diff options
| -rw-r--r-- | .travis.yml | 37 | ||||
| -rw-r--r-- | LICENSE.md | 7 | ||||
| -rw-r--r-- | README.md | 14 | ||||
| -rw-r--r-- | auth.php | 172 | ||||
| -rw-r--r-- | lang/en/auth_http.php | 11 | ||||
| -rw-r--r-- | version.php | 13 |
6 files changed, 254 insertions, 0 deletions
diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..18b1f11 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,37 @@ +language: php + +sudo: false + +cache: + directories: + - $HOME/.composer/cache + +php: + - 7.0 + +matrix: + allow_failures: + - php: 7.0 + +env: + matrix: + - DB=pgsql MOODLE_BRANCH=MOODLE_32_STABLE + - DB=pgsql MOODLE_BRANCH=MOODLE_33_STABLE + - DB=mysqli MOODLE_BRANCH=MOODLE_32_STABLE + - DB=mysqli MOODLE_BRANCH=MOODLE_33_STABLE + +before_install: + - cd ../.. + - composer selfupdate + - composer create-project -n --no-dev moodlerooms/moodle-plugin-ci ci ^1 + - export PATH="$(cd ci/bin; pwd):$(cd ci/vendor/bin; pwd):$PATH" + +install: + - moodle-plugin-ci install + +script: + - moodle-plugin-ci phplint + - moodle-plugin-ci phpcpd + - moodle-plugin-ci phpmd + - moodle-plugin-ci codechecker + - moodle-plugin-ci shifter diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..5c98d2d --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,7 @@ +Copyright 2017 "Valentin Popov" <info@valentineus.link> + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..cbff882 --- /dev/null +++ b/README.md @@ -0,0 +1,14 @@ +# HTTP Basic Authentication +Adds Basic Authentication Moodle. +The plugin is designed to work in the environment of Moodle 3.2+. + +It is worthwhile to understand the motives and reasons before installing the plug-in, because: + * You can not login to the authorization page. +Consequently, the ability to register and restore the password for users will be lost. + * HTTP Basic Authentication is the least secure authorization system, because authorization keys are transmitted in clear text. +Use a secure HTTPS protocol to protect user information. + +## License +[MIT](LICENSE.md). +Copyright (c) +[Valentin Popov](mailto:info@valentineus.link).
\ No newline at end of file diff --git a/auth.php b/auth.php new file mode 100644 index 0000000..dfbd2d6 --- /dev/null +++ b/auth.php @@ -0,0 +1,172 @@ +<?php +/** + * HTTP Basic Authentication. + * @package auth_http + * @copyright "Valentin Popov" <info@valentineus.link> + * @license MIT License (https://opensource.org/licenses/MIT) + */ + +defined('MOODLE_INTERNAL') || die(); + +require_once($CFG->libdir.'/authlib.php'); + +/** + * Plugin for no authentication. + */ +class auth_plugin_http extends auth_plugin_base { + + /** + * Constructor. + */ + public function __construct() { + $this->authtype = 'http'; + } + + /** + * Old syntax of class constructor. Deprecated in PHP7. + * @deprecated since Moodle 3.1 + */ + public function auth_plugin_http() { + debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER); + self::__construct(); + } + + /** + * Returns true if the username and password work or don't exist and false + * if the user exists and the password is wrong. + * @param string $username The username + * @param string $password The password + * @return bool Authentication success or failure. + */ + function user_login($username, $password) { + global $CFG, $DB; + + if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) { + return validate_internal_user_password($user, $password); + } + + return true; + } + + /** + * No password updates. + */ + function user_update_password($user, $newpassword) { + return false; + } + + function prevent_local_passwords() { + // just in case, we do not want to loose the passwords + return false; + } + + /** + * Returns true if this authentication plugin is 'internal'. + * @return bool + */ + function is_internal() { + //we do not know if it was internal or external originally + return true; + } + + /** + * No changing of password. + */ + function can_change_password() { + return false; + } + + /** + * Returns the URL for changing the user's pw, or empty if the default can + * be used. + * @return moodle_url + */ + function change_password_url() { + return null; + } + + /** + * No password resetting. + */ + function can_reset_password() { + return true; + } + + /** + * Returns true if plugin can be manually set. + * @return bool + */ + function can_be_manually_set() { + return true; + } + + /** + * Hook for overriding behaviour before going to the login page. + */ + function pre_loginpage_hook() { + $this->loginpage_hook(); + } + + /** + * Hook for overriding behaviour of login page. + */ + function loginpage_hook() { + global $DB; + + if (!isloggedin()) { + if (isset($_SERVER['PHP_AUTH_USER']) && + isset($_SERVER['PHP_AUTH_PW'])) { + + $username = htmlspecialchars($_SERVER['PHP_AUTH_USER']); + $password = htmlspecialchars($_SERVER['PHP_AUTH_PW']); + + // User existence check + if ($user = $DB->get_record( 'user', array( 'username' => $username) )) { + + // Verification of authorization data + if (validate_internal_user_password($user, $password)) { + complete_user_login($user); + $this->redirect_user(); + } else { + // Authentication data verification error + $this->authorization_window(); + } + } else { + // User search failed + $this->authorization_window(); + } + } else { + // Authorization data is missing + $this->authorization_window(); + } + } + } + + /** + * Call authorization window. + */ + function authorization_window() { + global $SITE; + + header('WWW-Authenticate: Basic realm="'. $SITE->shortname .'"'); + header('HTTP/1.0 401 Unauthorized'); + die(print_string('auth_httperror', 'auth_http')); + } + + /** + * Redirect client to the original target. + */ + function redirect_user() { + global $CFG, $SESSION; + + if (isset($SESSION->wantsurl)) { + $redirect = $SESSION->wantsurl; + } elseif (isset($_GET['wantsurl'])) { + $redirect = htmlspecialchars($_GET['wantsurl']); + } else { + $redirect = $CFG->wwwroot; + } + + redirect($redirect); + } +} diff --git a/lang/en/auth_http.php b/lang/en/auth_http.php new file mode 100644 index 0000000..dda53b8 --- /dev/null +++ b/lang/en/auth_http.php @@ -0,0 +1,11 @@ +<?php +/** + * Strings for component 'auth_http', language 'en'. + * @package auth_http + * @copyright "Valentin Popov" <info@valentineus.link> + * @license MIT License (https://opensource.org/licenses/MIT) +*/ + +$string['pluginname'] = 'HTTP Authentication'; +$string['auth_httpdescription'] = 'A simple plugin that implements basic authentication for users in the system.'; +$string['auth_httperror'] = 'User is not authorized.'; diff --git a/version.php b/version.php new file mode 100644 index 0000000..68454d7 --- /dev/null +++ b/version.php @@ -0,0 +1,13 @@ +<?php +/** + * Version information. + * @package auth_http + * @copyright "Valentin Popov" <info@valentineus.link> + * @license MIT License (https://opensource.org/licenses/MIT) + */ + +defined('MOODLE_INTERNAL') || die(); + +$plugin->version = 2017081400; +$plugin->requires = 2017050500; +$plugin->component = 'auth_http'; |