Extension:NetworkAuth
If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked.
For further details, see Security issues with authorisation extensions |
NetworkAuth Release status: stable |
|
---|---|
Implementation | User identity , User rights , Hook |
Description | Allows to automatically authenticate users coming from certain network addresses |
Author(s) | Olaf Lenz (Olenztalk) |
Latest version | 2.2 |
MediaWiki | >= 1.35.0 |
Database changes | No |
License | GNU General Public License 2.0 or later |
Download | |
|
|
Quarterly downloads | 5 (Ranked 131st) |
Translate the NetworkAuth extension if it is available at translatewiki.net | |
Issues | Open tasks · Report a bug |
The NetworkAuth extension is intended to bind particular network addresses to specific users. When the wiki is accessed from a specific network address, they will be automatically logged in with the specified user name. When a wiki is configured not to allow anonymous read and/or write access, the extension can be used to grant read and write access for users from particular network addresses (e.g., from the intranet of a company).
Installation
edit- Download and move the extracted
NetworkAuth
folder to yourextensions/
directory.
Developers and code contributors should install the extension from Git instead, using:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/NetworkAuth - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'NetworkAuth' );
- Configure as required.
- Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Configuration
editTo configure the extension, set the configuration parameter $wgNetworkAuthUsers
in LocalSettings.php , and optionally the configuration parameter $wgNetworkAuthSpecialUsers
.
Basic configuration
editThe configuration parameter $wgNetworkAuthUsers
is an array that can contain one or several arrays to configure what user is logged in when a wiki page is loaded from a specific network address.
NetworkAuth only becomes active when a user is not logged in already.
When NetworkAuth detects an attempt to load a page by an anonymous user, it will check whether the source IP address of the request is matched by any of the records in $wgNetworkAuthUsers
.
If it is, it will log in to the specified user.
The username defined in the configuration must be for a user that already exists in MediaWiki.
- Example
wfLoadExtension( 'NetworkAuth' );
// Log-in unlogged users from these networks
$wgNetworkAuthUsers[] = [
'iprange' => [
'127.0.0.1',
'10.1.10.0/24',
'10.2.10.152/32'
],
'user' => 'NetworkAuthUser',
];
// Log-in unlogged users when IP matches this regular expression
$wgNetworkAuthUsers[] = [
'ippattern' => '/10\.1\.10\..*/',
'user' => 'NetworkAuthUser',
];
// Log-in unlogged users when IP’s reverse DNS lookup matches this domain
$wgNetworkAuthUsers[] = [
'hostpattern' => '/.*\.domain\.example\.com/i',
'user' => 'AdminComputer',
];
/* To use the contents of the page MediaWiki:Networkauth-ips
* (Where the page is formatted as a '*' followed by either an IP or range)
*/
$wgNetworkAuthUsers[] = [
'ipmsg' => 'networkauth-ips',
'user' => 'Foo',
];
Optional configuration
editIt might be a good idea not to use NetworkAuth to log in to a normal user account but to a special user account instead that exists exclusively for this purpose (e.g., "NetworkAuthUser"). In that case, one can add this account to the configuration parameter $wgNetWorkAuthSpecialUsers
. Users in this list do not get the normal list of Personal Urls. Instead, the PersonalUrls show:
- that the user is logged in via the NetworkAuth extension
- the IP address of the user
- a link to log out
- a link to log in
- Example
$wgNetworkAuthSpecialUsers[] = 'NetworkAuthUser';
See also
edit- Extension:NetworkSession (also requires a token in addition to being on the network)
This extension is included in the following wiki farms/hosts and/or packages: This is not an authoritative list. Some wiki farms/hosts and/or packages may contain this extension even if they are not listed here. Always check with your wiki farms/hosts or bundle to confirm. |