Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove ExternalUser authentication code

Browse source 
This was an experimental authentication system intoduced a couple
of years ago with a pretty narrow use-case. It's been pretty much
ignored since introduction, and makes login more complicated than
it needs to be.

I didn't drop the external_user table on the off-chance someone
out there actually has data in it, but they should use AuthPlugin
for their external authentication needs.

Change-Id: I794338dbb75961ee033d41fa44bb7aa22e54f447
This commit is contained in:
Chad Horohoe 2013-03-20 15:48:28 -04:00
parent 66cb8e9f73
commit 36cade5fe8
23 changed files with 15 additions and 936 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
RELEASE-NOTES-1.22
View file

@ -31,6 +31,10 @@ changes to languages because of Bugzilla reports.
Nostalgia was moved to an extension.
* Event namespace used by jquery.makeCollapsible has been changed from
'mw-collapse' to 'mw-collapsible' for consistency with the module name.
* BREAKING CHANGE: The "ExternalAuth" authentication subsystem was removed, along
with its associated globals of $wgExternalAuthType, $wgExternalAuthConf,
$wgAutocreatePolicy and $wgAllowPrefChange. Affected users are encouraged to
use AuthPlugin for external authentication/authorization needs.
== Compatibility ==

6
includes/AutoLoader.php
View file

@ -96,7 +96,6 @@ $wgAutoloadLocalClasses = array(
'ExternalStoreHttp' => 'includes/externalstore/ExternalStoreHttp.php',
'ExternalStoreMedium' => 'includes/externalstore/ExternalStoreMedium.php',
'ExternalStoreMwstore' => 'includes/externalstore/ExternalStoreMwstore.php',
'ExternalUser' => 'includes/ExternalUser.php',
'FakeTitle' => 'includes/FakeTitle.php',
'Fallback' => 'includes/Fallback.php',
'FatalError' => 'includes/Exception.php',
@ -543,11 +542,6 @@ $wgAutoloadLocalClasses = array(
'WikiDiff3' => 'includes/diff/WikiDiff3.php',
'WordLevelDiff' => 'includes/diff/DairikiDiff.php',
# includes/extauth
'ExternalUser_Hardcoded' => 'includes/extauth/Hardcoded.php',
'ExternalUser_MediaWiki' => 'includes/extauth/MediaWiki.php',
'ExternalUser_vB' => 'includes/extauth/vB.php',
# includes/filebackend
'FileBackendGroup' => 'includes/filebackend/FileBackendGroup.php',
'FileBackend' => 'includes/filebackend/FileBackend.php',

57
includes/DefaultSettings.php
View file

@ -3724,63 +3724,6 @@ $wgInvalidUsernameCharacters = '@';
*/
$wgUserrightsInterwikiDelimiter = '@';
/**
* Use some particular type of external authentication. The specific
* authentication module you use will normally require some extra settings to
* be specified.
*
* null indicates no external authentication is to be used. Otherwise,
* $wgExternalAuthType must be the name of a non-abstract class that extends
* ExternalUser.
*
* Core authentication modules can be found in includes/extauth/.
*/
$wgExternalAuthType = null;
/**
* Configuration for the external authentication. This may include arbitrary
* keys that depend on the authentication mechanism. For instance,
* authentication against another web app might require that the database login
* info be provided. Check the file where your auth mechanism is defined for
* info on what to put here.
*/
$wgExternalAuthConf = array();
/**
* When should we automatically create local accounts when external accounts
* already exist, if using ExternalAuth? Can have three values: 'never',
* 'login', 'view'. 'view' requires the external database to support cookies,
* and implies 'login'.
*
* TODO: Implement 'view' (currently behaves like 'login').
*/
$wgAutocreatePolicy = 'login';
/**
* Policies for how each preference is allowed to be changed, in the presence
* of external authentication. The keys are preference keys, e.g., 'password'
* or 'emailaddress' (see Preferences.php et al.). The value can be one of the
* following:
*
* - local: Allow changes to this pref through the wiki interface but only
* apply them locally (default).
* - semiglobal: Allow changes through the wiki interface and try to apply them
* to the foreign database, but continue on anyway if that fails.
* - global: Allow changes through the wiki interface, but only let them go
* through if they successfully update the foreign database.
* - message: Allow no local changes for linked accounts; replace the change
* form with a message provided by the auth plugin, telling the user how to
* change the setting externally (maybe providing a link, etc.). If the auth
* plugin provides no message for this preference, hide it entirely.
*
* Accounts that are not linked to an external account are never affected by
* this setting. You may want to look at $wgHiddenPrefs instead.
* $wgHiddenPrefs supersedes this option.
*
* TODO: Implement message, global.
*/
$wgAllowPrefChange = array();
/**
* This is to let user authenticate using https when they come from http.
* Based on an idea by George Herbert on wikitech-l:

309
includes/ExternalUser.php
View file

@ -1,309 +0,0 @@
<?php
/**
* Authentication with a foreign database
*
* Copyright © 2009 Aryeh Gregor
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
/**
* @defgroup ExternalUser ExternalUser
*/
/**
* A class intended to supplement, and perhaps eventually replace, AuthPlugin.
* See: http://www.mediawiki.org/wiki/ExternalAuth
*
* The class represents a user whose data is in a foreign database. The
* database may have entirely different conventions from MediaWiki, but it's
* assumed to at least support the concept of a user id (possibly not an
* integer), a user name (possibly not meeting MediaWiki's username
* requirements), and a password.
*
* @ingroup ExternalUser
*/
abstract class ExternalUser {
protected function __construct() {}
/**
* Wrappers around initFrom*().
*/
/**
* @param $name string
* @return mixed ExternalUser, or false on failure
*/
public static function newFromName( $name ) {
global $wgExternalAuthType;
if ( is_null( $wgExternalAuthType ) ) {
return false;
}
$obj = new $wgExternalAuthType;
if ( !$obj->initFromName( $name ) ) {
return false;
}
return $obj;
}
/**
* @param $id string
* @return mixed ExternalUser, or false on failure
*/
public static function newFromId( $id ) {
global $wgExternalAuthType;
if ( is_null( $wgExternalAuthType ) ) {
return false;
}
$obj = new $wgExternalAuthType;
if ( !$obj->initFromId( $id ) ) {
return false;
}
return $obj;
}
/**
* @return mixed ExternalUser, or false on failure
*/
public static function newFromCookie() {
global $wgExternalAuthType;
if ( is_null( $wgExternalAuthType ) ) {
return false;
}
$obj = new $wgExternalAuthType;
if ( !$obj->initFromCookie() ) {
return false;
}
return $obj;
}
/**
* Creates the object corresponding to the given User object, assuming the
* user exists on the wiki and is linked to an external account. If either
* of these is false, this will return false.
*
* This is a wrapper around newFromId().
*
* @param $user User
* @return ExternalUser|bool False on failure
*/
public static function newFromUser( $user ) {
global $wgExternalAuthType;
if ( is_null( $wgExternalAuthType ) ) {
# Short-circuit to avoid database query in common case so no one
# kills me
return false;
}
$dbr = wfGetDB( DB_SLAVE );
$id = $dbr->selectField( 'external_user', 'eu_external_id',
array( 'eu_local_id' => $user->getId() ), __METHOD__ );
if ( $id === false ) {
return false;
}
return self::newFromId( $id );
}
/**
* Given a name, which is a string exactly as input by the user in the
* login form but with whitespace stripped, initialize this object to be
* the corresponding ExternalUser. Return true if successful, otherwise
* false.
*
* @param $name string
* @return bool Success?
*/
abstract protected function initFromName( $name );
/**
* Given an id, which was at some previous point in history returned by
* getId(), initialize this object to be the corresponding ExternalUser.
* Return true if successful, false otherwise.
*
* @param $id string
* @return bool Success?
*/
abstract protected function initFromId( $id );
/**
* Try to magically initialize the user from cookies or similar information
* so he or she can be logged in on just viewing the wiki. If this is
* impossible to do, just return false.
*
* TODO: Actually use this.
*
* @return bool Success?
*/
protected function initFromCookie() {
return false;
}
/**
* This must return some identifier that stably, uniquely identifies the
* user. In a typical web application, this could be an integer
* representing the "user id". In other cases, it might be a string. In
* any event, the return value should be a string between 1 and 255
* characters in length; must uniquely identify the user in the foreign
* database; and, if at all possible, should be permanent.
*
* This will only ever be used to reconstruct this ExternalUser object via
* newFromId(). The resulting object in that case should correspond to the
* same user, even if details have changed in the interim (e.g., renames or
* preference changes).
*
* @return string
*/
abstract public function getId();
/**
* This must return the name that the user would normally use for login to
* the external database. It is subject to no particular restrictions
* beyond rudimentary sanity, and in particular may be invalid as a
* MediaWiki username. It's used to auto-generate an account name that
* *is* valid for MediaWiki, either with or without user input, but
* basically is only a hint.
*
* @return string
*/
abstract public function getName();
/**
* Is the given password valid for the external user? The password is
* provided in plaintext.
*
* @param $password string
* @return bool
*/
abstract public function authenticate( $password );
/**
* Retrieve the value corresponding to the given preference key. The most
* important values are:
*
* - emailaddress
* - language
*
* The value must meet MediaWiki's requirements for values of this type,
* and will be checked for validity before use. If the preference makes no
* sense for the backend, or it makes sense but is unset for this user, or
* is unrecognized, return null.
*
* $pref will never equal 'password', since passwords are usually hashed
* and cannot be directly retrieved. authenticate() is used for this
* instead.
*
* TODO: Currently this is only called for 'emailaddress'; generalize! Add
* some config option to decide which values are grabbed on user
* initialization.
*
* @param $pref string
* @return mixed
*/
public function getPref( $pref ) {
return null;
}
/**
* Return an array of identifiers for all the foreign groups that this user
* has. The identifiers are opaque objects that only need to be
* specifiable by the administrator in LocalSettings.php when configuring
* $wgAutopromote. They may be, for instance, strings or integers.
*
* TODO: Support this in $wgAutopromote.
*
* @return array
*/
public function getGroups() {
return array();
}
/**
* Given a preference key (e.g., 'emailaddress'), provide an HTML message
* telling the user how to change it in the external database. The
* administrator has specified that this preference cannot be changed on
* the wiki, and may only be changed in the foreign database. If no
* message is available, such as for an unrecognized preference, return
* false.
*
* TODO: Use this somewhere.
*
* @param $pref string
* @return mixed String or false
*/
public static function getPrefMessage( $pref ) {
return false;
}
/**
* Set the given preference key to the given value. Two important
* preference keys that you might want to implement are 'password' and
* 'emailaddress'. If the set fails, such as because the preference is
* unrecognized or because the external database can't be changed right
* now, return false. If it succeeds, return true.
*
* If applicable, you should make sure to validate the new value against
* any constraints the external database may have, since MediaWiki may have
* more limited constraints (e.g., on password strength).
*
* TODO: Untested.
*
* @param $key string
* @param $value string
* @return bool Success?
*/
public static function setPref( $key, $value ) {
return false;
}
/**
* Create a link for future reference between this object and the provided
* user_id. If the user was already linked, the old link will be
* overwritten.
*
* This is part of the core code and is not overridable by specific
* plugins. It's in this class only for convenience.
*
* @param int $id user_id
*/
final public function linkToLocal( $id ) {
$dbw = wfGetDB( DB_MASTER );
$dbw->replace( 'external_user',
array( 'eu_local_id', 'eu_external_id' ),
array( 'eu_local_id' => $id,
'eu_external_id' => $this->getId() ),
__METHOD__ );
}
/**
* Check whether this external user id is already linked with
* a local user.
* @return Mixed User if the account is linked, Null otherwise.
*/
final public function getLocalUser() {
$dbr = wfGetDB( DB_SLAVE );
$row = $dbr->selectRow(
'external_user',
'*',
array( 'eu_external_id' => $this->getId() )
);
return $row
? User::newFromId( $row->eu_local_id )
: null;
}
}

