public function execute() { if (!class_exists('CentralAuthUser')) { $this->error("CentralAuth isn't enabled on this wiki\n", 1); } $username = $this->getArg(0); $user = User::newFromName($username); if ($user === false) { $this->error("'{$username}' is an invalid username\n", 1); } // Normalize username $username = $user->getName(); if ($user->getId()) { $this->error("User '{$username}' already exists\n", 1); } else { global $wgAuth; $central = CentralAuthUser::getInstance($user); if (!$central->exists()) { $this->error("No such global user: '******'\n", 1); } $user->loadDefaults($username); $user->addToDatabase(); $wgAuth->initUser($user, true); $wgAuth->updateUser($user); # Notify hooks (e.g. Newuserlog) Hooks::run('AuthPluginAutoCreate', array($user)); # Update user count $ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1); $ssUpdate->doUpdate(); $this->output("User '{$username}' created\n"); } }
/** * Check that we can perform the rename * * @param User $oldUser * @param User $newUser * * @return Status */ public function validate(User $oldUser, User $newUser) { $status = new Status(); if (!User::isCreatableName($newUser->getName())) { $status->fatal('centralauth-rename-badusername'); } $caOldUser = CentralAuthUser::getInstance($oldUser); if (!$caOldUser->exists()) { $status->fatal('centralauth-rename-doesnotexist'); } $caNewUser = CentralAuthUser::getInstance($newUser); if ($caNewUser->exists()) { $status->fatal('centralauth-rename-alreadyexists'); } $unattached = $caNewUser->listUnattached(); if ($unattached) { $status->fatal('centralauth-rename-unattached-intheway'); } // Check we're not currently renaming the user $renameState = $caOldUser->renameInProgress(); if ($renameState) { $status->fatal('centralauth-rename-alreadyinprogress', $renameState[1]); } return $status; }
/** * Get the user object for the user who is doing the renaming * "Auto-create" if it doesn't exist yet. * @return User */ protected function getRenameUser() { $user = User::newFromName($this->params['renamer']); // If the username is a reserved name, don't worry about the account // existing, just use it. if (!User::isUsableName($user->getName())) { return $user; } $caUser = CentralAuthUser::getInstance($user); // Race condition where the renamer isn't attached here, but // someone creates an account in the meantime and then bad // stuff could happen... // For the meantime, just use a system account if (!$caUser->attachedOn(wfWikiID()) && $user->getId() !== 0) { return User::newFromName('Global rename script'); } elseif ($user->getId() == 0) { // No local user, lets "auto-create" one if (CentralAuthHooks::attemptAddUser($user)) { return User::newFromName($user->getName()); // So the internal cache is reloaded } else { // Auto-creation didn't work, fallback on the system account. return User::newFromName('Global rename script'); } } else { // Account is attached and exists, just use it :) return $user; } }
public function execute() { $user = $this->getUser(); $params = $this->extractRequestParams(); // If we're in JSON callback mode, no tokens can be obtained if ($this->lacksSameOriginSecurity()) { $this->dieUsage('Cannot obtain a centralauthtoken when using a callback', 'hascallback'); } if ($user->isAnon()) { $this->dieUsage('Anonymous users cannot obtain a centralauthtoken', 'notloggedin'); } if (CentralAuthHooks::hasApiToken()) { $this->dieUsage('Cannot obtain a centralauthtoken when using centralauthtoken', 'norecursion'); } $centralUser = CentralAuthUser::getInstance($user); if (!$centralUser->exists() || !$centralUser->isAttached()) { $this->dieUsage('Cannot obtain a centralauthtoken without an attached global account', 'notattached'); } $data = array('userName' => $user->getName(), 'token' => $centralUser->getAuthToken()); global $wgMemc; $loginToken = MWCryptRand::generateHex(32) . dechex($centralUser->getId()); $key = CentralAuthUser::memcKey('api-token', $loginToken); $wgMemc->add($key, $data, 60); $this->getResult()->addValue(null, $this->getModuleName(), array('centralauthtoken' => $loginToken)); }
