Mediawiki
Mediawiki is the wiki software powering wikipedia. It can fairly easily be made to work with Raven. The Computing Service has been using a Raven-enabled copy of Mediawiki internally for some time. CARET have a Raven-enabled copy of Mediawiki that is available to the university - see http://wiki.caret.cam.ac.uk/
Software hacks, 1.5.2
These hacks all assume that the Mediawiki application is first protected by something that sets the REMOTE_USER apache server variable, such as the Raven Apache authentication module.
User.php
Line 60, newFromName, replace:
$t = Title::newFromText( $name );
with:
$t = Title::newFromText( $name , NS_USER );
To explicitly specify the namespace. This will be used to check in the hack in Title.php, below.
Line 153, idFromName:
$s = $dbr->selectRow( 'user', array( 'user_id' ), array( 'user_name' => $name ), $fname );
... and in the function loadFromSession():
if ( isset( $_SERVER["REMOTE_USER"] ) ) { $sName = $_SERVER["REMOTE_USER"]; $sId = User::idFromName($sName); $user = new User(); if ( $sId == 0 ) { /* User doesn't exist here yet. */ $user->setName($sName); $user->addToDatabase(); } else { $user->mId = $sId; $user->loadFromDatabase(); } return $user; }
Title.php
Stop the first letter of userpages being capitalised, so we can stick with CRSIDs being all lowercase everywhere. To do this, in the (private) function function secureAndSplit(), replace:
if( $wgCapitalLinks && $this->mInterwiki == '' ) { $t = $wgContLang->ucfirst( $r ); } else { $t = $r; }
With:
if( $wgCapitalLinks && $this->mInterwiki == '' && NS_USER != $this->mNamespace ) { $t = $wgContLang->ucfirst( $r ); } else { $t = $r; }
SkinTemplate.php
To remove the "log out" link at the top of the page, comment out the following section like so:
# $personal_urls['logout'] = array( # 'text' => wfMsg('userlogout'), # 'href' => $this->makeSpecialUrl('Userlogout','returnto=' . $this->thisurl ) # );
Software hacks, 1.9.2
These hacks all assume that the Mediawiki application is first protected by something that sets the REMOTE_USER apache server variable, such as the Raven Apache authentication module.
The hacks for 1.5.2 have been really useful, but I've had a couple of problems (maybe my fault as I notice this wiki is fine with both of these things):
- upload of files requires creation of a "real" wiki account, which Raven users can do, but is a slight faff
- changes are logged against IP rather than Raven ID
This media-wiki extension solves both of these problems, for me, and is easy to implement: Extension:AutomaticREMOTE USER
Documentation below in case the above disappears:
After installing mediawiki put the text below into: extensions/Auth_remoteuser.php
<?php // vim:sw=2:softtabstop=2:textwidth=80 // See http://meta.wikimedia.org/wiki/User:Otheus/Auto_Login_via_REMOTE_USER // Adapted by Rusty to be compatible with version 1.9 of mediawiki // // Add these two lines to the bottom of your LocalSettings.php // require_once('extensions/Auth_remoteuser.php'); // $wgAuth = new Auth_remoteuser(); // // The constructor of Auth_remoteuser registers a hook to do the automatic // login. Storing the Auth_remoteuser object in $wgAuth tells mediawiki to use // that object as the AuthPlugin. This way the login attempts by the hook will // be handled by us. // // You probably want to edit the initUser function to set the users real name // and email address properly for your configuration. // Don't let anonymous people do things... $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['edit'] = false; // The Auth_remoteuser class is an AuthPlugin so make sure we have this // included. require_once('AuthPlugin.php'); /** * This hook is registered by the Auth_remoteuser constructor. It will be * called on every page load. It serves the function of automatically logging * in the user. The Auth_remoteuser class is an AuthPlugin and handles the * actual authentication, user creation, etc. * * Details: * 1. Check to see if the user has a session and is not anonymous. If this is * true we can just return. * 2. If the user doesn't have a session, we create a login form with our own * fake request and ask the form to authenticate the user. If the user does * not exist authenticateUserData will attempt to create one. The login form * uses our Auth_remoteuser class as an AuthPlugin. * * Note: If cookies are disabled, an infinite loop /might/ occur? */ function Auth_remote_user_hook() { global $wgUser; global $wgRequest; global $_REQUEST; // For a few special pages, don't do anything. $title = $wgRequest->getVal('title'); if (($title == Title::makeName(NS_SPECIAL, 'Userlogout')) || ($title == Title::makeName(NS_SPECIAL, 'Userlogin'))) { return; } // Do nothing if session is valid $user = User::newFromSession(); if (!