Extension:Email Authorization
Email Authorization Release status: stable |
|
---|---|
Implementation | User rights |
Description | Implements the PluggableAuth PluggableAuthUserAuthorization hook to provide authorization using a list of authorized email addresses. |
Author(s) | Cindy Cicalese |
Latest version | 3.0 (2022-03-27) |
Compatibility policy | Snapshots releases along with MediaWiki. Master is not backward compatible. |
MediaWiki | 1.35+ |
PHP | 7.4+ |
Database changes | Yes |
Tables | emailauth emailrequest |
License | MIT License |
Download | |
|
|
emailauthorizationconfig |
|
Translate the Email Authorization extension if it is available at translatewiki.net | |
Issues | Open tasks · Report a bug |
The Email Authorization extension implements the PluggableAuth PluggableAuthUserAuthorization
hook to provide authorization using a list of authorized email addresses.
It provides a special page, Special:EmailAuthorizationConfig
, for an administrator to use to add and remove email addresses and email domains from the authorization list.
Installation
- Download and move the extracted
EmailAuthorization
folder to yourextensions/
directory.
Developers and code contributors should install the extension from Git instead, using:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/EmailAuthorization - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'EmailAuthorization' );
- Run the update script which will automatically create the necessary database tables that this extension needs.
- run
git submodule update --init
- Configure as required
- Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Configuration
Flag | Default | Description |
---|---|---|
$wgEmailAuthorization_AuthorizedGroups
|
[]
|
An array of MediaWiki groups whose members are authorized regardless of whether their email addresses are authorized. This is especially useful to bootstrap the extension when it is installed by authorizing, for example, all members of the sysop group.
|
$wgEmailAuthorization_EnableRequests
|
false
|
Indicates whether a special page (Special:EmailAuthorizationRequest ) will be available for accounts to be requested. If enabled, that page will contain a form used to request an account. By default, that form will contain a single field: email address. Additional fields can be specified by $wgEmailAuthorization_RequestFields . In addition, if true, a special page (Special:EmailAuthorizationApprove ) will be available for users in the bureaucrat group to approve accounts.
|
$wgEmailAuthorization_RequestFields
|
[]
|
An array of additional fields for the request form. The definition of each field is itself an array with the following possible fields:
The last three parameters (values, rows, and columns) are used to decide how to display the field. If values is present, a drop-down list will be displayed, and any values for rows and columns will be ignored. If values is not present but rows is present, a text area of the specified size will be displayed, with columns defaulting to 50 if it is not present. If only columns is present, a text field of the specified width will be displayed. If none are present, a text field of 50 columns will be displayed. Regardless of the contents of this array, an email address field will be present as the first field. For example, $wgEmailAuthorization_RequestFields = [
[
'label' => 'Organization',
'mandatory' => true
],
[
'label' => 'Extra Information',
'rows' => 4,
'columns' => 60
],
[
'label' => 'Animals',
'values' => [ 'dog', 'cat' ]
]
];
would display a mandatory text field (Organization) with 50 columns, a text area with 4 rows and 60 columns (Extra Information), and a drop-down list to choose between dog and cat (Animals). |
Users who should be able to add and revoke email addresses and email domains on the Special:EmailAuthorizationConfig
page must be given the emailauthorizationconfig right.
For example:
$wgGroupPermissions['bureaucrat']['emailauthorizationconfig'] = true;
$wgPluggableAuth_EnableLocalProperties = false;
Hooks
This extension supplies the following hooks to other extensions:
EmailAuthorizationAdd
andEmailAuthorizationRevoke
take a single parameter: an email address or email domain (i.e. @ followed by the domain).EmailAuthorizationRequest
takes the following parameters: an email address and a JSON-encoded array of form fields.EmailAuthorizationApprove
andEmailAuthorizationReject
take the following parameters: an email address, a JSON-encoded array of form fields, and the User object of the bureaucrat approving/rejecting the account request.
Version history
- Version 3.0
- Updated to work with PluggableAuth 6.0
- Version 2.0
- Added
$wgEmailAuthorization_AuthorizedGroups
- Added support for postgres and sqlite in addition to existing mysql/mariadb support
- Use datatables jQuery plug-in on email authorization dashboard
- Convert UI to use OOUI
- Modernize code (type hints, dependency injection, global config, new hook system, linting, tests)
- Fix IDatabase::upsert() calls with bad unique key parameters
- Version 1.5
- Trim and lowercase emails before adding them
- Version 1.4
- Added PHPCS and autofix some found sniffs with PHPCBF
- Version 1.3
- Added optional account request capability controlled by
$wgEmailAuthorization_EnableRequests
Special:EmailAuthorizationRequest
Special:EmailAuthorizationApprove
- Version 1.2
- Change message prefix to prevent collisions with other extensions
- Table formatting
- Renamed
Special:ConfigEmailAuthorization
toSpecial:EmailAuthorizationConfig
- Version 1.1
- Bug fix: adding email address that already existed threw exception
- Email addresses and domains entered in
Special:ConfigEmailAuthorization
now are validated - Added missing rights messages
- Version 1.0
- Initial version
Known issues
Versions before 2.0 did not work with PostgreSQL. See T293933.
This extension is included in the following wiki farms/hosts and/or packages: This is not an authoritative list. Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm. |