[MediaWiki-commits] [Gerrit] mediawiki...OpenIDConnect[REL1_27]: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter
jenkins-bot has submitted this change and it was merged. Change subject: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter .. Add $OpenIDConnect_MigrateUsersByEmail configuration parameter This provides an alternative to $OpenIDConnect_MigrateUsers where users are migrated by matching their full email to that of an existing user, rather than by their preferred_username (which is not set for Google). If multiple accounts used the email address currently logged in, the older account will be chosen. This setting should be more secure than the MigrateUsers setting, since emails should be unique identifiers. However, it would still be desirable to ask for some credentials for the merged account. Change-Id: Ia7a1b69e4204812ec9e47f87b8a402596f34e90b (cherry picked from commit 4b1f4736bebf63c52d3f22051f26e99cb0053681) --- M OpenIDConnect.php M extension.json 2 files changed, 44 insertions(+), 9 deletions(-) Approvals: Cicalese: Looks good to me, approved jenkins-bot: Verified diff --git a/OpenIDConnect.php b/OpenIDConnect.php index 1af6e23..f300719 100644 --- a/OpenIDConnect.php +++ b/OpenIDConnect.php @@ -166,11 +166,18 @@ return true; } - if ( $GLOBALS['wgOpenIDConnect_MigrateUsers'] === true ) { - $id = $this->getMigratedId( $preferred_username ); + if( $GLOBALS['wgOpenIDConnect_MigrateUsersByEmail'] === true ) { + list ( $id, $username ) = $this->getMigratedIdByEmail( $email ); if ( !is_null( $id ) ) { $this->saveExtraAttributes( $id ); - wfDebug( "Migrated user: " . $preferred_username ); + wfDebug( "Migrated user " . $username . " by email: " . $email ); + return true; + } + } elseif ( $GLOBALS['wgOpenIDConnect_MigrateUsersByUserName'] === true ) { + $id = $this->getMigratedIdByUserName( $preferred_username ); + if ( !is_null( $id ) ) { + $this->saveExtraAttributes( $id ); + wfDebug( "Migrated user by username: " . $preferred_username ); $username = $preferred_username; return true; } @@ -257,9 +264,9 @@ } } - private static function getMigratedId( $username ) { + private static function getMigratedIdByUserName( $username ) { $nt = Title::makeTitleSafe( NS_USER, $username ); - if ( $nt === null ) { + if ( is_null( $nt ) ) { return null; } $username = $nt->getText(); @@ -270,12 +277,40 @@ 'user_name' => $username, 'subject' => null, 'issuer' => null - ], __METHOD__ + ], + __METHOD__ ); if ( $row === false ) { return null; } else { return $row->user_id; + } + } + + private static function getMigratedIdByEmail( $email ) { + wfDebug( "Matching user to email " . $email ); + $dbr = wfGetDB( DB_SLAVE ); + $row = $dbr->selectRow( 'user', + [ + 'user_id', + 'user_name' + ], + [ + 'user_email' => $email, + 'subject' => null, + 'issuer' => null + ], + __METHOD__, + [ + // if multiple matching accounts, use the oldest one + 'ORDER BY' => 'user_registration', + 'LIMIT' => 1 + ] + ); + if ( $row === false ) { + return [ null, null ]; + } else { + return [ $row->user_id, $row->user_name ]; } } @@ -354,4 +389,3 @@ $GLOBALS['wgWhitelistRead'][] = 'Special:SelectOpenIDConnectIssuer'; } } - diff --git a/extension.json b/extension.json index
[MediaWiki-commits] [Gerrit] mediawiki...OpenIDConnect[REL1_27]: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter
Cicalese has uploaded a new change for review. https://gerrit.wikimedia.org/r/315570 Change subject: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter .. Add $OpenIDConnect_MigrateUsersByEmail configuration parameter This provides an alternative to $OpenIDConnect_MigrateUsers where users are migrated by matching their full email to that of an existing user, rather than by their preferred_username (which is not set for Google). If multiple accounts used the email address currently logged in, the older account will be chosen. This setting should be more secure than the MigrateUsers setting, since emails should be unique identifiers. However, it would still be desirable to ask for some credentials for the merged account. Change-Id: Ia7a1b69e4204812ec9e47f87b8a402596f34e90b (cherry picked from commit 4b1f4736bebf63c52d3f22051f26e99cb0053681) --- M OpenIDConnect.php M extension.json 2 files changed, 44 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenIDConnect refs/changes/70/315570/1 diff --git a/OpenIDConnect.php b/OpenIDConnect.php index 1af6e23..f300719 100644 --- a/OpenIDConnect.php +++ b/OpenIDConnect.php @@ -166,11 +166,18 @@ return true; } - if ( $GLOBALS['wgOpenIDConnect_MigrateUsers'] === true ) { - $id = $this->getMigratedId( $preferred_username ); + if( $GLOBALS['wgOpenIDConnect_MigrateUsersByEmail'] === true ) { + list ( $id, $username ) = $this->getMigratedIdByEmail( $email ); if ( !is_null( $id ) ) { $this->saveExtraAttributes( $id ); - wfDebug( "Migrated user: " . $preferred_username ); + wfDebug( "Migrated user " . $username . " by email: " . $email ); + return true; + } + } elseif ( $GLOBALS['wgOpenIDConnect_MigrateUsersByUserName'] === true ) { + $id = $this->getMigratedIdByUserName( $preferred_username ); + if ( !is_null( $id ) ) { + $this->saveExtraAttributes( $id ); + wfDebug( "Migrated user by username: " . $preferred_username ); $username = $preferred_username; return true; } @@ -257,9 +264,9 @@ } } - private static function getMigratedId( $username ) { + private static function getMigratedIdByUserName( $username ) { $nt = Title::makeTitleSafe( NS_USER, $username ); - if ( $nt === null ) { + if ( is_null( $nt ) ) { return null; } $username = $nt->getText(); @@ -270,12 +277,40 @@ 'user_name' => $username, 'subject' => null, 'issuer' => null - ], __METHOD__ + ], + __METHOD__ ); if ( $row === false ) { return null; } else { return $row->user_id; + } + } + + private static function getMigratedIdByEmail( $email ) { + wfDebug( "Matching user to email " . $email ); + $dbr = wfGetDB( DB_SLAVE ); + $row = $dbr->selectRow( 'user', + [ + 'user_id', + 'user_name' + ], + [ + 'user_email' => $email, + 'subject' => null, + 'issuer' => null + ], + __METHOD__, + [ + // if multiple matching accounts, use the oldest one + 'ORDER BY' => 'user_registration', + 'LIMIT' => 1 + ] + ); + if ( $row === false ) { + return [ null, null ]; + } else { + return [ $row->user_id, $row->user_name ]; } } @@ -354,4 +389,3 @@ $GLOBALS['wgWhitelistRead'][] = 'Special:SelectOpenIDConnectIssuer'; } } -