Anomie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/292196
Change subject: Fix auto-creation
......................................................................
Fix auto-creation
* Don't block auto-creation from session if autoCreatedAccount() will
attach it.
* When we're doing our own auth-creation, use AuthManager directly
whenever possible. And centralize the logic for that instead of
repeating it everywhere.
Change-Id: Id777c8a32a3a15c19e7885ba749c0f62cea51dad
Depends-On: I40bd3dc4d05db0c3a34b01f550a9a9a1ded8fc61
---
M includes/CentralAuthPrimaryAuthenticationProvider.php
M includes/CentralAuthUtils.php
M includes/CreateLocalAccountJob.php
M includes/LocalRenameJob/LocalRenameJob.php
M includes/LocalRenameJob/LocalUserMergeJob.php
M includes/specials/SpecialCentralAutoLogin.php
M maintenance/createLocalAccount.php
7 files changed, 37 insertions(+), 31 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth
refs/changes/96/292196/1
diff --git a/includes/CentralAuthPrimaryAuthenticationProvider.php
b/includes/CentralAuthPrimaryAuthenticationProvider.php
index 4dbaa90..cfa4d92 100644
--- a/includes/CentralAuthPrimaryAuthenticationProvider.php
+++ b/includes/CentralAuthPrimaryAuthenticationProvider.php
@@ -352,7 +352,7 @@
if ( $autocreate !== $this->getUniqueId() ) {
// Prevent creation if the user exists centrally
- if ( $centralUser->exists() ) {
+ if ( $centralUser->exists() && $autocreate !==
AuthManager::AUTOCREATE_SOURCE_SESSION ) {
$status->fatal( 'centralauth-account-exists' );
return $status;
}
diff --git a/includes/CentralAuthUtils.php b/includes/CentralAuthUtils.php
index fab028b..bba0b8a 100644
--- a/includes/CentralAuthUtils.php
+++ b/includes/CentralAuthUtils.php
@@ -1,5 +1,8 @@
<?php
+use MediaWiki\Auth\AuthManager;
+use MediaWiki\Session\SessionManager;
+
class CentralAuthUtils {
/** @var BagOStuff|null Session cache */
private static $sessionCache = null;
@@ -121,18 +124,33 @@
/**
* Auto-create a user
* @param User $user
- * @return bool Success
+ * @return StatusValue
*/
public static function autoCreateUser( User $user ) {
+ global $wgDisableAuthManager;
+
// Ignore warnings about master connections/writes...hard to
avoid here
Profiler::instance()->getTransactionProfiler()->resetExpectations();
- $res = MediaWiki\Session\SessionManager::autoCreateUser( $user
);
- \MediaWiki\Logger\LoggerFactory::getInstance( 'authmanager'
)->info( 'Autocreation attempt', array(
+ if ( !$wgDisableAuthManager ) {
+ $authManager = AuthManager::singleton();
+ $source =
CentralAuthPrimaryAuthenticationProvider::class;
+ if ( !$authManager->getAuthenticationProvider( $source
) ) {
+ $source =
AuthManager::AUTOCREATE_SOURCE_SESSION;
+ }
+ $sv = $authManager->autoCreateUser( $user, $source,
false );
+ } else {
+ $sv = StatusValue::newGood();
+ if ( !SessionManager::autoCreateUser( $user ) ) {
+ $sv->fatal( new RawMessage( 'auto-creation via
SessionManager failed' ) );
+ }
+ }
+
+ \MediaWiki\Logger\LoggerFactory::getInstance( 'authmanager'
)->info( 'Autocreation attempt', [
'event' => 'autocreate',
- 'successful' => $res,
- ) );
- return $res;
+ 'status' => $sv,
+ ] );
+ return $sv;
}
/**
@@ -142,7 +160,7 @@
*/
public static function getCentralSession( $session = null ) {
if ( !$session ) {
- $session =
MediaWiki\Session\SessionManager::getGlobalSession();
+ $session = SessionManager::getGlobalSession();
}
$id = $session->get( 'CentralAuth::centralSessionId' );
@@ -178,7 +196,7 @@
static $keepKeys = array( 'user' => true, 'token' => true,
'expiry' => true );
if ( $session === null ) {
- $session =
MediaWiki\Session\SessionManager::getGlobalSession();
+ $session = SessionManager::getGlobalSession();
}
$id = $session->get( 'CentralAuth::centralSessionId' );
@@ -215,7 +233,7 @@
*/
public static function deleteCentralSession( $session = null ) {
if ( !$session ) {
- $session =
MediaWiki\Session\SessionManager::getGlobalSession();
+ $session = SessionManager::getGlobalSession();
}
$id = $session->get( 'CentralAuth::centralSessionId' );
diff --git a/includes/CreateLocalAccountJob.php
b/includes/CreateLocalAccountJob.php
index 846446b..44700ed 100644
--- a/includes/CreateLocalAccountJob.php
+++ b/includes/CreateLocalAccountJob.php
@@ -53,7 +53,7 @@
return true;
}
- $success = CentralAuthUtils::autoCreateUser( $user );
+ $success = CentralAuthUtils::autoCreateUser( $user )->isGood();
if ( $success ) {
$centralUser->invalidateCache();
}
diff --git a/includes/LocalRenameJob/LocalRenameJob.php
b/includes/LocalRenameJob/LocalRenameJob.php
index a1d1f85..c4285b6 100644
--- a/includes/LocalRenameJob/LocalRenameJob.php
+++ b/includes/LocalRenameJob/LocalRenameJob.php
@@ -65,7 +65,7 @@
return User::newFromName( 'Global rename script' );
} elseif ( $user->getId() == 0 ) {
// No local user, lets "auto-create" one
- if ( CentralAuthUtils::autoCreateUser( $user ) ) {
+ if ( CentralAuthUtils::autoCreateUser( $user
)->isGood() ) {
return User::newFromName( $user->getName() );
// So the internal cache is reloaded
} else {
// Auto-creation didn't work, fallback on the
system account.
