Extension:AuthDrupal

Overview
Signin integration for MediaWiki as slave of Drupal.

Implemented using Drupal 4.7.x and MediaWiki 1.9.2/1.9.3; newer versions not tested yet.

This code is meant to create one login for users of a Drupal site and a MediaWiki site. It is set up so that users sign in to the Drupal site, and as a result they automatically become logged in to the wiki.

The code replaces the wiki's own log in/register/logout links with links to the drupal front page to to force users to go through Drupal. (See below.)

User entries are still created in the wiki's user table and are kept up to date on each login with email and real name.

The login integration works as follows: when the user signs in to Drupal, an extra cookie is created containing their identity. When the user visits the wiki, the wiki extension sees the cookie, extracts the username, and logs the user in. When the user logs out of the Drupal site, both the special cookie and any of the wiki's session cookies are removed so the user is also signed out of the wiki.

Credits

 * This implementation started with the code written by TazzyTazzy (Mitch Schwenk)  available at: DCCwiki.


 * The code has changed a fair bit from the original. Modifications by Maarten van Dantzich.


 * Support for separate databases is based on Auth_phpBB.


 * For the rewrite, I looked at (and borrowed code from):
 * Auth_Shibboleth (ShibAuth) http://shibboleth.internet2.edu, /Shibboleth_Authentication
 * LdapAuthentication.php by Ryan Lane  LDAP_Authentication

Bugs

 * To get logout to work right, you have to edit the Mediawiki.module code. (See Instructions section below.)


 * Should not keep the cookie domain setting in two places. It's currently in LocalSettings.php and in Mediawiki.module.


 * Currently there's logout code both in Mediawiki.module and in StaticUserLogout in AuthDrupal.php. Should come up with one approach that works well.


 * Logout code does not set mw_LoggedOut cookie when user logs out.


 * Passwords are currently not copied into the MW database. If you use this extension and then decide the run the wiki as a standalone app with its own login system, you'll have to have passwords reset/emailed for everyone. When MW 1.10 ships, should change code to use $wgUser->setInternalPassword


 * It's been reported that creating a new account in Drupal may log you in to the Drupal site, but does not call the hook function that sets the cookie necessary to log in to Mediawiki. If someone can confirm this and/or suggest a fix, please leave a note on the discussion page.

Missing Features

 * I have code implemented to disable editing of Real name and Email address in My Preferences but haven't gotten the patch in shape to be released yet.


 * No support for user groups yet. (I'd be very interested in patches that bring Drupal roles across.)


 * Does NOT handle someone changing their username on the Drupal end. That user will be regarded as a new user by the wiki next time they sign in.

Comments or Feedback?
If you have comments, questions, or improvements, please drop me a note via the discussion page, or email me via my user page.

Files

 * AuthDrupal/AuthDrupal.php
 * AuthDrupal/crypto.php
 * AuthDrupal/Mediawiki.module

Instructions

 * download the files linked in the Files section of this page, save them in wiki/extensions/AuthDrupal/


 * edit the key string in crypto.php to be something unique to your site (look for $key = )


 * put AuthDrupal.php, Drupal.php and crypto.php into wiki/extensions/AuthDrupal/


 * put Mediawiki.module and a copy of crypto.php into drupal/modules (yes, you want crypto.php in both places). Edit the value of $cookie_domain at the top of Mediawiki.module to be the same as the cookie domain in LocalSettings.php.


 * edit wiki/LocalSettings.php to include the code below. Change the database settings to match your setup. Change the cookie domain name  to the domain under which your Drupal and wiki are hosted.  If drupal and mediawiki use the same database, just set  $wgAuthDrupal_UseExtDatabase = false and ignore most of the  _MySQL_ settings.


 * go into Drupal admin pages and enable the Mediawiki module


 * To have logout work correctly (logging out from Drupal also logs the user out from MW), you may have to edit the code. In Mediawiki.module, the  logout code contains the names of the cookies to remove. These cookie names  may be different for your install because they use the database name,  the DB table prefix, and then the cookie name. Just look at the cookies  getting set in our browser and edit the code accordingly.   If you're motivated to fix the code so it looks up the cookie names from  the MW settings, please do... send me a patch. :)


 * you may want to ensure that account creation is blocked. Try going to /wiki/index.php?title=Special:Userlogin&type=signup (TODO: document how to turn off account creation)


 * even though the extension can change the login/logout link to point to Drupal, that does not stop a savvy user from going to Special:Userlogin directly. You  may want to edit .htaccess to redirect that URL. There are instructions for  this at the bottom of this page:

Controlling behavior
These are global variables you CAN set in LocalSettings.php to control how AuthDrupal behaves:


 * 1) Do NOT copy the code from this section into your LocalSettings.php.
 * 2) This is documentation, not meant to be running code. Copy the code from the
 * 3) section Edits to LocalSettings.php, below.