/** * Try to create and attach the user. * @throws Exception * @return bool Success */ public function run() { $username = $this->params['name']; $from = $this->params['from']; $wiki = wfWikiID(); if (isset($this->params['session'])) { // restore IP and other request data $this->params['session']['userId'] = 0; $this->params['session']['sessionId'] = ''; $callback = RequestContext::importScopedSession($this->params['session']); } $user = User::newFromName($username); $centralUser = CentralAuthUser::getInstance($user); if ($user->getId() !== 0) { wfDebugLog('CentralAuth', __CLASS__ . ": tried to create local account for {$username} " . "on {$wiki} from {$from} but one already exists\n"); return true; } elseif (!$centralUser->exists()) { wfDebugLog('CentralAuth', __CLASS__ . ": tried to create local account for {$username} " . "on {$wiki} from {$from} but no global account exists\n"); return true; } elseif ($centralUser->attachedOn($wiki)) { wfDebugLog('CentralAuth', __CLASS__ . ": tried to create local account for {$username} " . "on {$wiki} from {$from} but an attached local account already exists\n"); return true; } $success = CentralAuthHooks::attemptAddUser($user); if ($success) { $centralUser->invalidateCache(); } return true; }
/** * @param $user * @return bool */ function userCanEdit($user) { $globalUser = CentralAuthUser::getInstance($user); # # Should be a global user if (!$globalUser->exists() || !$globalUser->isAttached()) { return false; } # # Permission MUST be gained from global rights. return $globalUser->hasGlobalPermission('globalgrouppermissions'); }
public static function newFromUser(\User $user) { // Use CentralAuth if available. Use local user to ease testing. if (class_exists('\\CentralAuthUser')) { $user = \CentralAuthUser::getInstance($user); } if ($user === null) { throw new \MWException("Unable to find global user for"); } return new GlobalUser($user); }
/** * @covers CentralAuthUser::getInstance */ public function testGetInstance() { $user = User::newFromName('FooBarBaz'); unset($user->centralAuthObj); $caUser = CentralAuthUser::getInstance($user); $this->assertInstanceOf('CentralAuthUser', $caUser); $this->assertEquals($user->getName(), $caUser->getName()); $this->assertSame($user->centralAuthObj, $caUser); // Now test it just reads from the cache, no matter what $user2 = User::newFromName('BazBarFoo'); $user2->centralAuthObj = 'blahblahblah'; $this->assertEquals('blahblahblah', CentralAuthUser::getInstance($user2)); }
function execute($par) { global $wgMemc, $wgCentralAuthLoginWiki; $request = $this->getRequest(); $this->loginWiki = $wgCentralAuthLoginWiki; if (!$this->loginWiki) { // Ugh, no central wiki. If we're coming from an edge login, make // the logged-into wiki the de-facto central wiki for this request // so auto-login still works. $fromwiki = $request->getVal('from', $request->getVal('notifywiki')); if ($fromwiki !== null && WikiMap::getWiki($fromwiki)) { $this->loginWiki = $fromwiki; } } elseif ($request->getVal('from') === wfWikiId() && $wgCentralAuthLoginWiki !== wfWikiId()) { // Remote wiki must not have wgCentralAuthLoginWiki set, but we do. Redirect them. $this->do302Redirect($wgCentralAuthLoginWiki, $par, $request->getValues()); return; } $params = $request->getValues('type', 'from', 'return', 'returnto', 'returntoquery', 'proto', 'mobile'); switch (strval($par)) { case 'P3P': // Explain the bogus P3P header $this->setHeaders(); $this->getOutput()->addWikiMsg('centralauth-centralautologin-p3p-explanation'); return; case 'toolslist': // Do not cache this, we want updated Echo numbers and such. $this->getOutput()->enableClientCache(false); $user = $this->getUser(); if (!