Cicalese has uploaded a new change for review.
https://gerrit.wikimedia.org/r/312702
Change subject: Revert "Update for MW 1.27"
......................................................................
Revert "Update for MW 1.27"
This reverts commit 5d7344f39f31e6bc8cb3afd1f380f490d326727e.
Change-Id: I3451cd630ae62313a78e08c2b2d6fba5797d5d2a
---
A PluggableAuth.class.php
A PluggableAuth.i18n.php
M PluggableAuth.php
D PluggableAuthBeginAuthenticationRequest.php
D PluggableAuthContinueAuthenticationRequest.php
A PluggableAuthLogin.class.php
D PluggableAuthLogin.php
R PluggableAuthNotAuthorized.class.php
D PluggableAuthPrimaryAuthenticationProvider.php
D extension.json
10 files changed, 497 insertions(+), 485 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/PluggableAuth
refs/changes/02/312702/1
diff --git a/PluggableAuth.class.php b/PluggableAuth.class.php
new file mode 100644
index 0000000..b3ec2d6
--- /dev/null
+++ b/PluggableAuth.class.php
@@ -0,0 +1,358 @@
+<?php
+
+/*
+ * Copyright (c) 2015 The MITRE Corporation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+abstract class PluggableAuth {
+
+ /**
+ * Implements UserLoadFromSession hook.
+ * See https://www.mediawiki.org/wiki/Manual:Hooks/UserLoadFromSession
+ *
+ * @since 1.0
+ *
+ * @param User $user
+ * @param &$result
+ */
+ public static function userLoadFromSession( User $user = null,
+ &$result = null ) {
+
+ //
http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes
+
+ if ( !isset( $GLOBALS['PluggableAuth_Timeout'] ) ) {
+ $GLOBALS['PluggableAuth_Timeout'] = 1800;
+ }
+
+ if ( $GLOBALS['PluggableAuth_Timeout'] > 0 ) {
+
+ if ( session_id() == '' ) {
+ wfSetupSession();
+ }
+
+ $time = time();
+
+ if ( isset( $_SESSION['LAST_ACTIVITY'] ) &&
+ ( $time - $_SESSION['LAST_ACTIVITY'] >
+ $GLOBALS['PluggableAuth_Timeout'] ) ) {
+ $session_variable = wfWikiID() . "_userid";
+ if ( array_key_exists( $session_variable,
$_SESSION ) ) {
+ $user->mId =
$_SESSION[$session_variable];
+ if ( $user->loadFromId() ) {
+ self::logout( $user );
+ } else{
+ session_unset();
+ session_destroy();
+ }
+ } else {
+ session_unset();
+ session_destroy();
+ }
+ wfDebug( "Session timed out." . PHP_EOL );
+ }
+ $_SESSION['LAST_ACTIVITY'] = $time;
+
+ if ( !isset( $_SESSION['CREATED'] ) ) {
+ $_SESSION['CREATED'] = $time;
+ } elseif ( $time - $_SESSION['CREATED'] >
+ $GLOBALS['PluggableAuth_Timeout'] ) {
+ session_regenerate_id( true );
+ $_SESSION['CREATED'] = $time;
+ wfDebug( "Session regenerated." . PHP_EOL );
+ }
+
+ }
+
+ if ( session_id() == '' ) {
+ wfSetupSession();
+ }
+
+ $session_variable = wfWikiID() . "_userid";
+ if ( array_key_exists( $session_variable, $_SESSION ) ) {
+ $user->mId = $_SESSION[$session_variable];
+ if ( $user->loadFromId() ) {
+ $result = true;
+ return false;
+ }
+ }
+
+ if ( isset( $GLOBALS['PluggableAuth_AutoLogin'] ) &&
+ $GLOBALS['PluggableAuth_AutoLogin'] ) {
+
+ $session_variable = wfWikiID() . "_returnto";
+ if ( ( !array_key_exists( $session_variable, $_SESSION
) ||
+ $_SESSION[$session_variable] === null ) &&
+ array_key_exists( 'title', $_REQUEST ) ) {
+ $_SESSION[$session_variable] =
$_REQUEST['title'];
+ }
+
+ $result = self::login( $user );
+
+ }
+ return false;
+ }
+
+ /**
+ * Implements UserLogout hook.
