Extension:UserVerification
UserVerification Release status: beta |
|
---|---|
Implementation | Hook , Special page |
Description | Provides a framework to manage verified users through different methods and to restrict performing actions to verified or email-authenticated users |
Author(s) | thomas-topway-it (thomas-topway-ittalk) |
Latest version | 1.0 (2024-08-18) |
Compatibility policy | Master maintains backward compatibility. |
MediaWiki | 1.35+ |
License | GNU General Public License 2.0 or later |
Download | |
|
|
|
|
Quarterly downloads | 4 (Ranked 128th) |
Translate the UserVerification extension if it is available at translatewiki.net | |
UserVerification provides a framework to manage verified users through different methods and to restrict performing actions to verified or email-authenticated users. It is conceived to be a near-optimal solution to protect the wiki from spam users, or to restrict the execution of specific actions based on a strict user verification. Could be used in conjunction with Extension:PageOwnership and Extension:PageEncryption.
Key-features:
- sensitive user data are protected with symmetric and asymmetric encryption (based on Sodium and Defuse php-encryption)
- prevents unverified users to perform the designated set of actions
- intuitive UI by which to manage user verification (for administrators) and to enter data for users
- prevents not email authenticated users to edit the wiki as long as the global parameter
$wgUserVerificationEmailConfirmToEdit
is set to true
Installation
edit- Download and move the extracted UserVerification folder to your
extensions/
directory - Run
composer update --no-dev
in the extension's folder, to install the required PHP libraries - Add the following code at the bottom of your LocalSettings.php
wfLoadExtension( 'UserVerification' );
- Run
php maintenance/update.php
(it will create the database tables that this extension needs) - run
php extensions/UserVerification/maintenance/CreateKeys.php --password [your password]
in order to create a site-level password by which to encrypt/decrypt all sensitive data, including files with ID and proof of residence, entered by users. - Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
It is strongly suggested to also install the Extension:EmailNotifications which replaces the standard MediaWiki UserMailer for improved reliability |
After the installation only registered users with verified email address will be able to edit the wiki, unless $wgUserVerificationEmailConfirmToEdit is set to false |
Special page Manage users
editThe extension provides a special page by which to monitor and manage the verification status of all users, with relevant information like "email authenticated", "editcount", "autoconfirmed", etc. The verification status can be edited by authorized users between the values "none", "pending", "verified", "not required".
Special page User verification
editAs long as an action is added to the global parameter $wgUserVerificationRequireUserVerifiedActions
and the user does not have the right "userverification-can-manage-verification", the action is forbidden until the status of the user is not verified.
The extension will therefore show a message to the user, with a link to the following form:
by which the user is required to enter the following information:
- first name
- last name
- sex (includes the option "decline sex identity")
- date of birth
- place of birth
- country of birth
- country of residence
- address of residence
- phone number (optional)
- proof of identity (file)
- proof of residence (file)
Note that these are standard information required for an official identification and they are fit to adequately identify an user. Future versions of the extensions may also feature alternate methods for user verification, like Orchid, Credas, Twitter, Linked-in, Facebook, Github, etc., only upon explicit request. [1].
Also note that all the entered data are encrypted with an asymmetric key created through the maintenance script CreateKeys, and then read through an encrypted private key unlocked through a symmetric encryption. (asymmetric encryption is based on Sodium and symmetric encryption on Defuse php-encryption.
Once that the user has inserted their data, they will be accessible from the Special page Manage users, after inserting the site-level password (required to decrypt the private key)
Also note that in order to let the users upload files, the folder specified from the parameter $UserVerificationUploadDir
("{$IP}/../MWUploads/UserVerification" by default) must be writable by the webserver.
Configuration
editvariable | description | default |
---|---|---|
$wgUserVerificationEmailConfirmToEdit |
require email verification to edit | true |
$wgUserVerificationRequireUserVerifiedActions |
require user verification to perform the specified actions | []
|
$wgUserVerificationUploadDir |
{$IP}/../MWUploads/UserVerification |
|
$wgUserVerificationDisableVersionCheck |
disable version check | false
|
Example configuration:
$wgUserVerificationEmailConfirmToEdit = true; $wgUserVerificationRequireUserVerifiedActions = [ 'edit' ]; $wgUserVerificationUploadDir = "{$IP}/../MWUploads/UserVerification";
Rights and privileges
editGroups
editThe extension creates the following groups: (they are assignable to users through the standard special page Special:UserRights)
group | description |
---|---|
userverification-admin |
let users to manage verified users |
userverification-require-verification |
convenience group for the use with Extension:PageOwnership |
userverification-do-not-require-verification |
convenience group for the use with Extension:PageOwnership |
The extension creates the following user rights.
right | description |
---|---|
userverification-can-manage-verification |
Can manage verification of all users of the wiki |
Group rights
editgroup | userverification-can-manage-verification |
---|---|
sysop |
v |
bureaucrat |
v |
userverification-admin |
v |
Roadmap
edit- add Extension:Echo notifications for admins on user registration
- show alert to users after sign-up to require email verification (if
$wgUserVerificationEmailConfirmToEdit
is set to true) - add alternative user verification like Orchid, Credas, Twitter, Linked-in, Facebook, Github, etc. (only on request, please write at the email address posted here)
See also
edit- Extension:EmailNotifications
- Extension:PageOwnership
- Extension:PageEncryption
- Extension:InviteSignup
- Extension:ConfirmAccount
- ↑ An optimal way is by using government's digital identity of your country, like https://www.spid.gov.it/, or EU's electronic-identification