$user->isAnon()) { if (!CentralAuthHooks::isUIReloadRecommended($user)) { $html = $this->getSkin()->getPersonalToolsList(); $json = FormatJSON::encode(array('toolslist' => $html)); } else { $gender = $this->getUser()->getOption('gender'); if (strval($gender) === '') { $gender = 'unknown'; } $json = FormatJSON::encode(array('notify' => array('username' => $user->getName(), 'gender' => $gender))); } $this->doFinalOutput(true, 'OK', $json, 'json'); } else { $this->doFinalOutput(false, 'Not logged in', '', 'json'); } return; case 'refreshCookies': // Refresh central cookies (e.g. in case 'remember me' was set) // Do not cache this, we need to reset the cookies every time. $this->getOutput()->enableClientCache(false); if (!$wgCentralAuthLoginWiki || !$this->checkIsCentralWiki($wikiid)) { return; } CentralAuthUser::setP3P(); $centralUser = CentralAuthUser::getInstance($this->getUser()); if ($centralUser && $centralUser->getId()) { $centralSession = $this->getCentralSession($centralUser, $this->getUser()); // Refresh 'remember me' preference $remember = (bool) $centralSession['remember']; if ($remember != $this->getUser()->getBoolOption('rememberpassword')) { $this->getUser()->setOption('rememberpassword', $remember ? 1 : 0); $this->getUser()->saveSettings(); } $secureCookie = $centralSession['secureCookies']; $centralUser->setGlobalCookies($remember, false, $secureCookie, $centralSession); $this->doFinalOutput(true, 'success'); } else { $this->doFinalOutput(false, 'Not logged in'); } return; case 'deleteCookies': // Delete central cookies // Do not cache this, we need to reset the cookies every time. $this->getOutput()->enableClientCache(false); if ($this->getUser()->isLoggedIn()) { $this->doFinalOutput(false, 'Cannot delete cookies while still logged in'); return; } CentralAuthUser::setP3P(); CentralAuthUser::deleteGlobalCookies(); $this->doFinalOutput(true, 'success'); return; case 'start': // Main entry point // Note this is safe to cache, because the cache already varies on // the session cookies. $this->getOutput()->setSquidMaxage(1200); if (!$this->checkIsLocalWiki()) { return; } CentralAuthUser::setP3P(); $this->do302Redirect($this->loginWiki, 'checkLoggedIn', array('wikiid' => wfWikiID(), 'proto' => $request->detectProtocol()) + $params); return; case 'checkLoggedIn': // Check if we're logged in centrally // Note this is safe to cache, because the cache already varies on // the session cookies. $this->getOutput()->setSquidMaxage(1200); if (!$this->checkIsCentralWiki($wikiid)) { return; } CentralAuthUser::setP3P(); if ($this->getUser()->isLoggedIn()) { $centralUser = CentralAuthUser::getInstance($this->getUser()); } else { $this->doFinalOutput(false, 'Not centrally logged in', self::getInlineScript('anon-set.js')); return; } // We're pretty sure this user is logged in, so pass back // headers to prevent caching, just in case $this->getOutput()->enableClientCache(false); $memcData = array('gu_id' => $centralUser->getId()); $token = MWCryptRand::generateHex(32); $key = CentralAuthUser::memcKey('centralautologin-token', $token); $wgMemc->set($key, $memcData, 60); $this->do302Redirect($wikiid, 'createSession', array('token' => $token) + $params); return; case 'createSession': // Create the local session and shared memcache token if (!$this->checkIsLocalWiki()) { return; } CentralAuthUser::setP3P(); $token = $request->getVal('token', ''); $gid = $request->getVal('gu_id', ''); if ($token !== '') { // Load memc data $key = CentralAuthUser::memcKey('centralautologin-token', $token); $memcData = $wgMemc->get($key); $wgMemc->delete($key); if (!$memcData || !isset($memcData['gu_id'])) { $this->doFinalOutput(false, 'Invalid parameters'); return; } $gu_id = intval($memcData['gu_id']); } elseif ($gid !== '') { // Cached, or was logging in as we switched from gu_id to token $gu_id = intval($gid); } else { $this->doFinalOutput(false, 'Invalid parameters'); return; } if ($gu_id <= 0) { $this->doFinalOutput(false, 'Not centrally logged in', self::getInlineScript('anon-set.js')); return; } // At this point we can't cache anymore because we need to set // cookies and memc each time. $this->getOutput()->enableClientCache(false); // Ensure that a session exists if (session_id() == '') { wfSetupSession(); } // Create memc token $wikiid = wfWikiID(); $memcData = array('gu_id' => $gu_id, 'wikiid' => $wikiid); $token = MWCryptRand::generateHex(32); $key = CentralAuthUser::memcKey('centralautologin-token', $token, $wikiid); $wgMemc->set($key, $memcData, 60); // Save memc token for the 'setCookies' step $request->setSessionData('centralautologin-token', $token); $this->do302Redirect($this->loginWiki, 'validateSession', array('token' => $token, 'wikiid' => $wikiid) + $params); return; case 'validateSession': // Validate the shared memcached token // Do not cache this, we need to reset the cookies and memc every time. $this->getOutput()->enableClientCache(false); if (!$this->checkIsCentralWiki($wikiid)) { return; } if (!$this->getUser()->isLoggedIn()) { $this->doFinalOutput(false, 'Not logged in'); return; } CentralAuthUser::setP3P(); // Validate params $token = $request->getVal('token', ''); if ($token === '') { $this->doFinalOutput(false, 'Invalid parameters'); return; } // Load memc data $key = CentralAuthUser::memcKey('centralautologin-token', $token, $wikiid); $memcData = $wgMemc->get($key); $wgMemc->delete($key); // Check memc data $centralUser = CentralAuthUser::getInstance($this->getUser()); if (!$memcData || $memcData['wikiid'] !== $wikiid || !$centralUser || !$centralUser->getId() || $memcData['gu_id'] != $centralUser->getId()) { $this->doFinalOutput(false, 'Invalid parameters'); return; } // Write info for session creation into memc $centralSession = $this->getCentralSession($centralUser, $this->getUser()); $memcData += array('userName' => $centralUser->getName(), 'token' => $centralUser->getAuthToken(), 'finalProto' => $centralSession['finalProto'], 'secureCookies' => $centralSession['secureCookies'], 'remember' => $centralSession['remember'], 'sessionId' => $centralSession['sessionId']); $wgMemc->set($key, $memcData, 60); $this->do302Redirect($wikiid, 'setCookies', $params); return; case 'setCookies': // Check that memcached is validated, and set cookies // Do not cache this, we need to reset the cookies and memc every time. $this->getOutput()->enableClientCache(false); if (!$this->checkIsLocalWiki()) { return; } CentralAuthUser::setP3P(); // Check saved memc token $token = $this->getRequest()->getSessionData('centralautologin-token'); if ($token === null) { $this->doFinalOutput(false, 'Lost session'); return; } // Load memc data $wikiid = wfWikiID(); $key = CentralAuthUser::memcKey('centralautologin-token', $token, $wikiid); $memcData = $wgMemc->get($key); $wgMemc->delete($key); // Check memc data if (!$memcData || $memcData['wikiid'] !== $wikiid || !isset($memcData['userName']) || !isset($memcData['token'])) { $this->doFinalOutput(false, 'Lost session'); return; } // Load and check CentralAuthUser. But don't check if it's // attached, because then if the user is missing en.site they // won't be auto logged in to any of the non-en versions either. $centralUser = new CentralAuthUser($memcData['userName']); if (!$centralUser->getId() || $centralUser->getId() != $memcData['gu_id']) { $msg = "Wrong user: expected {$memcData['gu_id']}, got {$centralUser->getId()}"; wfDebug(__METHOD__ . ": {$msg}\n"); $this->doFinalOutput(false, 'Lost session'); return; } $loginResult = $centralUser->authenticateWithToken($memcData['token']); if ($loginResult != 'ok') { $msg = "Bad token: {$loginResult}"; wfDebug(__METHOD__ . ": {$msg}\n"); $this->doFinalOutput(false, 'Lost session'); return; } // Set a new session cookie, Just In Case™ wfResetSessionID(); // Set central cookies too, with a refreshed sessionid. Also, check if we // need to override the default cookie security policy $secureCookie = $memcData['secureCookies']; $centralUser->setGlobalCookies($memcData['remember'], $memcData['sessionId'], $secureCookie, array('finalProto' => $memcData['finalProto'], 'secureCookies' => $memcData['secureCookies'], 'remember' => $memcData['remember'])); // Now, figure out how to report this back to the user. // First, set to redo the edge login on the next pageview $request->setSessionData('CentralAuthDoEdgeLogin', true); // If it's not a script callback, just go for it. if ($request->getVal('type') !