| Index: trunk/phase3/includes/SpecialUserlogin.php |
| — | — | @@ -32,6 +32,7 @@ |
| 33 | 33 | const EMPTY_PASS = 6; |
| 34 | 34 | const RESET_PASS = 7; |
| 35 | 35 | const ABORTED = 8; |
| | 36 | + const CREATE_BLOCKED = 9; |
| 36 | 37 | |
| 37 | 38 | var $mName, $mPassword, $mRetype, $mReturnTo, $mCookieCheck, $mPosted; |
| 38 | 39 | var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword; |
| — | — | @@ -370,25 +371,28 @@ |
| 371 | 372 | if ( '' == $this->mName ) { |
| 372 | 373 | return self::NO_NAME; |
| 373 | 374 | } |
| | 375 | + |
| | 376 | + // Load $wgUser now, and check to see if we're logging in as the same name. |
| | 377 | + // This is necessary because loading $wgUser (say by calling getName()) calls |
| | 378 | + // the UserLoadFromSession hook, which potentially creates the user in the |
| | 379 | + // database. Until we load $wgUser, checking for user existence using |
| | 380 | + // User::newFromName($name)->getId() below will effectively be using stale data. |
| | 381 | + if ( $wgUser->getName() === $this->mName ) { |
| | 382 | + wfDebug( __METHOD__.": already logged in as {$this->mName}\n" ); |
| | 383 | + return self::SUCCESS; |
| | 384 | + } |
| 374 | 385 | $u = User::newFromName( $this->mName ); |
| 375 | 386 | if( is_null( $u ) || !User::isUsableName( $u->getName() ) ) { |
| 376 | 387 | return self::ILLEGAL; |
| 377 | 388 | } |
| | 389 | + |
| | 390 | + $isAutoCreated = false; |
| 378 | 391 | if ( 0 == $u->getID() ) { |
| 379 | | - global $wgAuth; |
| 380 | | - /** |
| 381 | | - * If the external authentication plugin allows it, |
| 382 | | - * automatically create a new account for users that |
| 383 | | - * are externally defined but have not yet logged in. |
| 384 | | - */ |
| 385 | | - if ( $wgAuth->autoCreate() && $wgAuth->userExists( $u->getName() ) ) { |
| 386 | | - if ( $wgAuth->authenticate( $u->getName(), $this->mPassword ) ) { |
| 387 | | - $u = $this->initUser( $u, true ); |
| 388 | | - } else { |
| 389 | | - return self::WRONG_PLUGIN_PASS; |
| 390 | | - } |
| | 392 | + $status = $this->attemptAutoCreate( $u ); |
| | 393 | + if ( $status !== self::SUCCESS ) { |
| | 394 | + return $status; |
| 391 | 395 | } else { |
| 392 | | - return self::NOT_EXISTS; |
| | 396 | + $isAutoCreated = true; |
| 393 | 397 | } |
| 394 | 398 | } else { |
| 395 | 399 | $u->load(); |
| — | — | @@ -438,12 +442,50 @@ |
| 439 | 443 | $wgAuth->updateUser( $u ); |
| 440 | 444 | $wgUser = $u; |
| 441 | 445 | |
| | 446 | + if ( $isAutoCreated ) { |
| | 447 | + // Must be run after $wgUser is set, for correct new user log |
| | 448 | + wfRunHooks( 'AuthPluginAutoCreate', array( $wgUser ) ); |
| | 449 | + } |
| | 450 | + |
| 442 | 451 | $retval = self::SUCCESS; |
| 443 | 452 | } |
| 444 | 453 | wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, $retval ) ); |
| 445 | 454 | return $retval; |
| 446 | 455 | } |
| 447 | 456 | |
| | 457 | + /** |
| | 458 | + * Attempt to automatically create a user on login. |
| | 459 | + * Only succeeds if there is an external authentication method which allows it. |
| | 460 | + * @return integer Status code |
| | 461 | + */ |
| | 462 | + function attemptAutoCreate( $user ) { |
| | 463 | + global $wgAuth, $wgUser; |
| | 464 | + /** |
| | 465 | + * If the external authentication plugin allows it, |
| | 466 | + * automatically create a new account for users that |
| | 467 | + * are externally defined but have not yet logged in. |
| | 468 | + */ |
| | 469 | + if ( !$wgAuth->autoCreate() ) { |