$wgAuthDrupal_ReplaceLogin	// true or false, replace MW login/logout links? $wgAuthDrupal_LoginURL        // $wgAuthDrupal_LogoutURL

$wgAuthDrupal_UseExtDatabase // true or false; are MW and Drupal in separate databases?

// OPTIONAL: if these are the same as your MediaWiki settings, leave them set as is $wgAuthDrupal_MySQL_Host    = $wgDBserver;         // Drupal MySQL Host Name. $wgAuthDrupal_MySQL_Username = $wgDBuser;          // Drupal MySQL Username. $wgAuthDrupal_MySQL_Password = $wgDBpassword;      // Drupal MySQL Password.

// you'll want to set this to the database name: $wgAuthDrupal_MySQL_Database $wgAuthDrupal_TablePrefix	= ""; $wgAuthDrupal_UserTable    = 'users';        // Name of your Drupal user table. (normally 'users')

$wgAuthDrupal_LogMessages	// true or false, log messages to Drupal watchdog? $wgAuthDrupal_UID             // OPTIONAL userID to use when logging watchdog messages

// in my Drupal install, I have enabled the profile extension to add // first name and last name to user profiles. (I require them during signup) // This allows MW to pull in the real name from the Drupal profile. // If you don't have this, just leave GetRealNames set to false $wgAuthDrupal_GetRealNames // true or false, get first + last name from Drupal profile extension? // OPTIONAL: $wgAuthDrupal_RealNames_fields_table; // set if different than 'profile_fields' $wgAuthDrupal_RealNames_values_table; // set if different than 'profile_values' $wgAuthDrupal_RealNames_first_name_field; // set if different than 'profile_first_name' $wgAuthDrupal_RealNames_last_name_field; // set if different than 'profile_last_name'

Edits to LocalSettings.php
// disable registration and sign-in from the wiki front page $wgGroupPermissions['*']['edit'] = false; // MediaWiki 1.5+ Settings $wgGroupPermissions['*']['createaccount'] = false; // MediaWiki 1.5+ Settings $wgAuthDrupal_UseExtDatabase = true; //-[NOTE: You only need the next four settings if you set $wgAuthDrupal_UseExtDatabase to true.] $wgAuthDrupal_MySQL_Host    = $wgDBserver;         // Drupal MySQL Host Name. $wgAuthDrupal_MySQL_Username = $wgDBuser;          // Drupal MySQL Username. $wgAuthDrupal_MySQL_Password = $wgDBpassword;      // Drupal MySQL Password. $wgAuthDrupal_MySQL_Database = 'drpl';           // Drupal MySQL Database Name. $wgAuthDrupal_TablePrefix	= ""; $wgAuthDrupal_UserTable    = 'users';        // Name of your Drupal user table. (normally 'users') $wgAuthDrupal_CookieDomain = '.yourdomain.com'; // $wgAuthDrupal_GetRealNames : // Drupal's default user table schema does not include a field for real names // If you use Drupal's profile.module and add fields profile_first_name and // profile_last_name, the Auth Module can copy the names into the user's // wiki profile $wgAuthDrupal_GetRealNames = true; // You probably do not need to change these // $wgAuthDrupal_RealNames_fields_table; // set if different than 'profile_fields' // $wgAuthDrupal_RealNames_values_table; // set if different than 'profile_values' // $wgAuthDrupal_RealNames_first_name_field; // set if different than 'profile_first_name' // $wgAuthDrupal_RealNames_last_name_field; // set if different than 'profile_last_name' $wgAuthDrupal_ReplaceLogin = true;	// set to false to retain wiki's own login/logout // if ReplaceLogin is true, set these URLs to appropriate targets: $wgAuthDrupal_LoginURL = 'http://yourdomain.com/drupal/'; $wgAuthDrupal_LogoutURL = 'http://yourdomain.com/drupal/?q=logout'; // Do you want status messages in your Drupal watchdog log? $wgAuthDrupal_LogMessages = false; require_once 'extensions/AuthDrupal/AuthDrupal.php'; SetupAuthDrupal;
 * 1) User authentication via Drupal using AuthDrupal
 * 1) User authentication via Drupal using AuthDrupal