Extension:GoogleLogin/PreAuthManager
GoogleLogin リリースの状態: ベータ |
|
---|---|
実装 | User identity, Special page |
説明 | Google APIを使用したGoogleアカウントでログインできるようにします。 |
作者 | Florian Schmidt (Florianschmidtwelzowトーク) |
最新バージョン | ライフサイクルをご覧ください。 (2015-04-23) |
MediaWiki | see the version lifecycle |
PHP | 5.3+ (since 0.4.0: 5.5+) |
データベースの変更 | はい |
ライセンス | MIT ライセンス |
ダウンロード | Extension:GoogleLogin/Changelog |
|
|
|
|
四半期ごとのダウンロード数 | 64 (Ranked 72nd) |
translatewiki.net で翻訳を利用できる場合は、GoogleLogin/PreAuthManager 拡張機能の翻訳にご協力ください | |
問題点 | 未解決のタスク · バグを報告 |
GoogleLoginの拡張機能は利用者がグーグルアカウントでもログインすることを許可します。 The extension uses Google API to request user data. If the user logged in first time, the extension allows to create a user with the Google email address and Google username (or given name, or an own name).
要件
必要な環境は以下の通りです。
- MediaWiki 1.23以上
- MySQL (SQLite,PostgreSQLはサポートされていません)
- PHP 5.3以上
- Google開発者 アクセス
- Google+ API アクセス
- バージョン v0.2.1〜バージョン 0.3.1まで(GoogleAPIClient のみ)[1]
- MediaWiki 1.23+ (for version v0.2.0 and above you need at least MediaWiki 1.24)
- MySQL (no PostgreSQL or SQLite support for now!)
- PHP 5.3+
- Google Developer Access
- Google+ API access
- API Credentials for Webapplication (Client ID and Client Secret)
- Version v0.2.1 until version 0.3.1 requires the Extension GoogleAPIClient[2], otherwise run
composer update
, only.
インストール
- ダウンロードして、ファイルを
extensions/
フォルダー内のGoogleLogin
という名前のディレクトリ内に配置します。
開発者とコード寄稿者は、上記の代わりに以下を使用してGitからインストールします:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/GoogleLogin - 以下のコードを LocalSettings.php ファイルの末尾に追加します:
require_once "$IP/extensions/GoogleLogin/GoogleLogin.php";
- 更新スクリプトを実行します。このスクリプトは、この拡張機能が必要とするデータベーステーブルを自動的に作成します。
- 必要なパラメータを設定する
- Make sure ./wiki/extensions/GoogleLogin/cache is writeable for root
- 完了 – ウィキの「Special:Version」に移動して、拡張機能が正しくインストールされたことを確認します。
設定
require_once
" directive added for this plugin. Otherwise any custom settings will be overwritten by the default settings, as referenced here: Topic:Si6ituq6hmxb07xmこの拡張機能には Client ID と Client Secret を設定する構成の変数が 2 種あります。 (Google Developer Console から入手したら 「<
」 と 「>
」を除去。)
$wgGLSecret = '<your-client-secret>';
$wgGLAppId = '<your-client-id>';
追加設定パラメータ
構成変数 | 安定バージョン | 既定値 | 説明 |
---|---|---|---|
$wgGLShowCreateReason[gerrit 1] | v0.1.1 (0.4.0 で除去) | false
|
If true, adds via GoogleLogin as reason in create account log entry. |
$wgGLAllowedDomains[gerrit 2] | v0.1.1 | ''
|
An array of email domains, which are allowed to use with GoogleLogin, e.g. array( 'example.com' ); . Default: all domains are allowed.
