From 1aa25ba469d92a385a3ea75e93b40af0d52a88d5 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 5 Apr 2011 01:18:40 +0000 Subject: [PATCH] * (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by other extensions by handling the 'AbortAutoAccount' hook, similar to the 'AbortNewAccount' triggered by explicit account creations. (They are separate to avoid loops and confusion; auth plugins like CentralAuth need to handle AbortNewAccount separately. --- RELEASE-NOTES | 6 ++++++ docs/hooks.txt | 6 +++++- includes/specials/SpecialUserlogin.php | 8 ++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 2b0dbdf944..561e5e2d15 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -120,6 +120,12 @@ PHP if you have not done so prior to upgrading MediaWiki. * The parser now attempts to output markers for editsection tokens and defer the rendering of them post-cache to reduce parser cache fragmentation and ensure skin customizability of edit section links. +* (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by + other extensions by handling the 'AbortAutoAccount' hook, similar to the + 'AbortNewAccount' triggered by explicit account creations. (They are separate + to avoid loops and confusion; auth plugins like CentralAuth need to handle + AbortNewAccount separately. + === Bug fixes in 1.18 === * (bug 23119) WikiError class and subclasses are now marked as deprecated diff --git a/docs/hooks.txt b/docs/hooks.txt index 15c89ad102..9935299a0e 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -234,6 +234,10 @@ MediaWiki 1.4rc1. This is a list of known events and parameters; please add to it if you're going to add events to the MediaWiki code. +'AbortAutoAccount': Return false to cancel automated local account creation, where normally authentication against an external auth plugin would be creating a local account. +$user: the User object about to be created (read-only, incomplete) +$message: out parameter: error message to be displayed to user + 'AbortAutoblock': Return false to cancel an autoblock. $autoblockip: The IP going to be autoblocked. $block: The block from which the autoblock is coming. @@ -256,7 +260,7 @@ $user: user who is doing the move $err: error message $reason: the reason for the move (added in 1.13) -'AbortNewAccount': Return false to cancel account creation. +'AbortNewAccount': Return false to cancel explicit account creation. $user: the User object about to be created (read-only, incomplete) $message: out parameter: error message to display on abort diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index 323f7b64c2..348ee57959 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -639,6 +639,14 @@ class LoginForm extends SpecialPage { } } + $abortError = ''; + if( !wfRunHooks( 'AbortAutoAccount', array( $user, &$abortError ) ) ) { + // Hook point to add extra creation throttles and blocks + wfDebug( "LoginForm::attemptAutoCreate: a hook blocked creation: $abortError\n" ); + $this->mAbortLoginErrorMsg = $abortError; + return self::ABORTED; + } + wfDebug( __METHOD__ . ": creating account\n" ); $this->initUser( $user, true ); return self::SUCCESS; -- 2.20.1