Extension:StubUserWikiAuth

From mediawiki.org
MediaWiki extensions manual
StubUserWikiAuth
Release status: stable
Implementation User identity
Description Transparently imports users from another wiki
Author(s)
Latest version 1.1.2 (2020-07-31)
Compatibility policy Master maintains backward compatibility.
MediaWiki 1.29-1.34 (1.35 untested)
Database changes No
License MIT License
Download
README

The StubUserWikiAuth extension authenticates an account against a remote wiki, when the user row is a stub.

It's only used for users that have an empty password field on the database (the user_password field of the user table is empty).

The purpose is to allow users to log in after importing a wiki dump from another site (mainly with Manual:Grabbers), without having database access, providing they're the legitimate owners of that account.

After importing the dump, you should run the maintenance script populateUserTable.php located in the maintenance directory, to populate the user table with user names fetched from the page histories and logs.

This extension was based on an early version of Extension:MediaWikiAuth.

Installation[edit]

  • Download and place the file(s) in a directory called StubUserWikiAuth in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php file:
    wfLoadExtension( 'StubUserWikiAuth' );
    
  • Configure as required.
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration[edit]

Add the following in LocalSettings.php:

$wgAuthManagerAutoConfig['primaryauth'][StubUserWikiAuth\StubUserWikiPasswordAuthenticationProvider::class] = [
	'class' => StubUserWikiAuth\StubUserWikiPasswordAuthenticationProvider::class,
	'args' => [ [
		// URL to the remote api.php endpoint
		'apiUrl' => 'https://www.mediawiki.org/w/api.php',
		// URL to the Special:Preferences page (may be needed in some setups)
		'prefsUrl' => 'https://www.mediawiki.org/wiki/Special:Preferences',
		// Make this authentication not authoritative
		'authoritative' => false,
		// Prompt the user to change their password on first successful login
		// The user can skip it, however. (default: true)
		'promptPasswordChange' => true,
		// Fetch user preferences from the remote wiki. (default:false)
		// You can set it to an array of preferences that *won't* be imported
		'fetchUserOptions' => true
	] ],
	// Weight of this authentication provider against others
	// 10 should be fine
	'sort' => 10,
];

Things you should change/review:

  • apiUrl: URL to the remote api.php endpoint
  • prefsUrl: URL to the Special:Preferences page (may be needed in some setups)

Things you can configure:

  • promptPasswordChange: Prompt the user to change their password on first successful login. The user can skip it, however. (default: true)
  • fetchUserOptions: Fetch user preferences from the remote wiki. (default:false) You can set it to an array of preferences that won't be imported

Logging[edit]

You can set up a log for diagnostic purposes, to see what external requests have been made. The logs don't contain private information like passwords, only the user name and if the login and import was successful, or if not what was the response from the remote api.

Example:

$wgDebugLogGroups['StubUserWikiAuth'] => '/var/log/mediawiki/StubUserWikiAuth_' . date('Ymd') . '.log';

Features not supported[edit]

  • It doesn't write any on-wiki log to see what users were successfully logged-in and imported. You can, however, set up a log as described above.
  • Also, there's no public flag or indication about a user being imported. Nobody can know (unless looking at the database or server logs) if a user was imported unless the user make edits on their account.
  • It doesn't import the watchlist. Large watchlists may be problematic, and it's easy for a user to edit their watchlist in raw on both wikis to copy & paste it on to the new wiki.