+ * See https://www.mediawiki.org/wiki/Manual:Hooks/UserLogout
+ *
+ * @since 1.0
+ *
+ * @param User $user
+ */
+ public static function logout( User &$user ) {
+ if ( session_id() == '' ) {
+ wfSetupSession();
+ }
+
+ $session_variable = wfWikiID() . "_userid";
+ if ( array_key_exists( $session_variable, $_SESSION ) ) {
+ unset( $_SESSION[$session_variable] );
+ }
+ $instance = self::getInstance();
+ if ( !$instance ) {
+ return true;
+ }
+ $instance->deauthenticate( $user );
+ session_regenerate_id( true );
+ session_destroy();
+ unset( $_SESSION );
+ return true;
+ }
+
+ /**
+ * Implements PersonalUrls hook.
+ * See https://www.mediawiki.org/wiki/Manual:Hooks/PersonalUrls
+ *
+ * @since 1.0
+ *
+ * @param array &$personal_urls
+ * @param Title $title
+ * @param SkinTemplate $skin
+ */
+ public static function modifyLoginURLs( array &$personal_urls,
+ Title $title = null, SkinTemplate $skin = null ) {
+ $urls = array(
+ 'createaccount',
+ 'anonlogin'
+ );
+ foreach ( $urls as $u ) {
+ if ( array_key_exists( $u, $personal_urls ) ) {
+ unset( $personal_urls[$u] );
+ }
+ }
+ if ( isset( $GLOBALS['PluggableAuth_AutoLogin'] ) &&
+ $GLOBALS['PluggableAuth_AutoLogin'] ) {
+ unset( $personal_urls['login'] );
+ unset( $personal_urls['logout'] );
+ }
+ return true;
+ }
+
+ /**
+ * Implements SpecialPage_initList hook.
+ * See https://www.mediawiki.org/wiki/Manual:Hooks/SpecialPage_initList
+ *
+ * @since 1.0
+ *
+ * @param array &$specialPagesList
+ */
+ public static function modifyLoginSpecialPages(
+ array &$specialPagesList = null ) {
+ $specialpages = array(
+ 'CreateAccount'
+ );
+ foreach ( $specialpages as $p ) {
+ if ( array_key_exists( $p, $specialPagesList ) ) {
+ unset( $specialPagesList[$p] );
+ }
+ }
+ if ( isset( $GLOBALS['PluggableAuth_AutoLogin'] ) &&
+ $GLOBALS['PluggableAuth_AutoLogin'] ) {
+ unset( $specialPagesList['Userlogin'] );
+ unset( $specialPagesList['Userlogout'] );
+ }
+ return true;
+ }
+
+ /**
+ * Called from PluggableAuthLogin
+ *
+ * @since 1.0
+ *
+ * @param User $user
+ */
+ public static function login( $user ) {
+ $instance = self::getInstance();
+ if ( $instance ) {
+ if ( $instance->authenticate( $id, $username,
$realname, $email ) ) {
+ if ( is_null( $id ) ) {
+ $user->loadDefaults( $username );
+ $user->mName = $username;
+ $user->mRealName = $realname;
+ $user->mEmail = $email;
+ $user->mEmailAuthenticated =
wfTimestamp();
+ $user->mTouched = wfTimestamp();
+ $new_user = true;
+ wfDebug( "Authenticated new user: " .
$username . PHP_EOL );
+ } else {
+ $user->mId = $id;
+ $user->loadFromId();
+ $new_user = false;
+ wfDebug( "Authenticated existing user:
" . $user->mName . PHP_EOL );
+ }
+ $user->setCookies();
+ } else {
+ wfDebug( "Authentication failure." . PHP_EOL );
+ return false;
+ }
+ } else {
+ return false;
+ }
+
+ $authorized = true;
+ Hooks::run( 'PluggableAuthUserAuthorization', array( $user,
+ &$authorized ) );
+ $returnto = null;
+ $params = null;
+ if ( $authorized ) {
+ if ( $new_user ) {
+ $user->addToDatabase();
+ $instance->saveExtraAttributes( $user->mId );
+ wfDebug( "Added new user: " . $username .
PHP_EOL );
+ } else {
+ self::updateUser( $user, $realname, $email );
+ wfDebug( "Updated existing user: " .
$user->mName . PHP_EOL );
+ }
+ if ( session_id() == '' ) {
+ wfSetupSession();
+ }
+ $session_variable = wfWikiID() . "_userid";
+ $_SESSION[$session_variable] = $user->mId;
+ $session_variable = wfWikiID() . "_returnto";
+ if ( array_key_exists( $session_variable, $_SESSION ) )
{
+ $returnto = $_SESSION[$session_variable];
+ unset( $_SESSION[$session_variable] );
+ }
+ Hooks::run( 'UserLoginComplete', array( &$user,
&$injected_html ) );
+ } else {
+ $returnto = 'Special:PluggableAuthNotAuthorized';
+ $params = array( 'name' => $user->mName );
+ }
+ session_regenerate_id( true );
+ self::redirect( $returnto, $params );
+ return $authorized;
+ }
+
+ /**
+ * @since 1.0
+ *
+ * @param $page
+ * @param $params
+ */
+ public static function redirect( $page, $params = null ) {
+ $title = Title::newFromText( $page );
+ if ( is_null( $title ) ) {
+ $title = Title::newMainPage();
+ }
+ $url = $title->getFullURL();
+ if ( is_array( $params ) && count( $params ) > 0 ) {
+ $first = true;
+ foreach ( $params as $key => $value ) {
+ if ( $first ) {
+ $first = false;
+ $url .= '?';
+ } else {
+ $url .= '&';
+ }
+ $url .= $key . '=' . $value;
+ }
+ }
+ if ( Hooks::run( 'PluggableAuthRedirect', array( &$url ) ) ) {
+ $GLOBALS['wgOut']->redirect( $url );
+ }
+ }
+
+ /**
+ * @since 1.0
+ *
+ * @param &$id
+ * @param &$username
+ * @param &$realname
+ * @param &$email
+ */
+ abstract public function authenticate( &$id, &$username, &$realname,
+ &$email );
+
+ /**
+ * @since 1.0
+ *
+ * @param User &$user
+ */
+ abstract public function deauthenticate( User &$user );
+
+ /**
+ * @since 1.0
+ *
+ * @param $id
+ */
+ abstract public function saveExtraAttributes( $id );
+
+ private static function getInstance() {
+ if ( isset( $GLOBALS['PluggableAuth_Class'] ) &&
+ class_exists( $GLOBALS['PluggableAuth_Class'] ) &&
+ is_subclass_of( $GLOBALS['PluggableAuth_Class'],
+ 'PluggableAuth' ) ) {
+ return new $GLOBALS['PluggableAuth_Class'];
+ }
+ wfDebug( "Could not get authentication plugin instance." .
PHP_EOL );
+ return false;
+
+ }
+
+ private static function updateUser( $user, $realname, $email ) {
+ if ( $user->mRealName != $realname || $user->mEmail != $email )
{
+ $rights = $user->getRights();
+ if ( in_array( "editmyprivateinfo", $rights ) ) {
+ wfDebug( "updateUser(): User has
editmyprivateinfo right." . PHP_EOL );
+ wfDebug( "updateUser(): Did not save updated
real name and email address." . PHP_EOL );
+ } else {
+ wfDebug( "updateUser(): User does not have
editmyprivateinfo right." . PHP_EOL );
+ $user->mRealName = $realname;
+ $user->mEmail = $email;
+ $dbw = wfGetDB( DB_MASTER );
+ $dbw->update( 'user',
+ array( // SET
+ 'user_real_name' => $realname,
+ 'user_email' => $email
+ ), array( // WHERE
+ 'user_id' => $user->mId
+ ), __METHOD__
+ );
+ wfDebug( "updateUser(): Saved updated real name
and email address." . PHP_EOL );
+ }
+ } else {
+ wfDebug( "updateUser(): Real name and email
address did not change." . PHP_EOL );
+ }
+ }
+
+}
+
diff --git a/PluggableAuth.i18n.php b/PluggableAuth.i18n.php
new file mode 100644
index 0000000..82dfaf1
--- /dev/null
+++ b/PluggableAuth.i18n.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * This is a backwards-compatibility shim, generated by:
+ *
https://git.wikimedia.org/blob/mediawiki%2Fcore.git/HEAD/maintenance%2FgenerateJsonI18n.php
+ *
+ * Beginning with MediaWiki 1.23, translation strings are stored in json files,
+ * and the EXTENSION.i18n.php file only exists to provide compatibility with
+ * older releases of MediaWiki. For more information about this migration, see:
+ * https://www.mediawiki.org/wiki/Requests_for_comment/Localisation_format
+ *
+ * This shim maintains compatibility back to MediaWiki 1.17.
