r26323 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r26322‎ \| r26323 \| r26324 >
Date:	19:02, 2 October 2007
Author:	brion
Status:	old
Tags:
Comment:	* AuthPlugin added strictUserAuth() method to allow per-user override of the strict() authentication behavior. Fixes the hole where old local passwords could still be used to log into the global account after merging. Based on patch by Rotem Liss from http://he.wikipedia.org/wiki/%D7%9E%D7%A9%D7%AA%D7%9E%D7%A9:Rotemliss/CentralAuth#2 Changed function name from authenticateLocally() to strictUserAuth() and reversed return value to mesh a little better with strict()
Modified paths:	/trunk/extensions/CentralAuth/CentralAuthPlugin.php (modified) (history) /trunk/phase3/RELEASE-NOTES (modified) (history) /trunk/phase3/includes/AuthPlugin.php (modified) (history) /trunk/phase3/includes/User.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -2252,6 +2252,9 @@
2253	2253	} elseif( $wgAuth->strict() ) {
2254	2254	/* Auth plugin doesn't allow local authentication */
2255	2255	return false;
	2256	+ } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
	2257	+ /* Auth plugin doesn't allow local authentication for this user name */
	2258	+ return false;
2256	2259	}
2257	2260	$ep = $this->encryptPassword( $password );
2258	2261	if ( 0 == strcmp( $ep, $this->mPassword ) ) {
Index: trunk/phase3/includes/AuthPlugin.php
—	—	@@ -211,6 +211,18 @@
212	212	}
213	213
214	214	/**
	215	+ * Check if a user should authenticate locally if the global authentication fails.
	216	+ * If either this or strict() returns true, local authentication is not used.
	217	+ *
	218	+ * @param $username String: username.
	219	+ * @return bool
	220	+ * @public
	221	+ */
	222	+ function strictUserAuth( $username ) {
	223	+ return false;
	224	+ }
	225	+
	226	+ /**
215	227	* When creating a user account, optionally fill in preferences and such.
216	228	* For instance, you might pull the email address or real name from the
217	229	* external user database.
Index: trunk/phase3/RELEASE-NOTES
—	—	@@ -33,7 +33,10 @@
34	34	* On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view source"
35	35	tab entirely if the page doesn't exist and the user isn't allowed to create it
36	36	* Clarify instructions given when an exception is thrown
	37	+* AuthPlugin added strictUserAuth() method to allow per-user override
	38	+ of the strict() authentication behavior.
37	39
	40	+
38	41	=== Bug fixes in 1.12 ===
39	42
40	43	* Subpages are now indexed for searching properly when using PostgreSQL
Index: trunk/extensions/CentralAuth/CentralAuthPlugin.php
—	—	@@ -80,6 +80,22 @@
81	81	}
82	82
83	83	/**
	84	+ * Check if a user should authenticate locally if the global authentication fails.
	85	+ * If either this or strict() returns true, local authentication is not used.
	86	+ *
	87	+ * @param $username String: username.
	88	+ * @return bool
	89	+ * @public
	90	+ */
	91	+ function strictUserAuth( $username ) {
	92	+ // Authenticate locally if the global account doesn't exist,
	93	+ // or the local account isn't attached
	94	+ // If strict is on, local authentication won't work at all
	95	+ $central = new CentralAuthUser( $username );
	96	+ return $central->exists() && $central->isAttached();
	97	+ }
	98	+
	99	+ /**
84	100	* When a user logs in, optionally fill in preferences and such.
85	101	* For instance, you might pull the email address or real name from the
86	102	* external user database.

Follow-up revisions

Revision	Commit summary	Author	Date
r26331	Merged revisions 26280-26330 via svnmerge from...	david	22:28, 2 October 2007

Status & tagging log

15:21, 12 September 2011 Meno25 (talk | contribs) changed the status of r26323 [removed: ok added: old]