MDL-20934 'not cached' flag used in all auth plugins that do not need the password

diff --git a/auth/cas/auth.php b/auth/cas/auth.php
index 2e65812baf7536d67af077514eb4b13e47e6e8c2..703cebd68f3c8ef7923268cf92a615a4d4181263 100644 (file)
--- a/auth/cas/auth.php
+++ b/auth/cas/auth.php
@@ -48,6 +48,11 @@ class auth_plugin_cas extends auth_plugin_base {
             $this->config->objectclass = 'objectClass='.$this->config->objectclass;
         }
     }
+
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Authenticates user againt CAS
      * Returns true if the username and password work and false if they are

diff --git a/auth/db/auth.php b/auth/db/auth.php
index 724496cef9d0fe3a6ba931e2b9ac7129446b5892..caf57f0c4cfb3798caa18b9d04cecc0c7b6df745 100644 (file)
--- a/auth/db/auth.php
+++ b/auth/db/auth.php
@@ -563,6 +563,13 @@ class auth_plugin_db extends auth_plugin_base {
         }
     }
 
+    function prevent_local_passwords() {
+        if (!isset($this->config->passtype)) {
+            return false;
+        }
+        return ($this->config->passtype != 'internal');
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/email/auth.php b/auth/email/auth.php
index 5b709d2cc89bb666498277d7fe32c149be6fdb7f..a1bb6e4ee8c45accc7ee0af9828a95a1794b27e4 100644 (file)
--- a/auth/email/auth.php
+++ b/auth/email/auth.php
@@ -146,6 +146,10 @@ class auth_plugin_email extends auth_plugin_base {
         }
     }
 
+    function prevent_local_passwords() {
+        return false;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/fc/auth.php b/auth/fc/auth.php
index 51035232e1f2d4acd4629a05bbae7e7a84555196..8e9018204a95ef7134ecd5c571aa631c140ba4fc 100644 (file)
--- a/auth/fc/auth.php
+++ b/auth/fc/auth.php
@@ -144,6 +144,10 @@ class auth_plugin_fc extends auth_plugin_base {
         return false;
     }
 
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/imap/auth.php b/auth/imap/auth.php
index e8028c3054d4a887bd159cb037299950d3bb37a1..9bf042d60fbbd179e3ea1b029e9236b4128dc6ac 100644 (file)
--- a/auth/imap/auth.php
+++ b/auth/imap/auth.php
@@ -81,6 +81,10 @@ class auth_plugin_imap extends auth_plugin_base {
         return false;  // No match
     }
 
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index ca3a7746d5ce31675f25057b13a191f44b6e491c..9162ab642183045eadb9527e45edac6aabf83122 100644 (file)
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -1749,6 +1749,10 @@ class auth_plugin_ldap extends auth_plugin_base {
         return ($fresult);
     }
 
+    function prevent_local_passwords() {
+        return !empty($this->config->preventpassindb);
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/ldap/config.html b/auth/ldap/config.html
index d00f7dd012d4170d0f386ef6342f63170cc3717e..51f26b878a48598f07632dfaed26254e5742b185 100644 (file)
--- a/auth/ldap/config.html
+++ b/auth/ldap/config.html
@@ -16,7 +16,7 @@
     if (!isset($config->opt_deref))
         { $config->opt_deref = LDAP_DEREF_NEVER; }
     if (!isset($config->preventpassindb))
-        { $config->preventpassindb = 0; }
+        { $config->preventpassindb = 1; }
     if (!isset($config->bind_dn))
         {$config->bind_dn = ''; }
     if (!isset($config->bind_pw))

diff --git a/auth/manual/auth.php b/auth/manual/auth.php
index 4010c8f9b620e9b6b205a23f084c62e3286db150..31a643ad22c0491cb469834b45bf102370c24771 100644 (file)
--- a/auth/manual/auth.php
+++ b/auth/manual/auth.php
@@ -62,6 +62,10 @@ class auth_plugin_manual extends auth_plugin_base {
         return update_internal_user_password($user, $newpassword);
     }
 
+    function prevent_local_passwords() {
+        return false;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/mnet/auth.php b/auth/mnet/auth.php
index ddae159e146a9f70f5fe02128e9adc614abb0b89..5da68394cd35dfe35c787b82ef62df6c9d7fa9c3 100644 (file)
--- a/auth/mnet/auth.php
+++ b/auth/mnet/auth.php
@@ -578,6 +578,10 @@ class auth_plugin_mnet extends auth_plugin_base {
         $DB->delete_records_select('mnet_enrol_assignments', $whereclause, array($userid, $MNET_REMOTE_CLIENT->id));
     }
 
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/nntp/auth.php b/auth/nntp/auth.php
index 36cdeb395ca4e4ba675dd49d256868c5a78ca5eb..de0aa4ee1a3273833d6d068b6f3f65c3eb18b811 100644 (file)
--- a/auth/nntp/auth.php
+++ b/auth/nntp/auth.php
@@ -64,6 +64,10 @@ class auth_plugin_nntp extends auth_plugin_base {
         return false;
     }
 
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/nologin/auth.php b/auth/nologin/auth.php
index 20794da7194004ee86011b3e51ed62f877a71104..72f5fa85753d402dcadc38772fa13841441a951c 100644 (file)
--- a/auth/nologin/auth.php
+++ b/auth/nologin/auth.php
@@ -46,6 +46,11 @@ class auth_plugin_nologin extends auth_plugin_base {
         return false;
     }
 
+    function prevent_local_passwords() {
+        // just in case, we do not want to loose the passwords
+        return false;
+    }
+
     /**
      * No external data sync.
      *

diff --git a/auth/none/auth.php b/auth/none/auth.php
index e6022cdc38780f3ad6250583d7b56aea9a51e780..9a1cbf9ac04f50deda815669ad6ab838e9de513f 100644 (file)
--- a/auth/none/auth.php
+++ b/auth/none/auth.php
@@ -62,6 +62,10 @@ class auth_plugin_none extends auth_plugin_base {
         return update_internal_user_password($user, $newpassword);
     }
 
+    function prevent_local_passwords() {
+        return false;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/pam/auth.php b/auth/pam/auth.php
index 5bb65831a61e2ac1509ab743985eb399432fc78e..c0afbe0ed8153709d1af590ee1751b7b6c0704b5 100644 (file)
--- a/auth/pam/auth.php
+++ b/auth/pam/auth.php
@@ -77,6 +77,10 @@ class auth_plugin_pam extends auth_plugin_base {
         }
     }
 
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/pop3/auth.php b/auth/pop3/auth.php
index d4abd780e126a28b8122f9968e8fe0497f5ae8e6..a49f510359adf93c79625d9a7cfd3334d2cab2f2 100644 (file)
--- a/auth/pop3/auth.php
+++ b/auth/pop3/auth.php
@@ -81,6 +81,10 @@ class auth_plugin_pop3 extends auth_plugin_base {
         return false;  // No matches found
     }
 
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/radius/auth.php b/auth/radius/auth.php
index 976432d968009d82e6d529cd8691740bf81b3799..e6eb6a5a1fc5282a2d2cf98851f8962f3bdbdecd 100644 (file)
--- a/auth/radius/auth.php
+++ b/auth/radius/auth.php
@@ -126,6 +126,10 @@ class auth_plugin_radius extends auth_plugin_base {
         $rauth->close();
     }
 
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/auth/shibboleth/auth.php b/auth/shibboleth/auth.php
index 1cfaa462bca351eec995343dd81b0792252e1ecd..3e557ed3605543a55472039706b0a8ecdf3c0e95 100644 (file)
--- a/auth/shibboleth/auth.php
+++ b/auth/shibboleth/auth.php
@@ -152,6 +152,10 @@ class auth_plugin_shibboleth extends auth_plugin_base {
         return $moodleattributes;
     }
 
+    function prevent_local_passwords() {
+        return true;
+    }
+
     /**
      * Returns true if this authentication plugin is 'internal'.
      *

diff --git a/backup/restorelib.php b/backup/restorelib.php
index eccc2fab4abc817eef3e96b6a65bd45826489242..42b0ce500d2eabbff2d08e6d1c74d462e5a44273 100644 (file)
--- a/backup/restorelib.php
+++ b/backup/restorelib.php
@@ -2707,7 +2707,7 @@ define('RESTORE_GROUPS_GROUPINGS', 3);
                         if (!array_key_exists($user->auth, $authcache)) { // Not in cache
                             $userauth = new stdClass();
                             $authplugin = get_auth_plugin($user->auth);
-                            $userauth->preventpassindb = !empty($authplugin->config->preventpassindb);
+                            $userauth->preventpassindb = $authplugin->prevent_local_passwords();
                             $userauth->isinternal      = $authplugin->is_internal();
                             $userauth->canresetpwd     = $authplugin->can_reset_password();
                             $authcache[$user->auth] = $userauth;
@@ -2715,7 +2715,7 @@ define('RESTORE_GROUPS_GROUPINGS', 3);
                             $userauth = $authcache[$user->auth]; // Get from cache
                         }
 
-                        // Respect strange config in some (ldap) plugins. Isn't this a dupe of is_internal() ?
+                        // Most external plugins do not store passwords locally
                         if (!empty($userauth->preventpassindb)) {
                             $user->password = 'not cached';
 

diff --git a/lib/authlib.php b/lib/authlib.php
index b89aa0160f3357705fcfc4862b72cf64002248b2..eaffbf4bc0b8239d7991b49ba28e6215a4402a33 100644 (file)
--- a/lib/authlib.php
+++ b/lib/authlib.php
@@ -155,6 +155,15 @@ class auth_plugin_base {
         return true;
     }
 
+    /**
+     * Indicates if password hashes should be stored in local moodle database.
+     * @return bool true means md5 password hash stored in user table, false means flag 'not_cached' stored there instead
+     */
+    function prevent_local_passwords() {
+        // NOTE: this will be changed to true in 2.0
+        return false;
+    }
+
     /**
      * Updates the user's password.
      *

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 2e2ada81e644b78c91c6aa494dd1050785795615..8ecf1953ede0c1193a3511656e3a39e65c977b59 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -3715,7 +3715,7 @@ function update_internal_user_password(&$user, $password) {
     global $CFG, $DB;
 
     $authplugin = get_auth_plugin($user->auth);
-    if (!empty($authplugin->config->preventpassindb)) {
+    if ($authplugin->prevent_local_passwords()) {
         $hashedpassword = 'not cached';
     } else {
         $hashedpassword = hash_internal_user_password($password);