/**
* Check if a username+password pair is a valid login.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param $username String: username.
* @param $password String: user password.
* @return bool
* @public
*/
function authenticate($username, $password)
{
global $wgCentralAuthAutoMigrate;
$central = new CentralAuthUser($username);
if (!$central->exists()) {
wfDebugLog('CentralAuth', "plugin: no global account for '{$username}'");
return false;
}
$passwordMatch = $central->authenticate($password) == "ok";
if ($passwordMatch && $wgCentralAuthAutoMigrate) {
// If the user passed in the global password, we can identify
// any remaining local accounts with a matching password
// and migrate them in transparently.
//
// That may or may not include the current wiki.
//
$central->attemptPasswordMigration($password);
}
// Several possible states here:
//
// global exists, local exists, attached: require global auth
// global exists, local exists, unattached: require LOCAL auth to login
// global exists, local doesn't exist: require global auth -> will autocreate local
// global doesn't exist, local doesn't exist: no authentication
//
if (!$central->isAttached()) {
$local = User::newFromName($username);
if ($local && $local->getId()) {
// An unattached local account; central authentication can't
// be used until this account has been transferred.
// $wgCentralAuthStrict will determine if local login is allowed.
wfDebugLog('CentralAuth', "plugin: unattached account for '{$username}'");
return false;
}
}
return $passwordMatch;
}
function doCleanupMerge()
{
global $wgCentralAuthDryRun;
$globalUser = new CentralAuthUser($this->getUser()->getName());
if (!$globalUser->exists()) {
throw new MWException("User doesn't exist -- race condition?");
}
if (!$globalUser->isAttached()) {
throw new MWException("Can't cleanup merge if not already attached.");
}
if ($wgCentralAuthDryRun) {
$this->dryRunError();
return;
}
$password = $this->getRequest()->getText('wpPassword');
$attached = array();
$unattached = array();
$ok = $globalUser->attemptPasswordMigration($password, $attached, $unattached);
$this->clearWorkingPasswords();
if (!$ok) {
if (empty($attached)) {
$this->getOutput()->addWikiMsg('centralauth-finish-noconfirms');
} else {
$this->getOutput()->addWikiMsg('centralauth-finish-incomplete');
}
}
$this->showCleanupForm();
}
