MediaWiki

Extension talk:Auth remoteuser

About this board

Previous discussion was archived at Extension talk:Auth remoteuser/Archive on 16 June 2020.

Start a new topic
You are not logged in. To receive attribution with your name instead of your IP address, you can log in or create an account.

New version release that is compatible to MediaWiki 1.39

One comment • 06:50, 10 May 2023 18 days ago
1
Osnard (talkcontribs)

The latest "released" version 2.1.1 is not yet compatible to MediaWiki 1.39. One needs either to use REL1_39 or master branch. Using master may be dangerous with future updates.

Unfortunately the extension description does not state an official "Compatibility policy".

Could the maintainer of this extension maybe update the "Compatibility policy" and/or release a version 3.0.0 that is compatible to MediaWiki 1.39?

Thanks in advance!

Reply 06:50, 10 May 2023 18 days ago
Reply to "New version release that is compatible to MediaWiki 1.39"

constant warnings

7 comments • 17:49, 18 April 2023 1 month ago
7
206.108.31.36 (talkcontribs)

looks like the new MediaWiki is throwing warning in the PHP errors log every page load


PHP Deprecated:  Use of PersonalUrls hook (used in hook-PersonalUrls-closure) was deprecated in MediaWiki 1.39. [Called from MediaWiki\HookContainer\HookContainer::run in C:\inetpub\wwwroot\wiki\includes\HookContainer\HookContainer.php at line 137] in C:\inetpub\wwwroot\wiki\includes\debug\MWDebug.php on line 381

Reply 01:20, 22 October 2022 7 months ago
Ciencia Al Poder (talkcontribs)

You should disable php deprecation notices on production websites. Otherwise, this may need to be a bugreport.

Reply 08:39, 22 October 2022 7 months ago
Huwmanbeing (talkcontribs)

Hmm, I'm getting this exact warning too, but not a problem once I turned off the notices.

Reply Edited 00:42, 3 December 2022 5 months ago
204.126.253.10 (talkcontribs)

MW 1.39: Continuous Deprecation notices on Auth_remoteuser.

When Auth_remoteuser extension is active, the following depreciation notices will appear:


Deprecated: Use of PersonalUrls hook was deprecated in MediaWiki 1.39. [Called from Hooks::register in /var/www/html/includes/Hooks.php at line 55] in /var/www/html/includes/debug/MWDebug.php on line 381

Deprecated: Hook PersonalUrls was deprecated in MediaWiki 1.39 but is registered in /var/www/html/extensions/PluggableAuth/extension.json in /var/www/html/includes/debug/MWDebug.php on line 381

Deprecated: Use of PersonalUrls hook (used in hook-PersonalUrls-closure) was deprecated in MediaWiki 1.39. [Called from MediaWiki\HookContainer\HookContainer::run in /var/www/html/includes/HookContainer/HookContainer.php at line 137] in /var/www/html/includes/debug/MWDebug.php on line 381


This is regardless of debugging statements specified in LocalSettings. All extensions are at the 1.39 release. Auth_remoteuser, LDAPAuthentication2, LDAPGroups, LDAPUserInfo, PluggableAuth.

Reply 17:03, 5 December 2022 5 months ago
Grandeescanciano (talkcontribs)

I have the same problem, any solution provided?

Also, somehow if Auth_remoteuser always trying to create a new user even though the User provided by $_SERVER[REMOTE_USER] exists.

Reply 10:19, 5 April 2023 1 month ago
91.192.31.192 (talkcontribs)

MediaWiki User

I have the same problem i version 1.38.4 is there any new solution for this problem?

Reply 13:22, 18 April 2023 1 month ago
Ciencia Al Poder (talkcontribs)

Read comment #1

Reply 17:49, 18 April 2023 1 month ago
Reply to "constant warnings"

MWException CAS update failed on user_touched

8 comments • 14:10, 3 March 2023 2 months ago
8
193.54.50.250 (talkcontribs)

Heelo,

after migration to Mediwaki 1.38.0 and upgradin extension too, I run into this message :

MWException: CAS update failed on user_touched. The version of the user to be saved is older than the current version.


Backtrace: from ../includes/user/User.php(2813)

  1. 0 ../includes/libs/rdbms/database/Database.php(4428): User->{closure}()
  2. 1 ../includes/libs/rdbms/database/DBConnRef.php(69): Wikimedia\Rdbms\Database->doAtomicSection()
  3. 2 ../includes/libs/rdbms/database/DBConnRef.php(645): Wikimedia\Rdbms\DBConnRef->__call()
  4. 3 ../includes/user/User.php(2825): Wikimedia\Rdbms\DBConnRef->doAtomicSection()
  5. 4 ../extensions/Auth_remoteuser/src/UserNameSessionProvider.php(846): User->saveSettings()
  6. 5 ../extensions/Auth_remoteuser/src/UserNameSessionProvider.php(630): MediaWiki\Extension\Auth_remoteuser\UserNameSessionProvider->setUserPrefs()
  7. 6 ../includes/session/SessionManager.php(843): MediaWiki\Extension\Auth_remoteuser\UserNameSessionProvider->refreshSessionInfo()
  8. 7 ../includes/session/SessionManager.php(544): MediaWiki\Session\SessionManager->loadSessionInfoFromStore()
  9. 8 ../includes/session/SessionManager.php(247): MediaWiki\Session\SessionManager->getSessionInfoForRequest()
  10. 9 ../includes/WebRequest.php(837): MediaWiki\Session\SessionManager->getSessionForRequest()
  11. 10 ../includes/session/SessionManager.php(168): WebRequest->getSession()
  12. 11 ../includes/Setup.php(861): MediaWiki\Session\SessionManager::getGlobalSession()
  13. 12 ../includes/WebStart.php(93): require_once(string)
  14. 13 ../index.php(44): require(string)


Any idea ?


Thanks

Reply 13:10, 3 June 2022 11 months ago
Ciencia Al Poder (talkcontribs)

You may look at the user_touched field of the user table for that particular user, if it contains a "sane" value. It should be a number-like, "YYYYMMDDHHmmss" (year month day hour minute second), in the past, not null nor empty

For example: 20000101000000

Reply Edited 10:38, 4 June 2022 11 months ago
2A01:E0A:29:9430:DB7:33C3:D4BF:80C1 (talkcontribs)

Thanks for your answer, the value stored is 20220603142256 that seems good to me.

I managed to get the extension working again (my configuration below):

 // Load extension
 wfLoadExtension( 'Auth_remoteuser' );
 
 // If account creation by anonymous users is forbidden, then allow
 // it to be created automatically.
 $wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['*']['autocreateaccount'] = true;
 
 // Remote source for user name
 $wgAuthRemoteuserUserName = $login;
 
 // Apply once on user creation
 $wgAuthRemoteuserUserPrefs = [
   'realname'    => $name,
   'language'    => 'fr',
   'email'       => $email
 ];
 
 // Apply on each request
 $wgAuthRemoteuserUserPrefsForced = [
   'realname'    => $undefined,
   'email'       => $undefined
 
 ];

in $wgAuthRemoteuserUserPrefsForced I used $undefined which is an undefined var. If I put everything that exist (such as a real var, a string or empty string) I trigger the error. The only way to make it work is to provide a variable that doesn't exist ... but it work as expected in the user profile ...

Reply 08:36, 7 June 2022 11 months ago
Martin schilliger (talkcontribs)

Yeah it works if I stop using `$wgAuthRemoteuserUserPrefsForced`, but that's not really a solution because I need to use it. It also only happens with one user, and the user table looks totally ordinary.

Any idea what triggers the warning and how to avoid it?

Reply Edited 10:44, 18 November 2022 6 months ago
Martin schilliger (talkcontribs)

I found out that it only happens if `$wgAuthRemoteuserUserPrefsForced` contains something different than the database, eg. if it has to change something. Runnung in PHP 7.4 right now, maybe this is the reason? Would be suprised if yes…

Reply 21:46, 27 December 2022 5 months ago
Martin schilliger (talkcontribs)

OMG! I believe I've found the solution! After allowing sysop to change userrights it works:

`$wgGroupPermissions['sysop']['userrights'] = true`

I don't really understand why it doesn't have this right the first place, but…

That solved another problem I had, but not the one we face here. No idea what's happening. I will try to find another solution for updating the user realname and email in the Wiki DB though. :-/

Reply Edited 13:20, 3 March 2023 2 months ago
Ciencia Al Poder (talkcontribs)

There's a "bureaucrat" user group that has the userrights right by default. sysops usually can do administrative tasks but not change other users' groups, unless you choose to give them that right.

