/** * @param $user * @param $result * @return bool */ public function AutoAuthenticateOverSymfony($user, &$result) { $symfonyToken = $this->symfonyConatiner->get('security.token_storage')->getToken(); if (!$symfonyToken || !is_object($symfonyToken)) { return false; } $symfonyUser = $symfonyToken->getUser(); if (!$symfonyUser || !is_object($symfonyUser)) { return false; } $dbr =& wfGetDB(DB_SLAVE); $s = $dbr->selectRow('user', array('user_id'), array('user_name' => $symfonyUser->getUsername()), "UserAuthSymfony::AutoAuthenticateOverSymfony"); if ($s === false) { $username = $symfonyUser->getUsername(); $newUser = new \User(); $newUser->loadDefaults($username); // Added as it's done this way in CentralAuth. $newUser->setEmail($symfonyUser->getEmail()); $newUser->setName($username); $newUser->confirmEmail(); $newUser->mTouched = wfTimestamp(); $newUser->addToDatabase(); $user =& $newUser; } else { $user->mId = $s->user_id; } $sfGroups = array(); if (method_exists($symfonyUser, 'getGroups')) { $sfGroups = $symfonyUser->getGroups(); } $oldGroups = $user->getGroups(); // previous groups foreach ($oldGroups as $group) { //ignore wiki groups and remove only non wiki groups if (!in_array($group, array('sysop', 'bureaucrat'))) { $user->removeGroup($group); // remove it } } // readd current groups foreach ($sfGroups as $sfGroup) { $user->addGroup(GroupBridge::getGroupAlias($sfGroup)); } if ($user->loadFromDatabase()) { $user->saveToCache(); } $result = true; return true; }
/** * Updates the user's details according to what was given from the SSO * library. * Note that this will be called every time after authenticating * to the IdP. * * @param User $user * User object from MW * @param Array $attrs * Attribute array */ private function modifyUserIfNeeded(&$user, $attrs) { $username = $user->getName(); $dirty = false; /* * Email */ if (isset($attrs['email'])) { $new = $attrs['email']; $old = $user->getEmail(); if ($new != $old) { $user->setEmail($new); $user->confirmEmail(); wfDebugLog('MultiAuthPlugin', __METHOD__ . ': ' . "Updated email for user '{$username}' from '{$old}' to '{$new}'"); $dirty = true; } } /* * Fullname */ if (isset($attrs['fullname'])) { $new = $attrs['fullname']; $old = $user->getRealName(); if ($new != $old) { $user->setRealName($new); wfDebugLog('MultiAuthPlugin', __METHOD__ . ': ' . "Updated realName for user '{$username}' from '{$old}' to '{$new}'"); $dirty = true; } } if ($dirty) { $user->saveSettings(); } }
private function onAuthenticateUserDataResetPass(User $u) { // The e-mailed temporary password should not be used for actu- // al logins; that's a very sloppy habit, and insecure if an // attacker has a few seconds to click "search" on someone's o- // pen mail reader. // // Allow it to be used only to reset the password a single time // to a new value, which won't be in the user's e-mail ar- // chives. // // For backwards compatibility, we'll still recognize it at the // login form to minimize surprises for people who have been // logging in with a temporary password for some time. // // As a side-effect, we can authenticate the user's e-mail ad- // dress if it's not already done, since the temporary password // was sent via e-mail. if (!$u->isEmailConfirmed()) { $u->confirmEmail(); $u->saveSettings(); } }
/** * When a user logs in, optionally fill in preferences and such. * For instance, you might pull the email address or real name from the * external user database. * * The User object is passed by reference so it can be modified; don't * forget the & on your function declaration. * * @param User $user * @public */ function updateUser(&$user) { if ($this->debug) { echo 'updateUser'; } $username = addslashes($user->getName()); $find_user_query = "SELECT\n\t\t\tuser_id,\n\t\t\tuser_accesslevel, user_email, \n\t\t\tuser_name_short, user_name\n\t\t\tFROM users WHERE lower(user_name_short)=lower('{$username}')"; $find_result = mysql_query($find_user_query, $this->database); // make sure that there is only one person with the username if (mysql_num_rows($find_result) == 1) { $userinfo = mysql_fetch_assoc($find_result); mysql_free_result($find_result); $user->setEmail($userinfo['user_email']); $user->confirmEmail(); $user->setRealName($userinfo['user_name']); // Accessrights if ($userinfo['user_accesslevel'] > 2) { $user->addGroup('sysop'); } $user->saveSettings(); return true; } return false; }
/** * When a user logs in, update user with information from LDAP. * * @param User $user * @access public * TODO: fix the setExternalID stuff */ function updateUser(&$user) { global $wgLDAPRetrievePrefs, $wgLDAPPreferences; global $wgLDAPUseLDAPGroups; global $wgLDAPUniqueBlockLogin, $wgLDAPUniqueRenameUser; $this->printDebug("Entering updateUser", NONSENSITIVE); if ($this->authFailed) { $this->printDebug("User didn't successfully authenticate, exiting.", NONSENSITIVE); return; } $saveSettings = false; //If we aren't pulling preferences, we don't want to accidentally //overwrite anything. if (isset($wgLDAPRetrievePrefs[$_SESSION['wsDomain']]) && $wgLDAPRetrievePrefs[$_SESSION['wsDomain']] || isset($wgLDAPPreferences[$_SESSION['wsDomain']])) { $this->printDebug("Setting user preferences.", NONSENSITIVE); if ('' != $this->lang) { $this->printDebug("Setting language.", NONSENSITIVE); $user->setOption('language', $this->lang); } if ('' != $this->nickname) { $this->printDebug("Setting nickname.", NONSENSITIVE); $user->setOption('nickname', $this->nickname); } if ('' != $this->realname) { $this->printDebug("Setting realname.", NONSENSITIVE); $user->setRealName($this->realname); } if ('' != $this->email) { $this->printDebug("Setting email.", NONSENSITIVE); $user->setEmail($this->email); $user->confirmEmail(); } if (isset($wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']]) && $wgLDAPUniqueBlockLogin[$_SESSION['wsDomain']] || isset($wgLDAPUniqueRenameUser[$_SESSION['wsDomain']]) && $wgLDAPUniqueRenameUser[$_SESSION['wsDomain']]) { if ('' != $this->externalid) { $user->setExternalID($this->externalid); } } $saveSettings = true; } if (isset($wgLDAPUseLDAPGroups[$_SESSION['wsDomain']]) && $wgLDAPUseLDAPGroups[$_SESSION['wsDomain']]) { $this->printDebug("Setting user groups.", NONSENSITIVE); $this->setGroups($user); $saveSettings = true; } if ($saveSettings) { $this->printDebug("Saving user settings.", NONSENSITIVE); $user->saveSettings(); } }
/** * Confirm the user and set their cookies. This is used when a user already has an * email registered with Facebook. * @param User $user */ private function confirmUser(User $user) { $user->confirmEmail(); wfRunHooks('SignupConfirmEmailComplete', [$user]); $user->saveSettings(); }