CSteipp has uploaded a new change for review.
https://gerrit.wikimedia.org/r/71741
Change subject: (WIP) Redirect to correct protocol in SUL2
......................................................................
(WIP) Redirect to correct protocol in SUL2
Needs testing, but something like this should allow the user to end
up on http if they started there, or if they didn't opt to continue
in https (with wgSecureLogin).
Change-Id: I9e857ae265179922caa287de7ec65b14a5ebb83c
---
M CentralAuthHooks.php
M specials/SpecialCentralLogin.php
2 files changed, 40 insertions(+), 33 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth
refs/changes/41/71741/1
diff --git a/CentralAuthHooks.php b/CentralAuthHooks.php
index 9f6bbab..3147508 100644
--- a/CentralAuthHooks.php
+++ b/CentralAuthHooks.php
@@ -415,7 +415,8 @@
'remember' => $request->getCheck(
'wpRemember' ),
'returnTo' => $returnTo,
'returnToQuery' => $returnToQuery,
- 'stickHTTPS' => $request->getCheck(
'wpStickHTTPS' )
+ 'stickHTTPS' => $request->getCheck(
'wpStickHTTPS' ),
+ 'originalProto' => $request->detectProtocol()
);
// Create a new token to pass to
Special:CentralLogin/start (central wiki)
diff --git a/specials/SpecialCentralLogin.php b/specials/SpecialCentralLogin.php
index 370fccd..282dc41 100644
--- a/specials/SpecialCentralLogin.php
+++ b/specials/SpecialCentralLogin.php
@@ -148,6 +148,23 @@
return;
}
+ // Make sure we're on the right protocol before much else
+ if ( ( $wgSecureLogin
+ && WebRequest::detectProtocol() === 'https'
+ && !$attempt['stickHTTPS'] )
+ || $attempt['originalProto'] === 'http'
+ ) {
+ // The user wants an HTTP redirect link (as well as
other links) and
+ // this is on HTTPS, so send a redirect to the success
page in HTTP.
+ $query = array(
+ 'returnto' => $attempt['returnTo'],
+ 'returntoquery' => $attempt['returnToQuery']
+ );
+ $url = $this->getFullTitle()->getFullUrl( $query,
false, PROTO_HTTP );
+ $this->getOutput()->redirect( $url );
+ return;
+ }
+
// Make sure this token belongs to the user who spawned the
tokens.
// This prevents users from giving out links that log people in
as them.
if ( $info['secret'] !== $attempt['secret'] ) {
@@ -180,41 +197,30 @@
// which is needed or the personal links will be wrong.
$this->getContext()->setUser( $user );
- if ( $wgSecureLogin
- && WebRequest::detectProtocol() === 'https' &&
!$attempt['stickHTTPS'] )
- {
- // The user wants an HTTP redirect link (as well as
other links) and
- // this is on HTTPS, so send a redirect to the success
page in HTTP.
- $query = array(
- 'returnto' => $attempt['returnTo'],
- 'returntoquery' => $attempt['returnToQuery']
- );
- $url = $this->getFullTitle()->getFullUrl( $query,
false, PROTO_HTTP );
- $this->getOutput()->redirect( $url );
+
+ if ( $wgCentralAuthSilentLogin ) {
+ // Mark the session to include the edge login imgs on
the next pageview
+ $request->setSessionData( 'CentralAuthDoEdgeLogin',
true );
+
+ // Show the login success page
+ $form = new LoginForm( new FauxRequest() );
+ $form->showReturnToPage( 'successredirect',
+ $attempt['returnTo'],
$attempt['returnToQuery'], $attempt['stickHTTPS'] );
+ $this->getOutput()->setPageTitle( $this->msg(
'centralloginsuccesful' ) );
} else {
- if ( $wgCentralAuthSilentLogin ) {
- // Mark the session to include the edge login
imgs on the next pageview
- $request->setSessionData(
'CentralAuthDoEdgeLogin', true );
+ // Show the login success page
+ $form = new LoginForm( new FauxRequest() );
+ $form->showReturnToPage( 'success',
+ $attempt['returnTo'],
$attempt['returnToQuery'], $attempt['stickHTTPS'] );
+ $this->getOutput()->setPageTitle( $this->msg(
'centralloginsuccesful' ) );
- // Show the login success page
- $form = new LoginForm( new FauxRequest() );
- $form->showReturnToPage( 'successredirect',
- $attempt['returnTo'],
$attempt['returnToQuery'], $attempt['stickHTTPS'] );
- $this->getOutput()->setPageTitle( $this->msg(
'centralloginsuccesful' ) );
- } else {
- // Show the login success page
- $form = new LoginForm( new FauxRequest() );
- $form->showReturnToPage( 'success',
- $attempt['returnTo'],
$attempt['returnToQuery'], $attempt['stickHTTPS'] );
- $this->getOutput()->setPageTitle( $this->msg(
'centralloginsuccesful' ) );
-
- // Show HTML to trigger cross-domain cookies.
- // This will trigger filling in the "remember
me" token cookie on the
- // central wiki, which can only be done once
authorization is completed.
- $this->getOutput()->addHtml(
-
CentralAuthHooks::getDomainAutoLoginHtml( $user, $centralUser ) );
- }
+ // Show HTML to trigger cross-domain cookies.
+ // This will trigger filling in the "remember me" token
cookie on the
+ // central wiki, which can only be done once
authorization is completed.
+ $this->getOutput()->addHtml(
+ CentralAuthHooks::getDomainAutoLoginHtml(
$user, $centralUser ) );
}
+
}
protected function showLoginStatus() {
--
To view, visit https://gerrit.wikimedia.org/r/71741
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9e857ae265179922caa287de7ec65b14a5ebb83c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
