Hi,
We're building a site which includes MediaWiki and some other tools (Drupal, BSCW, etc.) and needs unified log-in. I've seen some posts and code contributions on other types of authentication (not using AuthPlugin but outright replacing Special:Userlogin) but they were a bit too specific for some purpose and changed the main code a lot. So I thought up yet another way to do things: why not enclose User::loadFromSession() in Setup.php with an if:
if(!something($wgUser)) { // declare as something(&$user) to get ref $wgUser = User::loadFromSession(); }
This will permit an extension/plugin to load $wgUser from somewhere else: say HTTP auth or a different set of cookies, perhaps creating the local MediaWiki user on-the-fly. The extension can also choose to let User::loadFromSession() do the work by returning false or dump some error message and exit.
After some tests, I think this little change is all that's needed to get an alternative log-in to work. The question is what should something() really be?
1) wfRunHooks(..) might seem like a natural choice, but extention functions are yet to be executed at this stage, so an extention wouldn't have had a chance to register its hooks.
2) a new global, $wgUserLoadHook, is perhaps a good alternative
3) a new method, $wgAuth->userLoad($wgUser), is what I used though, because overriding some AuthPlugin methods is all that was necessary to get it working.
---
Working example: http://stan.gmuf.com/wik/authpatch/ contains a patch and two plugins: one is a generic HttpAuthPlugin that can be extended, the other is a skeleton for a plugin extending HttpAuthPlugin.
1) cd MediaWiki's dir; patch -p1 </path/to/patch 2) download the two plugins to include/ 3) put require_once('BscwAuthPlugin.php') in LocalSettings.php 4) put MediaWiki's dir in a http auth protected realm 5) test: when you log in via http auth, MediaWiki recognizes you (perhaps creating your local user on-the-fly).
Note: As expected, Special:Userlog{in,out} will not work. The skin could hide the links.
---
What do you think, does this patch seem like a good solution which could go into MediaWiki?
Greetings, Stanislav
I kinda figured the best way to redo sessions was to write an extension function that set $wgUser to a new User, based on your sesssioning. This, of course, doesn't prevent Cookie-based sessions from being used.
I'd find the bug in Mediazilla http://bugzilla.wikimedia.org/ and attach your patch(es) to that.
-- Jamie ------------------------------------------------------------------- http://endeavour.zapto.org/astro73/ Thank you to JosephM for inviting me to Gmail! Have lots of invites. Gmail now has 2GB.
wikitech-l@lists.wikimedia.org