Reply 11:05, 21 January 2023 4 months ago
Martin schilliger (talkcontribs)

I ended up commenting out in includes/user/User.php the lines 2600-2602 and now everything works like a charm:

throw new MWException( "CAS update failed on user_touched. ". 

"The version of the user to be saved is older than the current version."

);

I don't really understand why, but $dbw->affectedRows() returns 0 even the changes get written to the database this way. It sounds silly to remove the error throwing, but this way the extension works as intended.

Reply Edited 14:10, 3 March 2023 2 months ago
Reply to "MWException CAS update failed on user_touched"

How To for Authenticating Against Userss In MysQL DB

One comment • 05:18, 10 February 2023 3 months ago
1
Z929669 (talkcontribs)

For the past 11 years, our wiki has authorized access to users in the DB of my forum software. This has worked over at least two LTS MW versions using two different flavors of authentication extensions. However, in my attempt to upgrade my wiki to current 1.39.1 LTS, I've discovered that my working extension, Extension:IPBAuthLogin relies on a deprecated method, getCanonicalName(). It's a really simple extension that works very nicely for our needs. Closed wiki with access only to forum members by matching normalized user names supplied by the forum DB. Wiki user management is super simple.

So if I am unable to sort that out, I think Auth remoteuser will work if I can get some direction on how to configure for this use case ... which seems a lot simpler than the other methods where more configuration instruction is provided. I posted more detailed information about that problem on the help desk to see if I can get any general advice.

But this extension should be my ace-in-the-hole if someone would be so kind as to give me some nudges.

Thank you!

Reply 05:18, 10 February 2023 3 months ago
Reply to "How To for Authenticating Against Userss In MysQL DB"

LDAP AutoLogon with Windows user (but get logged in as "daemon")

3 comments • 09:17, 9 October 2022 7 months ago
3
Alenkei (talkcontribs)

I am running MediaWiki 1.38.2 on Debian 5.10.120-1:

MediaWiki 1.38.2

PHP 7.4.30 (fpm-fcgi)

MariaDB 10.6.8-MariaDB

ICU 67.1


With the following extensions:


VisualEditor        0.1.2

CategoryTree        –

ParserFunctions  1.6.0

TreeAndMenu        4.2.5, 2021-10-31

Auth_remoteuser     2.1.1 (7155b49)

CollapsibleVector    0.1.11

LDAPAuthentication 2 1.0.3

LDAPProvider        1.0.5

PluggableAuth        5.7


After much trial-and-errorI got LDAP Authentication to work.

Now I would like to get auto-login to work.


My apache runs as "daemon".

When I turn on Auth_remoteuser with:

wfLoadExtension( 'Auth_remoteuser' );

$wgAuthRemoteuserUserName =  getenv( 'USER' );


I do get automatically logged on but the user is "daemon" which is the user Apache is running I am guessing (which is a bit weird in and of itself because "daemon" is not present in LDAP...)


How can I tell it to use the requester's windows user?


Best regards,

Andrei

Reply Edited 09:40, 26 August 2022 9 months ago
Ciencia Al Poder (talkcontribs)

getenv( 'USER' ) is the user running the webserver.

Look at the details of $wgAuthRemoteuserUserName for configuration examples.

Note that your apache should be configured to authenticate against Windows, and this probably requires installing an NTLM apache module and a working samba client configured on the system). Once that works (for example, requiring a valid user and displaying an error page if the user is not valid/provided/detected) you should know at which server variable is that user stored, and use it to set $wgAuthRemoteuserUserName

Reply 20:15, 28 August 2022 8 months ago
This post was hidden by ~aanzx (history)
Reply to "LDAP AutoLogon with Windows user (but get logged in as "daemon")"

User Name Filter deleting correctly formatted input

One comment • 22:45, 3 March 2022 1 year ago
1
Nlazarow (talkcontribs)

Auth_remoteuser extension is deleting properly formatted usernames

when executing the "UserNameSessionProviderFilterUserName" hook

even when the $wgAuthRemoteuserUserNameReplaceFilter setting is null.


How can I bypass the hook execution if I have already determined the username

format entry is correct?