+ */
+$messages = array();
+if ( !function_exists( 'wfJsonI18nShim8eb632f15ba7cbf0' ) ) {
+ function wfJsonI18nShim8eb632f15ba7cbf0( $cache, $code, &$cachedData ) {
+ $codeSequence = array_merge( array( $code ),
$cachedData['fallbackSequence'] );
+ foreach ( $codeSequence as $csCode ) {
+ $fileName = dirname( __FILE__ ) . "/i18n/$csCode.json";
+ if ( is_readable( $fileName ) ) {
+ $data = FormatJson::decode( file_get_contents(
$fileName ), true );
+ foreach ( array_keys( $data ) as $key ) {
+ if ( $key === '' || $key[0] === '@' ) {
+ unset( $data[$key] );
+ }
+ }
+ $cachedData['messages'] = array_merge( $data,
$cachedData['messages'] );
+ }
+
+ $cachedData['deps'][] = new FileDependency( $fileName );
+ }
+ return true;
+ }
+
+ $GLOBALS['wgHooks']['LocalisationCacheRecache'][] =
'wfJsonI18nShim8eb632f15ba7cbf0';
+}
diff --git a/PluggableAuth.php b/PluggableAuth.php
index 06b3085..e4ab786 100644
--- a/PluggableAuth.php
+++ b/PluggableAuth.php
@@ -1,7 +1,7 @@
<?php
/*
- * Copyright (c) 2015-2016 The MITRE Corporation
+ * Copyright (c) 2015 The MITRE Corporation
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
@@ -22,137 +22,42 @@
* DEALINGS IN THE SOFTWARE.
*/
-abstract class PluggableAuth {
-
- const RETURNURL_SESSION_KEY = 'PluggableAuthLoginReturnToUrl';
- const USERNAME_SESSION_KEY = 'PluggableAuthLoginUsername';
- const REALNAME_SESSION_KEY = 'PluggableAuthLoginRealname';
- const EMAIL_SESSION_KEY = 'PluggableAuthLoginEmail';
-
- /**
- * Implements SessionForRequest hook.
- *
- * @since 2.0
- *
- * @param $session
- */
- public static function autoLogin( $session ) {
- $user = $session->getUser();
- if ( $user->isAnon() && isset(
$GLOBALS['wgPluggableAuth_AutoLogin'] ) &&
- $GLOBALS['wgPluggableAuth_AutoLogin'] ) {
-// self::login( $user, $_REQUEST['title'],
$session->getRequest(), $session );
- }
- }
-
- /**
- * Implements PersonalUrls hook.
- * See https://www.mediawiki.org/wiki/Manual:Hooks/PersonalUrls
- *
- * @since 1.0
- *
- * @param array &$personal_urls
- * @param Title $title
- * @param SkinTemplate $skin
- */
- public static function modifyLoginURLs( array &$personal_urls,
- Title $title = null, SkinTemplate $skin = null ) {
- $urls = array(
- 'createaccount',
- 'anonlogin'
- );
- foreach ( $urls as $u ) {
- if ( array_key_exists( $u, $personal_urls ) ) {
- unset( $personal_urls[$u] );
- }
- }
- if ( isset( $GLOBALS['wgPluggableAuth_AutoLogin'] ) &&
- $GLOBALS['wgPluggableAuth_AutoLogin'] ) {
- unset( $personal_urls['login'] );
- unset( $personal_urls['logout'] );
- }
- return true;
- }
-
- /**
- * Implements SpecialPage_initList hook.
- * See https://www.mediawiki.org/wiki/Manual:Hooks/SpecialPage_initList
- *
- * @since 1.0
- *
- * @param array &$specialPagesList
- */
- public static function modifyLoginSpecialPages(
- array &$specialPagesList = null ) {
- $specialpages = array(
- 'CreateAccount'
- );
- foreach ( $specialpages as $p ) {
- if ( array_key_exists( $p, $specialPagesList ) ) {
- unset( $specialPagesList[$p] );
- }
- }
- if ( isset( $GLOBALS['wgPluggableAuth_AutoLogin'] ) &&
- $GLOBALS['wgPluggableAuth_AutoLogin'] ) {
- unset( $specialPagesList['Userlogin'] );
- unset( $specialPagesList['Userlogout'] );
- }
- return true;
- }
-
- /**
- * @since 1.0
- *
- * @param &$id
- * @param &$username
- * @param &$realname
- * @param &$email
- */
- abstract public function authenticate( &$id, &$username, &$realname,
- &$email );
-
- /**
- * @since 1.0
- *
- * @param User &$user
- */
- abstract public function deauthenticate( User &$user );
-
- /**
- * @since 1.0
- *
- * @param $id
- */
- abstract public function saveExtraAttributes( $id );
-
- /**
- * Implements UserLogout hook.
