Differences

This shows you the differences between two versions of the page.

--- plugin:authpdo:nextcloud [2017-11-05 13:38] – modified sql query to include email 27.34.20.143
+++ plugin:authpdo:nextcloud [2019-02-18 01:04] (current) – reinhold
@@ Line 2: / Line 2: @@
 ======Nextcloud======
-Configuration for [[plugin:authPDO]] plugin to authenticate with [[http://nextcloud.com|open-source private cloud system]].
+Configuration for [[plugin:authPDO]] plugin to authenticate with the [[http://nextcloud.com|Nextcloud open-source private cloud system]].
 ===== Scenario =====
-In this scenario, the intention is to permit the same users who are registered on Nextcloud (version 12) to make edits in the Wiki.  The wiki is not open to all.   Users must first have an account on Nextcloud, after which they can log into the wiki as well using the same credentials.
+In this scenario, the intention is to permit the same users who are registered on Nextcloud (version 12 / 15) to make edits in the Wiki.  The wiki is not open to all.   Users must first have an account on Nextcloud, after which they can log into the wiki as well using the same credentials.
-In this example, the Nextcloud release is version 12, running on PostgreSQL.
+In this example, the Nextcloud release is version 12, running on PostgreSQL. It was also tested on Nextcloud 15 with MariaDB / MySQL.
 Note that this does not give a 'single sign-on' experience, but simply enables a user to have the same username/password on both Nextcloud and the Dokuwiki installation.
-===== Modification of core files =====
-**Note that this requires a modification of a Dokuwiki core file (/inc/PassHash.class.php) that handles the hashing of passwords as Nextcloud joins a custom version notifier in front of a standard php password_hash().**
-Specifically these changes need to be done to PassHash.class.php:
-Somewhere around lines 54ff:
-<code php>
-elseif(preg_match('/^1\|\$2(a|y)\$(.{2})\$/', $hash, $m)) {
-    $method = 'nextcloud';
-    $salt   = $hash;
-}</code>
-This is the auto detection part that compares the first part of the hash string to the expected format with a regular expression.
-Then much further below the actual hash function:
-<code php>public function hash_nextcloud($clear, $salt = null, $compute = 10) {
-    $currentVersion = 1;
-    $options = [
-       'cost' => 10,
-    ];
-    return $currentVersion . '|' . password_hash($clear, PASSWORD_DEFAULT, $options);
-}</code>
-This is still untested, but should work I hope.
 ===== Plugin Configuration =====
 //This guide is a work in progress//
-**Note that this requires a modification of a Dokuwiki core file (/inc/PassHash.class.php) that handles the hashing of passwords as Nextcloud joins a custom version notifier in front of a standard php password_hash().**
+**Note that Nextcloud stores the password hash in the database with a hardcoded prefix '1|', so when retrieving the password from the database, this 2-character prefix needs to be removed. This can be done in the SQL query, there is no need to modify core files.**
 In the AuthPDO section, configure the following:
@@ Line 50: / Line 24: @@
 | plugin>authpdo>user   | <DB-USERNAME> |
 | plugin>authpdo>pass   | <DB-PASSWORD> |
-| plugin>authpdo>select-user   | SELECT uid AS user, password AS hash, displayname AS name, configvalue AS mail FROM oc_users LEFT JOIN oc_preferences ON oc_users.uid = oc_preferences.userid AND oc_preferences.appid = 'settings' AND oc_preferences.configkey = 'email' WHERE oc_users.uid=':user' (not really tested) |
+| plugin>authpdo>select-user   | <code>SELECT
-| plugin>authpdo>select-user-groups   | SELECT gid AS 'group', uid FROM nc_group_user WHERE uid=':user' (not tested) |
+    uid AS user,
+    SUBSTRING(password,3) AS hash,
+    displayname AS name,
+    configvalue AS mail
+FROM
+    oc_users LEFT JOIN oc_preferences
+ON
+    oc_users.uid = oc_preferences.userid AND
+    oc_preferences.appid = 'settings' AND
+    oc_preferences.configkey = 'email'
+WHERE
+    oc_users.uid = :user</code> |
+| plugin>authpdo>select-user-groups   | <code>SELECT gid AS 'group' FROM oc_group_user WHERE uid=:user</code> |
 | Other fields   | Leave empty |
-Note: Instead of using the same PostgreSQL user as Nextcloud, it might be advisable to create a new 'read-only' user as we will not be doing any writing to the Nextcloud database.
+Note: Make sure not to add quotes around :user, as the authpdo plugin will automatically wrap strings like the user id in quotes.
+Note2: Instead of using the same database user as Nextcloud, it might be advisable to create a new 'read-only' user as we will not be doing any writing to the Nextcloud database.
 In the Authentication section:
@@ Line 61: / Line 49: @@
 | passcrypt   | bcrypt |
 | defaultgroup   | ''users'' |
-| superuser   |  |
+| superuser   | ''@admin'' |
-| manager   |  |
+| manager   | (what ever group you have set up in NC that fits the bill) |
 | disableactions  | Uncheck everything to prevent users registering in Dokuwiki |
-Note: "passcrypt = bcrypt" doesn't really matter as we will not be doing any writing into the database, and for reading the type is auto-detected (see code above). If you want to do this more likely more corefile modifications are necessary.
+Note: "passcrypt = bcrypt" doesn't really matter as we will not be doing any writing into the database, and for reading the type is auto-detected (see code above).