API: move create/delete user calls to usermanager

This only moves the calls. A proper refactoring of the user manager
would make sense:

1) introduce a helper component covering the basic operations including
   proper error signalling using Exceptions
2) refactor admin and cli components to make use of 1)
3) make the operations in 1) available via the API

1 files changed, 102 insertions, 0 deletions

diff --git a/lib/plugins/usermanager/remote.php b/lib/plugins/usermanager/remote.php
new file mode 100644
index 000000000..5db4a54f9
--- /dev/null
+++ b/lib/plugins/usermanager/remote.php
@@ -0,0 +1,102 @@
+<?php
+
+use dokuwiki\Extension\AuthPlugin;
+use dokuwiki\Extension\RemotePlugin;
+use dokuwiki\Remote\AccessDeniedException;
+use dokuwiki\Remote\RemoteException;
+
+/**
+ * DokuWiki Plugin usermanager (Action Component)
+ *
+ * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
+ * @author Chris Smith <chris@jalakai.co.uk>
+ */
+class remote_plugin_usermanager extends RemotePlugin
+{
+
+    /**
+     * Create a new user
+     *
+     * If no password is provided, a password is auto generated. If the user can't be created
+     * by the auth backend a return value of `false` is returned. You need to check this return
+     * value rather than relying on the error code only.
+     *
+     * Superuser permission are required to create users.
+     *
+     * @param string $user The user's login name
+     * @param string $name The user's full name
+     * @param string $mail The user's email address
+     * @param string[] $groups The groups the user should be in
+     * @param string $password The user's password, empty for autogeneration
+     * @param bool $notify Whether to send a notification email to the user
+     * @return bool Wether the user was successfully created
+     * @throws AccessDeniedException
+     * @throws RemoteException
+     * @todo handle error messages from auth backend
+     */
+    public function createUser($user, $name, $mail, $groups, $password = '', $notify = false)
+    {
+        if (!auth_isadmin()) {
+            throw new AccessDeniedException('Only admins are allowed to create users', 114);
+        }
+
+        /** @var AuthPlugin $auth */
+        global $auth;
+
+        if (!$auth->canDo('addUser')) {
+            throw new AccessDeniedException(
+                sprintf('Authentication backend %s can\'t do addUser', $auth->getPluginName()),
+                114
+            );
+        }
+
+        $user = trim($auth->cleanUser($user));
+        $name = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $name));
+        $mail = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $mail));
+
+        if ($user === '') throw new RemoteException('empty or invalid user', 401);
+        if ($name === '') throw new RemoteException('empty or invalid user name', 402);
+        if (!mail_isvalid($mail)) throw new RemoteException('empty or invalid mail address', 403);
+
+        if ((string)$password === '') {
+            try {
+                $password = auth_pwgen($user);
+            } catch (\Exception $e) {
+                throw new RemoteException('Could not generate password', 404); // FIXME adjust code
+            }
+        }
+
+        if (!is_array($groups) || $groups === []) {
+            $groups = null;
+        }
+
+        $ok = (bool)$auth->triggerUserMod('create', [$user, $password, $name, $mail, $groups]);
+
+        if ($ok && $notify) {
+            auth_sendPassword($user, $password);
+        }
+
+        return $ok;
+    }
+
+
+    /**
+     * Remove a user
+     *
+     * You need to be a superuser to delete users.
+     *
+     * @param string[] $user The login name of the user to delete
+     * @return bool wether the user was successfully deleted
+     * @throws AccessDeniedException
+     * @todo handle error messages from auth backend
+     */
+    public function deleteUser($user)
+    {
+        if (!auth_isadmin()) {
+            throw new AccessDeniedException('Only admins are allowed to delete users', 114);
+        }
+        /** @var AuthPlugin $auth */
+        global $auth;
+        return (bool)$auth->triggerUserMod('delete', [[$user]]);
+    }
+}