23
includes/User.php
View file

@ -921,22 +921,12 @@ class User {
* @return Bool True if the user is logged in, false otherwise.
*/
private function loadFromSession() {
global $wgExternalAuthType, $wgAutocreatePolicy;
$result = null;
wfRunHooks( 'UserLoadFromSession', array( $this, &$result ) );
if ( $result !== null ) {
return $result;
}
if ( $wgExternalAuthType && $wgAutocreatePolicy == 'view' ) {
$extUser = ExternalUser::newFromCookie();
if ( $extUser ) {
# TODO: Automatically create the user here (or probably a bit
# lower down, in fact)
}
}
$request = $this->getRequest();
$cookieId = $request->getCookie( 'UserID' );
@ -4409,8 +4399,6 @@ class User {
* @todo document
*/
protected function saveOptions() {
global $wgAllowPrefChange;
$this->loadOptions();
// Not using getOptions(), to keep hidden preferences in database
@ -4422,7 +4410,6 @@ class User {
return;
}
$extuser = ExternalUser::newFromUser( $this );
$userId = $this->getId();
$insert_rows = array();
foreach( $saveOptions as $key => $value ) {
@ -4437,16 +4424,6 @@ class User {
'up_value' => $value,
);
}
if ( $extuser && isset( $wgAllowPrefChange[$key] ) ) {
switch ( $wgAllowPrefChange[$key] ) {
case 'local':
case 'message':
break;
case 'semiglobal':
case 'global':
$extuser->setPref( $key, $value );
}
}
}
$dbw = wfGetDB( DB_MASTER );

