/** * Check if a username+password pair is a valid login. * The name will be normalized to MediaWiki's requirements, so * you might need to munge it (for instance, for lowercase initial * letters). * * @param $username String: username. * @param $password String: user password. * @return bool * @public */ function authenticate($username, $password) { global $wgCentralAuthAutoMigrate; $central = new CentralAuthUser($username); if (!$central->exists()) { wfDebugLog('CentralAuth', "plugin: no global account for '{$username}'"); return false; } $passwordMatch = $central->authenticate($password) == "ok"; if ($passwordMatch && $wgCentralAuthAutoMigrate) { // If the user passed in the global password, we can identify // any remaining local accounts with a matching password // and migrate them in transparently. // // That may or may not include the current wiki. // $central->attemptPasswordMigration($password); } // Several possible states here: // // global exists, local exists, attached: require global auth // global exists, local exists, unattached: require LOCAL auth to login // global exists, local doesn't exist: require global auth -> will autocreate local // global doesn't exist, local doesn't exist: no authentication // if (!$central->isAttached()) { $local = User::newFromName($username); if ($local && $local->getId()) { // An unattached local account; central authentication can't // be used until this account has been transferred. // $wgCentralAuthStrict will determine if local login is allowed. wfDebugLog('CentralAuth', "plugin: unattached account for '{$username}'"); return false; } } return $passwordMatch; }
function doCleanupMerge() { global $wgCentralAuthDryRun; $globalUser = new CentralAuthUser($this->getUser()->getName()); if (!$globalUser->exists()) { throw new MWException("User doesn't exist -- race condition?"); } if (!$globalUser->isAttached()) { throw new MWException("Can't cleanup merge if not already attached."); } if ($wgCentralAuthDryRun) { $this->dryRunError(); return; } $password = $this->getRequest()->getText('wpPassword'); $attached = array(); $unattached = array(); $ok = $globalUser->attemptPasswordMigration($password, $attached, $unattached); $this->clearWorkingPasswords(); if (!$ok) { if (empty($attached)) { $this->getOutput()->addWikiMsg('centralauth-finish-noconfirms'); } else { $this->getOutput()->addWikiMsg('centralauth-finish-incomplete'); } } $this->showCleanupForm(); }