r85410 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r85409‎ | r85410 | r85411 >
Date:01:18, 5 April 2011
Author:brion
Status:ok (Comments)
Tags:
Comment:
* (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by
other extensions by handling the 'AbortAutoAccount' hook, similar to the
'AbortNewAccount' triggered by explicit account creations. (They are separate
to avoid loops and confusion; auth plugins like CentralAuth need to handle
AbortNewAccount separately.
Modified paths:
  • /trunk/extensions/CentralAuth/CentralAuthHooks.php (modified) (history)
  • /trunk/extensions/TitleBlacklist/TitleBlacklist.php (modified) (history)
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/docs/hooks.txt (modified) (history)
  • /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/docs/hooks.txt
@@ -234,6 +234,10 @@
235235 This is a list of known events and parameters; please add to it if you're going
236236 to add events to the MediaWiki code.
237237
 238+'AbortAutoAccount': Return false to cancel automated local account creation, where normally authentication against an external auth plugin would be creating a local account.
 239+$user: the User object about to be created (read-only, incomplete)
 240+$message: out parameter: error message to be displayed to user
 241+
238242 'AbortAutoblock': Return false to cancel an autoblock.
239243 $autoblockip: The IP going to be autoblocked.
240244 $block: The block from which the autoblock is coming.
@@ -256,7 +260,7 @@
257261 $err: error message
258262 $reason: the reason for the move (added in 1.13)
259263
260 -'AbortNewAccount': Return false to cancel account creation.
 264+'AbortNewAccount': Return false to cancel explicit account creation.
261265 $user: the User object about to be created (read-only, incomplete)
262266 $message: out parameter: error message to display on abort
263267
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
@@ -639,6 +639,14 @@
640640 }
641641 }
642642
 643+ $abortError = '';
 644+ if( !wfRunHooks( 'AbortAutoAccount', array( $user, &$abortError ) ) ) {
 645+ // Hook point to add extra creation throttles and blocks
 646+ wfDebug( "LoginForm::attemptAutoCreate: a hook blocked creation: $abortError\n" );
 647+ $this->mAbortLoginErrorMsg = $abortError;
 648+ return self::ABORTED;
 649+ }
 650+
643651 wfDebug( __METHOD__ . ": creating account\n" );
644652 $this->initUser( $user, true );
645653 return self::SUCCESS;
Index: trunk/phase3/RELEASE-NOTES
@@ -120,7 +120,13 @@
121121 * The parser now attempts to output markers for editsection tokens and defer the
122122 rendering of them post-cache to reduce parser cache fragmentation and ensure
123123 skin customizability of edit section links.
 124+* (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by
 125+ other extensions by handling the 'AbortAutoAccount' hook, similar to the
 126+ 'AbortNewAccount' triggered by explicit account creations. (They are separate
 127+ to avoid loops and confusion; auth plugins like CentralAuth need to handle
 128+ AbortNewAccount separately.
124129
 130+
125131 === Bug fixes in 1.18 ===
126132 * (bug 23119) WikiError class and subclasses are now marked as deprecated
127133 * (bug 10871) Javascript and CSS pages in MediaWiki namespace are no longer
Index: trunk/extensions/TitleBlacklist/TitleBlacklist.php
@@ -47,6 +47,7 @@
4848 $wgHooks['getUserPermissionsErrorsExpensive'][] = 'TitleBlacklistHooks::userCan';
4949 $wgHooks['AbortMove'][] = 'TitleBlacklistHooks::abortMove';
5050 $wgHooks['AbortNewAccount'][] = 'TitleBlacklistHooks::abortNewAccount';
 51+$wgHooks['AbortAutoAccount'][] = 'TitleBlacklistHooks::abortNewAccount';
5152 $wgHooks['CentralAuthAutoCreate'][] = 'TitleBlacklistHooks::centralAuthAutoCreate';
5253 $wgHooks['EditFilter'][] = 'TitleBlacklistHooks::validateBlacklist';
5354 $wgHooks['ArticleSaveComplete'][] = 'TitleBlacklistHooks::clearBlacklist';
Index: trunk/extensions/CentralAuth/CentralAuthHooks.php
@@ -442,6 +442,13 @@
443443 wfDebug( __METHOD__ . ": denied by other extensions\n" );
444444 return false;
445445 }
 446+ $abortMessage = '';
 447+ if ( !wfRunHooks( 'AbortAutoAccount', array( $user, &$abortMessage ) ) ) {
 448+ // In this case we have no way to return the message to the user,
 449+ // but we can log it.
 450+ wfDebug( __METHOD__ . ": denied by other extension: $abortMessage\n" );
 451+ return false;
 452+ }
446453
447454 // Checks passed, create the user
448455 wfDebug( __METHOD__ . ": creating new user\n" );

Follow-up revisions

RevisionCommit summaryAuthorDate
r89688Doc fix for r85410demon20:56, 7 June 2011
r89689Follow up r85410 & r89688. Try to make clearer that this is a message key.platonides21:20, 7 June 2011

Comments

#Comment by Platonides (talk | contribs)   14:55, 5 April 2011

AbortAutoAccount description should use more than one line in hooks.txt.

$message is an out parameter, should be specified as &$message (same problem with AbortAutoblock)

It is not clear from the description that $message is a message key, which will be shown to the user through wfMsg()

#Comment by Brion VIBBER (talk | contribs)   17:12, 12 April 2011

AbortAutoAccount's description is a copy-paste of AbortNewAccount's description, so if those are problems they're old problems. Doesn't appear to impact any functionality or cause any regressions, so removing the fixme in favor of doc tag.

#Comment by 😂 (talk | contribs)   20:56, 7 June 2011

Docs fixed in followup.

Status & tagging log