[MediaWiki-commits] [Gerrit] mediawiki...LdapAuthentication[master]: Allow full username as LDAP Authenticator instead of modifi...

Tue, 16 Jan 2018 06:53:08 -0800 

Gerrit Patch Uploader has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/404450 )

Change subject: Allow full  username as LDAP Authenticator instead of modified 
one
......................................................................

Allow full  username as LDAP Authenticator instead of modified one

Change-Id: I5b4ef5effba86304c24e2b7b973014e1b72d8d42
---
M LdapAuthentication.php
M LdapAuthenticationPlugin.php
2 files changed, 13 insertions(+), 0 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LdapAuthentication 
refs/changes/50/404450/1

diff --git a/LdapAuthentication.php b/LdapAuthentication.php
index df10cbc..ab8ddeb 100644
--- a/LdapAuthentication.php
+++ b/LdapAuthentication.php
@@ -77,6 +77,7 @@
 $wgLDAPAutoAuthDomain = "";
 $wgPasswordResetRoutes['domain'] = true;
 $wgLDAPActiveDirectory = [];
+$wgLDAPRealPostUsername = false;
 
 define( "LDAPAUTHVERSION", "2.1.0" );
 
diff --git a/LdapAuthenticationPlugin.php b/LdapAuthenticationPlugin.php
index 29ab697..23ca5b5 100644
--- a/LdapAuthenticationPlugin.php
+++ b/LdapAuthenticationPlugin.php
@@ -404,6 +404,9 @@
                        // Default set to true for backwards compatibility with
                        // versions < 2.0a
                        return self::setOrDefault( $wgLDAPLowerCaseUsername, 
$domain, true );
+               case 'RealPostUsername':
+                       global $wgLDAPRealPostUsername;
+                       return isset($wgLDAPRealPostUsername) ? 
$wgLDAPRealPostUsername : false;
                case 'GroupUseRetrievedUsername':
                        global $wgLDAPGroupUseRetrievedUsername;
                        return self::setOrDefault( 
$wgLDAPGroupUseRetrievedUsername, $domain, false );
@@ -647,6 +650,15 @@
                        $username = strtolower( $username );
                }
 
+               // Mediawiki munges the username before authenticate is called,
+               // this can mess with authentication, group pulling/restriction,
+               // preference pulling, etc. This is required to allow the user 
to
+               // have special characters like _ and @ in his / her name.
+               if ( $this->getConf( 'RealPostUsername' ) ) {
+                       $username = $_POST['wpName'];
+                       $username = preg_replace('#[^a-zA-Z0-9_\-@\.]#', '', 
$username);
+               }
+
                // If the user is using auto authentication, we need to ensure
                // that he/she isn't trying to fool us by sending a username 
other
                // than the one the web server got from the auto-authentication 
method.

-- 
To view, visit https://gerrit.wikimedia.org/r/404450
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5b4ef5effba86304c24e2b7b973014e1b72d8d42
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/LdapAuthentication
Gerrit-Branch: master
Gerrit-Owner: Gerrit Patch Uploader <gerritpatchuploa...@gmail.com>
Gerrit-Reviewer: Bbringenberg <bast...@agentur-pottkinder.de>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to