1
includes/db/Database.php
View file

@ -714,7 +714,6 @@ abstract class DatabaseBase implements DatabaseType {
* an extension, et cetera). Do not use this to connect to the MediaWiki
* database. Example uses in core:
* @see LoadBalancer::reallyOpenConnection()
* @see ExternalUser_MediaWiki::initFromCond()
* @see ForeignDBRepo::getMasterDB()
* @see WebInstaller_DBConnect::execute()
*

84
includes/extauth/Hardcoded.php
View file

@ -1,84 +0,0 @@
<?php
/**
* External authentication with hardcoded user names and passwords
*
* Copyright © 2009 Aryeh Gregor
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
/**
* This class supports external authentication from a literal array dumped in
* LocalSettings.php. It's mostly useful for testing. Example configuration:
*
* $wgExternalAuthType = 'ExternalUser_Hardcoded';
* $wgExternalAuthConf = array(
* 'Bob Smith' => array(
* 'password' => 'literal string',
* 'emailaddress' => 'bob@example.com',
* ),
* );
*
* Multiple names may be provided. The keys of the inner arrays can be either
* 'password', or the name of any preference.
*
* @ingroup ExternalUser
*/
class ExternalUser_Hardcoded extends ExternalUser {
private $mName;
protected function initFromName( $name ) {
global $wgExternalAuthConf;
if ( isset( $wgExternalAuthConf[$name] ) ) {
$this->mName = $name;
return true;
}
return false;
}
protected function initFromId( $id ) {
return $this->initFromName( $id );
}
public function getId() {
return $this->mName;
}
public function getName() {
return $this->mName;
}
public function authenticate( $password ) {
global $wgExternalAuthConf;
return isset( $wgExternalAuthConf[$this->mName]['password'] )
&& $wgExternalAuthConf[$this->mName]['password'] == $password;
}
public function getPref( $pref ) {
global $wgExternalAuthConf;
if ( isset( $wgExternalAuthConf[$this->mName][$pref] ) ) {
return $wgExternalAuthConf[$this->mName][$pref];
}
return null;
}
# TODO: Implement setPref() via regex on LocalSettings. (Just kidding.)
}

168
includes/extauth/MediaWiki.php
View file

@ -1,168 +0,0 @@
<?php
/**
* External authentication with external MediaWiki database.
*
* Copyright © 2009 Aryeh Gregor
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
/**
* This class supports authentication against an external MediaWiki database,
* probably any version back to 1.5 or something. Example configuration:
*
* $wgExternalAuthType = 'ExternalUser_MediaWiki';
* $wgExternalAuthConf = array(
* 'DBtype' => 'mysql',
* 'DBserver' => 'localhost',
* 'DBname' => 'wikidb',
* 'DBuser' => 'quasit',
* 'DBpassword' => 'a5Cr:yf9u-6[{`g',
* 'DBprefix' => '',
* );
*
* All fields must be present. These mean the same things as $wgDBtype,
* $wgDBserver, etc. This implementation is quite crude; it could easily
* support multiple database servers, for instance, and memcached, and it
* probably has bugs. Kind of hard to reuse code when things might rely on who
* knows what configuration globals.
*
* If either wiki uses the UserComparePasswords hook, password authentication
* might fail unexpectedly unless they both do the exact same validation.
* There may be other corner cases like this where this will fail, but it
* should be unlikely.
*
* @ingroup ExternalUser
*/
class ExternalUser_MediaWiki extends ExternalUser {
private $mRow;
/**
* @var DatabaseBase
*/
private $mDb;
/**
* @param $name string
* @return bool
*/
protected function initFromName( $name ) {
# We might not need the 'usable' bit, but let's be safe. Theoretically
# this might return wrong results for old versions, but it's probably
# good enough.
$name = User::getCanonicalName( $name, 'usable' );
if ( !is_string( $name ) ) {
return false;
}
return $this->initFromCond( array( 'user_name' => $name ) );
}
/**
* @param $id int
* @return bool
*/
protected function initFromId( $id ) {
return $this->initFromCond( array( 'user_id' => $id ) );
}
/**
* @param $cond array
* @return bool
*/
private function initFromCond( $cond ) {
global $wgExternalAuthConf;
$this->mDb = DatabaseBase::factory( $wgExternalAuthConf['DBtype'],
array(
'host' => $wgExternalAuthConf['DBserver'],
'user' => $wgExternalAuthConf['DBuser'],
'password' => $wgExternalAuthConf['DBpassword'],
'dbname' => $wgExternalAuthConf['DBname'],
'tablePrefix' => $wgExternalAuthConf['DBprefix'],
)
);
$row = $this->mDb->selectRow(
'user',
array(
'user_name', 'user_id', 'user_password', 'user_email',
'user_email_authenticated'
),
$cond,
__METHOD__
);
if ( !$row ) {
return false;
}
$this->mRow = $row;
return true;
}
# TODO: Implement initFromCookie().
public function getId() {
return $this->mRow->user_id;
}
/**
* @return string
*/
public function getName() {
return $this->mRow->user_name;
}
public function authenticate( $password ) {
# This might be wrong if anyone actually uses the UserComparePasswords hook
# (on either end), so don't use this if you those are incompatible.
return User::comparePasswords( $this->mRow->user_password, $password,
$this->mRow->user_id );
}
public function getPref( $pref ) {
# @todo FIXME: Return other prefs too. Lots of global-riddled code that does
# this normally.
if ( $pref === 'emailaddress'
&& $this->row->user_email_authenticated !== null ) {
return $this->mRow->user_email;
}
return null;
}
/**
* @return array
*/
public function getGroups() {
# @todo FIXME: Untested.
$groups = array();
$res = $this->mDb->select(
'user_groups',
'ug_group',
array( 'ug_user' => $this->mRow->user_id ),
__METHOD__
);
foreach ( $res as $row ) {
$groups[] = $row->ug_group;
}
return $groups;
}
# TODO: Implement setPref().
}

