subject:"\[MediaWiki\-commits\] \[Gerrit\] mediawiki...OpenIDConnect\[REL1_27\]\: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter"

[MediaWiki-commits] [Gerrit] mediawiki...OpenIDConnect[REL1_27]: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter

2016-10-12 Thread jenkins-bot (Code Review)

jenkins-bot has submitted this change and it was merged.

Change subject: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter
..


Add $OpenIDConnect_MigrateUsersByEmail configuration parameter

This provides an alternative to $OpenIDConnect_MigrateUsers where users are
migrated by matching their full email to that of an existing user, rather than
by their preferred_username (which is not set for Google). If multiple accounts
used the email address currently logged in, the older account will be chosen.

This setting should be more secure than the MigrateUsers setting, since emails
should be unique identifiers. However, it would still be desirable to ask for
some credentials for the merged account.

Change-Id: Ia7a1b69e4204812ec9e47f87b8a402596f34e90b
(cherry picked from commit 4b1f4736bebf63c52d3f22051f26e99cb0053681)
---
M OpenIDConnect.php
M extension.json
2 files changed, 44 insertions(+), 9 deletions(-)

Approvals:
  Cicalese: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/OpenIDConnect.php b/OpenIDConnect.php
index 1af6e23..f300719 100644
--- a/OpenIDConnect.php
+++ b/OpenIDConnect.php
@@ -166,11 +166,18 @@
return true;
}
 
-   if ( $GLOBALS['wgOpenIDConnect_MigrateUsers'] 
=== true ) {
-   $id = $this->getMigratedId( 
$preferred_username );
+   if( 
$GLOBALS['wgOpenIDConnect_MigrateUsersByEmail'] === true ) {
+   list ( $id, $username ) = 
$this->getMigratedIdByEmail( $email );
if ( !is_null( $id ) ) {
$this->saveExtraAttributes( $id 
);
-   wfDebug( "Migrated user: " . 
$preferred_username );
+   wfDebug( "Migrated user " . 
$username . " by email: " . $email );
+   return true;
+   }
+   } elseif ( 
$GLOBALS['wgOpenIDConnect_MigrateUsersByUserName'] === true ) {
+   $id = $this->getMigratedIdByUserName( 
$preferred_username );
+   if ( !is_null( $id ) ) {
+   $this->saveExtraAttributes( $id 
);
+   wfDebug( "Migrated user by 
username: " . $preferred_username );
$username = $preferred_username;
return true;
}
@@ -257,9 +264,9 @@
}
}
 
-   private static function getMigratedId( $username ) {
+   private static function getMigratedIdByUserName( $username ) {
$nt = Title::makeTitleSafe( NS_USER, $username );
-   if ( $nt === null ) {
+   if ( is_null( $nt ) ) {
return null;
}
$username = $nt->getText();
@@ -270,12 +277,40 @@
'user_name' => $username,
'subject' => null,
'issuer' => null
-   ], __METHOD__
+   ],
+   __METHOD__
);
if ( $row === false ) {
return null;
} else {
return $row->user_id;
+   }
+   }
+
+   private static function getMigratedIdByEmail( $email ) {
+   wfDebug( "Matching user to email " . $email );
+   $dbr = wfGetDB( DB_SLAVE );
+   $row = $dbr->selectRow( 'user',
+   [
+   'user_id',
+   'user_name'
+   ],
+   [
+   'user_email' => $email,
+   'subject' => null,
+   'issuer' => null
+   ],
+   __METHOD__,
+   [
+   // if multiple matching accounts, use the 
oldest one
+   'ORDER BY' => 'user_registration',
+   'LIMIT' => 1
+   ]
+   );
+   if ( $row === false ) {
+   return [ null, null ];
+   } else {
+   return [ $row->user_id, $row->user_name ];
}
}
 
@@ -354,4 +389,3 @@
$GLOBALS['wgWhitelistRead'][] = 
'Special:SelectOpenIDConnectIssuer';
}
 }
-
diff --git a/extension.json b/extension.json
index

[MediaWiki-commits] [Gerrit] mediawiki...OpenIDConnect[REL1_27]: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter

2016-10-12 Thread Cicalese (Code Review)

Cicalese has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/315570

Change subject: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter
..

