We've found a few problems with UserAdmin and MW 1.24.1:
- User::ValidEmailAddr() is gone, it's necessary to use Sanitizer::validateEmail() instead.
- wfLoadExtensionMessages() is no longer required.
The patch below for UserAdmin 0.9.1 fixes these problems and adds a configuration variable $wgUserAdminExternalAuth. If true, then UserAdmin basically disables all the password options. In our setup we use LDAP for authNZ and don't want local passwords.
I haven't looked at submitting this to the UserAdmin author for consideration yet, but I post it here in case it's useful for anyone else.
--- README
+++ README
@@ -7,6 +7,9 @@ private wikis that require tighter contr
Usage:
require_once("$IP/extensions/UserAdmin/UserAdmin.php"); in LocalSettings.php
+If $wgUserAdminExternalAuth is true, then password options are not used. It is
+assumed that users are authenticated against an external authority such as LDAP.
+
Docs: http://www.mediawiki.org/wiki/Extension:UserAdmin
Author: Lance Gatlin <lance.gatlin@gmail.com> Ap.Muthu <apmuthu@usa.net>
License: http://opensource.org/licenses/gpl-3.0.html GNU Public License 3.0
--- SpecialAddUser.class.php
+++ SpecialAddUser.class.php
@@ -89,7 +89,7 @@ class SpecialAddUser extends SpecialUADM
*/
function doGET()
{
- global $wgLang, $wgOut, $wgUser, $wgAuth;
+ global $wgLang, $wgOut, $wgUser, $wgAuth, $wgUserAdminExternalAuth;
$this->validateGETParams();
@@ -183,7 +183,7 @@ EOT;
EOT;
}
- return <<<EOT
+ $previewHTML = <<<EOT
<form id="adduserform" name="input" action="$postURL" method="post" class="visualClear">
<input type="hidden" name="edittoken" value="$editToken"/>
<fieldset>
@@ -207,6 +207,10 @@ $domainHTML
<legend>$this->editgroupslabel</legend>
$groupsHTML
</fieldset>
+EOT;
+ # Don't display the password stuff if we're externally authenticating.
+ if ( !$wgUserAdminExternalAuth ) {
+ $previewHTML .= <<<EOT
<fieldset>
<legend>$this->editpasswordlabel</legend>
<input id="pwdmanual" type="radio" name="pwdaction" value="manual" $setPasswordChecked/> <label for="pwdmanual">$this->setpasswordforuserlabel</label><br/>
@@ -223,11 +227,17 @@ $domainHTML
<input id="pwdemailwelcome" type="radio" name="pwdaction" value="emailwelcome" $emailWelcomeChecked/> <label for="pwdemailwelcome">$this->emailwelcomelabel</label> <button type="submit" name="action" value="emailwelcomepreview">$this->previewactionlabel</button> (<a href="$welcomeTitleHref">$this->subjectlabel</a> | <a href="$welcomeTextHref">$this->bodylabel</a>)<br/>
$previewWelcomeEmailHTML
</fieldset>
+EOT;
+ }
+
+ $previewHTML .= <<<EOT
+
<button type="submit" name="action" value="adduser">$this->adduserlabel</button>
</fieldset>
</form>
$returnToHTML
EOT;
+ return $previewHTML;
}
/*
@@ -235,7 +245,7 @@ EOT;
*/
function validatePOSTParams()
{
- global $wgUser, $wgAuth;
+ global $wgUser, $wgAuth, $wgUserAdminExternalAuth;
// Validate FORM
if(empty($this->username))
@@ -266,24 +276,26 @@ EOT;
if(empty($this->email))
throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->emailfield));
- if(!User::isValidEmailAddr($this->email))
+ if(!Sanitizer::validateEmail($this->email))
throw new InvalidPOSTParamException(wfMsg('uadm-invalidemailmsg',$this->emailfield));
- if(empty($this->pwdaction))
- throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg'));
-
- if($this->pwdaction == 'manual')
- {
- if(empty($this->password1) || empty($this->password2))
- throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->passwordfield));
+ # Ignore password bits if we're externally authenticating
+ if ( !$wgUserAdminExternalAuth ) {
+ if(empty($this->pwdaction))
+ throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg'));
- if($this->password1 != $this->password2)
- throw new InvalidPOSTParamException(wfMsg('uadm-passwordsmustmatchmsg'));
-
+ if($this->pwdaction == 'manual')
+ {
+ if(empty($this->password1) || empty($this->password2))
+ throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->passwordfield));
+
+ if($this->password1 != $this->password2)
+ throw new InvalidPOSTParamException(wfMsg('uadm-passwordsmustmatchmsg'));
+
+ }
+ elseif($this->pwdaction != 'email' && $this->pwdaction != 'emailwelcome')
+ throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg'));
}
- elseif($this->pwdaction != 'email' && $this->pwdaction != 'emailwelcome')
- throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg'));
-
}
@@ -294,7 +306,7 @@ EOT;
*/
function doPOST()
{
- global $wgUser, $wgAuth;
+ global $wgUser, $wgAuth, $wgUserAdminExternalAuth;
switch($this->action)
{
@@ -328,29 +340,35 @@ EOT;
$successWikiText = array();
$successWikiText[] = wfMsg('uadm-newusersuccessmsg', $this->username);
- $userPassword = '';
- switch($this->pwdaction)
- {
- case 'manual' :
- try {
- $user->setPassword($this->password1);
- $userPassword = $this->password1;
- }
- catch(PasswordError $pe)
- {
- return $this->getPOSTRedirectURL(false, wfMsg('uadm-passworderrormsg') . $pe->getText());
- }
- $successWikiText[] = wfMsg('uadm-passwordchangesuccessmsg',$this->username);
- break;
-
- case 'emailwelcome' :
- $result = self::mailWelcomeAndPassword($user);
-
- if( WikiError::isError( $result ) )
- return $this->getPOSTRedirectURL( false, wfMsg( 'uadm-mailerror', $result->getMessage() ) );
-
- $successWikiText[] = wfMsg('uadm-welcomeemailsuccessmsg', $this->username, $this->email);
- break;
+ # Don't bother with password if we're authenticating externally
+ if ( !$wgUserAdminExternalAuth ) {
+ $userPassword = '';
+ switch($this->pwdaction)
+ {
+ case 'manual' :
+ try {
+ $user->setPassword($this->password1);
+ $userPassword = $this->password1;
+ }
+ catch(PasswordError $pe)
+ {
+ return $this->getPOSTRedirectURL(false, wfMsg('uadm-passworderrormsg') . $pe->getText());
+ }
+ $successWikiText[] = wfMsg('uadm-passwordchangesuccessmsg',$this->username);
+ break;
+
+ case 'emailwelcome' :
+ $result = self::mailWelcomeAndPassword($user);
+
+ if( WikiError::isError( $result ) )
+ return $this->getPOSTRedirectURL( false, wfMsg( 'uadm-mailerror', $result->getMessage() ) );
+
+ $successWikiText[] = wfMsg('uadm-welcomeemailsuccessmsg', $this->username, $this->email);
+ break;
+ }
+ } else {
+ # Just set a dummy random password which will never be used
+ $userPassword = substr(str_shuffle(MD5(microtime())), 0, 10);
}
$user->setToken();
@@ -408,4 +426,4 @@ EOT;
// user just added
return $this->getSpecialPageURL('EditUser',$this->username, array('statusmsg' => base64_encode($successWikiText), 'statusok' => true, 'returnto' => $this->returnto));
}
-}
\ No newline at end of file
+}
--- SpecialEditUser.class.php
+++ SpecialEditUser.class.php
@@ -124,7 +124,7 @@ class SpecialEditUser extends SpecialUAD
*/
function doGET()
{
- global $wgLang, $wgOut, $wgUser, $wgAuth;
+ global $wgLang, $wgOut, $wgUser, $wgAuth, $wgUserAdminExternalAuth;
$user = $this->validateGETParams();
@@ -316,7 +316,7 @@ EOT;
EOT;
}
- return <<<EOT
+ $previewHTML = <<<EOT
<form id="edituserform" name="input" action="$postURL" method="post" class="visualClear">
<input type="hidden" name="edittoken" value="$editToken"/>
<fieldset>
@@ -364,6 +364,9 @@ $domainHTML
<legend>$this->editgroupslabel:</legend>
$groupsHTML
</fieldset>
+EOT;
+ if ( !$wgUserAdminExternalAuth ) {
+ $previewHTML .= <<<EOT
