/**
* Attempt to add a user to the database
* Does the required authentication checks and updates for auto-creation
* @param $user User
* @param $userName string
* @return bool Success
*/
static function attemptAddUser($user, $userName)
{
global $wgAuth, $wgCentralAuthCreateOnView;
// Denied by configuration?
if (!$wgAuth->autoCreate()) {
wfDebug(__METHOD__ . ": denied by configuration\n");
return false;
}
if (!$wgCentralAuthCreateOnView) {
// Only create local accounts when we perform an active login...
// Don't freak people out on every page view
wfDebug(__METHOD__ . ": denied by \$wgCentralAuthCreateOnView\n");
return false;
}
// Is the user blacklisted by the session?
// This is just a cache to avoid expensive DB queries in $user->isAllowedToCreateAccount().
// The user can log in via Special:UserLogin to bypass the blacklist and get a proper
// error message.
$session = CentralAuthUser::getSession();
if (isset($session['auto-create-blacklist']) && in_array(wfWikiID(), (array) $session['auto-create-blacklist'])) {
wfDebug(__METHOD__ . ": blacklisted by session\n");
return false;
}
// Is the user blocked?
$anon = new User();
if (!$anon->isAllowedAny('createaccount', 'centralauth-autoaccount') || $anon->isBlockedFromCreateAccount()) {
// Blacklist the user to avoid repeated DB queries subsequently
// First load the session again in case it changed while the above DB query was in progress
wfDebug(__METHOD__ . ": user is blocked from this wiki, blacklisting\n");
$session = CentralAuthUser::getSession();
$session['auto-create-blacklist'][] = wfWikiID();
CentralAuthUser::setSession($session);
return false;
}
// Check for validity of username
if (!User::isValidUserName($userName)) {
wfDebug(__METHOD__ . ": Invalid username\n");
$session = CentralAuthUser::getSession();
$session['auto-create-blacklist'][] = wfWikiID();
CentralAuthUser::setSession($session);
return false;
}
// Give other extensions a chance to stop auto creation, but they cannot
// change $userName, because CentralAuth expects user names on all wikis
// are the same.
//
// * $user (and usually $wgUser) is the half-created User object and
// should not be accessed in any way since calling any User methods
// in its half-initialised state will give incorrect results.
//
// * $userName is the new user name
//
// * $anon is an anonymous user object which can be safely used for
// permissions checks.
if (!wfRunHooks('CentralAuthAutoCreate', array($user, $userName, $anon))) {
wfDebug(__METHOD__ . ": denied by other extensions\n");
return false;
}
$abortMessage = '';
if (!wfRunHooks('AbortAutoAccount', array($user, &$abortMessage))) {
// In this case we have no way to return the message to the user,
// but we can log it.
wfDebug(__METHOD__ . ": denied by other extension: {$abortMessage}\n");
return false;
}
// Checks passed, create the user
wfDebug(__METHOD__ . ": creating new user\n");
$user->loadDefaults($userName);
$user->addToDatabase();
$user->addNewUserLogEntryAutoCreate();
$wgAuth->initUser($user, true);
$wgAuth->updateUser($user);
# Notify hooks (e.g. Newuserlog)
wfRunHooks('AuthPluginAutoCreate', array($user));
# Update user count
$ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1);
$ssUpdate->doUpdate();
return true;
}
/**
* Attempt to add a user to the database
* Does the required authentication checks and updates for auto-creation
* @param $user User
* @throws Exception
* @return bool Success
*/
static function attemptAddUser($user)
{
global $wgAuth, $wgCentralAuthCreateOnView;
$userName = $user->getName();
// Denied by configuration?
if (!$wgAuth->autoCreate()) {
wfDebug(__METHOD__ . ": denied by configuration\n");
return false;
}
if (!$wgCentralAuthCreateOnView) {
// Only create local accounts when we perform an active login...
