/** * Attempt to add a user to the database * Does the required authentication checks and updates for auto-creation * @param $user User * @param $userName string * @return bool Success */ static function attemptAddUser($user, $userName) { global $wgAuth, $wgCentralAuthCreateOnView; // Denied by configuration? if (!$wgAuth->autoCreate()) { wfDebug(__METHOD__ . ": denied by configuration\n"); return false; } if (!$wgCentralAuthCreateOnView) { // Only create local accounts when we perform an active login... // Don't freak people out on every page view wfDebug(__METHOD__ . ": denied by \$wgCentralAuthCreateOnView\n"); return false; } // Is the user blacklisted by the session? // This is just a cache to avoid expensive DB queries in $user->isAllowedToCreateAccount(). // The user can log in via Special:UserLogin to bypass the blacklist and get a proper // error message. $session = CentralAuthUser::getSession(); if (isset($session['auto-create-blacklist']) && in_array(wfWikiID(), (array) $session['auto-create-blacklist'])) { wfDebug(__METHOD__ . ": blacklisted by session\n"); return false; } // Is the user blocked? $anon = new User(); if (!$anon->isAllowedAny('createaccount', 'centralauth-autoaccount') || $anon->isBlockedFromCreateAccount()) { // Blacklist the user to avoid repeated DB queries subsequently // First load the session again in case it changed while the above DB query was in progress wfDebug(__METHOD__ . ": user is blocked from this wiki, blacklisting\n"); $session = CentralAuthUser::getSession(); $session['auto-create-blacklist'][] = wfWikiID(); CentralAuthUser::setSession($session); return false; } // Check for validity of username if (!User::isValidUserName($userName)) { wfDebug(__METHOD__ . ": Invalid username\n"); $session = CentralAuthUser::getSession(); $session['auto-create-blacklist'][] = wfWikiID(); CentralAuthUser::setSession($session); return false; } // Give other extensions a chance to stop auto creation, but they cannot // change $userName, because CentralAuth expects user names on all wikis // are the same. // // * $user (and usually $wgUser) is the half-created User object and // should not be accessed in any way since calling any User methods // in its half-initialised state will give incorrect results. // // * $userName is the new user name // // * $anon is an anonymous user object which can be safely used for // permissions checks. if (!wfRunHooks('CentralAuthAutoCreate', array($user, $userName, $anon))) { wfDebug(__METHOD__ . ": denied by other extensions\n"); return false; } $abortMessage = ''; if (!wfRunHooks('AbortAutoAccount', array($user, &$abortMessage))) { // In this case we have no way to return the message to the user, // but we can log it. wfDebug(__METHOD__ . ": denied by other extension: {$abortMessage}\n"); return false; } // Checks passed, create the user wfDebug(__METHOD__ . ": creating new user\n"); $user->loadDefaults($userName); $user->addToDatabase(); $user->addNewUserLogEntryAutoCreate(); $wgAuth->initUser($user, true); $wgAuth->updateUser($user); # Notify hooks (e.g. Newuserlog) wfRunHooks('AuthPluginAutoCreate', array($user)); # Update user count $ssUpdate = new SiteStatsUpdate(0, 0, 0, 0, 1); $ssUpdate->doUpdate(); return true; }
/** * Attempt to add a user to the database * Does the required authentication checks and updates for auto-creation * @param $user User * @throws Exception * @return bool Success */ static function attemptAddUser($user) { global $wgAuth, $wgCentralAuthCreateOnView; $userName = $user->getName(); // Denied by configuration? if (!$wgAuth->autoCreate()) { wfDebug(__METHOD__ . ": denied by configuration\n"); return false; } if (!$wgCentralAuthCreateOnView) { // Only create local accounts when we perform an active login... // Don't freak people out on every page view wfDebug(__METHOD__ . ": denied by \$wgCentralAuthCreateOnView\n"); return false; } // Is the user blacklisted by the session? // This is just a cache to avoid expensive DB queries in $user->isAllowedToCreateAccount(). // The user can log in via Special:UserLogin to bypass the blacklist and get a proper // error message. $session = CentralAuthUser::getSession(); if (isset($session['auto-create-blacklist']) && in_array(wfWikiID(), (array) $session['auto-create-blacklist'])) { wfDebug(__METHOD__ . ": blacklisted by session\n"); return false; } // Is the user blocked? $anon = new User(); if (!$anon->isAllowedAny('createaccount', 'centralauth-autoaccount') || $anon->isBlockedFromCreateAccount()) { // Blacklist the user to avoid repeated DB queries subsequently // First load the session again in case it changed while the above DB query was in progress wfDebug(__METHOD__ . ": user is blocked from this wiki, blacklisting\n"); $session['auto-create-blacklist'][] = wfWikiID(); CentralAuthUser::setSession($session); return false; } // Check for validity of username if (!User::isCreatableName($userName)) { wfDebug(__METHOD__ . ": Invalid username\n"); $session['auto-create-blacklist'][] = wfWikiID(); CentralAuthUser::setSession($session); return false; } // Give other extensions a chance to stop auto creation. $user->loadDefaults($userName); $abortMessage = ''; if (!Hooks::run('AbortAutoAccount', array($user, &$abortMessage))) { // In this case we have no way to return the message to the user, // but we can log it. wfDebug(__METHOD__ . ": denied by other extension: {$abortMessage}\n"); $session['auto-create-blacklist'][] = wfWikiID(); CentralAuthUser::setSession($session); return false; } // Make sure the name has not been changed if ($user->getName() !== $userName) { throw new Exception("AbortAutoAccount hook tried to change the user name"); } // Checks passed, create the user $from = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : 'CLI'; wfDebugLog('CentralAuth-Bug39996', __METHOD__ . ": creating new user ({$userName}) - from: {$from}\n"); try { $status = $user->addToDatabase(); } catch (Exception $e) { wfDebugLog('CentralAuth-Bug39996', __METHOD__ . " User::addToDatabase for \"{$userName}\" threw an exception:" . " {$e->getMessage()}"); throw $e; } if ($status === null) { // MW before 1.21 -- ok, continue } elseif (!$status->isOK()) { wfDebugLog('CentralAuth-Bug39996', __METHOD__ . ": failed with message " . $status->getWikiText() . "\n"); return false; } $wgAuth->initUser($user, true); # Notify hooks (e.g. Newuserlog) Hooks::run('AuthPluginAutoCreate', array($user)); # Update user count DeferredUpdates::addUpdate(new SiteStatsUpdate(0, 0, 0, 0, 1)); return true; }
/** * @param CentralAuthUser $centralUser * @param User $user * @return array */ private function getCentralSession($centralUser, $user) { $centralSession = $centralUser->getSession(); $request = $this->getRequest(); // If there's no "finalProto", check if one was passed, and otherwise // assume the current. if (!isset($centralSession['finalProto'])) { $centralSession['finalProto'] = $request->getVal('proto', $request->detectProtocol()); } // If there's no "remember", pull from the user preference. if (!isset($centralSession['remember'])) { $centralSession['remember'] = $user->getBoolOption('rememberpassword'); } // Make sure there's a value for secureCookies if (!isset($centralSession['secureCookies'])) { $centralSession['secureCookies'] = $user->getBoolOption('prefershttps') && wfCanIPUseHTTPS($request->getIP()); } // Make sure there's a session id by creating a session if necessary. if (!isset($centralSession['sessionId'])) { $centralSession['sessionId'] = $centralUser->setSession($centralSession); } return $centralSession; }