Extension:StubUserWikiAuth
 Release status: stable |
|
|---|---|
| Implementation | User identity |
| Description | Transparently imports users from another wiki |
| Author(s) | |
| Latest version | 1.1.2 (2020-07-31) |
| Compatibility policy | Master maintains backward compatibility. |
| MediaWiki | 1.29-1.34 (1.35 untested) |
| Database changes | No |
| License | MIT License |
| Download | GitHub: Note: README |
The StubUserWikiAuth extension authenticates an account against a remote wiki, when the user row is a stub.
It's only used for users that have an empty password field on the database (the user_password field of the user table is empty).
The purpose is to allow users to log in after importing a wiki dump from another site (mainly with Manual:Grabbers), without having database access, providing they're the legitimate owners of that account.
After importing the dump, you should run the maintenance script populateUserTable.php located in the maintenance directory, to populate the user table with user names fetched from the page histories and logs.
This extension was based on an early version of Extension:MediaWikiAuth.
Installation
edit- Download and place the file(s) in a directory called
StubUserWikiAuthin yourextensions/folder. - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'StubUserWikiAuth' );
- Configure as required.
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Configuration
editAdd the following in LocalSettings.php:
$wgAuthManagerAutoConfig['primaryauth'][StubUserWikiAuth\StubUserWikiPasswordAuthenticationProvider::class] = [
'class' => StubUserWikiAuth\StubUserWikiPasswordAuthenticationProvider::class,
'args' => [ [
// URL to the remote api.php endpoint
'apiUrl' => 'https://www.mediawiki.org/w/api.php',
// URL to the Special:Preferences page (may be needed in some setups)
'prefsUrl' => 'https://www.mediawiki.org/wiki/Special:Preferences',
// Make this authentication not authoritative
'authoritative' => false,
// Prompt the user to change their password on first successful login
// The user can skip it, however. (default: true)
'promptPasswordChange' => true,
// Fetch user preferences from the remote wiki. (default:false)
// You can set it to an array of preferences that *won't* be imported
'fetchUserOptions' => true
] ],
// Weight of this authentication provider against others
// 10 should be fine
'sort' => 10,
];
Things you should change/review:
- apiUrl: URL to the remote api.php endpoint
- prefsUrl: URL to the Special:Preferences page (may be needed in some setups)
Things you can configure:
- promptPasswordChange: Prompt the user to change their password on first successful login. The user can skip it, however. (default: true)
- fetchUserOptions: Fetch user preferences from the remote wiki. (default:false) You can set it to an array of preferences that won't be imported
Logging
editYou can set up a log for diagnostic purposes, to see what external requests have been made. The logs don't contain private information like passwords, only the user name and if the login and import was successful, or if not what was the response from the remote api.
Example:
$wgDebugLogGroups['StubUserWikiAuth'] => '/var/log/mediawiki/StubUserWikiAuth_' . date('Ymd') . '.log';
Features not supported
edit- It doesn't write any on-wiki log to see what users were successfully logged-in and imported. You can, however, set up a log as described above.
- Also, there's no public flag or indication about a user being imported. Nobody can know (unless looking at the database or server logs) if a user was imported unless the user make edits on their account.
- It doesn't import the watchlist. Large watchlists may be problematic, and it's easy for a user to edit their watchlist in raw on both wikis to copy & paste it on to the new wiki.