Extension:Email Authorization

This extension requires the PluggableAuth extension to be installed first.
MediaWiki extensions manual
Email Authorization
Release status: stable
Implementation User rights
Description Implements the PluggableAuth PluggableAuthUserAuthorization hook to provide authorization using a list of authorized email addresses.
Author(s) Cindy Cicalese
Latest version 3.0 (2022-03-27)
Compatibility policy Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki 1.35+
PHP 7.4+
Database changes Yes
Tables emailauth
emailrequest
License MIT License
Download
  • $wgEmailAuthorization_RequestFields
  • $wgEmailAuthorization_EnableRequests
  • $wgEmailAuthorization_AuthorizedGroups
emailauthorizationconfig
Translate the Email Authorization extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The Email Authorization extension implements the PluggableAuth PluggableAuthUserAuthorization hook to provide authorization using a list of authorized email addresses. It provides a special page, Special:EmailAuthorizationConfig, for an administrator to use to add and remove email addresses and email domains from the authorization list.

Installation

This extension requires PluggableAuth to be installed first.
  • Download and move the extracted EmailAuthorization folder to your extensions/ directory.
    Developers and code contributors should install the extension from Git instead, using:cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/EmailAuthorization
  • Add the following code at the bottom of your LocalSettings.php file:
    wfLoadExtension( 'EmailAuthorization' );
    
  • Run the update script which will automatically create the necessary database tables that this extension needs.
  • run git submodule update --init
  • Configure as required
  •   Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration

Flag Default Description
$wgEmailAuthorization_AuthorizedGroups [] An array of MediaWiki groups whose members are authorized regardless of whether their email addresses are authorized. This is especially useful to bootstrap the extension when it is installed by authorizing, for example, all members of the sysop group.
$wgEmailAuthorization_EnableRequests false Indicates whether a special page (Special:EmailAuthorizationRequest) will be available for accounts to be requested. If enabled, that page will contain a form used to request an account. By default, that form will contain a single field: email address. Additional fields can be specified by $wgEmailAuthorization_RequestFields. In addition, if true, a special page (Special:EmailAuthorizationApprove) will be available for users in the bureaucrat group to approve accounts.
$wgEmailAuthorization_RequestFields [] An array of additional fields for the request form. The definition of each field is itself an array with the following possible fields:
  • label - the label for the field (string); must be present
  • mandatory - if present and true, this field is mandatory
  • values - a comma separated list of strings that are the possible values of this field; the field will be a drop-down list
  • rows - if present, the number of rows in the text area for this field
  • columns - if present, the number of columns in the text field or text area for this field (default: 50)

The last three parameters (values, rows, and columns) are used to decide how to display the field. If values is present, a drop-down list will be displayed, and any values for rows and columns will be ignored. If values is not present but rows is present, a text area of the specified size will be displayed, with columns defaulting to 50 if it is not present. If only columns is present, a text field of the specified width will be displayed. If none are present, a text field of 50 columns will be displayed.

Regardless of the contents of this array, an email address field will be present as the first field.

For example,

$wgEmailAuthorization_RequestFields = [
  [
    'label' => 'Organization',
    'mandatory' => true
  ],
  [
    'label' => 'Extra Information',
    'rows' => 4,
    'columns' => 60
  ],
  [
    'label' => 'Animals',
    'values' => [ 'dog', 'cat' ]
  ]
];

would display a mandatory text field (Organization) with 50 columns, a text area with 4 rows and 60 columns (Extra Information), and a drop-down list to choose between dog and cat (Animals).

Users who should be able to add and revoke email addresses and email domains on the Special:EmailAuthorizationConfig page must be given the emailauthorizationconfig right. For example:

$wgGroupPermissions['bureaucrat']['emailauthorizationconfig'] = true;
Since this extension relies upon the user's email address to perform authorization, you should prevent the user from editing it with the following configuration:
$wgPluggableAuth_EnableLocalProperties = false;

Hooks

This extension supplies the following hooks to other extensions:

  • EmailAuthorizationAdd and EmailAuthorizationRevoke take a single parameter: an email address or email domain (i.e. @ followed by the domain).
  • EmailAuthorizationRequest takes the following parameters: an email address and a JSON-encoded array of form fields.
  • EmailAuthorizationApprove and EmailAuthorizationReject take the following parameters: an email address, a JSON-encoded array of form fields, and the User object of the bureaucrat approving/rejecting the account request.

Version history

Version 3.0
  • Updated to work with PluggableAuth 6.0
Version 2.0
  • Added $wgEmailAuthorization_AuthorizedGroups
  • Added support for postgres and sqlite in addition to existing mysql/mariadb support
  • Use datatables jQuery plug-in on email authorization dashboard
  • Convert UI to use OOUI
  • Modernize code (type hints, dependency injection, global config, new hook system, linting, tests)
  • Fix IDatabase::upsert() calls with bad unique key parameters
Version 1.5
  • Trim and lowercase emails before adding them
Version 1.4
  • Added PHPCS and autofix some found sniffs with PHPCBF
Version 1.3
  • Added optional account request capability controlled by $wgEmailAuthorization_EnableRequests
    • Special:EmailAuthorizationRequest
    • Special:EmailAuthorizationApprove
Version 1.2
  • Change message prefix to prevent collisions with other extensions
  • Table formatting
  • Renamed Special:ConfigEmailAuthorization to Special:EmailAuthorizationConfig
Version 1.1
  • Bug fix: adding email address that already existed threw exception
  • Email addresses and domains entered in Special:ConfigEmailAuthorization now are validated
  • Added missing rights messages
Version 1.0
  • Initial version

Known issues

Versions before 2.0 did not work with PostgreSQL. See T293933.