- * See https://www.mediawiki.org/wiki/Manual:Hooks/UserLogout
- *
- * @since 1.0
- *
- * @param User $user
- */
- public static function logout( User &$user ) {
- $user->doLogout(); // in case deauthenticate does not return
- $instance = self::getInstance();
- if ( is_subclass_of( $instance, 'PluggableAuth' ) ) {
- $instance->deauthenticate( $user );
- }
- return false; // so doLogout does not execute again
- }
-
- /**
- * @since 1.0
- */
- public static function getInstance() {
- if ( isset( $GLOBALS['wgPluggableAuth_Class'] ) &&
- class_exists( $GLOBALS['wgPluggableAuth_Class'] ) &&
- is_subclass_of( $GLOBALS['wgPluggableAuth_Class'],
- 'PluggableAuth' ) ) {
- return new $GLOBALS['wgPluggableAuth_Class'];
- }
- wfDebug( 'Could not get authentication plugin instance.' .
PHP_EOL );
- return false;
-
- }
+if ( !defined( 'MEDIAWIKI' ) ) {
+ die( '<b>Error:</b> This file is part of a MediaWiki extension and
cannot be run standalone.' );
}
+
+$GLOBALS['wgExtensionCredits']['other'][] = array (
+ 'path' => __FILE__,
+ 'name' => 'PluggableAuth',
+ 'version' => '1.2',
+ 'author' => array(
+ '[https://www.mediawiki.org/wiki/User:Cindy.cicalese Cindy
Cicalese]'
+ ),
+ 'descriptionmsg' => 'pluggableauth-desc',
+ 'url' => 'https://www.mediawiki.org/wiki/Extension:PluggableAuth',
+);
+
+$GLOBALS['wgAutoloadClasses']['PluggableAuth'] =
+ __DIR__ . '/PluggableAuth.class.php';
+
+$GLOBALS['wgMessagesDirs']['PluggableAuth'] = __DIR__ . '/i18n';
+$GLOBALS['wgExtensionMessagesFiles']['PluggableAuth'] =
+ __DIR__ . '/PluggableAuth.i18n.php';
+
+$GLOBALS['wgHooks']['UserLoadFromSession'][] =
+ 'PluggableAuth::userLoadFromSession';
+$GLOBALS['wgHooks']['UserLogout'][] = 'PluggableAuth::logout';
+$GLOBALS['wgHooks']['PersonalUrls'][] = 'PluggableAuth::modifyLoginURLs';
+$GLOBALS['wgHooks']['SpecialPage_initList'][] =
+ 'PluggableAuth::modifyLoginSpecialPages';
+
+$GLOBALS['wgSpecialPages']['Userlogin'] = 'PluggableAuthLogin';
+$GLOBALS['wgAutoloadClasses']['PluggableAuthLogin'] =
+ __DIR__ . '/PluggableAuthLogin.class.php';
+
+$GLOBALS['wgSpecialPages']['PluggableAuthNotAuthorized'] =
+ 'PluggableAuthNotAuthorized';
+$GLOBALS['wgAutoloadClasses']['PluggableAuthNotAuthorized'] =
+ __DIR__ . '/PluggableAuthNotAuthorized.class.php';
+$GLOBALS['wgWhitelistRead'][] = "Special:PluggableAuthNotAuthorized";
+
diff --git a/PluggableAuthBeginAuthenticationRequest.php
b/PluggableAuthBeginAuthenticationRequest.php
deleted file mode 100644
index bcff100..0000000
--- a/PluggableAuthBeginAuthenticationRequest.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-
-/*
- * Copyright (c) 2016 The MITRE Corporation
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-use \MediaWiki\Auth\AuthenticationRequest;
-
-class PluggableAuthBeginAuthenticationRequest extends AuthenticationRequest {
-
- public function getFieldInfo() {
- return [
- 'pluggableauth' => [
- 'type' => 'hidden',
- 'value' => true
- ]
- ];
- }
-}
diff --git a/PluggableAuthContinueAuthenticationRequest.php
b/PluggableAuthContinueAuthenticationRequest.php
deleted file mode 100644
index 9db60c8..0000000
--- a/PluggableAuthContinueAuthenticationRequest.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-
-/*
- * Copyright (c) 2016 The MITRE Corporation
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-use \MediaWiki\Auth\AuthenticationRequest;
