AuthPlugin

From MediaWiki.org
Jump to navigation Jump to search
This page is a translated version of the page AuthPlugin and the translation is 46% complete.
Other languages:
Deutsch • ‎English • ‎català • ‎español • ‎italiano • ‎中文 • ‎日本語

Autentificación de plugin de interfaz hasta MediaWiki 1.26.

Complementos de autenticación existentes

Existen complementos de autenticación para muchos casos como IMAP, LDAP y más. Categoría:Extensiones de identidad de usuario lista estas extensiones.

Crear nuevos complementos de autenticación

Si necesitas escribir tu propio complemento, mira el documento fuente en la Documentación del código MediaWiki (véase también el último código fuente)

Instantiate a subclass of AuthPlugin and set $wgAuth to it to authenticate against some external source.

The default behavior is not to do anything, and use the local user database for all authentication. A subclass can require that all accounts authenticate externally, or use it only as a fallback; also you can transparently create internal wiki accounts the first time someone logs in who can be authenticated externally.

Fall-back

As mentioned above, a subclass can fall back to local (i.e. mediawiki db) authentication. It does this by returning false when its strict() method is being called. The $wgUser object then proceeds to compare the submitted password to the one in its database.

See this excerpt of includes/User.php for details, method checkPassword():

if( $wgAuth->authenticate( $this->getName(), $password ) ) {
    return true;
} elseif( $wgAuth->strict() ) {
    /* Auth plugin doesn't allow local authentication */
    return false;
} elseif( $wgAuth->strictUserAuth( $this->getName() ) ) {
    /* Auth plugin doesn't allow local authentication for this user name */
    return false;
}
if ( self::comparePasswords( $this->mPassword, $password, $this->mId ) ) {
    return true;

As you can see, it is even possible for the AuthPlugin to allow only certain users to fall back to their passwords stored locally by returning false when its strictUserAuth() is being called next.

Notas

  • The username is translated by MediaWiki before it is passed to the function: First letter becomes upper case, underscore '_' become spaces ' '.
  • If autoCreate() returns true (MediaWiki should create a local account for the user) updateExternalDB( $user ) is called anyway. I guess this is to allow the plugin to synchronize the user settings with the external database. updateExternalDB() must return true to make MediaWiki store the settings in the local account.
  • AuthPlugin->userExists(...) is not called when the user has already been stored in the wiki DataBase.

Instalación

Put the files in the extensions folder (preferably a sub folder), than add something akin to the below to your LocalSettings.php

require_once( "$IP/extensions/MyAuthPlugin/MyAuthPlugin.php" );
$wgAuth = new MyAuthPlugin();

Sesiones externas

In order to check the login status against some external session management scheme, use the AutoAuthenticate hook (MediaWiki 1.5 - 1.12) or UserLoadFromSession (since MediaWiki 1.13). También puedes usar UserLoadAfterLoadFromSession (desde MediaWiki 1.14). These hooks can be used to implement a single-signon setup, in addition to simple account sharing.

Véase también