Upload folder via GUI - includes

2026-06-05 22:23:21 +02:00
parent 54170fa514
commit 5d6c2d73be
4 changed files with 534 additions and 0 deletions
--- a/includes/user.php
+++ b/includes/user.php
@@ -0,0 +1,149 @@
+<?php
+if ( ! defined( 'ABSPATH' ) ) exit;
+
+/**
+ * Findet oder erstellt einen WordPress-User anhand der Authentik-Userinfo.
+ */
+function authentik_find_or_create_user( $userinfo ) {
+    $s          = authentik_get_settings();
+    $subject    = $userinfo['sub'] ?? '';
+    $email      = $userinfo['email'] ?? '';
+    $username   = $userinfo['preferred_username'] ?? $userinfo['name'] ?? '';
+    $groups     = $userinfo['groups'] ?? [];
+
+    if ( empty( $subject ) ) {
+        return new WP_Error( 'no_sub', 'Kein Subject im Token.' );
+    }
+
+    // 1. Suche per gespeicherter Subject-ID (zuverlässigste Methode)
+    $user = authentik_find_user_by_subject( $subject );
+
+    // 2. Verknüpfe bestehenden User per E-Mail
+    if ( ! $user && $s['link_existing'] && $email ) {
+        $user = get_user_by( 'email', $email );
+        if ( $user ) {
+            update_user_meta( $user->ID, 'authentik_subject', $subject );
+        }
+    }
+
+    // 3. Verknüpfe bestehenden User per Benutzername
+    if ( ! $user && $s['link_existing'] && $username ) {
+        $user = get_user_by( 'login', $username );
+        if ( $user ) {
+            update_user_meta( $user->ID, 'authentik_subject', $subject );
+        }
+    }
+
+    // 4. Neuen User erstellen
+    if ( ! $user ) {
+        if ( ! $s['create_users'] ) {
+            return new WP_Error( 'user_not_found', 'Kein passender WordPress-Account gefunden.' );
+        }
+
+        $user_login = sanitize_user( $username ?: explode( '@', $email )[0] );
+        // Sicherstellen dass Benutzername einzigartig ist
+        if ( username_exists( $user_login ) ) {
+            $user_login = $user_login . '_' . substr( $subject, 0, 6 );
+        }
+
+        $user_id = wp_insert_user( [
+            'user_login' => $user_login,
+            'user_email' => $email,
+            'user_pass'  => wp_generate_password( 32 ),
+            'display_name' => $userinfo['name'] ?? $user_login,
+            'role'       => $s['default_role'],
+        ] );
+
+        if ( is_wp_error( $user_id ) ) {
+            return $user_id;
+        }
+
+        update_user_meta( $user_id, 'authentik_subject', $subject );
+        $user = get_user_by( 'ID', $user_id );
+    }
+
+    // 5. Rollen synchronisieren
+    if ( $s['sync_roles'] && $user ) {
+        authentik_sync_roles( $user, $groups, $s );
+    }
+
+    return $user;
+}
+
+function authentik_find_user_by_subject( $subject ) {
+    $users = get_users( [
+        'meta_key'   => 'authentik_subject',
+        'meta_value' => $subject,
+        'number'     => 1,
+    ] );
+    return ! empty( $users ) ? $users[0] : null;
+}
+
+function authentik_sync_roles( $user, $groups, $s ) {
+    $admin_group = $s['admin_group'];
+
+    if ( $admin_group && in_array( $admin_group, $groups, true ) ) {
+        $user->set_role( 'administrator' );
+    } else {
+        // Mappe Authentik-Gruppen auf WordPress-Rollen
+        $role_map = [
+            'wordpress_editor'      => 'editor',
+            'wordpress_author'      => 'author',
+            'wordpress_contributor' => 'contributor',
+            'wordpress_subscriber'  => 'subscriber',
+        ];
+
+        $assigned = false;
+        foreach ( $role_map as $group => $role ) {
+            if ( in_array( $group, $groups, true ) ) {
+                $user->set_role( $role );
+                $assigned = true;
+                break;
+            }
+        }
+
+        if ( ! $assigned ) {
+            // Behalte aktuelle Rolle wenn keine Gruppe passt
+        }
+    }
+}
+
+// Profilseite: Verknüpfungsstatus anzeigen
+add_action( 'show_user_profile', 'authentik_show_link_status' );
+add_action( 'edit_user_profile', 'authentik_show_link_status' );
+function authentik_show_link_status( $user ) {
+    $subject = get_user_meta( $user->ID, 'authentik_subject', true );
+    ?>
+    <h3>Authentik-Verknüpfung</h3>
+    <table class="form-table">
+        <tr>
+            <th>Status</th>
+            <td>
+                <?php if ( $subject ) : ?>
+                    <span style="color:green;">✓ Verknüpft</span>
+                    <p class="description">Subject: <code><?php echo esc_html( $subject ); ?></code></p>
+                    <a href="<?php echo esc_url( wp_nonce_url( admin_url( 'admin-post.php?action=authentik_unlink&user_id=' . $user->ID ), 'authentik_unlink_' . $user->ID ) ); ?>" class="button button-small">Verknüpfung aufheben</a>
+                <?php else : ?>
+                    <span style="color:orange;">✗ Nicht verknüpft</span>
+                    <p class="description">Beim nächsten Authentik-Login wird dieser Account automatisch verknüpft (wenn E-Mail oder Benutzername übereinstimmt).</p>
+                <?php endif; ?>
+            </td>
+        </tr>
+    </table>
+    <?php
+}
+
+// Verknüpfung aufheben
+add_action( 'admin_post_authentik_unlink', 'authentik_handle_unlink' );
+function authentik_handle_unlink() {
+    $user_id = (int) $_GET['user_id'];
+    check_admin_referer( 'authentik_unlink_' . $user_id );
+
+    if ( ! current_user_can( 'edit_user', $user_id ) ) {
+        wp_die( 'Keine Berechtigung.' );
+    }
+
+    delete_user_meta( $user_id, 'authentik_subject' );
+    wp_redirect( admin_url( 'user-edit.php?user_id=' . $user_id . '&authentik_unlinked=1' ) );
+    exit;
+}