From d4cd72e032ff3897640c2bdc508a7f802852164f Mon Sep 17 00:00:00 2001 From: Valentin Popov Date: Mon, 14 Aug 2017 14:26:10 +0400 Subject: Initial commit --- .travis.yml | 37 +++++++++++ LICENSE.md | 7 ++ README.md | 14 ++++ auth.php | 172 ++++++++++++++++++++++++++++++++++++++++++++++++++ lang/en/auth_http.php | 11 ++++ version.php | 13 ++++ 6 files changed, 254 insertions(+) create mode 100644 .travis.yml create mode 100644 LICENSE.md create mode 100644 README.md create mode 100644 auth.php create mode 100644 lang/en/auth_http.php create mode 100644 version.php diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..18b1f11 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,37 @@ +language: php + +sudo: false + +cache: + directories: + - $HOME/.composer/cache + +php: + - 7.0 + +matrix: + allow_failures: + - php: 7.0 + +env: + matrix: + - DB=pgsql MOODLE_BRANCH=MOODLE_32_STABLE + - DB=pgsql MOODLE_BRANCH=MOODLE_33_STABLE + - DB=mysqli MOODLE_BRANCH=MOODLE_32_STABLE + - DB=mysqli MOODLE_BRANCH=MOODLE_33_STABLE + +before_install: + - cd ../.. + - composer selfupdate + - composer create-project -n --no-dev moodlerooms/moodle-plugin-ci ci ^1 + - export PATH="$(cd ci/bin; pwd):$(cd ci/vendor/bin; pwd):$PATH" + +install: + - moodle-plugin-ci install + +script: + - moodle-plugin-ci phplint + - moodle-plugin-ci phpcpd + - moodle-plugin-ci phpmd + - moodle-plugin-ci codechecker + - moodle-plugin-ci shifter diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..5c98d2d --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,7 @@ +Copyright 2017 "Valentin Popov" + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..cbff882 --- /dev/null +++ b/README.md @@ -0,0 +1,14 @@ +# HTTP Basic Authentication +Adds Basic Authentication Moodle. +The plugin is designed to work in the environment of Moodle 3.2+. + +It is worthwhile to understand the motives and reasons before installing the plug-in, because: + * You can not login to the authorization page. +Consequently, the ability to register and restore the password for users will be lost. + * HTTP Basic Authentication is the least secure authorization system, because authorization keys are transmitted in clear text. +Use a secure HTTPS protocol to protect user information. + +## License +[MIT](LICENSE.md). +Copyright (c) +[Valentin Popov](mailto:info@valentineus.link). \ No newline at end of file diff --git a/auth.php b/auth.php new file mode 100644 index 0000000..dfbd2d6 --- /dev/null +++ b/auth.php @@ -0,0 +1,172 @@ + + * @license MIT License (https://opensource.org/licenses/MIT) + */ + +defined('MOODLE_INTERNAL') || die(); + +require_once($CFG->libdir.'/authlib.php'); + +/** + * Plugin for no authentication. + */ +class auth_plugin_http extends auth_plugin_base { + + /** + * Constructor. + */ + public function __construct() { + $this->authtype = 'http'; + } + + /** + * Old syntax of class constructor. Deprecated in PHP7. + * @deprecated since Moodle 3.1 + */ + public function auth_plugin_http() { + debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER); + self::__construct(); + } + + /** + * Returns true if the username and password work or don't exist and false + * if the user exists and the password is wrong. + * @param string $username The username + * @param string $password The password + * @return bool Authentication success or failure. + */ + function user_login($username, $password) { + global $CFG, $DB; + + if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) { + return validate_internal_user_password($user, $password); + } + + return true; + } + + /** + * No password updates. + */ + function user_update_password($user, $newpassword) { + return false; + } + + function prevent_local_passwords() { + // just in case, we do not want to loose the passwords + return false; + } + + /** + * Returns true if this authentication plugin is 'internal'. + * @return bool + */ + function is_internal() { + //we do not know if it was internal or external originally + return true; + } + + /** + * No changing of password. + */ + function can_change_password() { + return false; + } + + /** + * Returns the URL for changing the user's pw, or empty if the default can + * be used. + * @return moodle_url + */ + function change_password_url() { + return null; + } + + /** + * No password resetting. + */ + function can_reset_password() { + return true; + } + + /** + * Returns true if plugin can be manually set. + * @return bool + */ + function can_be_manually_set() { + return true; + } + + /** + * Hook for overriding behaviour before going to the login page. + */ + function pre_loginpage_hook() { + $this->loginpage_hook(); + } + + /** + * Hook for overriding behaviour of login page. + */ + function loginpage_hook() { + global $DB; + + if (!isloggedin()) { + if (isset($_SERVER['PHP_AUTH_USER']) && + isset($_SERVER['PHP_AUTH_PW'])) { + + $username = htmlspecialchars($_SERVER['PHP_AUTH_USER']); + $password = htmlspecialchars($_SERVER['PHP_AUTH_PW']); + + // User existence check + if ($user = $DB->get_record( 'user', array( 'username' => $username) )) { + + // Verification of authorization data + if (validate_internal_user_password($user, $password)) { + complete_user_login($user); + $this->redirect_user(); + } else { + // Authentication data verification error + $this->authorization_window(); + } + } else { + // User search failed + $this->authorization_window(); + } + } else { + // Authorization data is missing + $this->authorization_window(); + } + } + } + + /** + * Call authorization window. + */ + function authorization_window() { + global $SITE; + + header('WWW-Authenticate: Basic realm="'. $SITE->shortname .'"'); + header('HTTP/1.0 401 Unauthorized'); + die(print_string('auth_httperror', 'auth_http')); + } + + /** + * Redirect client to the original target. + */ + function redirect_user() { + global $CFG, $SESSION; + + if (isset($SESSION->wantsurl)) { + $redirect = $SESSION->wantsurl; + } elseif (isset($_GET['wantsurl'])) { + $redirect = htmlspecialchars($_GET['wantsurl']); + } else { + $redirect = $CFG->wwwroot; + } + + redirect($redirect); + } +} diff --git a/lang/en/auth_http.php b/lang/en/auth_http.php new file mode 100644 index 0000000..dda53b8 --- /dev/null +++ b/lang/en/auth_http.php @@ -0,0 +1,11 @@ + + * @license MIT License (https://opensource.org/licenses/MIT) +*/ + +$string['pluginname'] = 'HTTP Authentication'; +$string['auth_httpdescription'] = 'A simple plugin that implements basic authentication for users in the system.'; +$string['auth_httperror'] = 'User is not authorized.'; diff --git a/version.php b/version.php new file mode 100644 index 0000000..68454d7 --- /dev/null +++ b/version.php @@ -0,0 +1,13 @@ + + * @license MIT License (https://opensource.org/licenses/MIT) + */ + +defined('MOODLE_INTERNAL') || die(); + +$plugin->version = 2017081400; +$plugin->requires = 2017050500; +$plugin->component = 'auth_http'; -- cgit v1.2.3