-use \MediaWiki\Auth\AuthManager;
-
-class PluggableAuthContinueAuthenticationRequest extends AuthenticationRequest
{
-
- public $error;
- public $realname;
- public $email;
-
- public function getFieldInfo() {
- return [
- 'error' => [
- 'type' => 'string',
- 'optional' => true
- ]
- ];
- }
-
- public function loadFromSubmission( array $data ) {
- if ( isset( $data['error'] ) ) {
- $this->error = $data['error'];
- } else {
- $authManager = AuthManager::singleton();
- $this->username =
$authManager->getAuthenticationSessionData(
- PluggableAuth::USERNAME_SESSION_KEY );
- $this->realname =
$authManager->getAuthenticationSessionData(
- PluggableAuth::REALNAME_SESSION_KEY );
- $this->email =
$authManager->getAuthenticationSessionData(
- PluggableAuth::EMAIL_SESSION_KEY );
- }
- return true;
- }
-}
diff --git a/PluggableAuthLogin.class.php b/PluggableAuthLogin.class.php
new file mode 100644
index 0000000..ab0b1e2
--- /dev/null
+++ b/PluggableAuthLogin.class.php
@@ -0,0 +1,65 @@
+<?php
+
+/*
+ * Copyright (c) 2014 The MITRE Corporation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+class PluggableAuthLogin extends UnlistedSpecialPage {
+
+ public function __construct() {
+ parent::__construct( 'Userlogin' );
+ }
+
+ public function execute( $param ) {
+ if ( session_id() == '' ) {
+ wfSetupSession();
+ }
+ $session_variable = wfWikiID() . "_returnto";
+ $user = $this->getContext()->getUser();
+ if ( $user->isLoggedIn() ) {
+ if ( !array_key_exists( $session_variable, $_SESSION )
||
+ $_SESSION[$session_variable] === null ) {
+ $returnto =
Title::newMainPage()->getPrefixedText();
+ } else {
+ $returnto = $_SESSION[$session_variable];
+ unset( $_SESSION[$session_variable] );
+ }
+ Hooks::run( 'UserLoginComplete', array( &$user,
&$injected_html ) );
+ PluggableAuth::redirect( $returnto );
+ } else {
+ if ( !array_key_exists( $session_variable, $_SESSION )
||
+ $_SESSION[$session_variable] === null ) {
+ $returnto = htmlentities(
+ $this->getRequest()->getVal(
'returnto', '' ),
+ ENT_QUOTES );
+ $title = Title::newFromText( $returnto );
+ if ( is_null( $title ) ) {
+ $title = Title::newMainPage();
+ }
+ $_SESSION[$session_variable] =
$title->getPrefixedText();
+ }
+ $title = Title::newFromText( "Special:UserLogin" );
+ $_SERVER['REQUEST_URI'] = $title->getLocalURL();
+ PluggableAuth::login( $user );
+ }
+ }
+}
+
diff --git a/PluggableAuthLogin.php b/PluggableAuthLogin.php
deleted file mode 100644
index 49cd138..0000000
--- a/PluggableAuthLogin.php
+++ /dev/null
@@ -1,87 +0,0 @@
-<?php
-
-/*
- * Copyright (c) 2014-2016 The MITRE Corporation
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-use \MediaWiki\Auth\AuthManager;
-
-class PluggableAuthLogin extends UnlistedSpecialPage {
-
- public function __construct() {
- parent::__construct( 'PluggableAuthLogin' );
- }
-
- public function execute( $param ) {
- $authManager = AuthManager::singleton();
- $user = $this->getUser();
- $pluggableauth = PluggableAuth::getInstance();
- $error = null;
- if ( $pluggableauth ) {
- if ( $pluggableauth->authenticate( $id, $username,
$realname, $email ) ) {
- if ( is_null( $id ) ) {
- $user->loadDefaults( $username );
- $user->mName = $username;
- $user->mRealName = $realname;
- $user->mEmail = $email;
- $user->mEmailAuthenticated =
wfTimestamp();
- $user->mTouched = wfTimestamp();
- wfDebug( 'Authenticated new user: ' .
