diff --git a/lib/plugins/authpdo/_test/sqlite.test.php b/lib/plugins/authpdo/_test/sqlite.test.php
index b60072d944cbc19a856287ae647003e76e55a193..dd667a5d5b2f9fbd3ee2d5e1431164b27ff4ec32 100644
--- a/lib/plugins/authpdo/_test/sqlite.test.php
+++ b/lib/plugins/authpdo/_test/sqlite.test.php
@@ -24,6 +24,8 @@ class sqlite_plugin_authpdo_test extends DokuWikiTest {
$conf['plugin']['authpdo']['select-user'] = 'SELECT id as uid, login as user, name, pass as clear, mail FROM user WHERE login = :user';
+ $conf['plugin']['authpdo']['select-user-groups'] = 'SELECT * FROM member AS m, "group" AS g WHERE m.gid = g.id AND m.uid = :uid';
+
}
public function tearDown() {
@@ -45,5 +47,11 @@ class sqlite_plugin_authpdo_test extends DokuWikiTest {
$this->assertFalse($auth->checkPass('admin', 'password'));
$this->assertFalse($auth->checkPass('user', md5('password')));
+ // access user data
+ $info = $auth->getUserData('admin');
+ $this->assertEquals('admin', $info['user']);
+ $this->assertEquals('The Admin', $info['name']);
+ $this->assertEquals('admin@example.com', $info['mail']);
+ $this->assertEquals(array('admin','user'), $info['grps']);
}
}
diff --git a/lib/plugins/authpdo/auth.php b/lib/plugins/authpdo/auth.php
index 1325bdcff237d54d7f9b7ccb67b64110e1e90bb5..26e7f0d98b1bdf4bfad5ff2b60ed468f40e1433f 100644
--- a/lib/plugins/authpdo/auth.php
+++ b/lib/plugins/authpdo/auth.php
@@ -38,7 +38,8 @@ class auth_plugin_authpdo extends DokuWiki_Auth_Plugin {
$this->getConf('user'),
$this->getConf('pass'),
array(
- PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
+ PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, // always fetch as array
+ PDO::ATTR_EMULATE_PREPARES => true, // emulating prepares allows us to reuse param names
)
);
} catch(PDOException $e) {
@@ -107,8 +108,11 @@ class auth_plugin_authpdo extends DokuWiki_Auth_Plugin {
$data = $this->_selectUser($user);
if($data == false) return false;
- if($requireGroups) {
+ if(isset($data['hash'])) unset($data['hash']);
+ if(isset($data['clean'])) unset($data['clean']);
+ if($requireGroups) {
+ $data['grps'] = $this->_selectUserGroups($data);
}
return $data;
@@ -304,20 +308,10 @@ class auth_plugin_authpdo extends DokuWiki_Auth_Plugin {
protected function _selectUser($user) {
$sql = $this->getConf('select-user');
- try {
- $sth = $this->pdo->prepare($sql);
- $sth->execute(array(':user' => $user));
- $result = $sth->fetchAll();
- $sth->closeCursor();
- $sth = null;
- } catch(PDOException $e) {
- $this->_debug($e);
- $result = array();
- }
- $found = count($result);
- if($found == 0) return false;
+ $result = $this->query($sql, array(':user' => $user));
+ if(!$result) return false;
- if($found > 1) {
+ if(count($result) > 1) {
$this->_debug('Found more than one matching user', -1, __LINE__);
return false;
}
@@ -346,6 +340,65 @@ class auth_plugin_authpdo extends DokuWiki_Auth_Plugin {
return $data;
}
+ /**
+ * Select all groups of a user
+ *
+ * @param array $userdata The userdata as returned by _selectUser()
+ * @return array
+ */
+ protected function _selectUserGroups($userdata) {
+ global $conf;
+ $sql = $this->getConf('select-user-groups');
+
+ $result = $this->query($sql, $userdata);
+
+ $groups = array($conf['defaultgroup']); // always add default config
+ if($result) foreach($result as $row) {
+ if(!isset($row['group'])) continue;
+ $groups[] = $row['group'];
+ }
+
+ $groups = array_unique($groups);
+ sort($groups);
+ return $groups;
+ }
+
+ /**
+ * Executes a query
+ *
+ * @param string $sql The SQL statement to execute
+ * @param array $arguments Named parameters to be used in the statement
+ * @return array|bool The result as associative array
+ */
+ protected function query($sql, $arguments) {
+ // prepare parameters - we only use those that exist in the SQL
+ $params = array();
+ foreach($arguments as $key => $value) {
+ if(is_array($value)) continue;
+ if(is_object($value)) continue;
+ if($key[0] != ':') $key = ":$key"; // prefix with colon if needed
+ if(strpos($sql, $key) !== false) $params[$key] = $value;
+ }
+
+ // execute
+ try {
+ $sth = $this->pdo->prepare($sql);
+ $sth->execute($params);
+ $result = $sth->fetchAll();
+ if((int) $sth->errorCode()) {
+ $this->_debug(join(' ',$sth->errorInfo()), -1, __LINE__);
+ $result = false;
+ }
+ $sth->closeCursor();
+ $sth = null;
+ } catch(PDOException $e) {
+ $this->_debug($e);
+ $result = false;
+ }
+ return $result;
+ }
+
+
/**
* Wrapper around msg() but outputs only when debug is enabled
*
diff --git a/lib/plugins/authpdo/conf/default.php b/lib/plugins/authpdo/conf/default.php
index 22f8369d0bb4c4648a45cbbea01d655c20888534..74a17c4eacb44a7d4736ca153b366ddfe6ddcc3f 100644
--- a/lib/plugins/authpdo/conf/default.php
+++ b/lib/plugins/authpdo/conf/default.php
@@ -13,9 +13,17 @@ $conf['user'] = '';
$conf['pass'] = '';
/**
- * statement to select a single user identified by its login name given as :user
+ * statement to select a single user identified by its login name
*
- * return; user, name, mail, (clear|hash), [uid]
- * other fields are returned but not used
+ * input: :user
+ * return: user, name, mail, (clear|hash), [uid], [*]
*/
$conf['select-user'] = '';
+
+/**
+ * Select all the group names a user is member of
+ *
+ * input: :user, [:uid], [*]
+ * return: group
+ */
+$conf['select-user-group'] = '';