Let AuthPlugin decide whether a specific user (name) can be auto created
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	liangent
	Jun 5 2010, 3:08 AM

Description

Add a parameter $user to autoCreate

See the patch. This will not break any existing code.

Version: 1.17.x
Severity: enhancement

Attached:

autoCreate.diff897 BDownload

Details

Reference: bz23802

Related Objects
Search...

Status	Assigned	Task
Resolved	Tgr	T25802 Let AuthPlugin decide whether a specific user (name) can be auto created
Resolved	Anomie	T91699 Create AuthManager framework and core classes
Resolved	Joe	T97675 Custom session handler corrupted by session_destroy, "Failed to initialize storage module"
Resolved	Joe	T106483 Create new HHVM package for HHVM 3.6.5 + patches
Resolved	hashar	T106699 Upgrade HHVM related packages on Trusty Jenkins slaves
Resolved	bd808	T95864 Mocking abstract objects fails on HHVM
Resolved	Anomie	T110274 Fix PHPUnit version incompatibility between AuthManager and Jenkins
Resolved	Krinkle	T99982 Upgrade PHPUnit to 4.0+
Resolved	None	T90303 Fetch dependencies using composer instead of cloning mediawiki/vendor for non-wmf branches
Resolved	JanZerebecki	T106433 replace inline perl in builder wd-mw-composer-merged-install with a proper script
Resolved	Krinkle	T112895 Support installing composer require-dev packages together with mediawiki/vendor
Resolved	Tgr	T110628 Improve AuthManager documentation

Event Timeline

• bzimport raised the priority of this task from to Low.Nov 21 2014, 11:07 PM

• bzimport added a project: MediaWiki-User-login-and-signup.

• bzimport set Reference to bz23802.

• bzimport added a subscriber: Unknown Object (MLST).

liangent created this task.Jun 5 2010, 3:08 AM

I don't feel this is a good place to do it.

The use case itself is a bit convoluted. The user name cannot be autocreated, but it can login if the global account exists. I think it would be easier to deny that user attaching global account. I don't think AuthPlugin::autoCreate() is the appropiate place for checking per-wiki autocreation policies.

I've removed this as dep for other bug since I don't think it actually helps the case where _another_ plugin should be making the determination.

For the case where the auth plugin itself wants more control, possibly the newer external authentication interface provides more of that, but haven't had a chance to look it over.

bsitu wrote:

Marked as reviewed per comment 1 and 2

Tgr added a subtask: T91699: Create AuthManager framework and core classes.Sep 2 2015, 8:46 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 2 2015, 8:46 PM

AuthManager (T91699) will replace AuthPlugin. Authentication providers will be able to subscribe to autocreation events in which case their testForAutoCreation( $user ) functions will be invoked and they will be able to veto.

Meno25 unsubscribed.Feb 22 2016, 5:43 PM

Anomie closed subtask T91699: Create AuthManager framework and core classes as Resolved.May 25 2016, 6:51 PM

The signature we ended up with is testUserForCreation( User $user, bool $autocreate ).

Let AuthPlugin decide whether a specific user (name) can be auto createdClosed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

Let AuthPlugin decide whether a specific user (name) can be auto created
Closed, ResolvedPublic
Actions

Related Objects
Search...