From 87c83e1712bbe1abd9ebbc9da327aa71da0ea8ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jordi=20Pujol=20Ahull=C3=B3=20=2832=2E1=29?= Date: Thu, 17 Oct 2013 19:00:08 +0200 Subject: [PATCH] moodle-auth_ip: initial commit. --- README.md | 49 ++++++++++++- auth.php | 165 ++++++++++++++++++++++++++++++++++++++++++++ config.html | 52 ++++++++++++++ lang/ca/auth_ip.php | 33 +++++++++ lang/en/auth_ip.php | 33 +++++++++ lang/es/auth_ip.php | 33 +++++++++ version.php | 33 +++++++++ 7 files changed, 395 insertions(+), 3 deletions(-) create mode 100755 auth.php create mode 100755 config.html create mode 100644 lang/ca/auth_ip.php create mode 100644 lang/en/auth_ip.php create mode 100644 lang/es/auth_ip.php create mode 100644 version.php diff --git a/README.md b/README.md index 6955af2..d344a68 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,47 @@ -moodle-auth_ip -============== +Authentication plugin restricted by IP +=== + +This authentication plugin helps to manage manual accounts being accessed only +by the list of restricted IPs. + + +Installation +--- + +Install it as usual: +* Download it (via zip or git) into MOODLE/auth/ip +* Log in into Moodle +* Go to "Notifications" +* Set up the list of IPs enabled to access to your Moodle. +* Save changes. +* Go to Administration->Plugins->Authentication->Manage plugins +* Enable plugin "Authentication by IP". + + +Usage +--- + +Setting this authentication type to a user: +* Go to a user profile. +* Set the authentication type "Authentication by IP" + +Updating the list of restricted IPs: +* Go to Administration->Plugins->Authentication->Manage plugins +* Update the list of IPs + +NOTE: After updating the list of IPs, an email will be sent to the administrator email, +just for security. + + +License +--- + +It is released as GPL v3. + +Authors: + +* Robert Boloc +* Jordi Pujol-Ahulló + +Copyright 2013 onwards Servei de Recursos Educatius (http://www.sre.urv.cat) -Manual authentication plugin that prevents access to your Moodle from different IPs than those allowed. diff --git a/auth.php b/auth.php new file mode 100755 index 0000000..eea0325 --- /dev/null +++ b/auth.php @@ -0,0 +1,165 @@ +. + +/** + * auth.php - IP authentication plugin. + * + * This plugin allows access for only the given IPs. + * + * @package auth + * @subpackage ip + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @author Robert Boloc + * @author Jordi Pujol-Ahulló + * @copyright 2013 onwards Servei de Recursos Educatius (http://www.sre.urv.cat) + */ + +defined('MOODLE_INTERNAL') || die(); + +global $CFG; + +require_once($CFG->libdir.'/authlib.php'); + +/** + * Auth plugin to allow login only from restricted IPs. + */ +class auth_plugin_ip extends auth_plugin_base { + + /** + * Constructor + */ + function __construct() { + $this->authtype = 'ip'; + $this->config = get_config('auth_ip'); + } + + /** + * Tells a login success when the user is logged in correctly and from one of the given IPs. + * Cannot login when username and password are not correct, or from other IPs than those restricted ones. + * + * @param string $username username + * @param string $password password + * @return bool + */ + function user_login($username, $password) { + global $DB, $CFG; + if (($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id)))) { + $valid_ips = explode(',', $this->config->valid_ips); + //check if IP is one of the restricted ones. + if (isset($_SERVER['REMOTE_ADDR']) && in_array($_SERVER['REMOTE_ADDR'], $valid_ips)) { + return validate_internal_user_password($user, $password); + } else { + return false; + } + } + // if no valid username, we do not allow to create a new user using this auth type. + return false; + } + + /** + * Updates the user's password. + * + * called when the user password is updated. + * + * @param object $user User table object (with system magic quotes) + * @param string $newpassword Plaintext password (with system magic quotes) + * @return boolean result + * + */ + function user_update_password($user, $newpassword) { + $user = get_complete_user_data('id', $user->id); + return update_internal_user_password($user, $newpassword); + } + + function prevent_local_passwords() { + return false; + } + + /** + * Returns true if this authentication plugin is 'internal'. + * + * @return bool + */ + function is_internal() { + return false; + } + + /** + * Returns true if this authentication plugin can change the user's + * password. + * + * @return bool + */ + function can_change_password() { + return true; + } + + /** + * Returns the URL for changing the user's pw, or empty if the default can + * be used. + * + * @return string + */ + function change_password_url() { + return ''; + } + + /** + * Returns true if plugin allows resetting of internal password. + * + * @return bool + */ + function can_reset_password() { + return true; + } + + /** + * Prints a form for configuring