r9312 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r9311‎ | r9312 | r9313 >
Date:11:56, 3 June 2005
Author:vibber
Status:old
Tags:
Comment:
* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
LDAP authentication plugin
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/AuthPlugin.php (modified) (history)
  • /trunk/phase3/includes/SpecialPreferences.php (modified) (history)
  • /trunk/phase3/includes/SpecialUserlogin.php (modified) (history)
  • /trunk/phase3/includes/User.php (modified) (history)
  • /trunk/phase3/includes/templates/Userlogin.php (modified) (history)
  • /trunk/phase3/languages/Language.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
@@ -1377,8 +1377,17 @@
13781378 * @return bool True if the given password is correct otherwise False.
13791379 */
13801380 function checkPassword( $password ) {
1381 - global $wgAuth;
 1381+ global $wgAuth, $wgMinimalPasswordLength;
13821382 $this->loadFromDatabase();
 1383+
 1384+ // Even though we stop people from creating passwords that
 1385+ // are shorter than this, doesn't mean people wont be able
 1386+ // to. Certain authentication plugins do NOT want to save
 1387+ // domain passwords in a mysql database, so we should
 1388+ // check this (incase $wgAuth->strict() is false).
 1389+ if( strlen( $password ) < $wgMinimalPasswordLength ) {
 1390+ return false;
 1391+ }
13831392
13841393 if( $wgAuth->authenticate( $this->getName(), $password ) ) {
13851394 return true;
Index: trunk/phase3/includes/SpecialUserlogin.php
@@ -27,7 +27,7 @@
2828 class LoginForm {
2929 var $mName, $mPassword, $mRetype, $mReturnto, $mCookieCheck, $mPosted;
3030 var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword;
31 - var $mLoginattempt, $mRemember, $mEmail;
 31+ var $mLoginattempt, $mRemember, $mEmail, $mDomain;
3232
3333 /**
3434 * Constructor
@@ -35,10 +35,12 @@
3636 */
3737 function LoginForm( &$request ) {
3838 global $wgLang, $wgAllowRealName, $wgEnableEmail;
 39+ global $wgAuth;
3940
4041 $this->mName = $request->getText( 'wpName' );
4142 $this->mPassword = $request->getText( 'wpPassword' );
4243 $this->mRetype = $request->getText( 'wpRetype' );
 44+ $this->mDomain = $request->getText( 'wpDomain' );
4345 $this->mReturnto = $request->getVal( 'returnto' );
4446 $this->mCookieCheck = $request->getVal( 'wpCookieCheck' );
4547 $this->mPosted = $request->wasPosted();
@@ -61,7 +63,12 @@
6264 } else {
6365 $this->mRealName = '';
6466 }
65 -
 67+
 68+ if( !$wgAuth->validDomain( $this->mDomain ) ) {
 69+ $this->mDomain = 'invaliddomain';
 70+ }
 71+ $wgAuth->setDomain( $this->mDomain );
 72+
6673 # When switching accounts, it sucks to get automatically logged out
6774 if( $this->mReturnto == $wgLang->specialPage( 'Userlogout' ) ) {
6875 $this->mReturnto = '';
@@ -155,7 +162,29 @@
156163 global $wgMaxNameChars;
157164 global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP;
158165 global $wgMinimalPasswordLength;
 166+ global $wgAuth;
159167
 168+ // If the user passes an invalid domain, something is fishy
 169+ if( !$wgAuth->validDomain( $this->mDomain ) ) {
 170+ $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
 171+ return false;
 172+ }
 173+
 174+ // If we are not allowing users to login locally, we should
 175+ // be checking to see if the user is actually able to
 176+ // authenticate to the authentication server before they
 177+ // create an account (otherwise, they can create a local account
 178+ // and login as any domain user). We only need to check this for
 179+ // domains that aren't local.
 180+ if( 'local' != $this->mDomain && '' != $this->mDomain ) {
 181+ if( !$wgAuth->canCreateAccounts() && ( !$wgAuth->userExists( $this->mName ) || !$wgAuth->authenticate( $this->mName, $this->mPassword ) ) ) {
 182+ $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
 183+ return false;
 184+ }
 185+ }
 186+
 187+
 188+
160189 if (!$wgUser->isAllowedToCreateAccount()) {
161190 $this->userNotPrivilegedMessage();
162191 return false;
@@ -205,6 +234,11 @@
206235 }
207236 }
208237
 238+ if( !$wgAuth->addUser( $u, $this->mPassword ) ) {
 239+ $this->mainLoginForm( wfMsg( 'externaldberror' ) );
 240+ return false;
 241+ }
 242+
209243 return $this->initUser( $u );
210244 }
211245
@@ -238,6 +272,7 @@
239273 */
240274 function processLogin() {
241275 global $wgUser;
 276+ global $wgAuth;
242277
243278 if ( '' == $this->mName ) {
244279 $this->mainLoginForm( wfMsg( 'noname' ) );
@@ -284,6 +319,8 @@
285320 }
286321 $u->setOption( 'rememberpassword', $r );
287322
 323+ $wgAuth->updateUser( $u );
 324+
288325 $wgUser = $u;
289326 $wgUser->setCookies();
290327
@@ -395,6 +432,7 @@
396433 function mainLoginForm( $err ) {
397434 global $wgUser, $wgOut, $wgLang;
398435 global $wgDBname, $wgAllowRealName, $wgEnableEmail;
 436+ global $wgAuth;
399437
400438 if ( '' == $this->mName ) {
401439 if ( $wgUser->isLoggedIn() ) {
@@ -418,6 +456,7 @@
419457 $template->set( 'retype', $this->mRetype );
420458 $template->set( 'email', $this->mEmail );
421459 $template->set( 'realname', $this->mRealName );
 460+ $template->set( 'domain', $this->mDomain );
422461
423462 $template->set( 'action', $titleObj->getLocalUrl( $q ) );
424463 $template->set( 'error', $err );
@@ -426,6 +465,7 @@
427466 $template->set( 'userealname', $wgAllowRealName );
428467 $template->set( 'useemail', $wgEnableEmail );
429468 $template->set( 'remember', $wgUser->getOption( 'rememberpassword' ) or $this->mRemember );
 469+ $wgAuth->modifyUITemplate( $template );
430470
431471 $wgOut->setPageTitle( wfMsg( 'userlogin' ) );
432472 $wgOut->setRobotpolicy( 'noindex,nofollow' );
Index: trunk/phase3/includes/AuthPlugin.php
@@ -68,6 +68,56 @@
6969 }
7070
7171 /**
 72+ * Modify options in the login template.
 73+ *
 74+ * @param UserLoginTemplate $template
 75+ * @access public
 76+ */
 77+ function modifyUITemplate( &$template ) {
 78+ # Override this!
 79+ $template->set( 'usedomain', false );
 80+ }
 81+
 82+ /**
 83+ * Set the domain this plugin is supposed to use when authenticating.
 84+ *
 85+ * @param string $domain
 86+ * @access public
 87+ */
 88+ function setDomain( $domain ) {
 89+ $this->domain = $domain;
 90+ }
 91+
 92+ /**
 93+ * Check to see if the specific domain is a valid domain.
 94+ *
 95+ * @param string $domain
 96+ * @return bool
 97+ * @access public
 98+ */
 99+ function validDomain( $domain ) {
 100+ # Override this!
 101+ return true;
 102+ }
 103+
 104+ /**
 105+ * When a user logs in, optionally fill in preferences and such.
 106+ * For instance, you might pull the email address or real name from the
 107+ * external user database.
 108+ *
 109+ * The User object is passed by reference so it can be modified; don't
 110+ * forget the & on your function declaration.
 111+ *
 112+ * @param User $user
 113+ * @access public
 114+ */
 115+ function updateUser( &$user ) {
 116+ # Override this and do something
 117+ return true;
 118+ }
 119+
 120+
 121+ /**
72122 * Return true if the wiki should create a new local account automatically
73123 * when asked to login a user who doesn't exist locally but does in the
74124 * external auth database.
@@ -86,6 +136,54 @@
87137 }
88138
89139 /**
 140+ * Set the given password in the authentication database.
 141+ * Return true if successful.
 142+ *
 143+ * @param string $password
 144+ * @return bool
 145+ * @access public
 146+ */
 147+ function setPassword( $password ) {
 148+ return true;
 149+ }
 150+
 151+ /**
 152+ * Update user information in the external authentication database.
 153+ * Return true if successful.
 154+ *
 155+ * @param User $user
 156+ * @return bool
 157+ * @access public
 158+ */
 159+ function updateExternalDB( $user ) {
 160+ return true;
 161+ }
 162+
 163+ /**
 164+ * Check to see if external accounts can be created.
 165+ * Return true if external accounts can be created.
 166+ * @return bool
 167+ * @access public
 168+ */
 169+ function canCreateAccounts() {
 170+ return false;
 171+ }
 172+
 173+ /**
 174+ * Add a user to the external authentication database.
 175+ * Return true if successful.
 176+ *
 177+ * @param User $user
 178+ * @param string $password
 179+ * @return bool
 180+ * @access public
 181+ */
 182+ function addUser( $user, $password ) {
 183+ return true;
 184+ }
 185+
 186+
 187+ /**
90188 * Return true to prevent logins that don't authenticate here from being
91189 * checked against the local database's password fields.
92190 *
@@ -114,4 +212,4 @@
115213 }
116214 }
117215
118 -?>
\ No newline at end of file
 216+?>
Index: trunk/phase3/includes/SpecialPreferences.php
@@ -180,7 +180,9 @@
181181 global $wgUser, $wgLang, $wgOut;
182182 global $wgEnableUserEmail, $wgEnableEmail;
183183 global $wgEmailAuthentication, $wgMinimalPasswordLength;
 184+ global $wgAuth;
184185
 186+
185187 if ( '' != $this->mNewpass ) {
186188 if ( $this->mNewpass != $this->mRetypePass ) {
187189 $this->mainPrefsForm( wfMsg( 'badretype' ) );
@@ -196,6 +198,10 @@
197199 $this->mainPrefsForm( wfMsg( 'wrongpassword' ) );
198200 return;
199201 }
 202+ if (!$wgAuth->setPassword( $wgUser, $this->mNewpass )) {
 203+ $this->mainPrefsForm( wfMsg( 'externaldberror' ) );
 204+ return;
 205+ }
200206 $wgUser->setPassword( $this->mNewpass );
201207 }
202208 $wgUser->setRealName( $this->mRealName );
@@ -233,6 +239,10 @@
234240 foreach ( $this->mToggles as $tname => $tvalue ) {
235241 $wgUser->setOption( $tname, $tvalue );
236242 }
 243+ if (!$wgAuth->updateExternalDB($wgUser)) {
 244+ $this->mainPrefsForm( wfMsg( 'externaldberror' ) );
 245+ return;
 246+ }
237247 $wgUser->setCookies();
238248 $wgUser->saveSettings();
239249
Index: trunk/phase3/includes/templates/Userlogin.php
@@ -49,6 +49,21 @@
5050 value="<?php $this->msg('login') ?>" />
5151 </td>
5252 </tr>
 53+ <?php if( $this->data['usedomain'] ) {
 54+ $doms = "";
 55+ foreach( $this->data['domainnames'] as $dom ) {
 56+ $doms .= "<option>" . htmlspecialchars( $dom ) . "</option>";
 57+ }
 58+ ?>
 59+ <tr>
 60+ <td align='right'><?php $this->msg( 'yourdomainname' ) ?>:</td>
 61+ <td align='left'>
 62+ <select tabindex='11' name="wpDomain" value="<?php $this->text( 'domain' ) ?>">
 63+ <?php echo $doms ?>
 64+ </select>
 65+ </td>
 66+ </tr>
 67+ <?php } ?>
5368 <?php if( $this->data['create'] ) { ?>
5469 <tr>
5570 <td colspan='3'>&nbsp;</td>
@@ -110,4 +125,4 @@
111126 }
112127 }
113128
114 -?>
\ No newline at end of file
 129+?>
Index: trunk/phase3/RELEASE-NOTES
@@ -240,6 +240,8 @@
241241 * Removed -f parameter from mail() usage, likely to cause failures and bounces.
242242 * (bug 2130) Fixed interwiki links with fragments
243243 * (bug 684) Accept an attribute parameter array on parser hook tags
 244+* (bug 814) Integrate AuthPlugin changes to support Ryan Lane's external
 245+ LDAP authentication plugin
244246
245247
246248 === Caveats ===
Index: trunk/phase3/languages/Language.php
@@ -570,6 +570,8 @@
571571 'yourpasswordagain' => 'Retype password',
572572 'newusersonly' => ' (new users only)',
573573 'remembermypassword' => 'Remember my password across sessions.',
 574+'yourdomainname' => 'Your domain',
 575+'externaldberror' => 'There was either an external authentication database error or you are not allowed to update your external account.',
574576 'loginproblem' => '<b>There has been a problem with your login.</b><br />Try again!',
575577 'alreadyloggedin' => "<font color=red><b>User $1, you are already logged in!</b></font><br />\n",
576578

Status & tagging log