<fieldset>
<legend>$this->editpasswordlabel:</legend>
<input id="pwdmanual" type="radio" name="pwdaction" value="manual" $pwdSetPasswordChecked/> <label for="pwdmanual">$this->setpasswordforuserlabel:</label><br/>
@@ -383,6 +386,9 @@ $domainHTML
$previewWelcomeEmailHTML
<input id="pwdnochange" type="radio" name="pwdaction" value="nochange" $pwdNoChangeChecked/> <label for="pwdnochange">$this->nochangetopasswordlabel</label><br/>
</fieldset>
+EOT;
+ }
+ $previewHTML .= <<<EOT
<label for="reason">$this->reasonlabel:</label> <input id="reason" type="text" name="reason" size="60" maxlength="255" value="$this->reason"/> $this->requiredlabel<br/>
<button type="submit" name="action" value="saveuser">$this->saveuserlabel</button>
</fieldset>
@@ -390,6 +396,7 @@ $domainHTML
$searchFormHTML
$returnToHTML
EOT;
+ return $previewHTML;
}
/*
@@ -397,7 +404,7 @@ EOT;
*/
function validatePOSTParams()
{
- global $wgUser, $wgAuth;
+ global $wgUser, $wgAuth, $wgUserAdminExternalAuth;
$user = User::newFromId($this->userid);
if(!$user->loadFromId())
@@ -436,26 +443,29 @@ EOT;
if(empty($this->email))
throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->emailfield));
- if(!User::isValidEmailAddr($this->email))
+ if(!Sanitizer::validateEmail($this->email))
throw new InvalidPOSTParamException(wfMsg('uadm-invalidemailmsg',$this->emailfield));
if(empty($this->reason))
throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->reasonfield));
- if(empty($this->pwdaction))
- throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg'));
-
- if($this->action == 'saveuser' && $this->pwdaction == 'manual')
- {
- if(empty($this->password1) || empty($this->password2))
- throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->passwordfield));
-
- if($this->password1 != $this->password2)
- throw new InvalidPOSTParamException(wfMsg('uadm-passwordsmustmatchmsg'));
-
-// $result = $user->checkPassword($this->password1);
-// if($result !== true)
-// throw new InvalidPOSTParamException(wfMsg('uadm-invalidpasswordmsg'));
+ # Ignore password information if we're authenticating externally
+ if ( !$wgUserAdminExternalAuth ) {
+ if(empty($this->pwdaction))
+ throw new InvalidPOSTParamException(wfMsg('uadm-formsubmissionerrormsg'));
+
+ if($this->action == 'saveuser' && $this->pwdaction == 'manual')
+ {
+ if(empty($this->password1) || empty($this->password2))
+ throw new InvalidPOSTParamException(wfMsg('uadm-fieldisrequiredmsg',$this->passwordfield));
+
+ if($this->password1 != $this->password2)
+ throw new InvalidPOSTParamException(wfMsg('uadm-passwordsmustmatchmsg'));
+
+ // $result = $user->checkPassword($this->password1);
+ // if($result !== true)
+ // throw new InvalidPOSTParamException(wfMsg('uadm-invalidpasswordmsg'));
+ }
}
return $user;
@@ -646,4 +656,4 @@ EOT;
return $this->getPOSTRedirectURL(true, $successWikiText);
}
-}
\ No newline at end of file
+}
--- SpecialUADMBase.class.php
+++ SpecialUADMBase.class.php
@@ -56,8 +56,6 @@ abstract class SpecialUADMBase extends S
{
parent::__construct($name, $rights);
- wfLoadExtensionMessages('UserAdmin');
-
$this->mURL = $this->getTitle()->getLocalURL();
}
@@ -603,4 +601,4 @@ EOT;
EOT;
}
-}
\ No newline at end of file
+}
--- UserAdmin.php
+++ UserAdmin.php
@@ -37,6 +37,9 @@ $wgExtensionCredits['specialpage'][] = a
$dir = dirname(__FILE__) . '/';
+# wgUserAdminExternalAuth indicates that external auth is used (e.g. LDAP) instead of passwords.
+$wgUserAdminExternalAuth = false;
+
$wgExtensionMessagesFiles['UserAdmin'] = $dir . 'UserAdmin.i18n.php';
$wgAutoloadClasses['SpecialUserAdminPanel'] = $dir . 'SpecialUserAdminPanel.class.php';