Commit e3b35920 authored by Andreas Fink's avatar Andreas Fink

initial commit of AuthRemoteuser rewrite for MW 1.27 SessionProvider API

parent f525d104
<?php
/**
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
use MediaWiki\Session\SessionInfo;
use MediaWiki\Session\UserInfo;
/**
* Session provider for apache/authz authenticated users.
*
* Class AuthRemoteuser
*/
class AuthRemoteuser extends MediaWiki\Session\ImmutableSessionProviderWithCookie {
/**
* @param array $params Keys include:
* - priority: (required) Set the priority
* - sessionCookieName: Session cookie name. Default is '_AuthRemoteuserSession'.
* - sessionCookieOptions: Options to pass to WebResponse::setCookie().
*/
public function __construct(array $params = []) {
if (!isset($params['sessionCookieName'])) {
$params['sessionCookieName'] = '_AuthRemoteuserSession';
}
parent::__construct( $params );
if ( !isset( $params['priority'] ) ) {
throw new \InvalidArgumentException(__METHOD__ . ': priority must be specified');
}
if ($params['priority'] < SessionInfo::MIN_PRIORITY ||
$params['priority'] > SessionInfo::MAX_PRIORITY
) {
throw new \InvalidArgumentException(__METHOD__ . ': Invalid priority');
}
$this->priority = $params['priority'];
}
/**
* @inheritDoc
*/
public function provideSessionInfo(WebRequest $request)
{
// Have a session ID?
$id = $this->getSessionIdFromCookie($request);
if (null === $id) {
$username = $this->getRemoteUsername();
$sessionInfo = $this->newSessionForRequest($username, $request);
return $sessionInfo;
}
$sessionInfo = new SessionInfo($this->priority, [
'provider' => $this,
'id' => $id,
'persisted' => true
]);
return $sessionInfo;
}
/**
* @inheritDoc
*/
public function newSessionInfo($id = null)
{
return null;
}
/**
* @param $username
* @param WebRequest $request
* @return SessionInfo
*/
protected function newSessionForRequest($username, WebRequest $request)
{
$id = $this->getSessionIdFromCookie($request);
$user = User::newFromName($username, 'usable');
if (!$user) {
throw new \InvalidArgumentException('Invalid user name');
}
$this->initUser($user, $username);
$info = new SessionInfo(SessionInfo::MAX_PRIORITY, [
'provider' => $this,
'id' => $id,
'userInfo' => UserInfo::newFromUser($user, true),
'persisted' => false
]);
$session = $this->getManager()->getSessionFromInfo($info, $request);
$session->persist();
return $info;
}
/**
* When creating a user account, optionally fill in
* preferences and such. For instance, you might pull the
* email address or real name from the external user database.
*
* @param $user User object.
* @param $autocreate bool
*/
protected function initUser(&$user, $username)
{
if (Hooks::run("AuthRemoteUserInitUser",
array($user, true))
) {
$this->setRealName($user);
$this->setEmail($user, $username);
$user->mEmailAuthenticated = wfTimestampNow();
$user->setToken();
$this->setNotifications($user);
}
$user->saveSettings();
}
/**
* Sets the real name of the user.
*
* @param User
*/
protected function setRealName(User $user)
{
global $wgAuthRemoteuserName;
if ($wgAuthRemoteuserName) {
$user->setRealName($wgAuthRemoteuserName);
} else {
$user->setRealName('');
}
}
/**
* Return the username to be used. Empty string if none.
*
* @return string
*/
protected function getRemoteUsername()
{
global $wgAuthRemoteuserDomain;
if (isset($_SERVER['REMOTE_USER'])) {
$username = $_SERVER['REMOTE_USER'];
if ($wgAuthRemoteuserDomain) {
$username = str_replace("$wgAuthRemoteuserDomain\\",
"", $username);
$username = str_replace("@$wgAuthRemoteuserDomain",
"", $username);
}
} else {
$username = "";
}
return $username;
}
/**
* Sets the email address of the user.
*
* @param User
* @param String username
*/
protected function setEmail(User $user, $username)
{
global $wgAuthRemoteuserMail, $wgAuthRemoteuserMailDomain;
if ($wgAuthRemoteuserMail) {
$user->setEmail($wgAuthRemoteuserMail);
} elseif ($wgAuthRemoteuserMailDomain) {
$user->setEmail($username . '@' .
$wgAuthRemoteuserMailDomain);
} else {
$user->setEmail($username . "@example.com");
}
}
/**
* Set up notifications for the user.
*
* @param User
*/
protected function setNotifications(User $user)
{
global $wgAuthRemoteuserNotify;
// turn on e-mail notifications
if ($wgAuthRemoteuserNotify) {
$user->setOption('enotifwatchlistpages', 1);
$user->setOption('enotifusertalkpages', 1);
$user->setOption('enotifminoredits', 1);
$user->setOption('enotifrevealaddr', 1);
}
}
}
\ No newline at end of file
<?php
$wgAuthRemoteuserName = isset( $_SERVER["AUTHENTICATE_CN"] )
? $_SERVER["AUTHENTICATE_CN"]
: '';
/* User's Mail */
$wgAuthRemoteuserMail = isset( $_SERVER["AUTHENTICATE_MAIL"] )
? $_SERVER["AUTHENTICATE_MAIL"]
: '';
This diff is collapsed.
This diff is collapsed.
# mediawiki-extensions-sessionprovider-remoteuser
\ No newline at end of file
# AuthRemoteuser: A MediaWiki Extension
The Auth_remoteuser extension allows integration with the web server's built-in
authentication system via the REMOTE_USER environment variable. This variable
is set through HTTP-Auth, LDAP, CAS, PAM, and other authentication systems.
Using the the value of the REMOTE_USER environment variable, this extension
automagically performs a login for this user. The value of this environment
variable also serves as the MediaWiki username. If an account with that name does
not exist yet, one is created.
## Installation
First, add this to your `LocalSettings.php`:
####################################################
# Extension: AuthRemoteuser
wfLoadExtension( 'AuthRemoteuser' );
$wgAuthRemoteuserMailDomain = 'example.com';
# Settings: AuthRemoteuser
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
####################################################
Instead of `example.com`, you might want to use the domain of your organization.
It will be appended to the username and should form a valid email address. If
i.e. your username to login (==`REMOTE_USER`) is `jdoe`, the email of the user
will be `jdoe@example.com`.
## Implementation
The constructor of AuthRemoteuser registers a hook to do the automatic login.
Storing the AuthRemoteuser object in $wgAuth tells MediaWiki that instead of the
MediaWiki AuthPlugin, use us for authentication. This way the plugin can handle
the login attempts.
# Original version
The original version of this fork can be found on the [MediaWiki extension site]
(http://www.mediawiki.org/wiki/Extension:AuthRemoteuser).
# License (GPLv2)
Use web server authentication (REMOTE_USER) in MediaWiki.
Copyright 2006 Otheus Shelling
Copyright 2007 Rusty Burchfield
Copyright 2009 James Kinsman
Copyright 2010 Daniel Thomas
Copyright 2010 Ian Ward Comfort
Copyright 2014 Mark A. Hershberger
Copyright 2015 Jonas Gröger
Copyright 2016 Andreas Fink
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
{
"name": "AuthRemoteuser",
"namemsg": "authremoteuser-extensionname",
"version": "1.3.0",
"author": ["Otheus Shelling", "Rusty Burchfield", "James Kinsman", "Daniel Thomas", "Ian Ward Comfort", "[[mw:User:MarkAHershberger|Mark A. Hershberger]]", "Jonas Gröger", "Andreas Fink"],
"url": "https://www.mediawiki.org/wiki/Extension:AuthRemoteuser",
"descriptionmsg": "authremoteuser-desc",
"type": "authentication",
"license-name": "GPL-2.0+",
"MessagesDirs": {
"AuthRemoteuser": [
"i18n"
]
},
"AutoloadClasses": {
"AuthRemoteuser": "AuthRemoteuser.body.php"
},
"SessionProviders": {
"AuthRemoteuser": {
"class": "AuthRemoteuser",
"args": [{"priority": 80}]
}
},
"config": {
"_prefix": "",
"wgAuthRemoteuserDomain": "",
"wgAuthRemoteuserMailDomain": "example.wiki",
"wgAuthRemoteuserNotify": false
},
"manifest_version": 1
}
\ No newline at end of file
{
"@metadata": {
"authors": [
"Xuacu"
]
},
"authremoteuser-desc": "Anicia sesión pa los usuarios automáticamente usando la variable d'entornu <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Умар"
]
},
"authremoteuser-desc": "Декъашхой автоматически язбо <code>REMOTE_USER</code> гӀоьнца"
}
{
"@metadata": {
"authors": [
"Metalhead64"
]
},
"authremoteuser-desc": "Ermöglicht die automatische Anmeldung von Benutzern mithilfe der <code>REMOTE_USER</code>-Umgebungsvariable"
}
{
"@metadata": {
"authors": [
"Chase me ladies, I'm the Cavalry"
]
},
"authremoteuser-desc": "Automatically logs users in by using the <code>REMOTE_USER</code> environment variable"
}
{
"@metadata": {
"authors": [
