Page MenuHomePhabricator
Create Task
Maniphest T19312

Separate UserLogin from authentication process; create account creation and identification internal API
Closed, DuplicatePublic
Actions

Description

Author: rgomes1997

Description:
At the moment, UserLogin is concentrating too much responsability:

  1. Displays and manage a form intended for gathering login information;
  2. Displays and manage a form intended for gathering information for a new account (create new account link)
  3. Manages part of authentication process;
  4. Coordinates creation of a new account.

From the 'object orientation' point of view, clearly UserLogin should be split on smaller components.
UserLogin, IMHO, should be *only* reponsible for

  1. Displays and manage a form intended for gathering login information;

Other tasks should be managed by their corresponding responsible classes.
In fact, it does not matter whether Mediawiki is object oriented or not. Object orientation is a very useful (and helpful!) concept which can be implemented even in bash scripts. Object orientation (or at least the concept) allows better organization of code, it's easy to maintain, easier to extend and easier to adjust to specific needs.

I've integrated LDAP authentication in our wiki and it was a nightmare :(
Now I'd like to replace LDAP by SAML and it's another nightmare, not working yet :(

Separating concerns on different classes would allow easier integration with several authentication layers.

  • One thing is getting username/password/domain from a form.
  • Another thing is using username/passoword for authenticating against a certain authentication layer.
  • Another thing is obtaining data required for registration and coordinating the registration workflow.
  • Another thing is performing the steps required to create a new account in a certain respository.

A good example which shows how integration is tangled can be seem at: https://ow.feide.no/simplesamlphp:mediawiki
and the corresponding 'plugin' provided by: https://ow.feide.no/_media/simplesamlphp:simplesamlphp-mw.php.zip?id=simplesamlphp%3Amediawiki&cache=cache

Thanks very much

Richard Gomes
http://www.jquantlib.org/index.php/User:RichardGomes

Version: unspecified
Severity: normal

Details

Reference
bz17312

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT49145 Formally deprecate jQuery UI after we've stopped using jQuery UI in extensions and core
 OpenNoneT100270 Replace use of jQuery UI and MW UI with OOUI across all Wikimedia-deployed extensions and core
 OpenNoneT100161 Convert all of MediaWiki core to OOUI PHP (tracking)
 ResolvedMarkTraceurT85291 Implement OOUI "display format" in MediaWiki's HTMLForm
 ResolvedmatmarexT97871 PHP TextInputWidget has no 'required' config
 ResolvedmatmarexT91132 Forcefully preventing default event actions on FormLayout, ButtonWidget and ButtonInputWidget is problematic
 ResolvedmatmarexT85285 Disentangle VForms from HTMLForm code in core
 OpenNoneT101480 Remove 'wgUseMediaWikiUIEverywhere' and code forks, always using the off/false path
 DuplicateNoneT101476 [EPIC] Make mobile look and work as desired without wgUseMediaWikiUIEverywhere
 OpenNoneT101471 Convert core forms that use MW UI with wgUseMediaWikiUIEverywhere false to OOUI FormSpecialPage or explicit OOUI PHP
 ResolvedJdlrobsonT107069 Convert HistoryAction.php to use OOUI and MW's new DateInputWidget
 ResolvedBUG REPORTmatmarexT220601 DateInputWidget reflow after infusion
 ResolvedmatmarexT220781 When filtering page history by date, the older/newer paging links don't work
 OpenFeatureNoneT71722 Use OOUI for JavaScript-generated checkbox on Protect
 OpenNoneT107037 Convert all MW core special pages to OOUI
 ResolvedEsandersT113758 Convert DeleteAction.php/SpecialUndelete.php to use OOUI
 DuplicateNoneT171455 Dropdown widgets on Special:Delete only has partial OOUI styling
 ResolvedTTOT160236 Update action=purge page button
 ResolvedJayprakash12345T173997 Convert file delete to use OOUI
 DuplicateNoneT155964 NewSignupPage should use OOUI checkboxInputWidget instead
 OpenNoneT85853 Convert MW core login/create account pages to Codex (Special:UserLogin / Special:CreateAccount)
 ResolvedNoneT12317 Remove includes/templates/Userlogin.php, use HTMLForm class in includes/SpecialUserlogin.php instead
 Resolved DeskanaT75616 Tracking: API/backend issues blocking Wikipedia app development
 ResolvedAnomieT32788 Allow triggering of user password reset email via the API
 ResolvedmatmarexT63416 Give warning on account creation when user name is adjusted silently
 ResolvedAnomieT19544 Client-side validation of the username availability (done) and that password meets requirements
 OpenNoneT90925 General authentication improvements for MediaWiki
 ResolvedAnomieT48179 Allow a challenge stage during authentication
 OpenNoneT5709 Refactoring to make external authentication and identity systems easier
 ResolvedTgrT43201 UserLoadFromSession considered evil
 ResolvedAnomieT67493 Session is started by EditAction (problem for extensions using UserLoadFromSession hook)
 OpenFeatureNoneT55156 Provide option to force a login session to end within a certain time
 OpenNoneT89459 Modernize MediaWiki authentication system (AuthManager)
 DuplicateNoneT19312 Separate UserLogin from authentication process; create account creation and identification internal API
 ResolvedAnomieT76103 Createaccount API should support username validation without having to try to create an account
 ResolvedAnomieT110747 Rewrite the account creation API to use AuthManager

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:30 PM
bzimport added a project: MediaWiki-User-login-and-signup.
bzimport set Reference to bz17312.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Feb 2 2009, 4:39 AM
Nemo_bis added a comment.Feb 4 2013, 12:19 AM

I've changed the summary to better reflect what's the purpose of this bug, which is quite a bit one.

MZMcBride added a comment.Feb 5 2013, 9:04 PM

This is basically a duplicate of bug 15700. Marking it as such.

  • This bug has been marked as a duplicate of bug 15700 ***
Nemo_bis added a comment.Mar 11 2013, 6:02 PM

Not a duplicate, as bug 44628 comment 18 shows.

gerritbot added a comment.Aug 22 2013, 6:18 PM

Change 27022 abandoned by Parent5446:
Re-implemented Special:Userlogin using FormSpecialPage.

Reason:
The rest of the login system needs to be fixed before the UI part.

https://gerrit.wikimedia.org/r/27022

matmarex mentioned this in T74715: Convert some MW core special pages to OOUI.Dec 24 2014, 4:54 PM
bd808 mentioned this in T84962: Authn and authz as a service.Dec 24 2014, 5:24 PM
Nemo_bis added a subtask: T76103: Createaccount API should support username validation without having to try to create an account.Jan 16 2015, 11:00 PM
matmarex mentioned this in T110277: Rewrite Special:UserLogin (and signup) and Special:UserLogout to use AuthManager.Aug 28 2015, 1:29 AM
Tgr closed this task as a duplicate of T89459: Modernize MediaWiki authentication system (AuthManager).Aug 28 2015, 10:32 PM
Anomie closed subtask T76103: Createaccount API should support username validation without having to try to create an account as Resolved.May 16 2016, 7:22 PM
Mattflaschen-WMF unsubscribed.Jun 2 2016, 10:51 PM
Danny_B edited parent tasks, added: T89459: Modernize MediaWiki authentication system (AuthManager); removed: T17700: Separate out and clean up account creation logic in MediaWiki core.Jul 30 2016, 10:25 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL