|
List Info
Thread: Automatic Login using get_current_user()
|
|
| Automatic Login using get_current_user() |
|
2006-12-14 16:22:47 |
Hello group,
I have installed Mediawiki 1.8.2 running on Windows 2003,
served up by
PHP 5.2 on IIS 5. I have attempted to integrate this with
Active
Directory, with lots of help from Ryan Lane, but have thus
far been
unsuccessful. It looks like such integration would require
Openldap
and probably more work that it is worth.
An easier approach, it seems to me, would be to have IIS do
the
authentication and pass the information to Mediawiki. This
is possible
with Windows Integrated authentication. The username is
available in
PHP under $_SERVER['REMOTE_USER'] or get_current_user(). The
next
trick is to pass this onto Mediawiki.
I tried the code below but it only generates an HTTP 500
error when
parsing InitUser(). This might be because of versioning,
because the
example is for MediaWiki 1.5.5 and I have 1.8.2.
http://meta.wikimedia.org/wiki/User:Otheus/
Auto_Login_via_REMOTE_USER
It also seems rather round-about to create an WebRequest and
submit it
to the form, which then does the login. Maybe I am missing
something
here, though, for I am rather rough with PHP.
So, in sum, how do I simply and easily modify Mediawiki to
use IIS's
authentication?
J Wolfgang Goerlich
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2006-12-14 19:04:34 |
> I have installed Mediawiki 1.8.2 running on Windows
2003,
> served up by PHP 5.2 on IIS 5. I have attempted to
integrate
> this with Active Directory, with lots of help from Ryan
Lane,
> but have thus far been unsuccessful. It looks like such
> integration would require Openldap and probably more
work
> that it is worth.
>
You don't need openldap, you just need to uncomment a few
lines in your
php.ini, and copy a few files into system32. I gave you a
link to the
step by step instructions. For SSL or TLS to work you'll
need to install
an SSL certificate in AD.
I'm using MediaWiki with LdapAuthentication 1.1b and
authenticating
against AD just fine (a number of other people are too).
> An easier approach, it seems to me, would be to have
IIS do
> the authentication and pass the information to
Mediawiki.
> This is possible with Windows Integrated
authentication. The
> username is available in PHP under
$_SERVER['REMOTE_USER'] or
> get_current_user(). The next trick is to pass this onto
Mediawiki.
>
> I tried the code below but it only generates an HTTP
500
> error when parsing InitUser(). This might be because of
> versioning, because the example is for MediaWiki 1.5.5
and I
> have 1.8.2.
>
> http://meta.wikimedia.org/wiki/User:Otheus/
Auto_Login_via_REMOTE_USER
>
You need to contact the developer of this plugin, or fix the
plugin
yourself. I would imagine it isn't too hard to get this
working with the
newest version of mediawiki.
> It also seems rather round-about to create an
WebRequest and
> submit it to the form, which then does the login. Maybe
I am
> missing something here, though, for I am rather rough
with PHP.
>
It *kind of* feels like a dirty hack, but that is how I see
it working
in pretty much every plugin that uses the AutoAuthenticate
hook; this
hook gets called before a large portion of the code is put
into memory.
Notice you only create a login form when you are creating a
user, and
that is because that class has the functions you need to
create users.
If the user already exists, you just log the user in.
> So, in sum, how do I simply and easily modify Mediawiki
to
> use IIS's authentication?
>
If you are feeling adventurous, you can fix the plugin
yourself. The
first thing I'd do would be to change:
global $wgExtensionFunctions;
if (!isset($wgExtensionFunctions)) {
$wgExtensionFunctions = array();
}
else if (!is_array($wgExtensionFunctions)) {
$wgExtensionFunctions = array( $wgExtensionFunctions
);
}
array_push($wgExtensionFunctions,
'Auth_remote_user_hook');
To:
$wgHooks['AutoAuthenticate'][] = 'Auth_remote_user_hook';
Otherwise, quickly glancing over the plugin, I don't see any
other major
problems.
V/r,
Ryan Lane
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2006-12-16 13:23:24 |
Hello Ryan,
> If you are feeling adventurous, you can fix the plugin
yourself.
I'm always feeling adventurous! I'm primarily a .Net, SQL
2005 man.
Hence, working with this PHP and MySQL setup is a bit of a
learning
curve. It is good fun, though, and I appreciate the
guidance.
I am narrowing in on the problem. InitUser() results in an
"HTTP 500 -
Internal server error", whether it is called from the
custom plugin or
the generic create user.
To reframe the issue, the "Create account" form
fails with an HTTP
500. This is with a default install of MediaWiki.
Now, I have PHP configured to throw exceptions into the
Windows
Application log. None are present when this error occurs.
This says to
me that it is an logical rather than a syntactical error. My
thinking
is that it has something to do with the MySQL script not
executing
properly.
Any suggestions on where to look or how to gather more
detailed
debugging information?
J Wolfgang Goerlich
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2006-12-20 13:31:04 |
Hello Ryan et al,
I have Mediawiki's normal account creation and login
functions
working. I am back on the trail of integrating Windows IIS
authentication.
I have the the plugin installed and running without an
error. I made
the suggested modifications (below). Now, Mediawiki pages
default to
the "Login Required" prompt. From what I can tell,
Auth_remote_user_hook() is never called.
Any suggestions on the next step?
Thanks,
J Wolfgang Goerlich
On 12/14/06, Lane, Ryan <Ryan.Laneocean.navo.navy.mil>
wrote:
> If you are feeling adventurous, you can fix the plugin
yourself. The
> first thing I'd do would be to change:
>
> global $wgExtensionFunctions;
> if (!isset($wgExtensionFunctions)) {
> $wgExtensionFunctions = array();
> }
> else if (!is_array($wgExtensionFunctions)) {
> $wgExtensionFunctions = array(
$wgExtensionFunctions );
> }
> array_push($wgExtensionFunctions,
'Auth_remote_user_hook');
>
> To:
>
> $wgHooks['AutoAuthenticate'][] =
'Auth_remote_user_hook';
>
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2006-12-20 18:43:46 |
> I have the the plugin installed and running without an
error.
> I made the suggested modifications (below). Now,
Mediawiki
> pages default to the "Login Required" prompt.
From what I can tell,
> Auth_remote_user_hook() is never called.
>
> Any suggestions on the next step?
Oops, I probably should have told you to make sure you
declare the
global variable before you use it. It should be:
global $wgHooks;
$wgHooks['AutoAuthenticate'][] = 'Auth_remote_user_hook';
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2006-12-21 22:15:37 |
> Oops, I probably should have told you to make sure you
declare the
> global variable before you use it.
Oh! Yes, of course, the value needs to be global in order
for the
other modules to access it. Made the change and verified the
'Auth_remote_user_hook' is called. That is one step forward.
Now, the web page does not load. It gets into a continuous
redirection
loop. If I remove the redirection code (see below), then it
comes back
to the "Login Required" prompt.
The fun continues.
J Wolfgang Goerlich
// if it worked: refer to login page, otherwise, exit
header( "Location: http" .
(isset($_SERVER['HTTPS'])
&& $_SERVER['HTTPS'] == "on" ?
"s" : "") .
"://" . $_SERVER['SERVER_NAME'] . ":"
. $_SERVER['SERVER_PORT'] .
( isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI']
: "/" .
( isset($_SERVER['URL']) ? $_SERVER['PATH_INFO'] .
( $_SERVER['QUERY_STRING'] ? "?" .
$_SERVER['QUERY_STRING'] : "" )
: "" )
)
);
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2006-12-22 18:28:07 |
Hmmm. More information. The problem is in registering the
users, I
think. Running "select * from user;" in MySQL
returns only the users
that I have manually created.
On 12/21/06, J Wolfgang Goerlich <jwgoerlichgmail.com> wrote:
> > Oops, I probably should have told you to make sure
you declare the
> > global variable before you use it.
>
> Oh! Yes, of course, the value needs to be global in
order for the
> other modules to access it. Made the change and
verified the
> 'Auth_remote_user_hook' is called. That is one step
forward.
>
> Now, the web page does not load. It gets into a
continuous redirection
> loop. If I remove the redirection code (see below),
then it comes back
> to the "Login Required" prompt.
>
> The fun continues.
>
> J Wolfgang Goerlich
>
>
> // if it worked: refer to login page, otherwise, exit
> header( "Location: http" .
> (isset($_SERVER['HTTPS'])
> && $_SERVER['HTTPS'] == "on" ?
"s" : "") .
> "://" . $_SERVER['SERVER_NAME'] .
":" . $_SERVER['SERVER_PORT'] .
> ( isset($_SERVER['REQUEST_URI']) ?
$_SERVER['REQUEST_URI']
> : "/" .
> ( isset($_SERVER['URL']) ? $_SERVER['PATH_INFO'] .
> ( $_SERVER['QUERY_STRING'] ? "?" .
$_SERVER['QUERY_STRING'] : "" )
> : "" )
> )
> );
>
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2006-12-22 21:45:15 |
The password cannot be blank. So, we define a universal
password for
all accounts. The code below will automatically login for
accounts
that I manually create. It is not yet automatically creating
accounts.
J Wolfgang Goerlich
function Auth_remote_user_hook() {
global $wgUser;
global $wgRequest;
global $_REQUEST;
// Universal Password for all users
$pass = "1Some2Secret3Password4"; //
1Some2Secret3Password4
// HTTP refer to login page
$httprefer = "Location: http" .
(isset($_SERVER['HTTPS'])
&& $_SERVER['HTTPS'] == "on" ?
"s" : "") .
"://" . $_SERVER['SERVER_NAME'] .
":" . $_SERVER['SERVER_PORT'] .
( isset($_SERVER['REQUEST_URI']) ?
$_SERVER['REQUEST_URI']
: "/" .
( isset($_SERVER['URL']) ? $_SERVER['PATH_INFO'] .
( $_SERVER['QUERY_STRING'] ? "?" .
$_SERVER['QUERY_STRING'] : "" )
: "" )
);
// For a few special pages, don't do anything.
$title = $wgRequest->getVal('title') ;
if ($title == 'Special:Userlogout' || $title ==
'Special:Userlogin') {
return;
}
// Do nothing if session is valid
$wgUser = User::loadFromSession();
if ($wgUser->isLoggedIn()) {
return;
}
// Do little if user already exists
// (set the _REQUEST variable so that Login knows we're
authenticated)
$username = get_current_user();
$u = User::newFromName( $username );
if (is_null($u)) {
# Invalid username or some other error -- force login,
just return
return;
}
$wgUser = $u;
if ($u->getId() != 0) {
// Populate the userlogin form's username and password
(Userlogin.php)
$_REQUEST['wpName'] = $username;
$_REQUEST['wpPassword'] = $pass;
header($httprefer);
// Make call to load session name, otherwise can't save
if( !isset($wgCommandLineMode) && !isset(
$_COOKIE[session_name()] ) ) {
User::SetupSession();
}
// Set the cookies, save the settings, and return
$wgUser->setCookies();
$wgUser->saveSettings();
return;
}
// Ok, now we need to create a user.
$wgUser->setPassword=$pass;
include 'includes/SpecialUserlogin.php';
$form = new LoginForm( $wgRequest );
$form->initUser( $wgUser );
$form->mName = $username;
$form->mPassword = $pass;
$form->mRetype = $pass;
$form->mCreateaccount = true;
$form->mRemember = true;
$form->mRealName = $username;
header($httprefer);
$wgUser->setCookies();
$wgUser->saveSettings();
return;
}
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2006-12-26 15:26:21 |
> The password cannot be blank. So, we define a universal
> password for all accounts. The code below will
automatically
> login for accounts that I manually create. It is not
yet
> automatically creating accounts.
You should use a randomly created password, or blank the
password out
later in the authentication plugin's initUser() function. It
is possible
for people to manually log in using SpecialUserlogin and the
authenticate function. This would allow people to log in as
anyone. To
get an idea of how to do this, look at the SSLAuthentication
plugin, the
Shibboleth plugin, or my plugin. The former two create a
random
password, the latter blanks out the password.
> function Auth_remote_user_hook() {
>
> global $wgUser;
> global $wgRequest;
> global $_REQUEST;
>
> // Universal Password for all users
> $pass = "1Some2Secret3Password4"; //
1Some2Secret3Password4
>
> // HTTP refer to login page
> $httprefer = "Location: http" .
> (isset($_SERVER['HTTPS'])
> && $_SERVER['HTTPS'] == "on" ?
