MDL-20934 'not cached' flag used in all auth plugins that do not need the password

2025-04-13 20:42:22 +02:00 · 2009-11-23 21:50:40 +00:00 · 2009-11-23 21:50:40 +00:00 · edb5da8331
commit edb5da8331
parent 451db46177
19 changed files with 78 additions and 4 deletions
--- a/auth/cas/auth.php
+++ b/auth/cas/auth.php
@ -48,6 +48,11 @@ class auth_plugin_cas extends auth_plugin_base {
            $this->config->objectclass = 'objectClass='.$this->config->objectclass;
        }
    }
+
+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Authenticates user againt CAS
     * Returns true if the username and password work and false if they are
--- a/auth/db/auth.php
+++ b/auth/db/auth.php
@ -563,6 +563,13 @@ class auth_plugin_db extends auth_plugin_base {
        }
    }

+    function prevent_local_passwords() {
+        if (!isset($this->config->passtype)) {
+            return false;
+        }
+        return ($this->config->passtype != 'internal');
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/email/auth.php
+++ b/auth/email/auth.php
@ -146,6 +146,10 @@ class auth_plugin_email extends auth_plugin_base {
        }
    }

+    function prevent_local_passwords() {
+        return false;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/fc/auth.php
+++ b/auth/fc/auth.php
@ -144,6 +144,10 @@ class auth_plugin_fc extends auth_plugin_base {
        return false;
    }

+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/imap/auth.php
+++ b/auth/imap/auth.php
@ -81,6 +81,10 @@ class auth_plugin_imap extends auth_plugin_base {
        return false;  // No match
    }

+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@ -1749,6 +1749,10 @@ class auth_plugin_ldap extends auth_plugin_base {
        return ($fresult);
    }

+    function prevent_local_passwords() {
+        return !empty($this->config->preventpassindb);
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/ldap/config.html
+++ b/auth/ldap/config.html
@ -16,7 +16,7 @@
    if (!isset($config->opt_deref))
        { $config->opt_deref = LDAP_DEREF_NEVER; }
    if (!isset($config->preventpassindb))
-        { $config->preventpassindb = 0; }
+        { $config->preventpassindb = 1; }
    if (!isset($config->bind_dn))
        {$config->bind_dn = ''; }
    if (!isset($config->bind_pw))
--- a/auth/manual/auth.php
+++ b/auth/manual/auth.php
@ -62,6 +62,10 @@ class auth_plugin_manual extends auth_plugin_base {
        return update_internal_user_password($user, $newpassword);
    }

+    function prevent_local_passwords() {
+        return false;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/mnet/auth.php
+++ b/auth/mnet/auth.php
@ -578,6 +578,10 @@ class auth_plugin_mnet extends auth_plugin_base {
        $DB->delete_records_select('mnet_enrol_assignments', $whereclause, array($userid, $MNET_REMOTE_CLIENT->id));
    }

+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/nntp/auth.php
+++ b/auth/nntp/auth.php
@ -64,6 +64,10 @@ class auth_plugin_nntp extends auth_plugin_base {
        return false;
    }

+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/nologin/auth.php
+++ b/auth/nologin/auth.php
@ -46,6 +46,11 @@ class auth_plugin_nologin extends auth_plugin_base {
        return false;
    }

+    function prevent_local_passwords() {
+        // just in case, we do not want to loose the passwords
+        return false;
+    }
+
    /**
     * No external data sync.
     *
--- a/auth/none/auth.php
+++ b/auth/none/auth.php
@ -62,6 +62,10 @@ class auth_plugin_none extends auth_plugin_base {
        return update_internal_user_password($user, $newpassword);
    }

+    function prevent_local_passwords() {
+        return false;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/pam/auth.php
+++ b/auth/pam/auth.php
@ -77,6 +77,10 @@ class auth_plugin_pam extends auth_plugin_base {
        }
    }

+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/pop3/auth.php
+++ b/auth/pop3/auth.php
@ -81,6 +81,10 @@ class auth_plugin_pop3 extends auth_plugin_base {
        return false;  // No matches found
    }

+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/radius/auth.php
+++ b/auth/radius/auth.php
@ -126,6 +126,10 @@ class auth_plugin_radius extends auth_plugin_base {
        $rauth->close();
    }

+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/auth/shibboleth/auth.php
+++ b/auth/shibboleth/auth.php
@ -152,6 +152,10 @@ class auth_plugin_shibboleth extends auth_plugin_base {
        return $moodleattributes;
    }

+    function prevent_local_passwords() {
+        return true;
+    }
+
    /**
     * Returns true if this authentication plugin is 'internal'.
     *
--- a/backup/restorelib.php
+++ b/backup/restorelib.php
@ -2707,7 +2707,7 @@ define('RESTORE_GROUPS_GROUPINGS', 3);
                        if (!array_key_exists($user->auth, $authcache)) { // Not in cache
                            $userauth = new stdClass();
                            $authplugin = get_auth_plugin($user->auth);
-                            $userauth->preventpassindb = !empty($authplugin->config->preventpassindb);
+                            $userauth->preventpassindb = $authplugin->prevent_local_passwords();
                            $userauth->isinternal      = $authplugin->is_internal();
                            $userauth->canresetpwd     = $authplugin->can_reset_password();
                            $authcache[$user->auth] = $userauth;
@ -2715,7 +2715,7 @@ define('RESTORE_GROUPS_GROUPINGS', 3);
                            $userauth = $authcache[$user->auth]; // Get from cache
                        }

-                        // Respect strange config in some (ldap) plugins. Isn't this a dupe of is_internal() ?
+                        // Most external plugins do not store passwords locally
                        if (!empty($userauth->preventpassindb)) {
                            $user->password = 'not cached';

--- a/lib/authlib.php
+++ b/lib/authlib.php
@ -155,6 +155,15 @@ class auth_plugin_base {
        return true;
    }

+    /**
+     * Indicates if password hashes should be stored in local moodle database.
+     * @return bool true means md5 password hash stored in user table, false means flag 'not_cached' stored there instead
+     */
+    function prevent_local_passwords() {
+        // NOTE: this will be changed to true in 2.0
+        return false;
+    }
+
    /**
     * Updates the user's password.
     *
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -3715,7 +3715,7 @@ function update_internal_user_password(&$user, $password) {
    global $CFG, $DB;

    $authplugin = get_auth_plugin($user->auth);
-    if (!empty($authplugin->config->preventpassindb)) {
+    if ($authplugin->prevent_local_passwords()) {
        $hashedpassword = 'not cached';
    } else {
        $hashedpassword = hash_internal_user_password($password);