-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathApiSync.php
121 lines (109 loc) · 4.3 KB
/
ApiSync.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/**
* @copyright Copyright (c) 2018, AMIV an der ETH
*
* @author Sandro Lutz <[email protected]>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
if ( !defined( 'MEDIAWIKI' )) {
die('This is a MediaWiki extension, and must be run from within MediaWiki.');
}
class ApiSync {
/**
* Sync user information and group memberships with the given user
*
* @param dict $apiUser
* @return \User local user if user has enough permissions; null otherwise
*/
public static function syncUser($apiUser) {
global $wgAmivAuthenticationUserGroups, $wgAmivAuthenticationAdditionalGroups, $wgAmivAuthenticationSysopGroups;
$userGroups = $wgAmivAuthenticationUserGroups;
$additionalGroups = $wgAmivAuthenticationAdditionalGroups;
$sysopGroups = $wgAmivAuthenticationSysopGroups;
$groupIds = array_merge([], $userGroups, array_keys($additionalGroups), $sysopGroups);
$groupmemberships = self::getApiUserGroupmemberships($apiUser, $groupIds);
// User is not allowed to access the wiki
if (count($groupmemberships) === 0) return null;
// Create user
if ($apiUser->nethz && strlen($apiUser->nethz) > 0) {
$name = $apiUser->nethz;
} else {
$name = $apiUser->email;
}
$user = ApiSync::getOrCreateUser($apiUser->_id, User::getCanonicalName($name, 'usable'));
// sync user information
$user->setRealName($apiUser->firstname .' ' .$apiUser->lastname);
$user->setEmail($apiUser->email);
$user->confirmEmail();
$user->setPassword(null);
$user->saveSettings();
// Update group memberships
$groupsAdded = [];
foreach ($groupmemberships as $item) {
if (in_array($item->group, $additionalGroups)) {
list($httpcode, $response) = ApiUtil::get('groups/' .$item->group);
if ($httpcode == 200) {
$groupName = $response->name;
$user->addGroup($groupName);
$groupsAdded[] = $groupName;
}
} else if (in_array($item->group, $sysopGroups)) {
$user->addGroup('sysop');
$groupsAdded[] = 'sysop';
}
}
$localGroups = $user->getGroups();
foreach ($localGroups as $group) {
if (!in_array($group, $groupsAdded)) {
var_dump($group);
$user->removeGroup($group);
}
}
return $user;
}
private static function getApiUserGroupmemberships($apiUser, $groupIds) {
list($httpcode, $response) = ApiUtil::get('groupmemberships?where={"user":"' .$apiUser->_id .'","group":{"$in":' .json_encode($groupIds) .'}}');
if ($httpcode == 200) {
return $response->_items;
}
return [];
}
/** Get or create a local user based on the API user id or on the given name */
private static function getOrCreateUser($apiUserId, $name) {
$db = AmivAuthenticationDB::getInstance();
$localUserId = $db->getLocalUserId($apiUserId);
if ($localUserId) {
// User already linked with a local account
return User::newFromId($localUserId);
}
$user = User::newFromName($name, 'creatable');
if (false === $user || $user->getId() != 0) {
if (false === $user) {
throw new MWException('Unable to create user.');
}
}
if (!$user->isLoggedIn()) {
// [New in MW 1.27]
// User does not exist,
// so we need to add them to the DB before changing fields.
$user->addToDatabase();
}
// add link to api user
$db->createOrUpdateEntry($user->getId(), $apiUserId);
return $user;
}
}