dtt83024 2011-06-24 00:02
浏览 115
已采纳

Mediawiki验证替换显示“需要登录”而不是将用户签名到维基

I'm fairly to MediaWiki and needed a way to automatically log users in after they authenticated to a central server (which creates a session and cookie for applications to use).

I wrote a custom authentication extension based off of the LDAP Authentication extension and a few others. The extension simply needs to read some session data to create or update a user and then log them in automatically. All the authentication is handled externally. A user would not be able to even access the wiki website without logging in externally.

This extension was placed into production which replaced the old standard MediaWiki authentication system. I also merged user accounts to prepare for the change. By default, a user must be logged in to view, edit, or otherwise do anything in the wiki.

My problem is that I found if a user had previously used the built-in MediaWiki authentication system and returned to the wiki, my extension would attempt to auto-login the user, however, they would see a "Login Required" page instead of the page they requested like they were an anonymous user. If the user then refreshed the page, they would be able to navigate, edit, etc.

From what I can tell, this issue resolves itself after the UserID cookie is reset or created fresh (but has been known to strangely come up sometimes). To replicate, if there is an older User ID in the "USERID" cookie, the user is shown the "Login Required" page which is a poor user experience. Another way of showing this page is by removing the user account from the database and refreshing the wiki page. As a result, the user will again see the "Login Required" page.

Does anyone know how I can use debugging to find out why MediaWiki thinks the user is not signed in when the cookies are set properly and all it takes is a page refresh?

Here is my extension (simplified a little for this post):

<?php

$wgExtensionCredits['parserhook'][] = array (
    'name' => 'MyExtension',
    'author' => '',
);

if (!class_exists('AuthPlugin')) {
    require_once ( 'AuthPlugin.php' );
}

class MyExtensionPlugin extends AuthPlugin {

    function userExists($username) {
        return true;
    }

    function authenticate($username, $password) {

        $id = $_SESSION['id'];
        if($username = $id) {
          return true;
        } else {
          return false;
        }

    }

    function updateUser(& $user) {
        $name = $user->getName();
        $user->load();

        $user->mPassword = ''; 
        $user->mNewpassword = '';
        $user->mNewpassTime = null;

        $user->setRealName($_SESSION['name']);
        $user->setEmail($_SESSION['email']);
        $user->mEmailAuthenticated = wfTimestampNow();
        $user->saveSettings();

        return true;
    }

    function modifyUITemplate(& $template) { 
        $template->set('useemail', false); 
        $template->set('remember', false); 
        $template->set('create', false); 
        $template->set('domain', false); 
        $template->set('usedomain', false); 
    } 

    function autoCreate() {
        return true;
    }

    function disallowPrefsEditByUser() {
        return array (
            'wpRealName' => true,
            'wpUserEmail' => true,
            'wpNick' => true
        );
    }

    function allowPasswordChange() {
        return false;
    }


    function setPassword( $user, $password ) {
        return false;
    }


    function strict() {
        return true;
    }

    function initUser( & $user ) {
    }

    function updateExternalDB( $user ) {
        return false;
    }

    function canCreateAccounts() {
        return false;
    }

    function addUser( $user, $password ) {
        return false;
    }

    function getCanonicalName( $username ) {
        return $username;
    }
}


function SetupAuthMyExtension() {
    global $wgHooks;
    global $wgAuth;

    $wgHooks['UserLoadFromSession'][] = 'Auth_MyExtension_autologin_hook';
    $wgHooks['UserLogoutComplete'][] = 'Auth_MyExtension_UserLogoutComplete';
    $wgHooks['PersonalUrls'][] = 'Auth_MyExtension_personalURL_hook';
    $wgAuth = new MyExtensionPlugin();
}

function Auth_MyExtension_autologin_hook($user, &$return_user ) {
    global $wgUser;
    global $wgAuth;
    global $wgContLang;

    wfSetupSession();

