diff options
| -rw-r--r-- | inc/Extension/AuthPlugin.php | 11 | ||||
| -rw-r--r-- | inc/Remote/ApiCore.php | 4 | ||||
| -rw-r--r-- | inc/auth.php | 12 |
3 files changed, 18 insertions, 9 deletions
diff --git a/inc/Extension/AuthPlugin.php b/inc/Extension/AuthPlugin.php index 2123e1320..4b75fba95 100644 --- a/inc/Extension/AuthPlugin.php +++ b/inc/Extension/AuthPlugin.php @@ -165,9 +165,11 @@ abstract class AuthPlugin extends Plugin * * If this function is implemented it will be used to * authenticate a user - all other DokuWiki internals - * will not be used for authenticating, thus - * implementing the checkPass() function is not needed - * anymore. + * will not be used for authenticating (except this + * function returns null, in which case, DokuWiki will + * still run auth_login as a fallback, which may call + * checkPass()). If this function is not returning null, + * implementing checkPass() is not needed here anymore. * * The function can be used to authenticate against third * party cookies or Apache auth mechanisms and replaces @@ -189,7 +191,8 @@ abstract class AuthPlugin extends Plugin * @param string $user Username * @param string $pass Cleartext Password * @param bool $sticky Cookie should not expire - * @return bool true on successful auth + * @return bool true on successful auth, + * null on unknown result (fallback to checkPass) */ public function trustExternal($user, $pass, $sticky = false) { diff --git a/inc/Remote/ApiCore.php b/inc/Remote/ApiCore.php index ffee37acf..3aa7861f4 100644 --- a/inc/Remote/ApiCore.php +++ b/inc/Remote/ApiCore.php @@ -972,9 +972,11 @@ class ApiCore if (!$auth) return 0; @session_start(); // reopen session for login + $ok = null; if ($auth->canDo('external')) { $ok = $auth->trustExternal($user, $pass, false); - } else { + } + if ($ok === null){ $evdata = array( 'user' => $user, 'password' => $pass, diff --git a/inc/auth.php b/inc/auth.php index 0630a76f0..28c4a793e 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -100,10 +100,14 @@ function auth_setup() { $INPUT->set('p', stripctl($INPUT->str('p'))); } - if(!is_null($auth) && $auth->canDo('external')) { - // external trust mechanism in place - $auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r')); - } else { + $ok = null; + if (!is_null($auth) && $auth->canDo('external')) { + $ok = $auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r')); + } + + if ($ok === null) { + // external trust mechanism not in place, or returns no result, + // then attempt auth_login $evdata = array( 'user' => $INPUT->str('u'), 'password' => $INPUT->str('p'), |