Gerrit Patch Uploader has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/404450 )
Change subject: Allow full username as LDAP Authenticator instead of modified one ...................................................................... Allow full username as LDAP Authenticator instead of modified one Change-Id: I5b4ef5effba86304c24e2b7b973014e1b72d8d42 --- M LdapAuthentication.php M LdapAuthenticationPlugin.php 2 files changed, 13 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LdapAuthentication refs/changes/50/404450/1 diff --git a/LdapAuthentication.php b/LdapAuthentication.php index df10cbc..ab8ddeb 100644 --- a/LdapAuthentication.php +++ b/LdapAuthentication.php @@ -77,6 +77,7 @@ $wgLDAPAutoAuthDomain = ""; $wgPasswordResetRoutes['domain'] = true; $wgLDAPActiveDirectory = []; +$wgLDAPRealPostUsername = false; define( "LDAPAUTHVERSION", "2.1.0" ); diff --git a/LdapAuthenticationPlugin.php b/LdapAuthenticationPlugin.php index 29ab697..23ca5b5 100644 --- a/LdapAuthenticationPlugin.php +++ b/LdapAuthenticationPlugin.php @@ -404,6 +404,9 @@ // Default set to true for backwards compatibility with // versions < 2.0a return self::setOrDefault( $wgLDAPLowerCaseUsername, $domain, true ); + case 'RealPostUsername': + global $wgLDAPRealPostUsername; + return isset($wgLDAPRealPostUsername) ? $wgLDAPRealPostUsername : false; case 'GroupUseRetrievedUsername': global $wgLDAPGroupUseRetrievedUsername; return self::setOrDefault( $wgLDAPGroupUseRetrievedUsername, $domain, false ); @@ -647,6 +650,15 @@ $username = strtolower( $username ); } + // Mediawiki munges the username before authenticate is called, + // this can mess with authentication, group pulling/restriction, + // preference pulling, etc. This is required to allow the user to + // have special characters like _ and @ in his / her name. + if ( $this->getConf( 'RealPostUsername' ) ) { + $username = $_POST['wpName']; + $username = preg_replace('#[^a-zA-Z0-9_\-@\.]#', '', $username); + } + // If the user is using auto authentication, we need to ensure // that he/she isn't trying to fool us by sending a username other // than the one the web server got from the auto-authentication method. -- To view, visit https://gerrit.wikimedia.org/r/404450 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5b4ef5effba86304c24e2b7b973014e1b72d8d42 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/LdapAuthentication Gerrit-Branch: master Gerrit-Owner: Gerrit Patch Uploader <gerritpatchuploa...@gmail.com> Gerrit-Reviewer: Bbringenberg <bast...@agentur-pottkinder.de> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits