Moodle authentication plugin for Macaroons

auth.php 5.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208
  1. <?php
  2. // This file is part of Moodle - http://moodle.org/
  3. //
  4. // Moodle is free software: you can redistribute it and/or modify
  5. // it under the terms of the GNU General Public License as published by
  6. // the Free Software Foundation, either version 3 of the License, or
  7. // (at your option) any later version.
  8. //
  9. // Moodle is distributed in the hope that it will be useful,
  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. // GNU General Public License for more details.
  13. //
  14. // You should have received a copy of the GNU General Public License
  15. // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
  16. /**
  17. * Authentication plugin: Macaroons
  18. *
  19. * Macaroons: Cookies with Contextual Caveats for Decentralized Authorization
  20. *
  21. * @package auth_macaroons
  22. * @author Brendan Abolivier
  23. * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
  24. */
  25. defined('MOODLE_INTERNAL') || die();
  26. require_once($CFG->libdir.'/authlib.php');
  27. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Macaroon.php');
  28. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Caveat.php');
  29. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Packet.php');
  30. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Utils.php');
  31. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Verifier.php');
  32. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/CaveatUnsatisfiedException.php');
  33. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/InvalidMacaroonKeyException.php');
  34. require_once($CFG->dirroot.'/auth/macaroons/Macaroons/Exceptions/SignatureMismatchException.php');
  35. use Macaroons\Macaroon;
  36. use Macaroons\Verifier;
  37. /**
  38. * Plugin for no authentication.
  39. */
  40. class auth_plugin_macaroons extends auth_plugin_base {
  41. /**
  42. * Constructor.
  43. */
  44. public function __construct() {
  45. $this->authtype = 'macaroons';
  46. }
  47. /**
  48. * Old syntax of class constructor. Deprecated in PHP7.
  49. *
  50. * @deprecated since Moodle 3.1
  51. */
  52. public function auth_plugin_macaroons() {
  53. debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER);
  54. self::__construct();
  55. }
  56. function loginpage_hook() {
  57. global $DB, $login, $CFG;
  58. $message = "";
  59. if(!empty($_COOKIE['das-macaroon'])) {
  60. try {
  61. $m = Macaroon::deserialize($_COOKIE['das-macaroon']);
  62. $v = new Verifier();
  63. $v->setCallbacks([
  64. function($a) {
  65. return !strcmp($a, "status = student");
  66. }
  67. ]);
  68. if($v->verify($m, "pocsecret")) {
  69. $name = explode(";", $m->getIdentifier());
  70. $login = join("", $name);
  71. $user = authenticate_user_login($login, null);
  72. if($user) {
  73. $user->firstname = $name[0];
  74. $user->lastname = $name[1];
  75. $user->email = $login."@brendanabolivier.com";
  76. $DB->update_record('user', $user);
  77. complete_user_login($user);
  78. redirect($CFG->wwwroot);
  79. }
  80. }
  81. } catch(Exception $e) {
  82. $message = $e->getMessage();
  83. }
  84. }
  85. }
  86. /**
  87. * Returns true if the username and password work or don't exist and false
  88. * if the user exists and the password is wrong.
  89. *
  90. * @param string $username The username
  91. * @param string $password The password
  92. * @return bool Authentication success or failure.
  93. */
  94. function user_login ($username, $password) {
  95. global $login;
  96. if($login == $username) {
  97. return true;
  98. }
  99. return false;
  100. }
  101. /**
  102. * Updates the user's password.
  103. *
  104. * called when the user password is updated.
  105. *
  106. * @param object $user User table object
  107. * @param string $newpassword Plaintext password
  108. * @return boolean result
  109. *
  110. */
  111. function user_update_password($user, $newpassword) {
  112. $user = get_complete_user_data('id', $user->id);
  113. // This will also update the stored hash to the latest algorithm
  114. // if the existing hash is using an out-of-date algorithm (or the
  115. // legacy md5 algorithm).
  116. return update_internal_user_password($user, $newpassword);
  117. }
  118. function prevent_local_passwords() {
  119. return false;
  120. }
  121. /**
  122. * Returns true if this authentication plugin is 'internal'.
  123. *
  124. * @return bool
  125. */
  126. function is_internal() {
  127. return false;
  128. }
  129. /**
  130. * Returns true if this authentication plugin can change the user's
  131. * password.
  132. *
  133. * @return bool
  134. */
  135. function can_change_password() {
  136. return true;
  137. }
  138. /**
  139. * Returns the URL for changing the user's pw, or empty if the default can
  140. * be used.
  141. *
  142. * @return moodle_url
  143. */
  144. function change_password_url() {
  145. return null;
  146. }
  147. /**
  148. * Returns true if plugin allows resetting of internal password.
  149. *
  150. * @return bool
  151. */
  152. function can_reset_password() {
  153. return true;
  154. }
  155. /**
  156. * Returns true if plugin can be manually set.
  157. *
  158. * @return bool
  159. */
  160. function can_be_manually_set() {
  161. return true;
  162. }
  163. /**
  164. * Prints a form for configuring this authentication plugin.
  165. *
  166. * This function is called from admin/auth.php, and outputs a full page with
  167. * a form for configuring this plugin.
  168. *
  169. * @param array $page An object containing all the data for this page.
  170. function config_form($config, $err, $user_fields) {
  171. include "config.html";
  172. }
  173. */
  174. /**
  175. * Processes and stores configuration data for this authentication plugin.
  176. */
  177. function process_config($config) {
  178. return true;
  179. }
  180. function is_synchronised_with_external() {
  181. return false;
  182. }
  183. }