146
includes/extauth/vB.php
View file

@ -1,146 +0,0 @@
<?php
/**
* External authentication with a vBulletin database.
*
* Copyright © 2009 Aryeh Gregor
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
/**
* This class supports the proprietary vBulletin forum system
* <http://www.vbulletin.com>, versions 3.5 and up. It calls no functions or
* code, only reads from the database. Example lines to put in
* LocalSettings.php:
*
* $wgExternalAuthType = 'ExternalUser_vB';
* $wgExternalAuthConf = array(
* 'server' => 'localhost',
* 'username' => 'forum',
* 'password' => 'udE,jSqDJ<""p=fI.K9',
* 'dbname' => 'forum',
* 'tablePrefix' => '',
* 'cookieprefix' => 'bb'
* );
*
* @ingroup ExternalUser
*/
class ExternalUser_vB extends ExternalUser {
private $mRow;
protected function initFromName( $name ) {
return $this->initFromCond( array( 'username' => $name ) );
}
protected function initFromId( $id ) {
return $this->initFromCond( array( 'userid' => $id ) );
}
protected function initFromCookie() {
# Try using the session table. It will only have a row if the user has
# an active session, so it might not always work, but it's a lot easier
# than trying to convince PHP to give us vB's $_SESSION.
global $wgExternalAuthConf, $wgRequest;
if ( !isset( $wgExternalAuthConf['cookieprefix'] ) ) {
$prefix = 'bb';
} else {
$prefix = $wgExternalAuthConf['cookieprefix'];
}
if ( $wgRequest->getCookie( 'sessionhash', $prefix ) === null ) {
return false;
}
$db = $this->getDb();
$row = $db->selectRow(
array( 'session', 'user' ),
$this->getFields(),
array(
'session.userid = user.userid',
'sessionhash' => $wgRequest->getCookie( 'sessionhash', $prefix ),
),
__METHOD__
);
if ( !$row ) {
return false;
}
$this->mRow = $row;
return true;
}
private function initFromCond( $cond ) {
$db = $this->getDb();
$row = $db->selectRow(
'user',
$this->getFields(),
$cond,
__METHOD__
);
if ( !$row ) {
return false;
}
$this->mRow = $row;
return true;
}
private function getDb() {
global $wgExternalAuthConf;
return DatabaseBase::factory( 'mysql',
array(
'host' => $wgExternalAuthConf['server'],
'user' => $wgExternalAuthConf['username'],
'password' => $wgExternalAuthConf['password'],
'dbname' => $wgExternalAuthConf['dbname'],
'tablePrefix' => $wgExternalAuthConf['tablePrefix'],
)
);
}
private function getFields() {
return array( 'user.userid', 'username', 'password', 'salt', 'email',
'usergroupid', 'membergroupids' );
}
public function getId() { return $this->mRow->userid; }
public function getName() { return $this->mRow->username; }
public function authenticate( $password ) {
# vBulletin seemingly strips whitespace from passwords
$password = trim( $password );
return $this->mRow->password == md5( md5( $password )
. $this->mRow->salt );
}
public function getPref( $pref ) {
if ( $pref == 'emailaddress' && $this->mRow->email ) {
# TODO: only return if validated?
return $this->mRow->email;
}
return null;
}
public function getGroups() {
$groups = array( $this->mRow->usergroupid );
$groups = array_merge( $groups, explode( ',', $this->mRow->membergroupids ) );
$groups = array_unique( $groups );
return $groups;
}
}

