Extension:StubUserWikiAuth
 Release status: stableCategory:Stable extensions |
|
|---|---|
| Implementation | User identityCategory:User identity extensions |
| Description | Transparently imports users from another wiki |
| Author(s) | Jesús Martínez (Ciencia Al Podertalk) |
| Latest version | 1.2.1 (2023-06-11) |
| Compatibility policy | Master maintains backward compatibility.Category:Extensions with master compatibility policy |
| MediaWiki | 1.39+Category:Extensions with manual MediaWiki version |
| Database changes | No |
| License | MIT License |
| Download | GitHub: Note: README |
The StubUserWikiAuth extension authenticates an account against a remote wiki when the user row is a stub.
It's only used for users that have an empty password field on the database (the user_password field of the user table is empty).
The purpose is to allow users to log in after importing a wiki dump from another site (mainly using Manual:Grabbers), without requiring database access, provided they're the legitimate owners of that account.
After importing the dump, run the maintenance script populateUserTable.php, located in the maintenance directory, to populate the user table with user names retrieved from the page histories and logs.
This extension was based on an early version of Extension:MediaWikiAuth.
Installation
- Download and place the file(s) in a directory called
StubUserWikiAuthin yourextensions/folder. - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'StubUserWikiAuth' );
- Configure as required.
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Configuration
Add the following in LocalSettings.php:
$wgAuthManagerAutoConfig['primaryauth'][StubUserWikiAuth\StubUserWikiPasswordAuthenticationProvider::class] = [
'class' => StubUserWikiAuth\StubUserWikiPasswordAuthenticationProvider::class,
'args' => [ [
// URL to the remote api.php endpoint
'apiUrl' => 'https://www.mediawiki.org/w/api.php',
// URL to the Special:Preferences page (may be needed in some setups)
'prefsUrl' => 'https://www.mediawiki.org/wiki/Special:Preferences',
// Make this authentication not authoritative
'authoritative' => false,
// Prompt the user to change their password on first successful login
// The user can skip it, however. (default: true)
'promptPasswordChange' => true,
// Fetch user preferences from the remote wiki. (default:false)
// You can set it to an array of preferences that *won't* be imported
'fetchUserOptions' => true
] ],
// Weight of this authentication provider against others
// 10 should be fine
'sort' => 10,
];
Things you should change/review:
- apiUrl: URL to the remote api.php endpoint
- prefsUrl: URL to the Special:Preferences page (may be needed in some setups)
Things you can configure:
- promptPasswordChange: Prompt the user to change their password on first successful login. The user can skip it, however. (default: true)
- fetchUserOptions: Fetch user preferences from the remote wiki. (default:false) You can set it to an array of choices that won't be imported
Logging
You can set up a log for diagnostic purposes to view the external requests that have been made. The logs don't contain private information, such as passwords, but only the username. They indicate whether the login and import were successful or not, and if not, what the response from the remote API was.
Example:
$wgDebugLogGroups['StubUserWikiAuth'] => '/var/log/mediawiki/StubUserWikiAuth_' . date('Ymd') . '.log';
Features not supported
- It doesn't write any on-wiki log to see which users were successfully logged in and imported. You can, however, set up a log as described above.
- Also, there's no public flag or indication about a user being imported. Nobody can know (unless looking at the database or server logs) if a user was imported unless the user makes edits to their account.
- It doesn't import the watchlist. Extensive watchlists may be problematic, and it's easy for a user to edit their watchlist in raw on both wikis to copy & paste it onto the new wiki.