"Otheus Shelling"
]
},
"authremoteuser-desc": "Automatically logs-in users using the <code>REMOTE_USER</code> environment variable"
}
{
"@metadata": {
"authors": [
"Fitoschido",
"Macofe"
]
},
"authremoteuser-desc": "Autentica usuarios automáticamente con la variable de entorno <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Alirezaaa"
]
},
"authremoteuser-desc": "به طور خودکار کاربرانی را که از متغیر محیطی <code>REMOTE_USER</code> استفاده می‌کنند ثبت می‌کند"
}
{
"@metadata": {
"authors": [
"Gomoko",
"Linedwell"
]
},
"authremoteuser-desc": "Connecte automatiquement les utilisateurs en utilisant la variable d’environnement <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Elisardojm",
"Toliño"
]
},
"authremoteuser-desc": "Inicia automaticamente a sesión dos usuarios que utilizan a variable de contorno <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Ronel1",
"Amire80",
"Guycn2"
]
},
"authremoteuser-desc": "באופן אוטומטי יומני משתמשים באמצעות <code> </ code> משתנה סביבת REMOTE_USER"
}
{
"@metadata": {
"authors": [
"Michawiki"
]
},
"authremoteuser-desc": "Zmóžnja awtomatiske přizjewjenje wužiwarjow z pomocu wokolinoweje wariable <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"McDutchie"
]
},
"authremoteuser-desc": "Aperi automaticamente le session pro usatores con le variabile de ambiente <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Arifin.wijaya"
]
},
"authremoteuser-desc": "Secara otomatis masuk log pengguna menggunakan variabel lingkungan <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Beta16"
]
},
"authremoteuser-desc": "Registra automaticamente gli utenti utilizzando la variabile di ambiente <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Shirayuki"
]
},
"authremoteuser-desc": "<code>REMOTE_USER</code> 環境変数を使用して利用者を自動的にログインさせる"
}
{
"@metadata": {
"authors": [
"IRTC1015"
]
},
"authremoteuser-desc": "<code>REMOTE_USER</code> 환경 변수를 사용하여 사용자를 자동으로 로그인하게 합니다"
}
{
"@metadata": {
"authors": [
"Purodha"
]
},
"authremoteuser-desc": "Määd et automattesche Enlogge vun Metmaachere müjjelesch övver et Säze vun <code lang=\"en\" xml:lang=\"en\">REMOTE_USER</code> en de Ömjävvongsparrameetere."
}
{
"@metadata": {
"authors": [
"Bjankuloski06"
]
},
"authremoteuser-desc": "Автоматски заведува корисници со околинската променлива <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Chameleon222"
]
},
"authremoteuser-desc": "Logg inn brukere som bruker miljøvariabelen <code>REMOTE_USER</code> automatisk"
}
{
"@metadata": {
"authors": [
"Esketti",
"McDutchie",
"JaapDeKleine",
"Siebrand"
]
},
"authremoteuser-desc": "Logt gebruikers automatisch in met behulp van de omgevingsvariabele <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Cedric31"
]
},
"authremoteuser-desc": "Connècta automaticament los utilizaires en utilizant la variabla d’environament <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Fúlvio",
"Vitorvicentevalente"
]
},
"authremoteuser-desc": "Regista automaticamente utilizadores que utilizam a variável de ambiente <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Raimond Spekking"
]
},
"authremoteuser-desc": "{{desc|name=AuthRemoteuser|url=https://gitlab.noris.net/cda-ad/experiment-auth-remoteuser}}"
}
{
"@metadata": {
"authors": [
"Joetaras"
]
},
"authremoteuser-desc": "Automaticamende face trasè le utinde ausanne 'a variabbile d'ambiende <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Okras",
"Alexandr Efremov"
]
},
"authremoteuser-desc": "Автоматически выполняет вход в систему пользователей, с использованием переменной среды <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Jopparn",
"Lokal Profil"
]
},
"authremoteuser-desc": "Loggar automatiskt in användare genom att använda <code>REMOTE_USER</code> miljövariabeln"
}
{
"@metadata": {
"authors": [
"Ата",
"Andriykopanytsia"
]
},
"authremoteuser-desc": "Автоматично виконує вхід в систему користувачів, з використанням змінної середовища <code>REMOTE_USER</code>"
}
{
"@metadata": {
"authors": [
"Liuxinyu970226"
]
},
"authremoteuser-desc": "自动记载使用<code>REMOTE_USER</code>环境变量的用户"
}
{
"@metadata": {
"authors": [
"Liuxinyu970226",
"Cwlin0416"
]
},
"authremoteuser-desc": "使用 <code>REMOTE_USER</code> 環境變數自動登入使用者"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment