-
Notifications
You must be signed in to change notification settings - Fork 0
/
KNAuth.php
139 lines (127 loc) · 4.24 KB
/
KNAuth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
$wgExtensionCredits['other'][] = array(
'path' => __FILE__,
'name' => 'KNAuth',
'description' => "Authenticate users against Karpe Noktem's member database.",
'version' => 0,
'author' => 'Ayke van Laethem',
'url' => 'https://github.com/aykevl/knauth',
'license-name' => "Public domain",
);
# Configuration
$wgKNAuthSessionCookieName = 'sessionid';
$wgKNAuthLoginURL = "/accounts/login/";
$wgKNAuthLogoutURL = "/accounts/logout/";
# This should be localhost or similar for performance
$wgKNAuthVerifyURL = 'http://localhost/accounts/api/';
$wgHooks['UserLoadFromSession'][] = 'efKNAuthFromSession';
$wgHooks['PersonalUrls'][] = 'efKNAuthPersonalUrls';
$wgHooks['LinkEnd'][] = 'efKNAuthLinkEnd';
# Load user from the Django session.
function efKNAuthFromSession( User $user, &$result ) {
global $wgKNAuthSessionCookieName, $wgKNAuthVerifyURL;
if( $user->isLoggedIn() || !isset( $_COOKIE[$wgKNAuthSessionCookieName] ) ) {
return;
}
$sessionid = $_COOKIE[$wgKNAuthSessionCookieName];
if( !preg_match( '/^[a-z0-9]+$/', $sessionid ) ) {
# Strings with these characters are used since Django 1.5. Django 1.4
# uses 0-9a-f.
return;
}
$ch = curl_init( $wgKNAuthVerifyURL );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_COOKIE, "$wgKNAuthSessionCookieName=" . $sessionid );
$res = curl_exec( $ch );
curl_close( $ch );
$data = json_decode( $res, true );
if( $data['valid'] !== true ) {
# invalid cookie
return;
}
$name = User::getCanonicalName( $data['name'] );
if( $name === false ) {
# invalid name (cannot use in MediaWiki)
return;
}
$id = User::idFromName( $name );
if( $id === null ) {
# user does not exist
return;
}
$user->mId = $id;
$user->loadFromId();
$result = true;
# Ensure a session exists.
if( session_status() !== PHP_SESSION_ACTIVE ) {
# Set up session: it does not exist yet.
wfSetupSession();
} elseif( !isset( $_SESSION['knauth-sessionid'] ) || $_SESSION['knauth-sessionid'] !== $sessionid ) {
# Refresh session ID if user changes, to prevent session fixation attacks.
wfResetSessionID();
$_SESSION['knauth-sessionid'] = $sessionid;
}
}
# Change the links in the top right to point to kninfra.
function efKNAuthPersonalUrls( array &$personal_urls, Title $title, SkinTemplate $skin ) {
global $wgKNAuthLoginURL, $wgKNAuthLogoutURL, $wgScriptPath;
$request = $skin->getRequest();
if( isset( $personal_urls['login'] ) ) {
$personal_urls['login']['active'] = false;
$returnto = Title::newFromURL( $request->getVal( 'title', '' ) );
$next = "$wgScriptPath/";
if( $returnto !== null ) {
$query = $request->getQueryValues();
unset( $query['title'] );
$next = $returnto->getLocalURL( $query );
}
$href = $wgKNAuthLoginURL . '?' . wfArrayToCgi( [
'next' => $next,
] );
$personal_urls['login']['href'] = $href;
}
if( isset( $personal_urls['logout'] ) ) {
if( $skin->getUser()->isLoggedIn()
&& !$request->getSessionData( 'wsUserID' ) )
{
$personal_urls['logout']['active'] = false;
$personal_urls['logout']['href'] = $wgKNAuthLogoutURL;
}
}
}
# Change text login/logout links to point to kninfra.
function efKNAuthLinkEnd( $dummy, Title $target, array $options, &$html, array &$attribs, &$ret ) {
global $wgKNAuthLoginURL, $wgKNAuthLogoutURL;
if( $target->equals( SpecialPage::getTitleFor( 'Userlogin' ) ) ) {
$href = $attribs['href'];
$next = null; // ?next= parameter
$query = ''; // query-string parameters for the ?next= URL
$index = strpos( $href, '?' );
if( $index !== false ) {
$data = wfCgiToArray( substr( $href, $index+1 ) );
if( isset( $data['returnto'] ) ) {
$next = Title::newFromText( $data['returnto'] );
if( isset( $data['returntoquery'] ) ) {
$query = $data['returntoquery'];
}
}
}
if( $next === null ) {
// No 'returnto' parameter was found, go to the main page.
$next = Title::newMainPage();
}
$href = $wgKNAuthLoginURL . '?' . wfArrayToCgi( array(
'next' => $next->getLocalURL( $query ),
) );
$attribs['href'] = $href;
}
if( $target->equals( SpecialPage::getTitleFor( 'Userlogout' ) ) ) {
// workaround as we can't get a ContextSource
global $wgUser, $wgRequest;
if( $wgUser->isLoggedIn()
&& !$wgRequest->getSessionData( 'wsUserID' ) )
{
$attribs['href'] = $wgKNAuthLogoutURL;
}
}
}