/** * Check if a username+password pair is a valid login. * The name will be normalized to MediaWiki's requirements, so * you might need to munge it (for instance, for lowercase initial * letters). * * @param $username String: username. * @param $password String: user password. * @return bool * @public */ function authenticate($username, $password) { global $wgCentralAuthAutoMigrate; $central = new CentralAuthUser($username); if (!$central->exists()) { wfDebugLog('CentralAuth', "plugin: no global account for '{$username}'"); return false; } $passwordMatch = $central->authenticate($password) == "ok"; if ($passwordMatch && $wgCentralAuthAutoMigrate) { // If the user passed in the global password, we can identify // any remaining local accounts with a matching password // and migrate them in transparently. // // That may or may not include the current wiki. // $central->attemptPasswordMigration($password); } // Several possible states here: // // global exists, local exists, attached: require global auth // global exists, local exists, unattached: require LOCAL auth to login // global exists, local doesn't exist: require global auth -> will autocreate local // global doesn't exist, local doesn't exist: no authentication // if (!$central->isAttached()) { $local = User::newFromName($username); if ($local && $local->getId()) { // An unattached local account; central authentication can't // be used until this account has been transferred. // $wgCentralAuthStrict will determine if local login is allowed. wfDebugLog('CentralAuth', "plugin: unattached account for '{$username}'"); return false; } } return $passwordMatch; }
function doAttachMerge() { global $wgCentralAuthDryRun; $globalUser = new CentralAuthUser($this->getUser()->getName()); if (!$globalUser->exists()) { throw new MWException("User doesn't exist -- race condition?"); } if ($globalUser->isAttached()) { throw new MWException("Already attached -- race condition?"); } if ($wgCentralAuthDryRun) { $this->dryRunError(); return; } $password = $this->getRequest()->getText('wpPassword'); if ($globalUser->authenticate($password) == 'ok') { $globalUser->attach(wfWikiID(), 'password'); $this->getOutput()->addWikiMsg('centralauth-attach-success'); $this->showCleanupForm(); } else { $this->getOutput()->addHTML('<div class="errorbox">' . wfMsg('wrongpassword') . '</div>' . $this->attachActionForm()); } }
/** * Check the user's password. * * @param CentralAuthUser $user * @param string $password * @return bool */ protected static function checkPassword(CentralAuthUser $user, $password) { return $user->authenticate($password) == "ok"; }
/** * @covers CentralAuthPlugin::setPassword */ public function testSetPassword() { $auth = new CentralAuthPlugin(); $user = User::newFromName('GlobalUser'); $this->assertSame(false, $user->isAnon(), 'Local account for GlobalUser exists'); #sanity $auth->setPassword($user, 'ANewPassword'); $central = new CentralAuthUser('GlobalUser'); $this->assertEquals('ok', $central->authenticate('ANewPassword'), 'Authenticate with newly set password'); }
function doAttachMerge() { global $wgCentralAuthDryRun; $globalUser = new CentralAuthUser($this->getUser()->getName()); if (!$globalUser->exists()) { throw new Exception("User doesn't exist -- race condition?"); } if ($globalUser->isAttached()) { // Already attached - race condition $this->showCleanupForm(); return; } if ($wgCentralAuthDryRun) { $this->dryRunError(); return; } $password = $this->getRequest()->getText('wpPassword'); if ($globalUser->authenticate($password) == 'ok') { $globalUser->attach(wfWikiID(), 'password'); $this->getOutput()->addWikiMsg('centralauth-attach-success'); $this->showCleanupForm(); } else { $this->getOutput()->addHTML(Html::rawElement('div', array("class" => "errorbox"), $this->msg('wrongpassword')->escaped()) . $this->attachActionForm()); } }