$username . PHP_EOL );
- } else {
- $user->mId = $id;
- $user->loadFromId();
- $new_user = false;
- wfDebug( 'Authenticated existing user:
' . $user->mName . PHP_EOL );
- }
- $authorized = true;
- Hooks::run( 'PluggableAuthUserAuthorization',
array( $user,
- &$authorized ) );
- if ( $authorized ) {
-
$authManager->setAuthenticationSessionData(
-
PluggableAuth::USERNAME_SESSION_KEY, $username );
-
$authManager->setAuthenticationSessionData(
-
PluggableAuth::REALNAME_SESSION_KEY, $realname );
-
$authManager->setAuthenticationSessionData(
-
PluggableAuth::EMAIL_SESSION_KEY, $email );
- wfDebug( 'User is authorized.' .
PHP_EOL );
- } else {
-
$authManager->removeAuthenticationSessionData(
-
PluggableAuth::USERNAME_SESSION_KEY );
-
$authManager->removeAuthenticationSessionData(
-
PluggableAuth::REALNAME_SESSION_KEY );
-
$authManager->removeAuthenticationSessionData(
-
PluggableAuth::EMAIL_SESSION_KEY );
- wfDebug( 'Authorization failure.' .
PHP_EOL );
- $error = 'Not Authorized';
- }
- } else {
- wfDebug( 'Authentication failure.' . PHP_EOL );
- $error = 'Authentication Failure';
- }
- }
- $returnToUrl = $authManager->getAuthenticationSessionData(
- PluggableAuth::RETURNURL_SESSION_KEY );
- if ( !is_null( $error ) ) {
- $returnToUrl = $returnToUrl . "&error=" . $error;
- }
- $this->getOutput()->redirect( $returnToUrl );
- }
-}
diff --git a/PluggableAuthNotAuthorized.php
b/PluggableAuthNotAuthorized.class.php
similarity index 100%
rename from PluggableAuthNotAuthorized.php
rename to PluggableAuthNotAuthorized.class.php
diff --git a/PluggableAuthPrimaryAuthenticationProvider.php
b/PluggableAuthPrimaryAuthenticationProvider.php
deleted file mode 100644
index 69222de..0000000
--- a/PluggableAuthPrimaryAuthenticationProvider.php
+++ /dev/null
@@ -1,122 +0,0 @@
-<?php
-
-/*
- * Copyright (c) 2016 The MITRE Corporation
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-use \MediaWiki\Auth\AuthenticationRequest;
-use \MediaWiki\Auth\AbstractPrimaryAuthenticationProvider;
-use \MediaWiki\Auth\AuthManager;
-use \MediaWiki\Auth\AuthenticationResponse;
-
-class PluggableAuthPrimaryAuthenticationProvider extends
- AbstractPrimaryAuthenticationProvider {
-
- public function beginPrimaryAuthentication( array $reqs ) {
- $request = AuthenticationRequest::getRequestByClass( $reqs,
- PluggableAuthBeginAuthenticationRequest::class );
- if ( !$request ) {
- return AuthenticationResponse::newAbstain();
- }
- $url = Title::newFromText( 'Special:PluggableAuthLogin'
)->getFullURL();
- $this->manager->setAuthenticationSessionData(
- PluggableAuth::RETURNURL_SESSION_KEY,
$request->returnToUrl );
-
- return AuthenticationResponse::newRedirect( [
- new PluggableAuthContinueAuthenticationRequest()
- ], $url );
- }
-
- public function continuePrimaryAuthentication( array $reqs ) {
- $request = AuthenticationRequest::getRequestByClass( $reqs,
- PluggableAuthContinueAuthenticationRequest::class );
- if ( !$request ) {
- return AuthenticationResponse::newFail(
- wfMessage(
'PluggableAuthlogin-error-no-authentication-workflow' )
- );
- }
- if ( $request->error ) {
- return AuthenticationResponse::newFail( $request->error
);
- }
- $username = $this->manager->getAuthenticationSessionData(
- PluggableAuth::USERNAME_SESSION_KEY );
- return AuthenticationResponse::newPass( $username );
- }
-
- public function postAuthentication( $user, AuthenticationResponse
$response ) {
- if ( $response->status == AuthenticationResponse::PASS ) {
- $realname =
$this->manager->getAuthenticationSessionData(
- PluggableAuth::REALNAME_SESSION_KEY );
- $Email = $this->manager->getAuthenticationSessionData(
- PluggableAuth::EMAIL_SESSION_KEY );
- if ( $user->mRealName != $realname || $user->mEmail !=
$email ) {
- $rights = $user->getRights();
- if ( in_array( 'editmyprivateinfo', $rights ) )
{
- wfDebug( 'User has editmyprivateinfo
right.' . PHP_EOL );
- wfDebug( 'Did not save updated real
name and email address.' . PHP_EOL );
- } else {
- wfDebug( 'User does not have
editmyprivateinfo right.' . PHP_EOL );
- $user->mRealName = $realname;
- $user->mEmail = $email;
- $user->saveSettings();
- wfDebug( 'Saved updated real name and
email address.' . PHP_EOL );
- }
- } else {
- wfDebug( 'Real name and email address did not
change.' . PHP_EOL );
- }
- $user->setCookies();
- $pluggableauth = PluggableAuth::getInstance();
- if ( $pluggableauth ) {
- $pluggableauth->saveExtraAttributes( $user->mId
);
- }
- }
- }
-
- public function testUserExists( $username, $flags = User::READ_NORMAL )
{
- return false;
- }
-
- public function providerAllowsAuthenticationDataChange(
- AuthenticationRequest $req, $checkData = true ) {
- return StatusValue::newGood( 'dummy' );
- }
-
- public function accountCreationType() {
- return self::TYPE_LINK;
- }
-
- public function beginPrimaryAccountCreation( $user, $creator, array
$reqs ) {
- return null;
- }
-
- public function providerChangeAuthenticationData( AuthenticationRequest
$req ) {
- }
-
- public function getAuthenticationRequests( $action, array $options ) {
- switch ( $action ) {
- case AuthManager::ACTION_LOGIN:
- return [ new
PluggableAuthBeginAuthenticationRequest()
- ];
- default:
- return [];
- }
- }
-}
diff --git a/extension.json b/extension.json
deleted file mode 100644
index 8bce645..0000000
--- a/extension.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- "name": "PluggableAuth",
- "version": "2.0",
- "author": [
- "[https://www.mediawiki.org/wiki/User:Cindy.cicalese Cindy
Cicalese]"
- ],
- "url": "https://www.mediawiki.org/wiki/Extension:PluggableAuth";,
- "descriptionmsg": "pluggableauth-desc",
- "type": "other",
- "SpecialPages": {
- "PluggableAuthLogin": "PluggableAuthLogin",
- "PluggableAuthNotAuthorized": "PluggableAuthNotAuthorized"
- },
- "MessagesDirs": {
- "PluggableAuth": [
- "i18n"
- ]
- },
- "AutoloadClasses": {
- "PluggableAuth": "PluggableAuth.php",
- "PluggableAuthPrimaryAuthenticationProvider":
"PluggableAuthPrimaryAuthenticationProvider.php",
- "PluggableAuthBeginAuthenticationRequest":
"PluggableAuthBeginAuthenticationRequest.php",
- "PluggableAuthContinueAuthenticationRequest":
"PluggableAuthContinueAuthenticationRequest.php",
- "PluggableAuthLogin": "PluggableAuthLogin.php",
- "PluggableAuthNotAuthorized": "PluggableAuthNotAuthorized.php"
- },
- "AuthManagerConfig": {
- "primaryauth": {
- "PluggableAuthPrimaryAuthenticationProvider": {
- "class":
"PluggableAuthPrimaryAuthenticationProvider",
- "authoritative": true,
- "sort": 0
- }
- }
- },
- "Hooks": {
- "UserLogout": "PluggableAuth::logout",
- "PersonalUrls": "PluggableAuth::modifyLoginURLs",
- "SpecialPage_initList": "PluggableAuth::modifyLoginSpecialPages"
- },
- "config": {
- "WhitelistRead": [
- "Special:PluggableAuthNotAuthorized"
- ],
- "PluggableAuth_AutoLogin": false
- },
- "manifest_version": 1
-}
--
To view, visit https://gerrit.wikimedia.org/r/312702
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3451cd630ae62313a78e08c2b2d6fba5797d5d2a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/PluggableAuth
Gerrit-Branch: master
Gerrit-Owner: Cicalese <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
