Extension talk:AuthIMAP

From mediawiki.org
Jump to navigation Jump to search

For what it's worth: I installed AuthIMAP with Mediawiki 1.12.

It worked OK, except that I can't manage user rights because:

  • My mail server uses a full email address for login - "mary@example.com"
  • We have two domains, so I can't hard-code the domain into Auth_imap.php
  • As a result, my IMAP-Authenticated usernames contain an "@"
  • The "@" is used to split the username into two parts in includes/SpecialUserrights.php - something to do with interwiki user rights.

I can force Special:Userrights to work if I comment out the lines shown below:

    220         ##      $parts = explode( '@', $username );
    221         ##      if( count( $parts ) < 2 ) {
    222                         $name = trim( $username );
    223                         $database = '';
    224         ##      } else {
    225         ##              list( $name, $database ) = array_map( 'trim', $parts );
    226 ##
    227 ##                      if( !$wgUser->isAllowed( 'userrights-interwiki' ) ) {
    228 ##                              $wgOut->addWikiMsg( 'userrights-no-interwiki' );
    229 ##                              return null;
    230 ##                      }
    231 ##                      if( !UserRightsProxy::validDatabase( $database ) ) {
    232 ##                              $wgOut->addWikiMsg( 'userrights-nodatabase', $database );
    233 ##                              return null;
    234 ##                      }
    235 ##              }

I also see that includes/User.php includes a function designed to prevent the creation of usernames containg '@':

    475         /**
    476          * Usernames which fail to pass this function will be blocked
    477          * from new account registrations, but may be used internally
    478          * either by batch processes or by user accounts which have
    479          * already been created.
    480          *
    481          * Additional character blacklisting may be added here
    482          * rather than in isValidUserName() to avoid disrupting
    483          * existing accounts.
    484          *
    485          * @param string $name
    486          * @return bool
    487          */
    488         static function isCreatableName( $name ) {
    489                 return
    490                         self::isUsableName( $name ) &&
    491
    492                         // Registration-time character blacklisting...
    493                         strpos( $name, '@' ) === false;
    494         }

Possible Solution[edit]

   :User Rights and @ sign in login names.
   Set $wgInvalidUsernameCharacters = '^'
       $wgUserrightsInterwikiDelimiter = '^'


User Rights[edit]

All my users have admin rights and the WikiSysop account only works if I disable the extension. Work-arounds where users are users and the WikiSysop account is THE admin account?


The imap_open function should generally fail, as it is called after $username being transcoded with ucfirst. Most imap servers are case sensitive, for a good reason. You would either have to specifically convert to lowercase within authenticate function, like I did below, or rearrange the functions. Throwing in a print_r(imap_errors()); before satisfied is also a good idea.

 function authenticate($username, $password) {
   // lowercase username before imap check
       $username = strtolower($username);
   // Connect to the IMAP server running on port 143 on example.com using tls
   $mbox = imap_open("{imap.server.com:143/imap/tls/novalidate-cert}INBOX",
                     "$username",
                     "$password",
                     OP_HALFOPEN);
   print_r(imap_errors());


Regards, Benjamin, Norway

Query Multiple IMAP servers[edit]

Is it possible to setup this extension to query multiple email servers? My users are spread across at least a five email servers. Thanks!

Gmail[edit]

a quick note if you want to auth against gmail use this as your host string

$authhost="{imap.gmail.com:993/imap/ssl/novalidate-cert}";

if ($mbox=imap_open( $authhost, $user, $pass ))