Thread:Extension talk:UserAdmin/Patch for MW 1.24.1 and external authentication

We've found a few problems with UserAdmin and MW 1.24.1:


 * User::ValidEmailAddr is gone, it's necessary to use Sanitizer::validateEmail instead.
 * wfLoadExtensionMessages is no longer required.

The patch below for UserAdmin 0.9.1 fixes these problems and adds a configuration variable $wgUserAdminExternalAuth. If true, then UserAdmin basically disables all the password options. In our setup we use LDAP for authNZ and don't want local passwords.

I haven't looked at submitting this to the UserAdmin author for consideration yet, but I post it here in case it's useful for anyone else.

--- README +++ README @@ -7,6 +7,9 @@ private wikis that require tighter contr Usage: require_once("$IP/extensions/UserAdmin/UserAdmin.php"); in LocalSettings.php

+If $wgUserAdminExternalAuth is true, then password options are not used. It is +assumed that users are authenticated against an external authority such as LDAP. + Docs: http://www.mediawiki.org/wiki/Extension:UserAdmin Author: Lance Gatlin  Ap.Muthu  License: http://opensource.org/licenses/gpl-3.0.html GNU Public License 3.0 --- SpecialAddUser.class.php +++ SpecialAddUser.class.php @@ -89,7 +89,7 @@ class SpecialAddUser extends SpecialUADM */  function doGET { -   global $wgLang, $wgOut, $wgUser, $wgAuth; +   global $wgLang, $wgOut, $wgUser, $wgAuth, $wgUserAdminExternalAuth;

$this->validateGETParams;

@@ -183,7 +183,7 @@ EOT; EOT; }

-   return <<  @@ -207,6 +207,10 @@ $domainHTML $this->editgroupslabel $groupsHTML +EOT; +   # Don't display the password stuff if we're externally authenticating. +   if ( !$wgUserAdminExternalAuth ) { +     $previewHTML .= <<editpasswordlabel  $this->setpasswordforuserlabel @@ -223,11 +227,17 @@ $domainHTML  $this->emailwelcomelabel $this->previewactionlabel ($this->subjectlabel | $this->bodylabel) $previewWelcomeEmailHTML +EOT; +   } + +    $previewHTML .= <<$this->adduserlabel $returnToHTML EOT; +   return $previewHTML; }

/* @@ -235,7 +245,7 @@ EOT; */  function validatePOSTParams { -   global $wgUser, $wgAuth; +   global $wgUser, $wgAuth, $wgUserAdminExternalAuth;

// Validate FORM if(empty($this->username)) @@ -266,24 +276,26 @@ EOT; if(empty($this->email)) throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->emailfield));

-   if(!User::isValidEmailAddr($this->email)) +   if(!Sanitizer::validateEmail($this->email)) throw new InvalidPOSTParamException(wfMsg('uadm-invalidemailmsg',$this->emailfield));

-   if(empty($this->pwdaction)) -     throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg')); - -   if($this->pwdaction == 'manual') -   { -      if(empty($this->password1) || empty($this->password2)) -       throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->passwordfield)); +   # Ignore password bits if we're externally authenticating +   if ( !$wgUserAdminExternalAuth ) { +     if(empty($this->pwdaction)) +       throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg'));

-     if($this->password1 != $this->password2) -       throw new InvalidPOSTParamException(wfMsg('uadm-passwordsmustmatchmsg')); - +     if($this->pwdaction == 'manual') +     { +        if(empty($this->password1) || empty($this->password2)) +         throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->passwordfield)); + +       if($this->password1 != $this->password2) +         throw new InvalidPOSTParamException(wfMsg('uadm-passwordsmustmatchmsg')); + +     } +      elseif($this->pwdaction != 'email' && $this->pwdaction != 'emailwelcome') +       throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg')); } -   elseif($this->pwdaction != 'email' && $this->pwdaction != 'emailwelcome') -     throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg')); -

}

@@ -294,7 +306,7 @@ EOT; */  function doPOST { -   global $wgUser, $wgAuth; +   global $wgUser, $wgAuth, $wgUserAdminExternalAuth;

switch($this->action) { @@ -328,29 +340,35 @@ EOT; $successWikiText = array; $successWikiText[] = wfMsg('uadm-newusersuccessmsg', $this->username);

-   $userPassword = ''; -   switch($this->pwdaction) -   { -      case 'manual' : -       try { -         $user->setPassword($this->password1); -         $userPassword = $this->password1; -       } -        catch(PasswordError $pe) -       { -          return $this->getPOSTRedirectURL(false, wfMsg('uadm-passworderrormsg') . $pe->getText); -       } -        $successWikiText[] = wfMsg('uadm-passwordchangesuccessmsg',$this->username); -       break; - -     case 'emailwelcome' : -       $result = self::mailWelcomeAndPassword($user); - -       if( WikiError::isError( $result ) ) -         return $this->getPOSTRedirectURL( false, wfMsg( 'uadm-mailerror', $result->getMessage ) ); - -       $successWikiText[] = wfMsg('uadm-welcomeemailsuccessmsg', $this->username, $this->email); -       break; +   # Don't bother with password if we're authenticating externally +   if ( !$wgUserAdminExternalAuth ) { +     $userPassword = ''; +     switch($this->pwdaction) +     { +        case 'manual' : +         try { +           $user->setPassword($this->password1); +           $userPassword = $this->password1; +         } +          catch(PasswordError $pe) +         { +            return $this->getPOSTRedirectURL(false, wfMsg('uadm-passworderrormsg') . $pe->getText); +         } +          $successWikiText[] = wfMsg('uadm-passwordchangesuccessmsg',$this->username); +         break; + +       case 'emailwelcome' : +         $result = self::mailWelcomeAndPassword($user); + +         if( WikiError::isError( $result ) ) +           return $this->getPOSTRedirectURL( false, wfMsg( 'uadm-mailerror', $result->getMessage ) ); + +         $successWikiText[] = wfMsg('uadm-welcomeemailsuccessmsg', $this->username, $this->email); +         break; +     } +    } else { +     # Just set a dummy random password which will never be used +     $userPassword = substr(str_shuffle(MD5(microtime)), 0, 10); }

