2009-10-06 20:26:22 +00:00
|
|
|
<?php
|
|
|
|
// This file is part of Moodle - http://moodle.org/
|
|
|
|
//
|
|
|
|
// Moodle is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// Moodle is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Web service auth plugin, reserves username, prevents normal login.
|
|
|
|
* TODO: add IP restrictions and some other features - MDL-17135
|
|
|
|
*
|
2013-04-27 15:06:40 +02:00
|
|
|
* @package auth_webservice
|
2009-10-06 20:26:22 +00:00
|
|
|
* @copyright 2008 Petr Skoda (http://skodak.org)
|
|
|
|
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
|
|
|
*/
|
|
|
|
|
2013-04-27 15:09:05 +02:00
|
|
|
defined('MOODLE_INTERNAL') || die();
|
2009-10-06 20:26:22 +00:00
|
|
|
|
|
|
|
require_once($CFG->libdir.'/authlib.php');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Web service auth plugin.
|
|
|
|
*/
|
|
|
|
class auth_plugin_webservice extends auth_plugin_base {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Constructor.
|
|
|
|
*/
|
2015-11-27 09:01:25 +08:00
|
|
|
public function __construct() {
|
2009-10-06 20:26:22 +00:00
|
|
|
$this->authtype = 'webservice';
|
2017-04-03 10:50:09 -04:00
|
|
|
$this->config = get_config('auth_webservice');
|
2009-10-06 20:26:22 +00:00
|
|
|
}
|
|
|
|
|
2015-11-27 09:01:25 +08:00
|
|
|
/**
|
|
|
|
* Old syntax of class constructor. Deprecated in PHP7.
|
|
|
|
*
|
|
|
|
* @deprecated since Moodle 3.1
|
|
|
|
*/
|
|
|
|
public function auth_plugin_webservice() {
|
|
|
|
debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER);
|
|
|
|
self::__construct();
|
|
|
|
}
|
|
|
|
|
2009-10-06 20:26:22 +00:00
|
|
|
/**
|
|
|
|
* Returns true if the username and password work and false if they are
|
|
|
|
* wrong or don't exist.
|
|
|
|
*
|
|
|
|
* @param string $username The username (with system magic quotes)
|
|
|
|
* @param string $password The password (with system magic quotes)
|
|
|
|
*
|
|
|
|
* @return bool Authentication success or failure.
|
|
|
|
*/
|
|
|
|
function user_login($username, $password) {
|
|
|
|
// normla logins not allowed!
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Custom auth hook for web services.
|
|
|
|
* @param string $username
|
|
|
|
* @param string $password
|
|
|
|
* @return bool success
|
|
|
|
*/
|
|
|
|
function user_login_webservice($username, $password) {
|
|
|
|
global $CFG, $DB;
|
|
|
|
// special web service login
|
|
|
|
if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
|
|
|
|
return validate_internal_user_password($user, $password);
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Updates the user's password.
|
|
|
|
*
|
|
|
|
* called when the user password is updated.
|
|
|
|
*
|
|
|
|
* @param object $user User table object (with system magic quotes)
|
|
|
|
* @param string $newpassword Plaintext password (with system magic quotes)
|
|
|
|
* @return boolean result
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
function user_update_password($user, $newpassword) {
|
|
|
|
$user = get_complete_user_data('id', $user->id);
|
2012-09-30 20:58:13 +13:00
|
|
|
// This will also update the stored hash to the latest algorithm
|
|
|
|
// if the existing hash is using an out-of-date algorithm (or the
|
|
|
|
// legacy md5 algorithm).
|
2009-10-06 20:26:22 +00:00
|
|
|
return update_internal_user_password($user, $newpassword);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns true if this authentication plugin is 'internal'.
|
|
|
|
*
|
2013-12-05 10:47:43 +08:00
|
|
|
* Webserice auth doesn't use password fields, it uses only tokens.
|
|
|
|
*
|
2009-10-06 20:26:22 +00:00
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
function is_internal() {
|
2013-12-05 10:47:43 +08:00
|
|
|
return false;
|
2009-10-06 20:26:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns true if this authentication plugin can change the user's
|
|
|
|
* password.
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
function can_change_password() {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the URL for changing the user's pw, or empty if the default can
|
|
|
|
* be used.
|
|
|
|
*
|
2010-08-18 22:07:00 +00:00
|
|
|
* @return moodle_url
|
2009-10-06 20:26:22 +00:00
|
|
|
*/
|
|
|
|
function change_password_url() {
|
2010-08-18 22:07:00 +00:00
|
|
|
return null;
|
2009-10-06 20:26:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns true if plugin allows resetting of internal password.
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
function can_reset_password() {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Confirm the new user as registered. This should normally not be used,
|
2009-11-01 11:55:14 +00:00
|
|
|
* but it may be necessary if the user auth_method is changed to manual
|
2009-10-06 20:26:22 +00:00
|
|
|
* before the user is confirmed.
|
|
|
|
*/
|
|
|
|
function user_confirm($username, $confirmsecret = null) {
|
2009-11-01 11:55:14 +00:00
|
|
|
return AUTH_CONFIRM_ERROR;
|
2009-10-06 20:26:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|