11
includes/installer/MysqlUpdater.php
View file

@ -165,12 +165,10 @@ class MysqlUpdater extends DatabaseUpdater {
array( 'doLogUsertextPopulation' ), # listed separately from the previous update because 1.16 was released without this update
array( 'doLogSearchPopulation' ),
array( 'addTable', 'l10n_cache', 'patch-l10n_cache.sql' ),
array( 'addTable', 'external_user', 'patch-external_user.sql' ),
array( 'addIndex', 'log_search', 'ls_field_val', 'patch-log_search-rename-index.sql' ),
array( 'addIndex', 'change_tag', 'change_tag_rc_tag', 'patch-change_tag-indexes.sql' ),
array( 'addField', 'redirect', 'rd_interwiki', 'patch-rd_interwiki.sql' ),
array( 'doUpdateTranscacheField' ),
array( 'renameEuWikiId' ),
array( 'doUpdateMimeMinorField' ),
// 1.17
@ -850,15 +848,6 @@ class MysqlUpdater extends DatabaseUpdater {
return $this->applyPatch( 'patch-pl-tl-il-unique.sql', false, "Making pl_namespace, tl_namespace and il_to indices UNIQUE" );
}
protected function renameEuWikiId() {
if ( $this->db->fieldExists( 'external_user', 'eu_local_id', __METHOD__ ) ) {
$this->output( "...eu_wiki_id already renamed to eu_local_id.\n" );
return;
}
$this->applyPatch( 'patch-eu_local_id.sql', false, "Renaming eu_wiki_id -> eu_local_id" );
}
protected function doUpdateMimeMinorField() {
if ( $this->updateRowExists( 'mime_minor_length' ) ) {
$this->output( "...*_mime_minor fields are already long enough.\n" );

1
includes/installer/PostgresUpdater.php
View file

@ -89,7 +89,6 @@ class PostgresUpdater extends DatabaseUpdater {
array( 'addTable', 'module_deps', 'patch-module_deps.sql' ),
array( 'addTable', 'uploadstash', 'patch-uploadstash.sql' ),
array( 'addTable', 'user_former_groups','patch-user_former_groups.sql' ),
array( 'addTable', 'external_user', 'patch-external_user.sql' ),
array( 'addTable', 'sites', 'patch-sites.sql' ),
# Needed before new field

1
includes/installer/SqliteUpdater.php
View file

@ -49,7 +49,6 @@ class SqliteUpdater extends DatabaseUpdater {
array( 'doLogUsertextPopulation' ), # listed separately from the previous update because 1.16 was released without this update
array( 'doLogSearchPopulation' ),
array( 'addTable', 'l10n_cache', 'patch-l10n_cache.sql' ),
array( 'addTable', 'external_user', 'patch-external_user.sql' ),
array( 'addIndex', 'log_search', 'ls_field_val', 'patch-log_search-rename-index.sql' ),
array( 'addIndex', 'change_tag', 'change_tag_rc_tag', 'patch-change_tag-indexes.sql' ),
array( 'addField', 'redirect', 'rd_interwiki', 'patch-rd_interwiki.sql' ),

