Extension talk:AuthIMAP
For what it's worth: I installed AuthIMAP with Mediawiki 1.12.
It worked OK, except that I can't manage user rights because:
- My mail server uses a full email address for login - "mary@example.com"
- We have two domains, so I can't hard-code the domain into Auth_imap.php
- As a result, my IMAP-Authenticated usernames contain an "@"
- The "@" is used to split the username into two parts in includes/SpecialUserrights.php - something to do with interwiki user rights.
I can force Special:Userrights to work if I comment out the lines shown below:
220 ## $parts = explode( '@', $username );
221 ## if( count( $parts ) < 2 ) {
222 $name = trim( $username );
223 $database = '';
224 ## } else {
225 ## list( $name, $database ) = array_map( 'trim', $parts );
226 ##
227 ## if( !$wgUser->isAllowed( 'userrights-interwiki' ) ) {
228 ## $wgOut->addWikiMsg( 'userrights-no-interwiki' );
229 ## return null;
230 ## }
231 ## if( !UserRightsProxy::validDatabase( $database ) ) {
232 ## $wgOut->addWikiMsg( 'userrights-nodatabase', $database );
233 ## return null;
234 ## }
235 ## }
I also see that includes/User.php includes a function designed to prevent the creation of usernames containg '@':
475 /**
476 * Usernames which fail to pass this function will be blocked
477 * from new account registrations, but may be used internally
478 * either by batch processes or by user accounts which have
479 * already been created.
480 *
481 * Additional character blacklisting may be added here
482 * rather than in isValidUserName() to avoid disrupting
483 * existing accounts.
484 *
485 * @param string $name
486 * @return bool
487 */
488 static function isCreatableName( $name ) {
489 return
490 self::isUsableName( $name ) &&
491
492 // Registration-time character blacklisting...
493 strpos( $name, '@' ) === false;
494 }
Contents |
[edit] Possible Solution
:User Rights and @ sign in login names.
Set $wgInvalidUsernameCharacters = '^'
$wgUserrightsInterwikiDelimiter = '^'
[edit] User Rights
All my users have admin rights and the WikiSysop account only works if I disable the extension. Work-arounds where users are users and the WikiSysop account is THE admin account?
The imap_open function should generally fail, as it is called after $username being transcoded with ucfirst. Most imap servers are case sensitive, for a good reason. You would either have to specifically convert to lowercase within authenticate function, like I did below, or rearrange the functions. Throwing in a print_r(imap_errors()); before satisfied is also a good idea.
function authenticate($username, $password) {
// lowercase username before imap check
$username = strtolower($username);
// Connect to the IMAP server running on port 143 on example.com using tls
$mbox = imap_open("{imap.server.com:143/imap/tls/novalidate-cert}INBOX",
"$username",
"$password",
OP_HALFOPEN);
print_r(imap_errors());
Regards, Benjamin, Norway
[edit] Query Multiple IMAP servers
Is it possible to setup this extension to query multiple email servers? My users are spread across at least a five email servers. Thanks!
[edit] Gmail
a quick note if you want to auth against gmail use this as your host string
$authhost="{imap.gmail.com:993/imap/ssl/novalidate-cert}"; if ($mbox=imap_open( $authhost, $user, $pass ))
