/usr/share/mediawiki-extensions/ldapauth/LdapAutoAuthentication.php is in mediawiki-extensions-ldapauth 3.6.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | <?php
class LdapAutoAuthentication {
/**
* Does the web server authentication piece of the LDAP plugin.
*
* @param $user User
* @param $result bool
* @return bool
*/
public static function Authenticate( $user, &$result = null ) {
/**
* @var $wgAuth LdapAuthenticationPlugin
*/
global $wgAuth;
$wgAuth->printDebug( "Entering AutoAuthentication.", NONSENSITIVE );
if ( $user->isLoggedIn() ) {
$wgAuth->printDebug( "User is already logged in.", NONSENSITIVE );
return true;
}
$wgAuth->printDebug( "User isn't logged in, calling setup.", NONSENSITIVE );
// Let regular authentication plugins configure themselves for auto
// authentication chaining
$wgAuth->autoAuthSetup();
$autoauthname = $wgAuth->getConf( 'AutoAuthUsername' );
$wgAuth->printDebug( "Calling authenticate with username ($autoauthname).", NONSENSITIVE );
// The user hasn't already been authenticated, let's check them
$authenticated = $wgAuth->authenticate( $autoauthname, '' );
if ( !$authenticated ) {
// If the user doesn't exist in LDAP, there isn't much reason to
// go any further.
$wgAuth->printDebug( "User wasn't found in LDAP, exiting.", NONSENSITIVE );
return false;
}
// We need the username that MediaWiki will always use, not necessarily the one we
// get from LDAP.
$mungedUsername = $wgAuth->getCanonicalName( $autoauthname );
$wgAuth->printDebug( "User exists in LDAP; finding the user by name ($mungedUsername) in MediaWiki.", NONSENSITIVE );
$localId = User::idFromName( $mungedUsername );
$wgAuth->printDebug( "Got id ($localId).", NONSENSITIVE );
// Is the user already in the database?
if ( !$localId ) {
$userAdded = self::attemptAddUser( $user, $mungedUsername );
if ( !$userAdded ) {
$result = false;
return false;
}
} else {
$wgAuth->printDebug( "User exists in local database, logging in.", NONSENSITIVE );
$user->setID( $localId );
$user->loadFromId();
$user->setCookies();
$wgAuth->updateUser( $user );
wfSetupSession();
$result = true;
}
return true;
}
/**
* @param $user User
* @param $mungedUsername String
* @return bool
*/
public static function attemptAddUser( $user, $mungedUsername ) {
/**
* @var $wgAuth LdapAuthenticationPlugin
*/
global $wgAuth;
if ( !$wgAuth->autoCreate() ) {
$wgAuth->printDebug( "Cannot automatically create accounts.", NONSENSITIVE );
return false;
}
$wgAuth->printDebug( "User does not exist in local database; creating.", NONSENSITIVE );
// Checks passed, create the user
$user->loadDefaults( $mungedUsername );
$user->addToDatabase();
$wgAuth->initUser( $user, true );
$user->setCookies();
wfSetupSession();
# Update user count
$ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 );
$ssUpdate->doUpdate();
# Notify hooks (e.g. Newuserlog)
wfRunHooks( 'AuthPluginAutoCreate', array( $user ) );
return true;
}
/**
* No logout link in MW
* @param $personal_urls array
* @param $title Title
* @return bool
*/
public static function NoLogout( &$personal_urls, $title ) {
/**
* @var $wgAuth LdapAuthenticationPlugin
*/
global $wgAuth;
$wgAuth->printDebug( "Entering NoLogout.", NONSENSITIVE );
unset( $personal_urls['logout'] );
return true;
}
}
|