Pgehres has uploaded a new change for review.
https://gerrit.wikimedia.org/r/61074
Change subject: Adding the ability for CentralAuth to login a user with an
altername username.
......................................................................
Adding the ability for CentralAuth to login a user with an altername username.
As part of the SUL finalization, we are going to need to rename a not
insignificant number of users to $username~$wiki. Since not all users
have an email address and to reduce confusion we are adding the ability
for CentralAuth to attempt to authenticate them to alternate usernames
on a failed login attempt.
Change-Id: I0b191f76714b6da1ed63b9af709b5e21ce5ee24a
---
M CentralAuth.php
M CentralAuthPlugin.php
2 files changed, 78 insertions(+), 7 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth
refs/changes/74/61074/1
diff --git a/CentralAuth.php b/CentralAuth.php
index bfd06d9..b144b31 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -148,6 +148,14 @@
$wgCentralAuthReadOnly = false;
/**
+ * As part of the SUL finalization some accounts will have to be forcibly
renamed.
+ * If true, use the rename pattern to see if the provided credentials work on
+ * any renamed accounts that exist.
+ * @var bool
+ */
+$wgCentralAuthCheckForRenamedAccount = false;
+
+/**
* Initialization of the autoloaders, and special extension pages.
*/
$caBase = __DIR__;
diff --git a/CentralAuthPlugin.php b/CentralAuthPlugin.php
index 2790d15..305d22f 100644
--- a/CentralAuthPlugin.php
+++ b/CentralAuthPlugin.php
@@ -8,6 +8,15 @@
*/
class CentralAuthPlugin extends AuthPlugin {
+
+ /**
+ * Indicates that an alternate username was used to log in the user and
the User
+ * object should be updated on a call to updateUser().
+ *
+ * @var String: The username if an alternate has been used
+ */
+ public $alternateUsername = null;
+
/**
* Check whether there exists a user account with the given name.
* The name will be normalized to MediaWiki's requirements, so
@@ -35,7 +44,7 @@
* @public
*/
function authenticate( $username, $password ) {
- global $wgCentralAuthAutoMigrate;
+ global $wgCentralAuthAutoMigrate,
$wgCentralAuthCheckForRenamedAccount;
$central = new CentralAuthUser( $username );
if ( !$central->exists() ) {
@@ -47,6 +56,10 @@
}
$passwordMatch = $central->authenticate( $password ) == "ok";
+
+ if ( !$passwordMatch && $wgCentralAuthCheckForRenamedAccount ) {
+ return $this->authenticateAlternate( $username,
$password );
+ }
if ( $passwordMatch && $wgCentralAuthAutoMigrate ) {
// If the user passed in the global password, we can
identify
@@ -81,6 +94,47 @@
}
/**
+ * Checks alternate usernames of the form $username~wiki in the
post-SUL finalization
+ * era. This is a temporary function and should be removed at some
point in the
+ * future after an appropriate period.
+ *
+ * @param $username String: username.
+ * @param $password String: user password.
+ * @return bool
+ * @public
+ */
+ function authenticateAlternate( $username, $password ) {
+ global $wgCentralAuthCheckForRenamedAccount;
+ if ( !$wgCentralAuthCheckForRenamedAccount ) {
+ return false;
+ }
+
+ $dbr = CentralAuthUser::getCentralSlaveDB();
+ $alternameNames = $dbr->select(
+ 'globaluser',
+ array( 'gu_name' ),
+ array( 'gu_name LIKE ' . $dbr->addQuotes( $username .
"~%" ) ),
+ __METHOD__
+ );
+
+ foreach ( $alternameNames as $an ) {
+ $alternateUsername = $an['gu_name'];
+ $central = new CentralAuthUser( $alternateUsername );
+
+ if ( $central->authenticate( $password ) == "ok" ) {
+ wfDebugLog(
+ 'CentralAuth',
+ "plugin: alternate authentication
succeeded as '$alternateUsername'"
+ );
+ $this->alternateUsername = $alternateUsername;
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
* Check if a user should authenticate locally if the global
authentication fails.
* If either this or strict() returns true, local authentication is not
used.
*
@@ -107,13 +161,22 @@
* @return bool
*/
public function updateUser( &$user ) {
+ global $wgCentralAuthCheckForRenamedAccount;
+
$central = CentralAuthUser::getInstance( $user );
- if ( $central->exists() && $central->isAttached() &&
- $central->getEmail() != $user->getEmail() )
- {
- $user->setEmail( $central->getEmail() );
- $user->mEmailAuthenticated =
$central->getEmailAuthenticationTimestamp();
- $user->saveSettings();
+ if ( $central->exists() && $central->isAttached() ) {
+ if ( $wgCentralAuthCheckForRenamedAccount && isset(
$this->alternateUsername ) ){
+ $user = User::newFromName(
$this->alternateUsername );
+ // dynamically add a flag so that we can notify
the user in the
+ // CentralAuthHooks::onUserLoginComplete call
+ $user->alternateName = true;
+ }
+
+ if ( $central->getEmail() != $user->getEmail() ) {
+ $user->setEmail( $central->getEmail() );
+ $user->mEmailAuthenticated =
$central->getEmailAuthenticationTimestamp();
+ $user->saveSettings();
+ }
}
return true;
}
--
To view, visit https://gerrit.wikimedia.org/r/61074
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0b191f76714b6da1ed63b9af709b5e21ce5ee24a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: Pgehres <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