== 'script') { $this->doFinalOutput(true, 'success'); return; } // If it is a script callback, then we do want to create the user // if it doesn't already exist locally (and fail if that can't be // done). if (!User::idFromName($centralUser->getName())) { $user = new User(); $user->setName($centralUser->getName()); if (CentralAuthHooks::attemptAddUser($user)) { $centralUser->invalidateCache(); } } if (!$centralUser->isAttached()) { $this->doFinalOutput(false, 'Local user is not attached', self::getInlineScript('anon-set.js')); return; } $script = self::getInlineScript('anon-remove.js'); // If we're returning to returnto, do that if ($request->getCheck('return')) { global $wgRedirectOnLogin; if ($wgRedirectOnLogin !== null) { $returnTo = $wgRedirectOnLogin; $returnToQuery = array(); } else { $returnTo = $request->getVal('returnto', ''); $returnToQuery = wfCgiToArray($request->getVal('returntoquery', '')); } $returnToTitle = Title::newFromText($returnTo); if (!$returnToTitle) { $returnToTitle = Title::newMainPage(); $returnToQuery = array(); } $redirectUrl = $returnToTitle->getFullURL($returnToQuery); $script .= "\n" . 'location.href = ' . Xml::encodeJsVar($redirectUrl) . ';'; $this->doFinalOutput(true, 'success', $script); return; } // Otherwise, we need to rewrite p-personal and maybe notify the user too global $wgCentralAuthUseEventLogging; if ($wgCentralAuthUseEventLogging) { EventLogging::logEvent('CentralAuth', 5690875, array('version' => 1, 'userId' => $centralUser->getId(), 'action' => 'sul2-autologin-fallbacklogin')); } // Add a script to the page that will pull in the user's toolslist // via ajax, and update the UI. Don't write out the tools here (bug 57081). $code = $this->getUser()->getOption('language'); $code = RequestContext::sanitizeLangCode($code); Hooks::run('UserGetLanguageObject', array($this->getUser(), &$code, $this->getContext())); $script .= "\n" . Xml::encodeJsCall('mediaWiki.messages.set', array(array('centralauth-centralautologin-logged-in' => wfMessage('centralauth-centralautologin-logged-in')->inLanguage($code)->plain(), 'centralauth-centralautologin-logged-in-nouser' => wfMessage('centralauth-centralautologin-logged-in-nouser')->inLanguage($code)->plain(), 'centralautologin' => wfMessage('centralautologin')->inLanguage($code)->plain()))); $script .= "\n" . self::getInlineScript('autologin.js'); // And for good measure, add the edge login HTML images to the page. $script .= "\n" . Xml::encodeJsCall("jQuery( 'body' ).append", array(CentralAuthHooks::getEdgeLoginHTML())); $this->doFinalOutput(true, 'success', $script); return; default: $this->setHeaders(); $this->getOutput()->addWikiMsg('centralauth-centralautologin-desc'); return; } }
function __construct() { SpecialPage::__construct('GlobalGroupMembership'); $this->mGlobalUser = CentralAuthUser::getInstance($this->getUser()); }
protected function doResolveRequest($approved, $data) { $request = GlobalRenameRequest::newFromId($data['rid']); $oldUser = User::newFromName($request->getName()); if ($request->userIsGlobal() || $request->getWiki() === wfWikiId()) { $notifyEmail = MailAddress::newFromUser($oldUser); } else { $notifyEmail = $this->getRemoteUserMailAddress($request->getWiki(), $request->getName()); } $newUser = User::newFromName($request->getNewName(), 'creatable'); $status = new Status(); $session = $this->getContext()->exportSession(); if ($approved) { if ($request->userIsGlobal()) { // Trigger a global rename job $globalRenameUser = new GlobalRenameUser($this->getUser(), $oldUser, CentralAuthUser::getInstance($oldUser), $newUser, CentralAuthUser::getInstance($newUser), new GlobalRenameUserStatus($newUser->getName()), 'JobQueueGroup::singleton', new GlobalRenameUserDatabaseUpdates(), new GlobalRenameUserLogger($this->getUser()), $session); $status = $globalRenameUser->rename($data); } else { // If the user is local-only: // * rename the local user using LocalRenameUserJob // * create a global user attached only to the local wiki $job = new