67
includes/specials/SpecialUserlogin.php
View file

@ -51,11 +51,6 @@ class LoginForm extends SpecialPage {
var $mAbortLoginErrorMsg = 'login-abort-generic';
private $mLoaded = false;
/**
* @var ExternalUser
*/
private $mExtUser = null;
/**
* @ var WebRequest
*/
@ -480,14 +475,6 @@ class LoginForm extends SpecialPage {
$wgAuth->initUser( $u, $autocreate );
if ( $this->mExtUser ) {
$this->mExtUser->linkToLocal( $u->getId() );
$email = $this->mExtUser->getPref( 'emailaddress' );
if ( $email && !$this->mEmail ) {
$u->setEmail( $email );
}
}
$u->setOption( 'rememberpassword', $this->mRemember ? 1 : 0 );
$u->saveSettings();
@ -550,10 +537,6 @@ class LoginForm extends SpecialPage {
return self::SUCCESS;
}
$this->mExtUser = ExternalUser::newFromName( $this->mUsername );
# TODO: Allow some magic here for invalid external names, e.g., let the
# user choose a different wiki name.
$u = User::newFromName( $this->mUsername );
if( !( $u instanceof User ) || !User::isUsableName( $u->getName() ) ) {
return self::ILLEGAL;
@ -568,16 +551,6 @@ class LoginForm extends SpecialPage {
$isAutoCreated = true;
}
} else {
global $wgExternalAuthType, $wgAutocreatePolicy;
if ( $wgExternalAuthType && $wgAutocreatePolicy != 'never'
&& is_object( $this->mExtUser )
&& $this->mExtUser->authenticate( $this->mPassword )
) {
# The external user and local user have the same name and
# password, so we assume they're the same.
$this->mExtUser->linkToLocal( $u->getID() );
}
$u->load();
}
@ -696,40 +669,22 @@ class LoginForm extends SpecialPage {
* @return integer Status code
*/
function attemptAutoCreate( $user ) {
global $wgAuth, $wgAutocreatePolicy;
global $wgAuth;
if ( $this->getUser()->isBlockedFromCreateAccount() ) {
wfDebug( __METHOD__ . ": user is blocked from account creation\n" );
return self::CREATE_BLOCKED;
}
/**
* If the external authentication plugin allows it, automatically cre-
* ate a new account for users that are externally defined but have not
* yet logged in.
*/
if ( $this->mExtUser ) {
# mExtUser is neither null nor false, so use the new ExternalAuth
# system.
if ( $wgAutocreatePolicy == 'never' ) {
return self::NOT_EXISTS;
}
if ( !$this->mExtUser->authenticate( $this->mPassword ) ) {
return self::WRONG_PLUGIN_PASS;
}
} else {
# Old AuthPlugin.
if ( !$wgAuth->autoCreate() ) {
return self::NOT_EXISTS;
}
if ( !$wgAuth->userExists( $user->getName() ) ) {
wfDebug( __METHOD__ . ": user does not exist\n" );
return self::NOT_EXISTS;
}
if ( !$wgAuth->authenticate( $user->getName(), $this->mPassword ) ) {
wfDebug( __METHOD__ . ": \$wgAuth->authenticate() returned false, aborting\n" );
return self::WRONG_PLUGIN_PASS;
}
if ( !$wgAuth->autoCreate() ) {
return self::NOT_EXISTS;
}
if ( !$wgAuth->userExists( $user->getName() ) ) {
wfDebug( __METHOD__ . ": user does not exist\n" );
return self::NOT_EXISTS;
}
if ( !$wgAuth->authenticate( $user->getName(), $this->mPassword ) ) {
wfDebug( __METHOD__ . ": \$wgAuth->authenticate() returned false, aborting\n" );
return self::WRONG_PLUGIN_PASS;
}
$abortError = '';

3
maintenance/archives/patch-eu_local_id.sql
View file

@ -1,3 +0,0 @@
ALTER TABLE /*_*/external_user
CHANGE COLUMN eu_wiki_id
eu_local_id int unsigned NOT NULL;

9
maintenance/archives/patch-external_user.sql
View file

@ -1,9 +0,0 @@
CREATE TABLE /*_*/external_user (
-- Foreign key to user_id
eu_local_id int unsigned NOT NULL PRIMARY KEY,
-- Some opaque identifier provided by the external database
eu_external_id varchar(255) binary NOT NULL
) /*$wgDBTableOptions*/;
CREATE UNIQUE INDEX /*i*/eu_external_id ON /*_*/external_user (eu_external_id);

11
maintenance/mssql/tables.sql
View file

@ -305,17 +305,6 @@ CREATE TABLE /*$wgDBprefix*/externallinks (
-- Maximum key length ON SQL Server is 900 bytes
CREATE INDEX /*$wgDBprefix*/externallinks_index ON /*$wgDBprefix*/externallinks(el_index);
--
-- Track external user accounts, if ExternalAuth is used
--
CREATE TABLE /*$wgDBprefix*/external_user (
-- Foreign key to user_id
eu_local_id INT NOT NULL PRIMARY KEY,
-- opaque identifier provided by the external database
eu_external_id NVARCHAR(255) NOT NULL,
);
CREATE UNIQUE INDEX /*$wgDBprefix*/eu_external_idx ON /*$wgDBprefix*/external_user(eu_external_id);
--
-- Track INTerlanguage links
--

7
maintenance/oracle/tables.sql
View file

@ -218,13 +218,6 @@ CREATE INDEX &mw_prefix.externallinks_i01 ON &mw_prefix.externallinks (el_from,
CREATE INDEX &mw_prefix.externallinks_i02 ON &mw_prefix.externallinks (el_to, el_from);
CREATE INDEX &mw_prefix.externallinks_i03 ON &mw_prefix.externallinks (el_index);
CREATE TABLE &mw_prefix.external_user (
eu_local_id NUMBER NOT NULL,
eu_external_id varchar2(255) NOT NULL
);
ALTER TABLE &mw_prefix.external_user ADD CONSTRAINT &mw_prefix.external_user_pk PRIMARY KEY (eu_local_id);
CREATE UNIQUE INDEX &mw_prefix.external_user_u01 ON &mw_prefix.external_user (eu_external_id);
CREATE TABLE &mw_prefix.langlinks (
ll_from NUMBER NOT NULL,
ll_lang VARCHAR2(20),