$user->setToken; @@ -408,4 +426,4 @@ EOT; // user just added return $this->getSpecialPageURL('EditUser',$this->username, array('statusmsg' => base64_encode($successWikiText), 'statusok' => true, 'returnto' => $this->returnto)); } -} \ No newline at end of file +} --- SpecialEditUser.class.php +++ SpecialEditUser.class.php @@ -124,7 +124,7 @@ class SpecialEditUser extends SpecialUAD */  function doGET { -   global $wgLang, $wgOut, $wgUser, $wgAuth; +   global $wgLang, $wgOut, $wgUser, $wgAuth, $wgUserAdminExternalAuth;

$user = $this->validateGETParams;

@@ -316,7 +316,7 @@ EOT; EOT; }

-   return <<  @@ -364,6 +364,9 @@ $domainHTML $this->editgroupslabel: $groupsHTML +EOT; +   if ( !$wgUserAdminExternalAuth ) { +     $previewHTML .= <<<EOT $this->editpasswordlabel: <input id="pwdmanual" type="radio" name="pwdaction" value="manual" $pwdSetPasswordChecked/> $this->setpasswordforuserlabel: @@ -383,6 +386,9 @@ $domainHTML $previewWelcomeEmailHTML <input id="pwdnochange" type="radio" name="pwdaction" value="nochange" $pwdNoChangeChecked/> $this->nochangetopasswordlabel +EOT; +   } +    $previewHTML .= <<<EOT $this->reasonlabel: <input id="reason" type="text" name="reason" size="60" maxlength="255" value="$this->reason"/> $this->requiredlabel <button type="submit" name="action" value="saveuser">$this->saveuserlabel @@ -390,6 +396,7 @@ $domainHTML $searchFormHTML $returnToHTML EOT; +   return $previewHTML; }

/* @@ -397,7 +404,7 @@ EOT; */  function validatePOSTParams { -   global $wgUser, $wgAuth; +   global $wgUser, $wgAuth, $wgUserAdminExternalAuth;

$user = User::newFromId($this->userid); if(!$user->loadFromId) @@ -436,26 +443,29 @@ EOT; if(empty($this->email)) throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->emailfield));

-   if(!User::isValidEmailAddr($this->email)) +   if(!Sanitizer::validateEmail($this->email)) throw new InvalidPOSTParamException(wfMsg('uadm-invalidemailmsg',$this->emailfield));

if(empty($this->reason)) throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->reasonfield));

-   if(empty($this->pwdaction)) -     throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg')); - -   if($this->action == 'saveuser' && $this->pwdaction == 'manual') -   { -      if(empty($this->password1) || empty($this->password2)) -       throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->passwordfield)); - -     if($this->password1 != $this->password2) -       throw new InvalidPOSTParamException(wfMsg('uadm-passwordsmustmatchmsg')); - -//     $result = $user->checkPassword($this->password1); -//     if($result !== true) -//       throw new InvalidPOSTParamException(wfMsg('uadm-invalidpasswordmsg')); +   # Ignore password information if we're authenticating externally +   if ( !$wgUserAdminExternalAuth ) { +     if(empty($this->pwdaction)) +       throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg')); + +     if($this->action == 'saveuser' && $this->pwdaction == 'manual') +     { +        if(empty($this->password1) || empty($this->password2)) +         throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->passwordfield)); + +       if($this->password1 != $this->password2) +         throw new InvalidPOSTParamException(wfMsg('uadm-passwordsmustmatchmsg')); + + //      $result = $user->checkPassword($this->password1); + //      if($result !== true) + //        throw new InvalidPOSTParamException(wfMsg('uadm-invalidpasswordmsg')); +     }     }

return $user; @@ -646,4 +656,4 @@ EOT;

return $this->getPOSTRedirectURL(true, $successWikiText); } -} \ No newline at end of file +} --- SpecialUADMBase.class.php +++ SpecialUADMBase.class.php @@ -56,8 +56,6 @@ abstract class SpecialUADMBase extends S  { parent::__construct($name, $rights);

-   wfLoadExtensionMessages('UserAdmin'); -    $this->mURL = $this->getTitle->getLocalURL; }

@@ -603,4 +601,4 @@ EOT; EOT; }

-} \ No newline at end of file +} --- UserAdmin.php +++ UserAdmin.php @@ -37,6 +37,9 @@ $wgExtensionCredits['specialpage'][] = a

$dir = dirname(__FILE__). '/';

+# wgUserAdminExternalAuth indicates that external auth is used (e.g. LDAP) instead of passwords. +$wgUserAdminExternalAuth = false; + $wgExtensionMessagesFiles['UserAdmin'] = $dir. 'UserAdmin.i18n.php';

$wgAutoloadClasses['SpecialUserAdminPanel'] = $dir. 'SpecialUserAdminPanel.class.php';