|
$wgGLAllowedDomainsStrict[gerrit 2] | v0.1.1 | false
|
Only observed, if $wgGLAllowedDomains is an array. If set to true, the email domain will be checked completely against the allowed domains (instead of only the TLD), e.g.:test.example.com isn't allowed if |
$wgGLShowKeepLogin[gerrit 3] | v0.1.2 (0.4.0 で除去) | true
|
If true, the keep login checkbox for GoogleLogin (before Login with Google button) is visible. |
$wgGLAllowAccountCreation[gerrit 4] | v0.1.2 (0.4.0 で除去) | $wgGroupPermissions['*']['createaccount']
|
Controls, if the user can create an account with GoogleLogin or not. As default, the value of group permissions for not logged in users will be used. |
$wgGLReplaceMWLogin[gerrit 4] | v0.1.2 (0.4.0 で除去) | false
|
If true, the MediaWiki Login-workflow will be replaced with GoogleLogin. Includes:
|
$wgGLForceKeepLogin[gerrit 5] | v0.2.0 (0.4.0 で除去) | false
|
Control, if Keep login (which means longer login sessions) is always enabled (even if the user doesn't checked the keep log box or GoogleLogin replaces MediaWiki's login!)
This configuration doesn't overwrite $wgGLShowKeepLogin, but it will overwrite the value of the keep login checkbox, so make sure, that you set this configuration to false if you want to avoid confusion.
|
$wgGLAPIKey[gerrit 6] | v0.2.1 | ''
|
Key for public API access. Used only for admin actions to check, if the user has a Google Plus profile or not. |
$wgGLShowRight[gerrit 7] | v0.3.0 (0.4.0 で除去) | false
|
If set to true, the Google Login button on Special:UserLogin will move to the right side of the form. |
$wgGLNeedsConfirmEmail[gerrit 8] | v0.3.0 (0.4.0 で除去) | true
|
Whether the user needs to confirm the google mail address after registration of a new local MediaWiki account, or not. |
Settings in Google Developer Console
To use this extension you need a Google developer account and access to the developer console. This is a simple (a very simple!) step-by-step guide (use Step 1 of the official step-by-step example with these settings):
- Read and accept the terms of service
- Create your first project
- Go to APIS & AUTH
- Go to APIs and enable Google+ API (read and accept the terms)
- Go to Credentials
- In Section OAuth click Create new Client ID
- Select as Web application as APPLICATION TYPE, as Authorized JavaScript origins type in your domain name (no wildcards and directories allowed!)
- Type in your Authorized redirect URI like this example:
- If your domain is example.com and you have installed MediaWiki in Root of your domain, the redirect URI is as follows: http://example.com/index.php/Special:GoogleLogin
- Click create and copy the Client ID and Client Secret to the configuration variables in LocalSettings.php
"Special:GoogleLogin" or (in German for example) "Spezial:Mit_Google_anmelden"
The allowed redirect URI in Google developer console must be in content language. So, if your wiki has content language German, then type in "Spezial:Mit_Google_anmelden" and not "Special:GoogleLogin". If you used the wrong language, all Authentication requests will fail with redirect uri mismatch.
デバッグ
Normally, you can see the error message on all generic error pages. Sometimes there are Internal Errors, called Exceptions. In this case, please add $wgShowExceptionDetails with value true in LocalSettings.php
to see the complete Exception message. For a support request, please provide always the lines of the Exception.
非公開ウィキでの使用
If you have set your Wiki to private with
$wgGroupPermissions['*']['read'] = false;
you have to whitelist the "Special:GoogleLogin" page, so that anonymous users can access the callback URL after being redirected from the authentication provider. You can do this by adding the following line to your LocalSettings.php:
$wgWhitelistRead = array( 'Special:GoogleLogin' );
Allow account creation only via GoogleLogin
It's possible to deactivate the account creation function of MediaWiki. Normally GoogleLogin don't give the option to create a new account, too. It's possible to change this, that Users can still create an account with GoogleLogin, but can't with the vanilla account creation form. For this you need to set up the following configuration varaibles in your LocalSettings.php
:
$wgGroupPermissions['*']['createaccount'] = false;
$wgGLAllowAccountCreation = true;
If you want to remove the Login form of MediaWiki, too, you can set this configuration variable, too:
$wgGLReplaceMWLogin = true;
If you want to remove GoogleLogin in the future for any reason, your users can still login into your MediaWiki installation without to register a new account. GoogleLogin creates normal MediaWiki-accounts with a random password. Your users just have to reset their password with the special page Special:PasswordReset.