// Don't freak people out on every page view
wfDebug(__METHOD__ . ": denied by \$wgCentralAuthCreateOnView\n");
return false;
}
// Is the user blacklisted by the session?
// This is just a cache to avoid expensive DB queries in $user->isAllowedToCreateAccount().
// The user can log in via Special:UserLogin to bypass the blacklist and get a proper
// error message.
$session = CentralAuthUser::getSession();
if (isset($session['auto-create-blacklist']) && in_array(wfWikiID(), (array) $session['auto-create-blacklist'])) {
wfDebug(__METHOD__ . ": blacklisted by session\n");
return false;
}
// Is the user blocked?
$anon = new User();
if (!$anon->isAllowedAny('createaccount', 'centralauth-autoaccount') || $anon->isBlockedFromCreateAccount()) {
// Blacklist the user to avoid repeated DB queries subsequently
// First load the session again in case it changed while the above DB query was in progress
wfDebug(__METHOD__ . ": user is blocked from this wiki, blacklisting\n");
$session['auto-create-blacklist'][] = wfWikiID();
CentralAuthUser::setSession($session);
return false;
}
// Check for validity of username
if (!User::isCreatableName($userName)) {
wfDebug(__METHOD__ . ": Invalid username\n");
$session['auto-create-blacklist'][] = wfWikiID();
CentralAuthUser::setSession($session);
return false;
}
// Give other extensions a chance to stop auto creation.
$user->loadDefaults($userName);
$abortMessage = '';
if (!Hooks::run('AbortAutoAccount', array($user, &$abortMessage))) {
// In this case we have no way to return the message to the user,
// but we can log it.
wfDebug(__METHOD__ . ": denied by other extension: {$abortMessage}\n");
$session['auto-create-blacklist'][] = wfWikiID();
CentralAuthUser::setSession($session);
return false;
}
// Make sure the name has not been changed
if ($user->getName() !== $userName) {
throw new Exception("AbortAutoAccount hook tried to change the user name");
}
// Checks passed, create the user
$from = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : 'CLI';
wfDebugLog('CentralAuth-Bug39996', __METHOD__ . ": creating new user ({$userName}) - from: {$from}\n");
try {
$status = $user->addToDatabase();
} catch (Exception $e) {
wfDebugLog('CentralAuth-Bug39996', __METHOD__ . " User::addToDatabase for \"{$userName}\" threw an exception:" . " {$e->getMessage()}");
throw $e;
}
if ($status === null) {
// MW before 1.21 -- ok, continue
} elseif (!$status->isOK()) {
wfDebugLog('CentralAuth-Bug39996', __METHOD__ . ": failed with message " . $status->getWikiText() . "\n");
return false;
}
$wgAuth->initUser($user, true);
# Notify hooks (e.g. Newuserlog)
Hooks::run('AuthPluginAutoCreate', array($user));
# Update user count
DeferredUpdates::addUpdate(new SiteStatsUpdate(0, 0, 0, 0, 1));
return true;
}
/**
* @param CentralAuthUser $centralUser
* @param User $user
* @return array
*/
private function getCentralSession($centralUser, $user)
{
$centralSession = $centralUser->getSession();
$request = $this->getRequest();
// If there's no "finalProto", check if one was passed, and otherwise
// assume the current.
if (!isset($centralSession['finalProto'])) {
$centralSession['finalProto'] = $request->getVal('proto', $request->detectProtocol());
}
// If there's no "remember", pull from the user preference.
if (!isset($centralSession['remember'])) {
$centralSession['remember'] = $user->getBoolOption('rememberpassword');
}
// Make sure there's a value for secureCookies
if (!isset($centralSession['secureCookies'])) {
$centralSession['secureCookies'] = $user->getBoolOption('prefershttps') && wfCanIPUseHTTPS($request->getIP());
}
// Make sure there's a session id by creating a session if necessary.
if (!isset($centralSession['sessionId'])) {
$centralSession['sessionId'] = $centralUser->setSession($centralSession);
}
return $centralSession;
}
