r20305 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r20304‎ | r20305 | r20306 >
Date:00:30, 10 March 2007
Author:laner
Status:old
Tags:
Comment:
Making the SSL authentication piece of the plugin generic, and the regular authentication plugin piece ready for more auto-auth plugins.
Modified paths:
  • /trunk/extensions/LdapAuthentication/LdapAuthentication.php (modified) (history)

Diff [purge]

Index: trunk/extensions/LdapAuthentication/LdapAuthentication.php
@@ -857,6 +857,14 @@
858858
859859 if ( $username != '' ) {
860860 $this->printDebug("Username isn't empty.",1);
 861+
 862+ //We want to use the username returned by LDAP
 863+ //if it exists
 864+ if ( $this->LDAPUsername != '' ) {
 865+ $this->printDebug("Using LDAPUsername.",1);
 866+ $username = $this->LDAPUsername;
 867+ }
 868+
861869 //Change username to lowercase so that multiple user accounts
862870 //won't be created for the same user.
863871 $username = strtolower($username);
@@ -1433,6 +1441,7 @@
14341442 global $wgAuth;
14351443 global $wgLDAPAutoAuthMethod;
14361444 global $wgLDAPUseSmartcardAuth;
 1445+ global $wgLDAPSmartcardDomain;
14371446
14381447 $wgAuth = new LdapAuthenticationPlugin();
14391448
@@ -1450,6 +1459,7 @@
14511460 $wgHooks['AutoAuthenticate'][] = 'SSLAuth'; /* Hook for magical authN */
14521461 $wgHooks['PersonalUrls'][] = 'NoLogout'; /* Disallow logout link */
14531462 $wgLDAPUseSmartcardAuth = true;
 1463+ $wgAuth->setDomain($wgLDAPSmartcardDomain);
14541464 }
14551465 break;
14561466 default:
@@ -1471,18 +1481,9 @@
14721482 global $wgLDAPSSLUsername;
14731483 global $wgUser;
14741484 global $wgAuth;
1475 - global $wgLDAPSmartcardDomain;
1476 - global $wgLDAPUseSmartcardAuth;
14771485
14781486 $wgAuth->printDebug("Entering SSLAuth.",1);
14791487
1480 - if (!$wgLDAPUseSmartcardAuth) {
1481 - $wgAuth->printDebug("Not using smartcard authentication, returning.",1);
1482 - return;
1483 - }
1484 -
1485 - $wgAuth->setDomain($wgLDAPSmartcardDomain);
1486 -
14871488 //Give us a user, see if we're around
14881489 $tmpuser = User::LoadFromSession();
14891490
@@ -1490,21 +1491,22 @@
14911492 if($tmpuser->isLoggedIn()) {
14921493 $wgAuth->printDebug("User is already logged in.",1);
14931494 return;
1494 - } else {
1495 - $wgAuth->printDebug("User is not logged in, we need to authenticate",1);
1496 - $authenticated = $wgAuth->authenticate($wgLDAPSSLUsername);
1497 - if (!$authenticated) {
1498 - //If the user doesn't exist in LDAP, there isn't much reason to
1499 - //go any further.
1500 - $wgAuth->printDebug("User wasn't found in LDAP, exiting.",1);
1501 - return;
1502 - }
 1495+ }
15031496
1504 - //We need the username that MediaWiki will always use, *not* the one we
1505 - //get from LDAP.
1506 - $mungedUsername = $wgAuth->getCanonicalName($wgAuth->getLDAPUsername());
 1497+ //The user hasn't already been authenticated, let's check them
 1498+ $wgAuth->printDebug("User is not logged in, we need to authenticate",1);
 1499+ $authenticated = $wgAuth->authenticate($wgLDAPSSLUsername);
 1500+ if (!$authenticated) {
 1501+ //If the user doesn't exist in LDAP, there isn't much reason to
 1502+ //go any further.
 1503+ $wgAuth->printDebug("User wasn't found in LDAP, exiting.",1);
 1504+ return;
15071505 }
15081506
 1507+ //We need the username that MediaWiki will always use, *not* the one we
 1508+ //get from LDAP.
 1509+ $mungedUsername = $wgAuth->getCanonicalName($wgLDAPSSLUsername);
 1510+
15091511 $wgAuth->printDebug("User exists in LDAP; finding the user by name in MediaWiki.",1);
15101512
15111513 //Is the user already in the database?
@@ -1554,9 +1556,6 @@
15551557 //Create the user
15561558 $lf->initUser($wgUser);
15571559
1558 - //Update the user's settings
1559 - $wgAuth->updateUser($wgUser);
1560 -
15611560 //Initialize the user
15621561 $wgUser->setupSession();
15631562 $wgUser->setCookies();