Skip to content
Permalink
Browse files

Initial release of plugin

  • Loading branch information...
cornelinux committed Oct 20, 2013
1 parent 1d7ab7e commit acb32405008ea542931897bd09e9c60d94f0c63b
Showing with 128 additions and 3 deletions.
  1. +18 −3 README.md
  2. +84 −0 auth.php
  3. +6 −0 conf/default.php
  4. +6 −0 conf/metadata.php
  5. +7 −0 lang/en/settings.php
  6. +7 −0 plugin.info.txt
@@ -1,4 +1,19 @@
authlinotp
==========
Description
===========
DokuWiki Auth Plugin to work with LinOTP.

authentication plugin for dokuwiki to do two factori authentication against LinOTP
Using this plugin you can authenticate the dokuwiki users gainst LinOTP.
The users themselves and their access rights are still managed within dokuwiki.
At the moment you need to create a useridresolver in LinOTP, that holds the same users
like the users in dokuwiki.

Then activate the plugi.
Configure necessary plugin settings like:

* URL of your LinOTP server
* The users realm
* whether or not the SSL certificate should be checked...

...and select the plugin as active plugin.

Now you can login with the tokens enrolled in LinOTP for the users.
@@ -0,0 +1,84 @@
<?php
// must be run within Dokuwiki
if(!defined('DOKU_INC')) die();
/**
* LinOTP Authentication backend
*
* @author corny@cornelinux.de
*/
class auth_plugin_authlinotp extends auth_plugin_authplain {
public function __construct() {
parent::__construct();
$this->success = true;
}
public function checkPass($user, $pass) {
assert(is_string($user));
assert(is_string($pass));
$userinfo = $this->getUserData($user);
$status = False;
$value = False;
if($userinfo === false) return false;
if (!function_exists('curl_init')){
die('Sorry cURL is not installed!');
}
$escPassword = urlencode($pass);
$escUsername = urlencode($user);
dbglog("Starting linotp auth with " . $escUsername . " and " . $escPassword);
try {
$crl = curl_init();
$timeout = 5;
$linotp_url = $this->getConf("linotp_url");
$linotp_realm = $this->getConf("linotp_realm");
$linotp_verify = $this->getConf("linotp_verify");
$timeout = $this->getConf("linotp_timeout");
$url = $linotp_url . '?user=' . $escUsername . '&pass=' . $escPassword;
if ($linotp_realm != "") {
$url = $url . "&realm=" . $linotp_realm;
}
curl_setopt ($crl, CURLOPT_URL, $url);
curl_setopt ($crl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt ($crl, CURLOPT_HEADER, TRUE);
curl_setopt ($crl, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt ($crl, CURLOPT_SSL_VERIFYPEER, $linotp_verify);
curl_setopt ($crl, CURLOPT_SSL_VERIFYHOST, $linotp_verify);
dbglog("About to execute curl for url ". $url);
$response = curl_exec($crl);
dbglog("Got response " . $response);
$header_size = curl_getinfo($crl, CURLINFO_HEADER_SIZE);
$body = json_decode(substr( $response, $header_size ));
$status = $body->result->status;
$value = $body->result->value;
curl_close($crl);
}
catch (Exception $e)
{
die("Something went wrong: " + $e);
}
return $value;
}
}
?>
@@ -0,0 +1,6 @@
<?php
$conf["linotp_url"] = 'https://localhost/validate/check';
$conf["linotp_realm"] = '';
$conf["linotp_verify"] = 0;
$conf["linotp_timeout"] = 5;
?>
@@ -0,0 +1,6 @@
<?php
$meta["linotp_url"] = array('string');
$meta["linotp_timeout"] = array('numeric');
$meta["linotp_realm"] = array('string');
$meta["linotp_verify"] = array('onoff');
?>
@@ -0,0 +1,7 @@
<?php
$lang["linotp_url"] = 'Validation URL of the LinOTP service';
$lang["linotp_timeout"] = 'Timeout when contacting the LinOTP server';
$lang["linotp_realm"] = 'The realm of the user';
$lang["linotp_verify"] = 'Verify the SSL certificate of the LinOTP server';
?>
@@ -0,0 +1,7 @@
base linotp
author Cornelius Kölbel
email corny@cornelinux.de
date 2013-10-19
name LinOTP Authentication Plugin
desc LinOTP Authentication Plugin allows to sign in to DokuWiki using 2FA with LinOTP
url http://www.linotp.org

0 comments on commit acb3240

Please sign in to comment.
You can’t perform that action at this time.