6
maintenance/postgres/archives/patch-external_user.sql
View file

@ -1,6 +0,0 @@
CREATE TABLE external_user (
eu_local_id INTEGER NOT NULL PRIMARY KEY,
eu_external_id TEXT
);
CREATE UNIQUE INDEX eu_external_id ON external_user (eu_external_id);

7
maintenance/postgres/tables.sql
View file

@ -232,13 +232,6 @@ CREATE TABLE externallinks (
CREATE INDEX externallinks_from_to ON externallinks (el_from,el_to);
CREATE INDEX externallinks_index ON externallinks (el_index);
CREATE TABLE external_user (
eu_local_id INTEGER NOT NULL PRIMARY KEY,
eu_external_id TEXT
);
CREATE UNIQUE INDEX eu_external_id ON external_user (eu_external_id);
CREATE TABLE langlinks (
ll_from INTEGER NOT NULL REFERENCES page (page_id) ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED,
ll_lang TEXT,

15
maintenance/tables.sql
View file

@ -626,21 +626,6 @@ CREATE INDEX /*i*/el_from ON /*_*/externallinks (el_from, el_to(40));
CREATE INDEX /*i*/el_to ON /*_*/externallinks (el_to(60), el_from);
CREATE INDEX /*i*/el_index ON /*_*/externallinks (el_index(60));
--
-- Track external user accounts, if ExternalAuth is used
--
CREATE TABLE /*_*/external_user (
-- Foreign key to user_id
eu_local_id int unsigned NOT NULL PRIMARY KEY,
-- Some opaque identifier provided by the external database
eu_external_id varchar(255) binary NOT NULL
) /*$wgDBTableOptions*/;
CREATE UNIQUE INDEX /*i*/eu_external_id ON /*_*/external_user (eu_external_id);
--
-- Track interlanguage links
--

5
tests/phpunit/data/db/sqlite/tables-1.16.sql
View file

@ -146,11 +146,6 @@ CREATE TABLE /*_*/externallinks (
CREATE INDEX /*i*/el_from ON /*_*/externallinks (el_from, el_to(40));
CREATE INDEX /*i*/el_to ON /*_*/externallinks (el_to(60), el_from);
CREATE INDEX /*i*/el_index ON /*_*/externallinks (el_index(60));
CREATE TABLE /*_*/external_user (
eu_local_id int unsigned NOT NULL PRIMARY KEY,
eu_external_id varchar(255) binary NOT NULL
) /*$wgDBTableOptions*/;
CREATE UNIQUE INDEX /*i*/eu_external_id ON /*_*/external_user (eu_external_id);
CREATE TABLE /*_*/langlinks (
ll_from int unsigned NOT NULL default 0,
ll_lang varbinary(20) NOT NULL default '',

5
tests/phpunit/data/db/sqlite/tables-1.17.sql
View file

@ -151,11 +151,6 @@ CREATE TABLE /*_*/externallinks (
CREATE INDEX /*i*/el_from ON /*_*/externallinks (el_from, el_to(40));
CREATE INDEX /*i*/el_to ON /*_*/externallinks (el_to(60), el_from);
CREATE INDEX /*i*/el_index ON /*_*/externallinks (el_index(60));
CREATE TABLE /*_*/external_user (
eu_local_id int unsigned NOT NULL PRIMARY KEY,
eu_external_id varchar(255) binary NOT NULL
) /*$wgDBTableOptions*/;
CREATE UNIQUE INDEX /*i*/eu_external_id ON /*_*/external_user (eu_external_id);
CREATE TABLE /*_*/langlinks (
ll_from int unsigned NOT NULL default 0,
ll_lang varbinary(20) NOT NULL default '',

5
tests/phpunit/data/db/sqlite/tables-1.18.sql
View file

@ -157,11 +157,6 @@ CREATE TABLE /*_*/externallinks (
CREATE INDEX /*i*/el_from ON /*_*/externallinks (el_from, el_to(40));
CREATE INDEX /*i*/el_to ON /*_*/externallinks (el_to(60), el_from);
CREATE INDEX /*i*/el_index ON /*_*/externallinks (el_index(60));
CREATE TABLE /*_*/external_user (
eu_local_id int unsigned NOT NULL PRIMARY KEY,
eu_external_id varchar(255) binary NOT NULL
) /*$wgDBTableOptions*/;
CREATE UNIQUE INDEX /*i*/eu_external_id ON /*_*/external_user (eu_external_id);
CREATE TABLE /*_*/langlinks (
ll_from int unsigned NOT NULL default 0,
ll_lang varbinary(20) NOT NULL default '',