From 4f379f91c157e9ac1ad87e6f5f6e887eaafd4e80 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 2 Oct 2007 19:02:44 +0000 Subject: [PATCH] * AuthPlugin added strictUserAuth() method to allow per-user override of the strict() authentication behavior. Fixes the hole where old local passwords could still be used to log into the global account after merging. Based on patch by Rotem Liss from http://he.wikipedia.org/wiki/%D7%9E%D7%A9%D7%AA%D7%9E%D7%A9:Rotemliss/CentralAuth#2 Changed function name from authenticateLocally() to strictUserAuth() and reversed return value to mesh a little better with strict() --- RELEASE-NOTES | 3 +++ includes/AuthPlugin.php | 12 ++++++++++++ includes/User.php | 3 +++ 3 files changed, 18 insertions(+) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 390d41eb47..25f4b0336c 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -33,6 +33,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * On SkinTemplate based skins (like MonoBook), omit confusing "edit"/"view source" tab entirely if the page doesn't exist and the user isn't allowed to create it * Clarify instructions given when an exception is thrown +* AuthPlugin added strictUserAuth() method to allow per-user override + of the strict() authentication behavior. + === Bug fixes in 1.12 === diff --git a/includes/AuthPlugin.php b/includes/AuthPlugin.php index 87a794380e..a3d083765f 100644 --- a/includes/AuthPlugin.php +++ b/includes/AuthPlugin.php @@ -210,6 +210,18 @@ class AuthPlugin { return false; } + /** + * Check if a user should authenticate locally if the global authentication fails. + * If either this or strict() returns true, local authentication is not used. + * + * @param $username String: username. + * @return bool + * @public + */ + function strictUserAuth( $username ) { + return false; + } + /** * When creating a user account, optionally fill in preferences and such. * For instance, you might pull the email address or real name from the diff --git a/includes/User.php b/includes/User.php index c3040650a1..d3b3d1bfd9 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2252,6 +2252,9 @@ class User { } elseif( $wgAuth->strict() ) { /* Auth plugin doesn't allow local authentication */ return false; + } elseif( $wgAuth->strictUserAuth( $this->getName() ) ) { + /* Auth plugin doesn't allow local authentication for this user name */ + return false; } $ep = $this->encryptPassword( $password ); if ( 0 == strcmp( $ep, $this->mPassword ) ) { -- 2.20.1