this authentication plugin. + * + * This function is called from admin/auth.php, and outputs a full page with + * a form for configuring this plugin. + * + * @param array $page An object containing all the data for this page. + */ + function config_form($config, $err, $user_fields) { + include "config.html"; + } + + /** + * Updates the list of IPs and sends a notification by email. + * + * @param object $config configuration settings + * @return boolean always true. + */ + function process_config($config) { + + global $CFG; + + // set to defaults if undefined + if (!isset ($config->valid_ips)) { + $config->valid_ips = ''; + } + + //saving new configuration settings + set_config('valid_ips', str_replace(' ', '', $config->valid_ips), 'auth_ip'); + + //notify administrator for the settings changed for security. + mail($CFG->supportemail, get_string('auth_ipmailsubject', 'auth_ip'), + get_string('auth_ipmailtext', 'auth_ip').' : '.$config->valid_ips); + + return true; + } +} diff --git a/config.html b/config.html new file mode 100755 index 0000000..86b4240 --- /dev/null +++ b/config.html @@ -0,0 +1,52 @@ +. + +/** + * Configuration settings form + * + * @package auth + * @subpackage ip + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @author Robert Boloc + * @author Jordi Pujol-Ahulló + * @copyright 2013 onwards Servei de Recursos Educatius (http://www.sre.urv.cat) + */ + + +// set to defaults if undefined +if (!isset($config->valid_ips)) { + $config->valid_ips = ''; +} + +?> + + + + + + + +
+ +
+ +
+ diff --git a/lang/ca/auth_ip.php b/lang/ca/auth_ip.php new file mode 100644 index 0000000..47ab9a8 --- /dev/null +++ b/lang/ca/auth_ip.php @@ -0,0 +1,33 @@ +. + +/** + * Catalan strings + * + * @package auth + * @subpackage ip + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @author Robert Boloc + * @author Jordi Pujol-Ahulló + * @copyright 2013 onwards Servei de Recursos Educatius (http://www.sre.urv.cat) + */ + +$string['auth_ipdescription'] = 'Plugin d\'autenticació restringit per IP'; +$string['auth_ipexampleips'] = 'Llista d\'IPs separada per comes. Exemples: X.X.X.X o X.X.X.X,Y.Y.Y.Y'; +$string['auth_ipmailsubject'] = 'Plugin autenticació restringit per IP: IPs canviades'; +$string['auth_ipmailtext'] = 'S\'han actualitzat les IPs acceptades pel plugin d\'autenticació restringit per IP'; +$string['auth_ipvalidips'] = 'IPs vàlides'; +$string['pluginname'] = 'Autenticació per IP'; diff --git a/lang/en/auth_ip.php b/lang/en/auth_ip.php new file mode 100644 index 0000000..231f041 --- /dev/null +++ b/lang/en/auth_ip.php @@ -0,0 +1,33 @@ +. + +/** + * English strings + * + * @package auth + * @subpackage ip + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @author Robert Boloc + * @author Jordi Pujol-Ahulló + * @copyright 2013 onwards Servei de Recursos Educatius (http://www.sre.urv.cat) + */ + +$string['auth_ipdescription'] = 'Auth plugin restricting login by the given IPs'; +$string['auth_ipexampleips'] = 'List of IPs in comma-separated format. Examples: X.X.X.X o X.X.X.X,Y.Y.Y.Y'; +$string['auth_ipmailsubject'] = 'IPs changed on authentication plugin by IP'; +$string['auth_ipmailtext'] = 'Accepted IPs for the authentication plugin by IP have been updated.'; +$string['auth_ipvalidips'] = 'Valid IPs'; +$string['pluginname'] = 'Authentication by IP'; diff --git a/lang/es/auth_ip.php b/lang/es/auth_ip.php new file mode 100644 index 0000000..bc2fa13 --- /dev/null +++ b/lang/es/auth_ip.php @@ -0,0 +1,33 @@ +. + +/** + * Spanish strings + * + * @package auth + * @subpackage ip + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @author Robert Boloc + * @author Jordi Pujol-Ahulló + * @copyright 2013 onwards Servei de Recursos Educatius (http://www.sre.urv.cat) + */ + +$string['auth_ipdescription'] = 'Plugin de autenticación restringido por IP'; +$string['auth_ipexampleips'] = 'Lista de IPs separada por comas. Ejemplos: X.X.X.X o X.X.X.X,Y.Y.Y.Y'; +$string['auth_ipmailsubject'] = 'Plugin de autenticación restringido por IP: IPs canviadas'; +$string['auth_ipmailtext'] = 'Se han actualizado las IPs aceptadas por el plugin de autenticación restringido por IP'; +$string['auth_ipvalidips'] = 'IPs válidas'; +$string['pluginname'] = 'Autenticación por IP'; diff --git a/version.php b/version.php new file mode 100644 index 0000000..6fcb6ad --- /dev/null +++ b/version.php @@ -0,0 +1,33 @@ +. + +/** + * Version details + * + * @package auth + * @subpackage ip + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @author Robert Boloc + * @author Jordi Pujol-Ahulló + * @copyright 2013 onwards Servei de Recursos Educatius (http://www.sre.urv.cat) + */ + +defined('MOODLE_INTERNAL') || die(); + +$plugin->version = 2013072411; // The current plugin version (Date: YYYYMMDDXX) +$plugin->requires = 2012112900; // Requires this Moodle version +$plugin->component = 'auth_ip'; // Full name of the plugin (used for diagnostics) +