/**
* Check if a username+password pair is a valid login.
* The name will be normalized to MediaWiki's requirements, so
* you might need to munge it (for instance, for lowercase initial
* letters).
*
* @param $username String: username.
* @param $password String: user password.
* @return bool
* @public
*/
function authenticate($username, $password)
{
global $wgCentralAuthAutoMigrate;
$central = new CentralAuthUser($username);
if (!$central->exists()) {
wfDebugLog('CentralAuth', "plugin: no global account for '{$username}'");
return false;
}
$passwordMatch = $central->authenticate($password) == "ok";
if ($passwordMatch && $wgCentralAuthAutoMigrate) {
// If the user passed in the global password, we can identify
// any remaining local accounts with a matching password
// and migrate them in transparently.
//
// That may or may not include the current wiki.
//
$central->attemptPasswordMigration($password);
}
// Several possible states here:
//
// global exists, local exists, attached: require global auth
// global exists, local exists, unattached: require LOCAL auth to login
// global exists, local doesn't exist: require global auth -> will autocreate local
// global doesn't exist, local doesn't exist: no authentication
//
if (!$central->isAttached()) {
$local = User::newFromName($username);
if ($local && $local->getId()) {
// An unattached local account; central authentication can't
// be used until this account has been transferred.
// $wgCentralAuthStrict will determine if local login is allowed.
wfDebugLog('CentralAuth', "plugin: unattached account for '{$username}'");
return false;
}
}
return $passwordMatch;
}
function doAttachMerge()
{
global $wgCentralAuthDryRun;
$globalUser = new CentralAuthUser($this->getUser()->getName());
if (!$globalUser->exists()) {
throw new MWException("User doesn't exist -- race condition?");
}
if ($globalUser->isAttached()) {
throw new MWException("Already attached -- race condition?");
}
if ($wgCentralAuthDryRun) {
$this->dryRunError();
return;
}
$password = $this->getRequest()->getText('wpPassword');
if ($globalUser->authenticate($password) == 'ok') {
$globalUser->attach(wfWikiID(), 'password');
$this->getOutput()->addWikiMsg('centralauth-attach-success');
$this->showCleanupForm();
} else {
$this->getOutput()->addHTML('<div class="errorbox">' . wfMsg('wrongpassword') . '</div>' . $this->attachActionForm());
}
}
/**
* Check the user's password.
*
* @param CentralAuthUser $user
* @param string $password
* @return bool
*/
protected static function checkPassword(CentralAuthUser $user, $password)
{
return $user->authenticate($password) == "ok";
}
/**
* @covers CentralAuthPlugin::setPassword
*/
public function testSetPassword()
{
$auth = new CentralAuthPlugin();
$user = User::newFromName('GlobalUser');
$this->assertSame(false, $user->isAnon(), 'Local account for GlobalUser exists');
#sanity
$auth->setPassword($user, 'ANewPassword');
$central = new CentralAuthUser('GlobalUser');
$this->assertEquals('ok', $central->authenticate('ANewPassword'), 'Authenticate with newly set password');
}
function doAttachMerge()
{
global $wgCentralAuthDryRun;
$globalUser = new CentralAuthUser($this->getUser()->getName());
if (!$globalUser->exists()) {
throw new Exception("User doesn't exist -- race condition?");
}
if ($globalUser->isAttached()) {
// Already attached - race condition
$this->showCleanupForm();
return;
}
if ($wgCentralAuthDryRun) {
$this->dryRunError();
return;
}
$password = $this->getRequest()->getText('wpPassword');
if ($globalUser->authenticate($password) == 'ok') {
$globalUser->attach(wfWikiID(), 'password');
$this->getOutput()->addWikiMsg('centralauth-attach-success');
$this->showCleanupForm();
} else {
$this->getOutput()->addHTML(Html::rawElement('div', array("class" => "errorbox"), $this->msg('wrongpassword')->escaped()) . $this->attachActionForm());
}
}
