Extension:NetworkAuth

From MediaWiki.org
Jump to navigation Jump to search
MediaWiki extensions manualManual:Extensions
Crystal Clear action run.svg
NetworkAuth

Release status:Extension status stable

NetworkAuth PersonalUrls.png
ImplementationTemplate:Extension#type User identity, User rights, Hook
DescriptionTemplate:Extension#description Allows to automatically authenticate users coming from certain network addresses
Author(s)Template:Extension#username Olaf Lenz (Olenztalk)
Latest versionTemplate:Extension#version 2.1.2 (2017-10-30)
MediaWikiTemplate:Extension#mediawiki 1.23+
Database changesTemplate:Extension#needs-updatephp No
LicenseTemplate:Extension#license GNU General Public License 2.0 or later
Download
ParametersTemplate:Extension#parameters
  • $wgNetworkAuthUsers
  • $wgNetworkAuthSpecialUsers
Hooks usedTemplate:Extension#hook
UserLoadAfterLoadFromSessionManual:Hooks/UserLoadAfterLoadFromSession
PersonalUrlsManual:Hooks/PersonalUrls

Translate the NetworkAuth extension if it is available at translatewiki.net

Check usage and version matrix.

The NetworkAuth extension is intended to bind particular network addresses to specific users. When the wiki is accessed from a specific network address, they will be automatically logged in with the specified user name. When a wiki is configured not to allow anonymous read and/or write access, the extension can be used to grant read and write access for users from particular network addresses (e.g. from the intranet of a company).

Installation[edit]

  • Download and place the file(s) in a directory called NetworkAuth in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php:
    require_once "$IP/extensions/NetworkAuth/NetworkAuth.php";
    
  • Configure as described in this section.
  • YesY Done - Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration[edit]

To configure the extension, set the configuration parameter $wgNetworkAuthUsers in LocalSettings.php, and optionally the configuration parameter $wgNetWorkAuthSpecialUsers.

Basic configuration[edit]

The configuration parameter $wgNetworkAuthUsers is an array that can contain one or several arrays to configure what user is logged in when a wiki page is loaded from a specific network address. NetworkAuth only becomes active when a user is not logged in already. When NetworkAuth detects an attempt to load a page by an anonymous user, it will check whether the source IP address of the request is matched by any of the records in $wgNetworkAuthUsers. If it is, it will log in the specified user.

Example
require_once "$IP/extensions/NetworkAuth/NetworkAuth.php";

# Log-in unlogged users from these networks
$wgNetworkAuthUsers[] = [
	'iprange' => [ '127.0.0.1',
	               '10.1.10.0/24',
	               '10.2.10.152/32' ],
	'user'    => 'NetworkAuthUser',
];

# Log-in unlogged users when IP matches this regular expression
$wgNetworkAuthUsers[] = [
	'ippattern' => '/10\.1\.10\..*/',
	'user'      => 'NetworkAuthUser',
];

# Log-in unlogged users when IP’s reverse DNS lookup matches this domain
$wgNetworkAuthUsers[] = [
	'hostpattern' => '/.*\.domain\.example\.com/i',
	'user'        => 'AdminComputer',
];

# To use the contents of the page MediaWiki:Networkauth-ips
# (Where the page is formatted as a '*' followed by either an IP or range)
$wgNetworkAuthUsers[] = [
	'ipmsg' => 'networkauth-ips',
	'user'  => 'Foo',
];

Optional configuration[edit]

Personal header when connected with a user configured in $wgNetWorkAuthSpecialUsers

It might be a good idea not to use NetworkAuth to log in a normal user account, but a special user account instead that exists exclusively for this purpose (e.g. "NetworkAuthUser"). In that case, one can add this account to the configuration parameter $wgNetWorkAuthSpecialUsers. Users in this list do not get the normal list of Personal Urls. Instead, the PersonalUrls show:

  • that the user is logged via the NetworkAuth extension
  • the IP address of the user
  • a link to log out
  • a link to log in
Example
$wgNetworkAuthSpecialUsers[] = 'NetworkAuthUser';