    // Give us a user, see if we're around
    $tmpuser = new User() ;
    $rc = $tmpuser->newFromSession();
    $rc = $tmpuser->load();

    if( $rc && $rc->isLoggedIn() ) {
        if ( $rc->authenticate($rc->getName(), '') ) {
            return true;
        } else {
            $rc->logout();
        }
    }

    $id = trim($_SESSION['id']);
    $name = ucfirst(trim($_SESSION['name']));

    if (empty($dsid)) {
        $result = false;    // Deny access
        return true;
    }

    $user = User::newFromName($dsid);

    if (0 == $user->getID() ) {
        // we have a new user to add...     
        $user->setName( $id);
        $user->addToDatabase();
        $user->setToken();
            $user->saveSettings();

        $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 );
        $ssUpdate->doUpdate();

    } else {
        $user->saveToCache();
    }

    // update email, real name, etc.
    $wgAuth->updateUser( $user );

    $result = true;
    // Go ahead and log 'em in
    $user->setToken();
    $user->saveSettings();
    $user->setupSession();
    $user->setCookies();    
    return true;

}

function Auth_MyExtension_personalURL_hook(& $personal_urls, & $title) {
    global $wgUser;
    unset( $personal_urls['mytalk'] );
    unset($personal_urls['Userlogin']);
    $personal_urls['userpage']['text'] = $wgUser->getRealName();

    foreach (array('login', 'anonlogin') as $k) {
        if (array_key_exists($k, $personal_urls)) {
            unset($personal_urls[$k]);
        }
    }
    return true;
}


function Auth_MyExtension_UserLogoutComplete(&$user, &$inject_html, $old_name) { 
    setcookie( $GLOBALS['wgCookiePrefix'] . '_session', '', time() - 3600, $GLOBALS['wgCookiePath']);
    setcookie( $GLOBALS['wgCookiePrefix'] . 'UserName', '', time() - 3600, $GLOBALS['wgCookiePath']);
    setcookie( $GLOBALS['wgCookiePrefix'] . 'UserID', '', time() - 3600, $GLOBALS['wgCookiePath']);
    setcookie( $GLOBALS['wgCookiePrefix'] . 'Token', '', time() - 3600, $GLOBALS['wgCookiePath']);
    return true;
}


?>

Here is part of my LocalSettings.php file:

#############################
# Disallow Anonymous Access
#############################
$wgGroupPermissions['*']['read']            = false;
$wgGroupPermissions['*']['edit']            = false;
$wgGroupPermissions['*']['createpage']      = false;
$wgGroupPermissions['*']['createtalk']      = false;
$wgGroupPermissions['*']['createaccount']   = false;
$wgShowIPinHeader = false; # For non-logged in users

#############################
# Extension: MyExtension
#############################
require_once("$IP/extensions/MyExtension.php");
$wgAutoLogin = true;
SetupAuthMyExtension();
$wgDisableCookieCheck = true;
  • 写回答

1条回答 默认 最新

  • dongxu4580 2011-07-07 23:21
    关注

    I found out the reason why this problem was occuring. When a user had previously signed into the wiki an old cookie with the old user id was set. Mediawiki attempted to read this cookie and found that it did not match the database so for security purposes, a "login required" page was shown to the user.

    To get passed this issue, users can simply refresh the page, clear their cookies prior to login, or the admin can allow guest access to read pages.

    Alternatively, a change to the core file set can be made temporarily to bypass the check.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 怀疑手机被监控,请问怎么解决和防止
  • ¥15 Qt下使用tcp获取数据的详细操作
  • ¥15 idea右下角设置编码是灰色的
  • ¥15 全志H618ROM新增分区
  • ¥15 在grasshopper里DrawViewportWires更改预览后,禁用电池仍然显示
  • ¥15 NAO机器人的录音程序保存问题
  • ¥15 C#读写EXCEL文件,不同编译
  • ¥15 MapReduce结果输出到HBase,一直连接不上MySQL
  • ¥15 扩散模型sd.webui使用时报错“Nonetype”
  • ¥15 stm32流水灯+呼吸灯+外部中断按键