| | 470 | + return self::NOT_EXISTS; |
| | 471 | + } |
| | 472 | + if ( !$wgAuth->userExists( $user->getName() ) ) { |
| | 473 | + wfDebug( __METHOD__.": user does not exist\n" ); |
| | 474 | + return self::NOT_EXISTS; |
| | 475 | + } |
| | 476 | + if ( !$wgAuth->authenticate( $user->getName(), $this->mPassword ) ) { |
| | 477 | + wfDebug( __METHOD__.": \$wgAuth->authenticate() returned false, aborting\n" ); |
| | 478 | + return self::WRONG_PLUGIN_PASS; |
| | 479 | + } |
| | 480 | + if ( $wgUser->isBlockedFromCreateAccount() ) { |
| | 481 | + wfDebug( __METHOD__.": user is blocked from account creation\n" ); |
| | 482 | + return self::CREATE_BLOCKED; |
| | 483 | + } |
| | 484 | + |
| | 485 | + wfDebug( __METHOD__.": creating account\n" ); |
| | 486 | + $user = $this->initUser( $user, true ); |
| | 487 | + return self::SUCCESS; |
| | 488 | + } |
| | 489 | + |
| 448 | 490 | function processLogin() { |
| 449 | 491 | global $wgUser, $wgAuth; |
| 450 | 492 | |
| — | — | @@ -495,6 +537,9 @@ |
| 496 | 538 | case self::RESET_PASS: |
| 497 | 539 | $this->resetLoginForm( wfMsg( 'resetpass_announce' ) ); |
| 498 | 540 | break; |
| | 541 | + case self::CREATE_BLOCKED: |
| | 542 | + $this->userBlockedMessage(); |
| | 543 | + break; |
| 499 | 544 | default: |
| 500 | 545 | throw new MWException( "Unhandled case value" ); |
| 501 | 546 | } |
| — | — | @@ -652,7 +697,11 @@ |
| 653 | 698 | $blocker = User::whoIs( $wgUser->mBlock->mBy ); |
| 654 | 699 | $block_reason = $wgUser->mBlock->mReason; |
| 655 | 700 | |
| 656 | | - $wgOut->addWikiMsg( 'cantcreateaccount-text', $ip, $block_reason, $blocker ); |
| | 701 | + if ( strval( $block_reason ) === '' ) { |
| | 702 | + $wgOut->addWikiMsg( 'cantcreateaccount-no-reason', $ip, $blocker ); |
| | 703 | + } else { |
| | 704 | + $wgOut->addWikiMsg( 'cantcreateaccount-text', $ip, $block_reason, $blocker ); |
| | 705 | + } |
| 657 | 706 | $wgOut->returnToMain( false ); |
| 658 | 707 | } |
| 659 | 708 | |
| Index: trunk/phase3/languages/messages/MessagesEn.php |
| — | — | @@ -1154,6 +1154,7 @@ |
| 1155 | 1155 | 'cantcreateaccount-text' => "Account creation from this IP address ('''$1''') has been blocked by [[User:$3|$3]]. |
| 1156 | 1156 | |
| 1157 | 1157 | The reason given by $3 is ''$2''", |
| | 1158 | +'cantcreateaccount-no-reason' => "Account creation from this IP address ('''$1''') has been blocked by [[User:$2|$2]]. No reason was given.", |
| 1158 | 1159 | |
| 1159 | 1160 | # History pages |
| 1160 | 1161 | 'viewpagelogs' => 'View logs for this page', |
| Index: trunk/extensions/CentralAuth/CentralAuthUser.php |
| — | — | @@ -1729,6 +1729,7 @@ |
| 1730 | 1730 | return; |
| 1731 | 1731 | } |
| 1732 | 1732 | $id = $_COOKIE[$wgCentralAuthCookiePrefix . 'Session']; |
| | 1733 | + wfDebug( __METHOD__.": Deleting session $id\n" ); |
| 1733 | 1734 | $key = self::memcKey( 'session', $id ); |
| 1734 | 1735 | $wgMemc->delete( $key ); |
| 1735 | 1736 | } |
| Index: trunk/extensions/CentralAuth/CentralAuthHooks.php |
| — | — | @@ -320,7 +320,8 @@ |
| 321 | 321 | } |
| 322 | 322 | |
| 323 | 323 | // Is the user blocked? |
| 324 | | - if ( !$user->isAllowedToCreateAccount() ) { |
| | 324 | + $anon = new User; |
| | 325 | + if ( !$anon->isAllowedToCreateAccount() ) { |
| 325 | 326 | // Blacklist the user to avoid repeated DB queries subsequently |
| 326 | 327 | // First load the session again in case it changed while the above DB query was in progress |
| 327 | 328 | wfDebug( __METHOD__.": user is blocked from this wiki, blacklisting\n" ); |