LocalRenameUserJob(Title::newFromText('Global rename job'), array('from' => $oldUser->getName(), 'to' => $newUser->getName(), 'renamer' => $this->getUser()->getName(), 'movepages' => true, 'suppressredirects' => true, 'promotetoglobal' => true, 'reason' => $data['reason'], 'session' => $session)); JobQueueGroup::singleton($request->getWiki())->push($job); // Now log it $this->logPromotionRename($oldUser->getName(), $request->getWiki(), $newUser->getName(), $data['reason']); $status = Status::newGood(); } } if ($status->isGood()) { $request->setStatus($approved ? GlobalRenameRequest::APPROVED : GlobalRenameRequest::REJECTED); $request->setCompleted(wfTimestampNow()); $request->setPerformer(CentralAuthUser::getInstance($this->getUser())->getId()); $request->setComments($data['comments']); if ($request->save()) { // Send email to the user about the change in status. if ($approved) { $subject = $this->msg('globalrenamequeue-email-subject-approved')->inContentLanguage()->text(); $body = $this->msg('globalrenamequeue-email-body-approved', array($oldUser->getName(), $newUser->getName()))->inContentLanguage()->text(); } else { $subject = $this->msg('globalrenamequeue-email-subject-rejected')->inContentLanguage()->text(); $body = $this->msg('globalrenamequeue-email-body-rejected', array($oldUser->getName(), $newUser->getName(), $request->getComments()))->inContentLanguage()->text(); } if ($notifyEmail !== null && $notifyEmail->address) { $type = $approved ? 'approval' : 'rejection'; wfDebugLog('CentralAuthRename', "Sending {$type} email to User:{$oldUser->getName()}/{$notifyEmail->address}"); $this->sendNotificationEmail($notifyEmail, $subject, $body); } } else { $status->fatal('globalrenamequeue-request-savefailed'); } } return $status; }
/** * @param array $data * @return Status */ function onSubmit(array $data) { if ($data['overrideantispoof']) { $this->overrideAntiSpoof = true; } $valid = $this->validate($data); if (!$valid->isOK()) { return $valid; } $this->newUsername = $data['newname']; $this->oldUsername = $data['oldname']; $oldUser = User::newFromName($this->oldUsername); $newUser = User::newFromName($this->newUsername, 'creatable'); $session = $this->getContext()->exportSession(); $globalRenameUser = new GlobalRenameUser($this->getUser(), $oldUser, CentralAuthUser::getInstance($oldUser), $newUser, CentralAuthUser::getInstance($newUser), new GlobalRenameUserStatus($newUser->getName()), 'JobQueueGroup::singleton', new GlobalRenameUserDatabaseUpdates(), new GlobalRenameUserLogger($this->getUser()), $session); return $globalRenameUser->rename($data); }
/** * @param array $data * @return Status */ public function onSubmit(array $data) { $newUser = User::newFromName($data['finaluser'], 'creatable'); if (!$newUser) { return Status::newFatal('centralauth-usermerge-invalid'); } if (!$this->checkRateLimit()) { return Status::newFatal('centralauth-usermerge-ratelimited'); } foreach ($data['usernames'] as $field) { if (trim($field['name']) !== '') { $name = User::getCanonicalName($field['name']); if ($name === $newUser->getName()) { // The new user is also specified as one of the targets, // DWIM and ignore it continue; } $this->oldCAUsers[] = new CentralAuthUser($name); } } if (!$this->oldCAUsers) { return $this->msg('centralauth-usermerge-nousers')->escaped(); } if (count($this->oldCAUsers) > self::MAX_USERS_TO_MERGE) { return Status::newFatal($this->msg('centralauth-usermerge-toomany')->numParams(self::MAX_USERS_TO_MERGE)); } $this->newUsername = $newUser->getName(); $globalUserMerge = new GlobalUserMerge($this->getUser(), $this->oldCAUsers, CentralAuthUser::getInstance($newUser), new GlobalRenameUserStatus($newUser->getName()), 'JobQueueGroup::singleton', new GlobalUserMergeDatabaseUpdates(), new GlobalUserMergeLogger($this->getUser()), $this->getContext()->exportSession()); $status = $globalUserMerge->merge($data['reason']); return $status; }
/** * Is the current user a global user? * @return bool */ protected function isGlobalUser() { $user = $this->getUser(); $causer = CentralAuthUser::getInstance($user); return $causer->exists() && $causer->isAttached(); }
/** * @param User $user * @return CentralAuthUser */ public function getUserInstance(User &$user) { return CentralAuthUser::getInstance($user); }
/** * Hook for UserMerge extension after an account is deleted * @param User &$user account that was just deleted * @return bool */ public static function onDeleteAccount(User &$user) { $caUser = CentralAuthUser::getInstance($user); if ($caUser->isAttached()) { // Clean up localuser table. $caUser->adminUnattach(array(wfWikiID())); } // Clean up localnames table. $caUser->removeLocalName(wfWikiID()); return true; }
function resendConfirmationEmail($username) { $wikiID = wfWikiID(); $this->total++; $this->output("Sending confirmation email for: '{$username}@{$wikiID}'\n"); // we want to start with the local user $user = EmailableUser::newFromName($username); if ($user === false) { $this->output("ERROR: {$username} is an invalid username\n"); return; } $user->load(); if (!$this->sendToConfirmed && $user->isEmailConfirmed()) { $this->output("ERROR: The user '{$username}@{$wikiID}' already has a confirmed email address\n"); return; } $central = CentralAuthUser::getInstance($user); if (!$central->exists()) { $this->output("ERROR: No global account for '{$username}'\n"); return; } if (!$central->isAttached()) { $this->output("ERROR: '{$username}@{$wikiID}' is not attached to the global user\n"); return; } $unattached = $central->queryUnattached(); if (count($unattached) == 0) { $this->output("ERROR: No unattached accounts for '{$username}'\n"); return; } if ($this->dryrun) { $this->output("Would have sent email\n"); return; } if ($user->sendConfirmAndMigrateMail()) { $this->output("Sent email to {$username}\n"); $this->sent++; sleep($this->sleep); } else { $this->output("ERROR: Sending confirm and migrate email failed for '{$username}@{$wikiID}'\n"); } }
default: $bit = '???'; } $logger = LoggerFactory::getInstance('badpass'); $logger->info("{$bit} for sysop '" . $user->getName() . "' from " . $wgRequest->getIP() . " - " . @$headers['X-Forwarded-For'] . ' - ' . @$headers['User-Agent']); } return true; }; // Estimate users affected if we increase the minimum // password length to 8 for privileged groups, i.e. // T104370, T104371, T104372, T104373 $wgHooks['LoginAuthenticateAudit'][] = function ($user, $pass, $retval) { global $wmgUseCentralAuth; if ($retval == LoginForm::SUCCESS && strlen($pass) < 8) { if ($wmgUseCentralAuth) { $central = CentralAuthUser::getInstance($user); if ($central->exists() && array_intersect(array('staff', 'sysadmin', 'steward', 'ombudsman', 'checkuser'), array_merge($central->getLocalGroups(), $central->getGlobalGroups()))) { $logger = LoggerFactory::getInstance('badpass'); $logger->info("Login by privileged user '{$user->getName()}' with too short password"); } } } return true; }; $wgHooks['PrefsEmailAudit'][] = function ($user, $old, $new) { if ($user->isAllowed('delete')) { global $wgRequest; $headers = apache_request_headers(); $logger = LoggerFactory::getInstance('badpass'); $logger->info("Email changed in prefs for sysop '" . $user->getName() . "' from '{$old}' to '{$new}'" . " - " . $wgRequest->getIP() . " - " . @$headers['X-Forwarded-For'] . ' - ' . @$headers['User-Agent']); }
/** * @param $auth * @param $user User * @param $params * @return bool */ static function onSecurePoll_GetUserParams($auth, $user, &$params) { if ($user->isAnon()) { return true; } $centralUser = CentralAuthUser::getInstance($user); if (!($centralUser->exists() && $centralUser->isAttached())) { return true; } $wikiID = $centralUser->getHomeWiki(); if (strval($wikiID) === '') { return true; } $wiki = WikiMap::getWiki($wikiID); $wikiUrl = $wiki->getUrl(''); $parts = explode('/', $wikiUrl); if (isset($parts[2])) { $params['properties']['ca-local-domain'] = $params['domain']; $params['domain'] = $parts[2]; } $params['properties']['ca-local-url'] = $params['url']; $params['url'] = $wiki->getUrl('User:' . $user->getTitleKey()); return true; }