MobileFrontend <-> GoogleLogin conflict (only with $wgGLReplaceMWLogin = true;
and MediaWiki <= 1.26!)
MediaWiki バージョン: | ≦ 1.25 |
MobileFrontend, the extension to provide a mobile optimized version of your wiki, actually conflicts with GoogleLogin if you set $wgGLReplaceMWLogin
to true
(to disallow login with the vanilla login form). In the case, that MobileFrontend is loaded after GoogleLogin (the require_once line of MobileFrontend in your LocalSettings.php
is after the one of GoogleLogin), the special page UserLogin (which handles the login with username and password) will be overwritten by GoogleLogin the first time and by MobileFrontend the second time (to provide a mobile optimized login page). In this case, MobileFrontends Replacement will win and mobile users can still login with username and passwords.
Actually this problem is solved in the MediaWiki release branch/version 1.26 (tracked in タスク T74910) of MobileFrontend. For older versions of MediaWiki/MobileFrontend you need to change the order in which the Extensions are loaded. Put the require_once and configuration lines of GoogleLogin somewhere after the ones of MobileFrontend in your LocalSettings.php
. This workaround should be obsolete in one of the next versions of MobileFrontend.
この拡張機能ができること
With the database update, the extension will create a new table called prefix_user_google_user which contains the needed connection between the wiki users and Google accounts. It stores only the Google UserId and the Wiki UserId.
If a user calls the special page GoogleLogin, they will instantly redirected to Google Authentication request to give your application access to some user information stored by Google . The user must accept this request (or they can not use the login with Google). After accepting, the user has the possibility, if they are not logged in as a wiki user, to create a new account. The username they can choose self or choose one of the suggestions, based on the Google user name and given name (if one s free and createable). If the chosen username is creatable (free, valid and not blocked), a new user with the username and the Google-Mail as e-mail-address will be created and linked to the Google Account.
If the user is logged in (means: they have already a wiki account) they can link this account with the Google account, this the user must do only once. If the connection is created, the user will be able to login simply by clicking Login with Google button on Special:Login.
グーグルアカウントとウィキのアカウントを紐づけできたら"special:googlelogin"でログインできます。
Google API PHP クライアント
This Extension uses the Google API PHP Client (included in versions before 0.2.1), distributed under the Apache 2.0 License. The Client can be downloaded from GitHub.
バージョン ライフサイクル
In the following table you'll find versions of the GoogleLogin extension, the corresponding MediaWiki version for which the GoogleLogin version was built for and if it's still supported (and until when) or not. Mostly the support of a version is nearly the same as the lifecycle of the corresponding MediaWiki version.
バージョン | Corresponding MediaWiki version | 状態 | リリース | ライフサイクル終了 |
---|---|---|---|---|
0.4.x | 1.28.x | 現行バージョン | 2017年11月 | |
0.4.0 | 1.27.x (LTS) | 現行バージョン | 2019年6月 | |
0.3.1 | 1.27.x (LTS) | 廃止 (replaced by 0.4.0) | ||
0.3.0 | 1.26.x | 旧バージョン | n/a | 2016年11月 |
0.2.1 | 1.25.x | discontinued | n/a | |
0.2.0 | 1.24.x | discontinued | n/a | |
0.1.3 | 1.23.x (LTS) | discontinued | n/a |
Versions included in the above table that are marked as discontinued will not receive any fixes. They may contain critical security vulnerabilities and other major bugs, including the threat of possible data loss and/or corruption. The developer has also issued a strong recommendation that only versions listed above as current version or at least legacy version should be used in a production environment. Legacy versions will most likely get fixes for reported bugs that harms the core functionality of the extension, while current versions get fixes for most of the reported bugs (even if they're not part of the core functionality). New features will most likely be part of new versions. Backporting features to older versions of GoogleLogin is up to the developer(s).
脚注