I'm trying to modify my extension to account for the autoAuthenticate -> UserLoadFromSession change (moving SpecialUserlogin.php out of the include path was also a surprise).
The problem is user info in the upper right nav, for the front page only, does not update when I create a LoginForm and do initUser in the UserLoadFromSession handler.
What do I have to do to tell the front page that the user's identity has changed?
Has anything else has changed WRT non-username/password authentication?
Mike
I'm trying to modify my extension to account for the autoAuthenticate -> UserLoadFromSession change (moving SpecialUserlogin.php out of the include path was also a surprise).
The problem is user info in the upper right nav, for the front page only, does not update when I create a LoginForm and do initUser in the UserLoadFromSession handler.
What do I have to do to tell the front page that the user's identity has changed?
Has anything else has changed WRT non-username/password authentication?
This is a fairly difficult change IMO. You can take a look at how I did it in the LDAP authentication plugin (see LdapAutoAuthentication.php):
http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/LdapAuthentic ation/
Notice that portions of this are currently broken; see bug 14178:
https://bugzilla.wikimedia.org/show_bug.cgi?id=14178
V/r,
Ryan Lane
On Tue, Sep 30, 2008 at 5:29 PM, Michael B Allen ioplex@gmail.com wrote:
I'm trying to modify my extension to account for the autoAuthenticate -> UserLoadFromSession change (moving SpecialUserlogin.php out of the include path was also a surprise).
The problem is user info in the upper right nav, for the front page only, does not update when I create a LoginForm and do initUser in the UserLoadFromSession handler.
Sorry, I meant to say $wgAuth->updateUser is what I'm doing in UserLoadFromSession.
The user info on the main page isn't updating.
What do I have to do to tell the front page that the user's identity has changed?
Has anything else has changed WRT non-username/password authentication?
Sorry, I meant to say $wgAuth->updateUser is what I'm doing in UserLoadFromSession.
The user info on the main page isn't updating.
Are you calling:
$user->saveSettings();
at the end of the function?
V/r,
Ryan Lane
On Tue, Sep 30, 2008 at 6:23 PM, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
Sorry, I meant to say $wgAuth->updateUser is what I'm doing in UserLoadFromSession.
The user info on the main page isn't updating.
Are you calling:
$user->saveSettings();
at the end of the function?
Everything works pretty well with UserLoadFromSession if I do the following:
global $wgUser; ... $user = User::newFromName($mwCanonName); if (!$user) throw new Exception("Invalid username: $mwCanonName"); $wgUser = &$user;
if ($user->getID() == 0) { if (!class_exists('LoginForm')) require_once 'SpecialUserlogin.php'; global $wgRequest;
$wgUser->setName($mwCanonName); $loginForm = new LoginForm($wgRequest);
$loginForm->initUser($wgUser, true); } else { $wgAuth->updateUser($wgUser); }
$wgUser->setCookies(); $wgUser->setupSession();
So actually no, I don't do saveSettings.
But I had a clause in the code that bypassed the updateUser. That was breaking things. I'm wondering why it was in there in the first place.
Anyway it seems like the user info in the nav is updating now.
Note that I don't think the bug you cited actually applies to me because SPNEGO occurs with every request. Meaning we don't really need to know if the user has already authenticated.
Overall I have to say I'm a little worried about all the magical things that need to occur to get non-username/password authentication working. It's fine once you get it working but the extensions are a little fragile in the face of changes like the UserLoadFromSession one. I get the feeling non-username/password based authentication is not a principal design feature. That's a shame.
Mike
PS: I see now that SVN has a much more current version of your LDAP extension. I'll make sure to look at SVN from now on.
On Tue, Sep 30, 2008 at 6:40 PM, Michael B Allen ioplex@gmail.com wrote:
On Tue, Sep 30, 2008 at 6:23 PM, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
Sorry, I meant to say $wgAuth->updateUser is what I'm doing in UserLoadFromSession.
The user info on the main page isn't updating.
Are you calling:
$user->saveSettings();
at the end of the function?
Everything works pretty well with UserLoadFromSession if I do the following:
global $wgUser; ... $user = User::newFromName($mwCanonName); if (!$user) throw new Exception("Invalid username: $mwCanonName"); $wgUser = &$user;
if ($user->getID() == 0) { if (!class_exists('LoginForm')) require_once 'SpecialUserlogin.php'; global $wgRequest;
$wgUser->setName($mwCanonName); $loginForm = new LoginForm($wgRequest); $loginForm->initUser($wgUser, true);
} else { $wgAuth->updateUser($wgUser); }
$wgUser->setCookies(); $wgUser->setupSession();
So actually no, I don't do saveSettings.
Actually I take it back, I *do* call saveSettings (in updateUser).
Anyway, the same package is working now with both 1.13 and 1.11 at least.
Thanks for your help as usual, Mike
Note that I don't think the bug you cited actually applies to me because SPNEGO occurs with every request. Meaning we don't really need to know if the user has already authenticated.
Ah, didn't realize that. Yeah, the bug doesn't apply to you then.
Overall I have to say I'm a little worried about all the magical things that need to occur to get non-username/password authentication working. It's fine once you get it working but the extensions are a little fragile in the face of changes like the UserLoadFromSession one. I get the feeling non-username/password based authentication is not a principal design feature. That's a shame.
I agree, and it is something I think I'll try to rectify. I've said a number of times in the past that I'd try to fix this and haven't had time, but I've actually been looking at and working on it recently.
PS: I see now that SVN has a much more current version of your LDAP extension. I'll make sure to look at SVN from now on.
Yeah, what is in SVN is usually what is at mediawiki.org, but I've been updating the extension recently and am about to do a release. There are a few more outstanding todos left before I do so. Should be a really good release though ;).
V/r,
Ryan Lane
mediawiki-l@lists.wikimedia.org