Add $OpenIDConnect_MigrateUsersByEmail configuration parameter

This provides an alternative to $OpenIDConnect_MigrateUsers where users are
migrated by matching their full email to that of an existing user, rather than
by their preferred_username (which is not set for Google). If multiple accounts
used the email address currently logged in, the older account will be chosen.

This setting should be more secure than the MigrateUsers setting, since emails
should be unique identifiers. However, it would still be desirable to ask for
some credentials for the merged account.

Change-Id: Ia7a1b69e4204812ec9e47f87b8a402596f34e90b
(cherry picked from commit 4b1f4736bebf63c52d3f22051f26e99cb0053681)
---
M OpenIDConnect.php
M extension.json
2 files changed, 44 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenIDConnect 
refs/changes/70/315570/1

diff --git a/OpenIDConnect.php b/OpenIDConnect.php
index 1af6e23..f300719 100644
--- a/OpenIDConnect.php
+++ b/OpenIDConnect.php
@@ -166,11 +166,18 @@
return true;
}
 
-   if ( $GLOBALS['wgOpenIDConnect_MigrateUsers'] 
=== true ) {
-   $id = $this->getMigratedId( 
$preferred_username );
+   if( 
$GLOBALS['wgOpenIDConnect_MigrateUsersByEmail'] === true ) {
+   list ( $id, $username ) = 
$this->getMigratedIdByEmail( $email );
if ( !is_null( $id ) ) {
$this->saveExtraAttributes( $id 
);
-   wfDebug( "Migrated user: " . 
$preferred_username );
+   wfDebug( "Migrated user " . 
$username . " by email: " . $email );
+   return true;
+   }
+   } elseif ( 
$GLOBALS['wgOpenIDConnect_MigrateUsersByUserName'] === true ) {
+   $id = $this->getMigratedIdByUserName( 
$preferred_username );
+   if ( !is_null( $id ) ) {
+   $this->saveExtraAttributes( $id 
);
+   wfDebug( "Migrated user by 
username: " . $preferred_username );
$username = $preferred_username;
return true;
}
@@ -257,9 +264,9 @@
}
}
 
-   private static function getMigratedId( $username ) {
+   private static function getMigratedIdByUserName( $username ) {
$nt = Title::makeTitleSafe( NS_USER, $username );
-   if ( $nt === null ) {
+   if ( is_null( $nt ) ) {
return null;
}
$username = $nt->getText();
@@ -270,12 +277,40 @@
'user_name' => $username,
'subject' => null,
'issuer' => null
-   ], __METHOD__
+   ],
+   __METHOD__
);
if ( $row === false ) {
return null;
} else {
return $row->user_id;
+   }
+   }
+
+   private static function getMigratedIdByEmail( $email ) {
+   wfDebug( "Matching user to email " . $email );
+   $dbr = wfGetDB( DB_SLAVE );
+   $row = $dbr->selectRow( 'user',
+   [
+   'user_id',
+   'user_name'
+   ],
+   [
+   'user_email' => $email,
+   'subject' => null,
+   'issuer' => null
+   ],
+   __METHOD__,
+   [
+   // if multiple matching accounts, use the 
oldest one
+   'ORDER BY' => 'user_registration',
+   'LIMIT' => 1
+   ]
+   );
+   if ( $row === false ) {
+   return [ null, null ];
+   } else {
+   return [ $row->user_id, $row->user_name ];
}
}
 
@@ -354,4 +389,3 @@
$GLOBALS['wgWhitelistRead'][] = 
'Special:SelectOpenIDConnectIssuer';
}
 }
-

[MediaWiki-commits] [Gerrit] mediawiki...OpenIDConnect[REL1_27]: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter

[MediaWiki-commits] [Gerrit] mediawiki...OpenIDConnect[REL1_27]: Add $OpenIDConnect_MigrateUsersByEmail configuration parameter

2 matches

Site Navigation

Mail list logo

Footer information