https://bugzilla.wikimedia.org/show_bug.cgi?id=66823
--- Comment #1 from Jack Phoenix <[email protected]> --- There are at least two sorta-but-not-quite-separate issues here: * the "don't allow account creation if such an account existed on the remote wiki" feature; this should be an optional setting that can be turned on or off; right now it's on and the only way to get around that is to mess with the code * MediaWikiAuth requires a core patch (hack) and there might not be such a patch available for the latest version(s) of MediaWiki, because people are lazy (trust me, I'm an expert on this field!) When we upgraded ShoutWiki to 1.23, I applied the 1.21 patch, but two hunks failed, so I had to do those manually, and frankly, I'm not sure if I got it correct at all (this is r2545 on the ShoutWiki SVN). In any case, this whole patching scenario is just outright awful and something we should fix. The biggest code portion -- new static function checkImportableUser(), which happens to be the thing that oughta be hidden behind a global -- can be moved to MediaWikiAuth as-is, probably. LoginForm::checkImportableUser() is called in LoginForm::addNewAccountInternal(), right after the "is this an invalid domain?" check, at the very beginning of the function. Much later in the same function we have the AbortNewAccount hook (and also the ExemptFromAccountCreationThrottle hook, though that's of no relevance to us for this issue); this is way too late for our use case, hence the core patch. Should be solvable by slapping a new hook at the beginning of LoginForm::checkImportableUser() and calling it a day. Then there's the weird error message support patch for LoginForm::attemptAutoCreate(); a $wgAuth->authenticate() call normally called with two params is given a third one (which is null by default) *and* to display a possible error message set by the AuthPlugin, a call to $this->mainLoginForm() is made right before returning the status code (self::WRONG_PLUGIN_PASS). This is very messy and needs some serious rethinking. The above-described mess has a little cousin, too, which is the patch to LoginForm::processLogin(). The actual logic of case self::WRONG_PLUGIN_PASS is commented out as it's implemented above, in attemptAutoCreate(). My explanation probably made no sense, but once you look at the available patch files, it should be somewhat clearer. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