"s" : "") .
> "://" . $_SERVER['SERVER_NAME'] .
":" . $_SERVER['SERVER_PORT'] .
> ( isset($_SERVER['REQUEST_URI']) ?
$_SERVER['REQUEST_URI']
> : "/" .
> ( isset($_SERVER['URL']) ? $_SERVER['PATH_INFO'] .
> ( $_SERVER['QUERY_STRING'] ? "?" .
$_SERVER['QUERY_STRING'] : "" )
> : "" )
> );
>
I don't really see the need for the httprefer variable, more
on that
below.
> // For a few special pages, don't do anything.
> $title = $wgRequest->getVal('title') ;
> if ($title == 'Special:Userlogout' || $title ==
> 'Special:Userlogin') {
> return;
> }
>
> // Do nothing if session is valid
> $wgUser = User::loadFromSession();
> if ($wgUser->isLoggedIn()) {
> return;
> }
>
> // Do little if user already exists
> // (set the _REQUEST variable so that Login knows
we're
> authenticated) $username = get_current_user(); $u =
> User::newFromName( $username ); if (is_null($u)) {
> # Invalid username or some other error -- force
login, just return
> return;
> }
>
> $wgUser = $u;
> if ($u->getId() != 0) {
>
> // Populate the userlogin form's username and
password
> (Userlogin.php)
>
> $_REQUEST['wpName'] = $username;
> $_REQUEST['wpPassword'] = $pass;
> header($httprefer);
>
I don't get this part... Why are you changing request
variables and
sending out headers? I don't think you should be doing this.
>
> // Make call to load session name, otherwise can't
save
>
> if( !isset($wgCommandLineMode) && !isset(
> $_COOKIE[session_name()] ) ) {
> User::SetupSession();
> }
>
> // Set the cookies, save the settings, and return
>
> $wgUser->setCookies();
> $wgUser->saveSettings();
> return;
> }
>
>
> // Ok, now we need to create a user.
>
> $wgUser->setPassword=$pass;
>
> include 'includes/SpecialUserlogin.php'; $form = new
> LoginForm( $wgRequest ); $form->initUser( $wgUser
);
>
> $form->mName = $username;
> $form->mPassword = $pass;
> $form->mRetype = $pass;
> $form->mCreateaccount = true;
> $form->mRemember = true;
> $form->mRealName = $username;
>
Why are you setting this stuff after you create the user
(form->initUser)? And why aren't you doing it through the
authentication
plugin's initUser() function? Normally all of this stuff is
set before
the user is created.
> header($httprefer);
>
Again. It is a little strange to be sending out headers
here.
> $wgUser->setCookies();
> $wgUser->saveSettings();
>
> return;
>
> }
You aren't setting up a session for the new user... Call
$wgUser->setupSession(); before you call setCookies().
V/r,
Ryan Lane
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
| Automatic Login using get_current_user() |
|
2007-01-04 12:25:20 |
Ryan Lane wrote:
> Why are you setting this stuff after you create the
user
> (form->initUser)? And why aren't you doing it
through the authentication
> plugin's initUser() function? Normally all of this
stuff is set before
> the user is created.
I tried filling the request variables and calling the
form-post
because the initUser() did not appear to set the values.
They still do
not. Perhaps I am missing some necessary code in that block?
(See
below.)
I agree with you. I should change from a static universal
password to
a pseudo-random or blank password. First, though, I should
get the
auto-create function to work.
Regards,
J Wolfgang Goerlich
function initUser(&$user) {
// Current user, email domain, and universal password
global $_SERVER;
$cu = get_current_user();
$domain = "munder.com";
$pass = "1Some2Secret3Password4";
// Populate information for this user
$user->setEmail($cu . "" . $domain);
$user->setRealName( $cu );
$wgUser->setPassword=$pass;
$user->mEmailAuthenticated = wfTimestampNow();
$user->setToken();
// Disable e-mail notifications by default
$user->setOption('enotifwatchlistpages', 0);
$user->setOption('enotifusertalkpages', 0);
$user->setOption('enotifminoredits', 0);
$user->setOption('enotifrevealaddr', 0);
}
_______________________________________________
MediaWiki-l mailing list
MediaWiki-lWikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
|
|
|
|