From 4db13f94652ec38ab267dc62a03c77ff1605a550 Mon Sep 17 00:00:00 2001 From: skodak Date: Mon, 21 May 2007 20:33:42 +0000 Subject: [PATCH] MDL-9880 Remove user_activate() method from public API because it was used only from user_confirm() in LDAP, other plugins use only user_confirm() MDL-9575 fix email signup in ldap auth mod --- auth/README.txt | 7 ++++ auth/ldap/auth.php | 88 ++++++++++++++++++++++++++++++++++++++++++- lang/en_utf8/auth.php | 13 ++++++- lib/authlib.php | 11 ------ login/confirm.php | 4 -- 5 files changed, 106 insertions(+), 17 deletions(-) diff --git a/auth/README.txt b/auth/README.txt index 333c7d7bf6..7597615f06 100644 --- a/auth/README.txt +++ b/auth/README.txt @@ -171,3 +171,10 @@ Upgrading from Moodle 1.7 Moodle will upgrade the old auth settings (in $CFG->auth_foobar where foo is the auth plugin and bar is the setting) to the new style in the config_plugin database table. + + + +Upgrading from Moodle 1.8 +------------------------------ + +user_activate() method was removed from public API because it was used only from user_confirm() in LDAP diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 2b6d8aa704..395cd7e7d2 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -273,7 +273,7 @@ class auth_plugin_ldap extends auth_plugin_base { $newuser['userpassword'] = $extpassword; break; default: - print_error('auth_ldap_unsupportedusertype','auth',$this->config->user_type); + print_error('auth_ldap_unsupportedusertype','auth','',$this->config->user_type); } $uadd = $this->ldap_add($ldapconnection, $this->config->user_attribute.'="'.$this->ldap_addslashes($userobject->username).','.$this->config->create_context.'"', $newuser); ldap_close($ldapconnection); @@ -281,6 +281,92 @@ class auth_plugin_ldap extends auth_plugin_base { } + function can_signup() { + return (!empty($this->config->auth_user_create) and !empty($this->config->create_context)); + } + + /** + * Sign up a new user ready for confirmation. + * Password is passed in plaintext. + * + * @param object $user new user object (with system magic quotes) + * @param boolean $notify print notice with link and terminate + */ + function user_signup($user, $notify=true) { + if ($this->user_exists($user->username)) { + print_error('auth_ldap_user_exists', 'auth'); + } + + $plainslashedpassword = $user->password; + unset($user->password); + + if (! $this->user_create($user, $plainslashedpassword)) { + print_error('auth_ldap_create_error', 'auth'); + } + + if (! ($user->id = insert_record('user', $user)) ) { + print_error('auth_emailnoinsert', 'auth'); + } + + $this->update_user_record($user->username); + update_internal_user_password($user, $plainslashedpassword); + + if (! send_confirmation_email($user)) { + print_error('auth_emailnoemail', 'auth'); + } + + if ($notify) { + global $CFG; + $emailconfirm = get_string('emailconfirm'); + print_header($emailconfirm, $emailconfirm, $emailconfirm); + notice(get_string('emailconfirmsent', '', $user->email), "$CFG->wwwroot/index.php"); + } else { + return true; + } + } + + /** + * Returns true if plugin allows confirming of new users. + * + * @return bool + */ + function can_confirm() { + return $this->can_signup(); + } + + /** + * Confirm the new user as registered. + * + * @param string $username (with system magic quotes) + * @param string $confirmsecret (with system magic quotes) + */ + function user_confirm($username, $confirmsecret) { + $user = get_complete_user_data('username', $username); + + if (!empty($user)) { + if ($user->confirmed) { + return AUTH_CONFIRM_ALREADY; + + } else if ($user->auth != 'ldap') { + return AUTH_CONFIRM_ERROR; + + } else if ($user->secret == stripslashes($confirmsecret)) { // They have provided the secret key to get in + if (!$this->user_activate($username)) { + return AUTH_CONFIRM_FAIL; + } + if (!set_field("user", "confirmed", 1, "id", $user->id)) { + return AUTH_CONFIRM_FAIL; + } + if (!set_field("user", "firstaccess", time(), "id", $user->id)) { + return AUTH_CONFIRM_FAIL; + } + return AUTH_CONFIRM_OK; + } + } else { + return AUTH_CONFIRM_ERROR; + } + } + /** * return number of days to user password expires * diff --git a/lang/en_utf8/auth.php b/lang/en_utf8/auth.php index 7a394f7ec3..a4af4bfaa5 100644 --- a/lang/en_utf8/auth.php +++ b/lang/en_utf8/auth.php @@ -30,6 +30,15 @@ $string['auth_nologindescription'] = 'Auxiliary plugin that prevents user to log $string['auth_nologintitle'] = 'No login'; // CAS plugin +$string['auth_cas_proxycas_key'] = "Proxy mode"; +$string['auth_cas_logoutcas_key'] = "Logout CAS"; +$string['auth_cas_multiauth_key'] = "Multi-authentication"; +$string['auth_cas_proxycas'] = "Turn this to 'yes'' if you use CASin proxy-mode"; +$string['auth_cas_logoutcas'] = "Turn this to 'yes'' if tou want to logout from CAS when you deconnect from Moodle"; +$string['auth_cas_multiauth'] = "Turn this to 'yes'' if you want to have multi-authentication (CAS + other authentication)"; +$string['accesCAS'] = "CAS users"; +$string['accesNOCAS'] = "other users"; +$string['CASform'] = "Authentication choice"; $string['auth_cas_logincas'] = 'Secure connection access'; $string['auth_cas_invalidcaslogin'] = 'Sorry, your login has failed - you could not be authorised'; $string['auth_cas_server_settings'] = 'CAS server configuration'; @@ -146,6 +155,7 @@ $string['auth_ldap_bind_pw'] = 'Password for bind-user.'; $string['auth_ldap_bind_settings'] = 'Bind settings'; $string['auth_ldap_contexts'] = 'List of contexts where users are located. Separate different contexts with \';\'. For example: \'ou=users,o=org; ou=others,o=org\''; $string['auth_ldap_create_context'] = 'If you enable user creation with email confirmation, specify the context where users are created. This context should be different from other users to prevent security issues. You don\'t need to add this context to ldap_context-variable, Moodle will search for users from this context automatically.
Note! You have to modify the method user_create() in file auth/ldap/auth.php to make user creation work'; +$string['auth_ldap_create_error'] = 'Error creating user in LDAP.'; $string['auth_ldap_creators'] = 'List of groups whose members are allowed to create new courses. Separate multiple groups with \';\'. Usually something like \'cn=teachers,ou=staff,o=myorg\''; $string['auth_ldap_expiration_desc'] = 'Select No to disable expired password checking or LDAP to read passwordexpiration time directly from LDAP'; $string['auth_ldap_expiration_warning_desc'] = 'Number of days before password expiration warning is issued.'; @@ -165,6 +175,7 @@ $string['auth_ldap_preventpassindb'] = 'Select yes to prevent passwords from bei $string['auth_ldap_search_sub'] = 'Search users from subcontexts.'; $string['auth_ldap_server_settings'] = 'LDAP server settings'; $string['auth_ldap_update_userinfo'] = 'Update user information (firstname, lastname, address..) from LDAP to Moodle. Specify \"Data mapping\" settings as you need.'; +$string['auth_ldap_user_exists'] = 'LDAP username already exists.'; $string['auth_ldap_user_attribute'] = 'Optional: Overrides the attribute used to name/search users. Usually \'cn\'.'; $string['auth_ldap_user_settings'] = 'User lookup settings'; $string['auth_ldap_user_type'] = 'Select how users are stored in LDAP. This setting also specifies how login expiration, grace logins and user creation will work.'; @@ -204,7 +215,7 @@ $string['auth_ldap_create_context_key'] = 'Context for new users'; $string['auth_ldap_creators_key'] = 'Creators'; $string['auth_ldap_noconnect'] = 'LDAP-module cannot connect to server: $a'; $string['auth_ldap_noconnect_all'] = 'LDAP-module cannot connect to any servers: $a'; -$string['auth_ldap_unsupportedusertype'] = 'auth: ldap user_create() does not support selected usertype:"$a" (..yet)'; +$string['auth_ldap_unsupportedusertype'] = 'auth: ldap user_create() does not support selected usertype: $a (..yet)'; $string['auth_ldap_usertypeundefined'] = 'config.user_type not defined or function ldap_expirationtime2unix does not support selected type!'; $string['auth_ldap_usertypeundefined2'] = 'config.user_type not defined or function ldap_unixi2expirationtime does not support selected type!'; $string['auth_ldap_noextension'] = 'Warning: The PHP LDAP module does not seem to be present. Please ensure it is installed and enabled.'; diff --git a/lib/authlib.php b/lib/authlib.php index f64a32cc0b..2c3b58db0e 100644 --- a/lib/authlib.php +++ b/lib/authlib.php @@ -201,17 +201,6 @@ class auth_plugin_base { return false; } - /** - * Activates (enables) user in external db so user can login using username/password from external db - * - * @param mixed $username username (with system magic quotes) - * @return boolen result - */ - function user_activate($username) { - //override if needed - return true; - } - /** * return number of days to user password expires * diff --git a/login/confirm.php b/login/confirm.php index fcfdeb6082..1cc6db998a 100644 --- a/login/confirm.php +++ b/login/confirm.php @@ -41,10 +41,6 @@ exit; } else if ($confirmed == AUTH_CONFIRM_OK) { - // Activate new user if necessary - if (!$authplugin->user_activate($username)) { - error('Could not activate this user!'); - } // The user has confirmed successfully, let's log them in -- 2.39.5