configuring this authentication plugin. * * This function is called from admin/auth.php, and outputs a full page with * a form for configuring this plugin. * * @param array $page An object containing all the data for this page. function config_form($config, $err, $user_fields) { include "config.html"; } */ /** * Processes and stores configuration data for this authentication plugin. */ function process_config($config) { return true; } }