Currently using MW 1.31

Reply Edited 22:45, 3 March 2022 1 year ago
Reply to "User Name Filter deleting correctly formatted input"

FreedomBox SSO

One comment • 22:00, 1 March 2022 1 year ago
1
Nbenedek (talkcontribs)

Hello,

I'm trying to integrate this extension into FreedomBox, which is a a piece of software that offers a one-click installaation for MediaWiki. For starter, the following apache config works well:

<Location /mediawiki>

Include includes/freedombox-single-sign-on.conf

<IfModule mod_auth_pubtkt.c>

TKTAuthToken "wiki" "admin"

</IfModule>

</Location>

However, this way the whole wiki becomes private, and you have to log in to read the pages. My goal is to authenticate only when the user visits the login page. If I set the Location to be <Location /mediawiki/Special:UserLogin>, it does authenticate, but when I jump on the main page, the user logs out immediately.

I tried setting

$wgArticlePath and $wgCookieDomain

with no success, though I'm not entirely sure about the correctness of these two.

Is it possible to auhtenticate only on the login page, and have the user not log out when navigating elsewhere?

Reply 22:00, 1 March 2022 1 year ago
Reply to "FreedomBox SSO"

Issue in MW 1.35

One comment 18:16, 2 November 2021 1 year ago
1
Summary by Krabina

this is solved. It was an issue in an extension that was using this extension.

Krabina (talkcontribs)

Is this extension supposed to work in MW 1.35?

We are running into problems after upgrading an installation from MW 1.31 to 1.35. Authentication is still working, but errors are shown in the browser console.

We seem to run into this issue: https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager/Updating_tips#Exception_%22Sessions_are_supposed_to_be_disabled_for_this_entry_point%22

load.php?lang=de&modules=startup&only=scripts&raw=1&skin=chameleon:40 [e8bfac0498b9f61221749bd4] /load.php?lang=de&modules=startup&only=scripts&raw=1&skin=chameleon BadMethodCallException from line 848 of includes/session/SessionManager.php: Sessions are disabled for this entry point Backtrace:

  1. 0 includes/session/SessionManager.php(220): MediaWiki\Session\SessionManager->getSessionFromInfo(MediaWiki\Session\SessionInfo, WebRequest)
  2. 1 includes/WebRequest.php(826): MediaWiki\Session\SessionManager->getSessionForRequest(WebRequest)
  3. 2 includes/user/User.php(1221): WebRequest->getSession()
  4. 3 includes/user/User.php(388): User->loadFromSession()
  5. 4 includes/user/User.php(2130): User->load()
  6. 5 includes/user/User.php(3069): User->getId()
  7. 6 includes/user/UserGroupManager.php(1026): User->isRegistered()
  8. 7 includes/user/UserGroupManager.php(658): MediaWiki\User\UserGroupManager->getCacheKey(User)
  9. 8 includes/user/UserGroupManager.php(643): MediaWiki\User\UserGroupManager->getUserGroupMemberships(User, integer)
  10. 9 includes/user/User.php(2941): MediaWiki\User\UserGroupManager->getUserGroups(User, integer)
  11. 10 extensions/ADV-A12N/Helper.php(43): User->getGroups()
  12. 11 includes/HookContainer/HookContainer.php(329): AdvSpecialPageBlock(array)
  13. 12 includes/HookContainer/HookContainer.php(132): MediaWiki\HookContainer\HookContainer->callLegacyHook(string, array, array, array)
  14. 13 includes/HookContainer/HookRunner.php(3772): MediaWiki\HookContainer\HookContainer->run(string, array)
  15. 14 includes/specialpage/SpecialPageFactory.php(347): MediaWiki\HookContainer\HookRunner->onSpecialPage_initList(array)
  16. 15 includes/specialpage/SpecialPageFactory.php(362): MediaWiki\SpecialPage\SpecialPageFactory->getPageList()
  17. 16 includes/specialpage/SpecialPageFactory.php(722): MediaWiki\SpecialPage\SpecialPageFactory->getAliasList()
  18. 17 includes/specialpage/SpecialPage.php(109): MediaWiki\SpecialPage\SpecialPageFactory->getLocalNameFor(string, boolean)
  19. 18 includes/specialpage/SpecialPage.php(94): SpecialPage::getTitleValueFor(string, boolean, string)
  20. 19 includes/specialpage/ChangesListSpecialPage.php(874): SpecialPage::getTitleFor(string)
  21. 20 includes/resourceloader/ResourceLoaderFileModule.php(1206): ChangesListSpecialPage::getRcFiltersConfigSummary(ResourceLoaderContext, GlobalVarConfig, NULL)
  22. 21 includes/resourceloader/ResourceLoaderFileModule.php(609): ResourceLoaderFileModule->expandPackageFiles(ResourceLoaderContext)
  23. 22 includes/resourceloader/ResourceLoaderModule.php(842): ResourceLoaderFileModule->getDefinitionSummary(ResourceLoaderContext)
  24. 23 includes/resourceloader/ResourceLoaderStartUpModule.php(209): ResourceLoaderModule->getVersionHash(ResourceLoaderContext)
  25. 24 includes/resourceloader/ResourceLoaderStartUpModule.php(405): ResourceLoaderStartUpModule->getModuleRegistrations(ResourceLoaderContext)
  26. 25 includes/resourceloader/ResourceLoaderModule.php(736): ResourceLoaderStartUpModule->getScript(ResourceLoaderContext)
  27. 26 includes/resourceloader/ResourceLoaderModule.php(704): ResourceLoaderModule->buildContent(ResourceLoaderContext)
  28. 27 includes/resourceloader/ResourceLoaderModule.php(839): ResourceLoaderModule->getModuleContent(ResourceLoaderContext)
  29. 28 includes/resourceloader/ResourceLoader.php(775): ResourceLoaderModule->getVersionHash(ResourceLoaderContext)
  30. 29 [internal function]: ResourceLoader->{closure}(string)
  31. 30 includes/resourceloader/ResourceLoader.php(787): array_map(Closure, array)
  32. 31 includes/resourceloader/ResourceLoader.php(874): ResourceLoader->getCombinedVersion(ResourceLoaderContext, array)
  33. 32 load.php(51): ResourceLoader->respond(ResourceLoaderContext)
  34. 33 load.php(38): wfLoadMain()
  35. 34 {main}

