<?php
/** DomFramework
    @package domframework
    @author Dominique Fournier <dominique@fournier38.fr> */

require_once ("domframework/auth.php");
/** User authentication against SYMPA server
    Sympa is a mailling list server. It can handle authentication with
    - a username (a email adress)
    - a password
    - a list to check if the user is recorded in
    - a Sympa SOAP server WSDL
    - the part of list which should be test : subscriber, owner, editor
    It use the SOAP protocol. So the PHP SOAP library is needed and the network
    must be open between the Web server and the Sympa server.
POC :
$auth = new authsympa ();
$auth->wsdl = "https://lists.domain.tld/sympa/wsdl";
$auth->list = "listtest@lists.domain.tld";
$auth->connect ();
var_dump ($auth->authentication ("user@domain.tld", "Pa$$word!"));
*/
class authsympa extends auth
{
  /** URL of the WSDL Sympa server */
  public $wsdl = null;
  /** Mailling list to be checked if user is present */
  public $list = null;
  /** Function of the user in the mailling list
      can be subscriber, owner, editor */
  public $function = "subscriber";

  /** Soap Client identifier */
  private $client = null;
  /** Temporary auth key used betwwen commands */
  private $authkey = null;
  /** Email of the user if the authentication is correct */
  private $details = null;

  /** Check if the SOAP module is available in PHP */
  public function __construct ()
  {
    if (! class_exists ("SoapClient"))
      throw new Exception (dgettext("domframework",
                           "No SOAP PHP library available"), 500);
  }

  /** Connect to the Sympa server */
  public function connect ()
  {
    if ($this->wsdl === null)
      throw new Exception (dgettext("domframework",
                           "No WSDL provided to Sympa auth"), 401);
    $this->client = new SoapClient($this->wsdl);
  }

  /** Try to authenticate the email/password of the user
      @param string $email Email to authenticate
      @param string $password Password to authenticate */
  public function authentication ($email, $password)
  {
    if ($this->client === null)
      throw new Exception (dgettext("domframework",
                           "The SOAP connection is not opened"), 401);
    if ($this->list === null)
      throw new Exception (dgettext("domframework",
                           "The list to check is not defined"), 401);
    $this->authkey = $this->client->login ($email, $password);
    if ($this->authkey === null)
      throw new Exception (dgettext("domframework",
                       "Can't connect with provided email/password to sympa"),
                       401);
    $rc = $this->client->authenticateAndRun ($email, $this->authkey,
                      'amI', array ($this->list, $this->function, $email));
    if ($rc === null)
      return FALSE;
    $this->details = array ("email"=>$email);
    return $rc;
  }

  /** Return all the parameters recorded for the authenticate user */
  public function getdetails ()
  {
    return $this->details;
  }

  /** Method to change the password
      @param string $oldpassword The old password (to check if the user have the
         rights to change the password)
      @param string $newpassword The new password to be recorded */
  public function changepassword ($oldpassword, $newpassword)
  {
    throw new Exception (dgettext("domframework",
                         "The password can't be change for SYMPA users"),
                         405);
  }

  /** Method to overwrite the password (without oldpassword check)
      Must be reserved to the administrators. For the users, use changepassword
      method
      @param string $email the user identifier to select
      @param string $newpassword The new password to be recorded */
  public function overwritepassword ($email, $newpassword)
  {
    throw new exception (dgettext("domframework",
                         "The password can't be overwrite for Sympa users"),
                         405);
  }
}