diff --git a/includes/LocalRenameJob/LocalUserMergeJob.php
b/includes/LocalRenameJob/LocalUserMergeJob.php
index c38df35..552cd1b 100755
--- a/includes/LocalRenameJob/LocalUserMergeJob.php
+++ b/includes/LocalRenameJob/LocalUserMergeJob.php
@@ -60,22 +60,16 @@
* @throws Exception
*/
private function maybeCreateNewUser( $newName ) {
- global $wgDisableAuthManager;
$user = User::newFromName( $newName );
if ( $user->getId() ) {
// User already exists, nothing to do.
return $user;
}
- if ( class_exists( MediaWiki\Auth\AuthManager::class ) &&
!$wgDisableAuthManager ) {
- $status = MediaWiki\Auth\AuthManager::autoCreateUser(
$user, CentralAuthPrimaryAuthenticationProvider::class, false );
- if ( !$status->isGood() ) {
- $this->updateStatus( 'failed' );
- throw new Exception(
"AuthManager::autoCreateUser failed for $newName: " . $status->getWikiText(
null, null, 'en' ) );
- }
- } elseif ( !MediaWiki\Session\SessionManager::autoCreateUser(
$user ) ) {
+ $status = CentralAuthUtils::autoCreateUser( $user );
+ if ( !$status->isGood() ) {
$this->updateStatus( 'failed' );
- throw new Exception( "SessionManager::autoCreateUser
failed for $newName" );
+ throw new Exception( "AuthManager::autoCreateUser
failed for $newName: " . $status->getWikiText( null, null, 'en' ) );
}
return $user;
diff --git a/includes/specials/SpecialCentralAutoLogin.php
b/includes/specials/SpecialCentralAutoLogin.php
index 865b11e..1e9e86f 100644
--- a/includes/specials/SpecialCentralAutoLogin.php
+++ b/includes/specials/SpecialCentralAutoLogin.php
@@ -478,7 +478,7 @@
if ( !User::idFromName( $centralUser->getName() ) ) {
$user = new User;
$user->setName( $centralUser->getName() );
- if ( CentralAuthUtils::autoCreateUser( $user )
) {
+ if ( CentralAuthUtils::autoCreateUser( $user
)->isGood() ) {
$centralUser->invalidateCache();
}
}
diff --git a/maintenance/createLocalAccount.php
b/maintenance/createLocalAccount.php
index 931274a..733b741 100644
--- a/maintenance/createLocalAccount.php
+++ b/maintenance/createLocalAccount.php
@@ -14,8 +14,6 @@
}
public function execute() {
- global $wgDisableAuthManager;
-
if ( !class_exists( 'CentralAuthUser' ) ) {
$this->error( "CentralAuth isn't enabled on this
wiki\n", 1 );
}
@@ -36,13 +34,9 @@
$this->error( "No such global user:
'$username'\n", 1 );
}
- if ( class_exists( MediaWiki\Auth\AuthManager::class )
&& !$wgDisableAuthManager ) {
- $status =
MediaWiki\Auth\AuthManager::autoCreateUser( $user,
CentralAuthPrimaryAuthenticationProvider::class, false );
- if ( !$status->isGood() ) {
- $this->error(
"AuthManager::autoCreateUser failed for $username: " . $status->getWikiText(
null, null, 'en' ) );
- }
- } elseif (
!MediaWiki\Session\SessionManager::autoCreateUser( $user ) ) {
- $this->error( "SessionManager::autoCreateUser
failed for $username" );
+ $status = CentralAuthUtils::autoCreateUser( $user );
+ if ( !$status->isGood() ) {
+ $this->error( "autoCreateUser failed for
$username: " . $status->getWikiText( null, null, 'en' ) );
}
# Update user count
--
To view, visit https://gerrit.wikimedia.org/r/292196
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Id777c8a32a3a15c19e7885ba749c0f62cea51dad
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: Anomie <bjor...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