(anonymous) @ load.php?lang=de&modules=startup&only=scripts&raw=1&skin=chameleon:40

07:04, 27 October 2021 1 year ago

$wgAuthRemoteuserUserName = "Everybody"

2 comments • 18:45, 25 March 2021 2 years ago
2
136.163.203.5 (talkcontribs)

A question about Number 5 i the extension page:

// This is not advised, because it will evaluate every visitor

// to the same wiki user 'Everybody'

$wgAuthRemoteuserUserName = "Everybody";

I tried to use this form and insert a substring called $username read from a cookie containing the username instead of "Everybody",

$wgAuthRemoteuserUserName = $username;

but it seems to evaluate to nothing and the user is not logged in.

When I echo the string read from the cookie it looks ok.

If i write the the same cookie value as a string, and run the function on it, the function to read the username and log in works fine. I tried a lot of other string operations on the value as a string, and it still works, but when I try to use the substring from the cookie it will not login. What is wrong?

Reply 15:49, 25 March 2021 2 years ago
Ciencia Al Poder (talkcontribs)

How do you get that substring? Maybe there's some error in your code and the value doesn't get assigned at all

Reply 18:45, 25 March 2021 2 years ago
Reply to "$wgAuthRemoteuserUserName = "Everybody""

Using Auth remoteuser with PKI Certs

One comment • 21:15, 6 February 2021 2 years ago
1
Tony Novice (talkcontribs)

Hi, I'm upgrading our organizational wiki from MW 1.31 to MW 1.35, which means I'm also upgrading from PHP 7.2 to 7.4. We're upgrading from Auth remoteuser v1 to v2. Under MW 1.31 and Auth remoteuser v.1 worked perfectly and users were able to automatically log in using their certs. Following the upgrade, I'm not able to log in. The application tells me to log in, even though I know my certs are being read. I could use some advice from anyone who's used this extension with PKI certs. I'm sure I'm overlooking something obvious, but I've been looking at this problem for too long. Thanks in advance for the help.

Reply 21:15, 6 February 2021 2 years ago
Reply to "Using Auth remoteuser with PKI Certs"
Load more
Retrieved from "https://www.mediawiki.org/wiki/Extension_talk:Auth_remoteuser"
Return to "Auth remoteuser" page.