$user->isAnon()) { return; // User is already logged in and not anonymous. } // Copied from includes/SpecialUserlogin.php if(!isset($wgCommandLineMode) && !isset($_COOKIE[session_name()])) { wfSetupSession(); } // Submit a fake login form to authenticate the user. $username = $_SERVER['REMOTE_USER' ]; $params = new FauxRequest(array( 'wpName' => $username, 'wpPassword' => '', 'wpDomain' => '', 'wpRemember' => '' )); // Authenticate user data will automatically create new users. $loginForm = new LoginForm($params); $result = $loginForm->authenticateUserData(); if ($result != LoginForm::SUCCESS) { error_log('Unexpected REMOTE_USER authentication failure.'); return; } $wgUser->setCookies(); return; // User has been logged in. } class Auth_remoteuser extends AuthPlugin { function Auth_remoteuser() { // Register our hook function. This hook will be executed on every page // load. Its purpose is to automatically log the user in, if necessary. if ( strlen($_SERVER['REMOTE_USER']) ) { global $wgExtensionFunctions; if (!isset($wgExtensionFunctions)) { $wgExtensionFunctions = array(); } else if (!is_array($wgExtensionFunctions)) { $wgExtensionFunctions = array( $wgExtensionFunctions ); } array_push($wgExtensionFunctions, 'Auth_remote_user_hook'); } return; } /** * Disallow password change. * * @return bool */ # mr349, 25/09/2007 function allowPasswordChange() { return false; } /** * This should not be called because we do not allow password change. Always * fail by returning false. * * @param $user User object. * @param $password String: password. * @return bool * @public */ # mr349, 25/09/2007 function setPassword($user, $password) { return false; } /** * We don't support this but we have to return true for preferences to save. * * @param $user User object. * @return bool * @public */ function updateExternalDB($user) { return true; } /** * We can't create external accounts so return false. * * @return bool * @public */ function canCreateAccounts() { return false; } /** * We don't support adding users to whatever service provides REMOTE_USER, so * fail by always returning false. * * @param User $user * @param string $password * @return bool * @public */ function addUser($user, $password) { return false; } /** * Pretend all users exist. This is checked by authenticateUserData to * determine if a user exists in our 'db'. By returning true we tell it that * it can create a local wiki user automatically. * * @param $username String: username. * @return bool * @public */ function userExists($username) { return true; } /** * Check whether the given name matches REMOTE_USER. * The name will be normalized to MediaWiki's requirements, so * lower it and the REMOTE_USER before checking. * * @param $username String: username. * @param $password String: user password. * @return bool * @public */ function authenticate($username, $password) { global $_SERVER; return isset($_SERVER['REMOTE_USER']) && (strtolower($username) == strtolower($_SERVER['REMOTE_USER'])); } /** * Check to see if the specific domain is a valid domain. * * @param $domain String: authentication domain. * @return bool * @public */ function validDomain($domain) { return true; } /** * When a user logs in, optionally fill in preferences and such. * For instance, you might pull the email address or real name from the * external user database. * * The User object is passed by reference so it can be modified; don't * forget the & on your function declaration. * * @param User $user * @public */ function updateUser(&$user) { // We only set this stuff when accounts are created. return true; } /** * Return true because the wiki should create a new local account * automatically when asked to login a user who doesn't exist locally but * does in the external auth database. * * @return bool * @public */ function autoCreate() { return true; } /** * Return true to prevent logins that don't authenticate here from being * checked against the local database's password fields. * * @return bool * @public */ function strict() { return true; } /** * When creating a user account, optionally fill in preferences and such. * For instance, you might pull the email address or real name from the * external user database. * * @param $user User object. * @public */ function initUser(&$user) { global $_SERVER; $username = $_SERVER['REMOTE_USER']; // Using your own methods put the users real name here. $user->setRealName(''); // Using your own methods put the users email here. $user->setEmail($username . '@example.com'); $user->mEmailAuthenticated = wfTimestampNow(); $user->setToken(); //turn on e-mail notifications by default $user->setOption('enotifwatchlistpages', 1); $user->setOption('enotifusertalkpages', 1); $user->setOption('enotifminoredits', 1); $user->setOption('enotifrevealaddr', 1); $user->saveSettings(); } /** * Modify options in the login template. This shouldn't be very important * because no one should really be bothering with the login page. * * @param $template UserLoginTemplate object. * @public */ function modifyUITemplate(&$template) { //disable the mail new password box $template->set('useemail', false); //disable 'remember me' box $template->set('remember', false); $template->set('create', false); $template->set('domain', false); $template->set('usedomain', false); } /** * Normalize user names to the mediawiki standard to prevent duplicate * accounts. * * @param $username String: username. * @return string * @public */ function getCanonicalName($username) { // lowercase the username $username = strtolower($username); // uppercase first letter to make mediawiki happy $username[0] = strtoupper($username[0]); return $username; } } ?>
Yes, I have commented by code changes with my CRSID, feel free to replace the comments.
The code changes:
Line 111 of ./extensions/Auth_remoteuser.php change the false from: function allowPasswordChange() { return false; } to: function allowPasswordChange() { return true; } Same for line 124: function setPassword($user, $password) { return false; } to: function setPassword($user, $password) { return true; }