The MediaWiki extension OAuthAuthentication allows a user to login on a wiki delegating authentication to another one using the extension OAuth.
The power of this extension is that allows us to run multiple wikis in a single family without asking the user to create user for each one of them. In the extreme situation, it even allows to delegate the login from any custom wiki to the most used wiki: Wikipedia.
By the way, OAuth is the technology used by the foundation to allow single-sign-on on the several sites of the Wikipedia family.
The problem
Unfortunately OAuthAuthentication extension suffer from some issues: in particular, since MediaWiki version 1.34, it cannot be used out of the box because of some unsolved incompatibilities with part of the code in the MediaWiki core that were deprecated since the extension was originally created.
There is already an effort to modify it to put it back to work as explained in this Phabricator ticket, but this is a long term solution: it looks it is in the working since years and not yet ready to ship.
Since I needed teh extension up and running for a custom project of mine, I looked for a ad-interim solution, which I found with some googling around and some copy and paste.
The solution explained below is by no means elegant, it is not even a real solution: is a workaround.
It looks it works in my environment so I thought about sharing it.
Working around
After having installed everything as explained in extension's page, let's start by modifying the file OAuthAuthentication/handlers/AuthenticationHandler.php: in function doCreateAndLogin transform the code fragment:
$exUser->addToDatabase( wfGetDB( DB_MASTER ) );
$u->setCookies();
$u->addNewUserLogEntry( 'create' );
wfResetSessionID();
return \Status::newGood( $u );
into the following
$exUser->addToDatabase( wfGetDB( DB_MASTER ) );
$u->setCookies();
$u->addNewUserLogEntry( 'create' );
// Modified as per https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OAuthAuthentication/+/251930/33/handlers/AuthenticationHandler.php
// wfResetSessionID();
$u->getRequest()->getSession()->resetId();
return \Status::newGood( $u );
In function doLogin transform the code fragment:
wfResetSessionID();
return \Status::newGood( $u );
into the following
// Modified as per https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OAuthAuthentication/+/251930/33/handlers/AuthenticationHandler.php
//wfResetSessionID();
$request->getSession()->resetId();
return \Status::newGood( $u );
In the commented code you can see where I took the modification for the deprecated wfResetSessionID() function.
Another possible issue you may incur in is the one explained in this other Phabricator ticket that is also worth working-around.
In file OAuthAuthentication/specials/SpecialOAuthLogin.php let's modify the function execute: the fragment
$this->getContext()->setUser( $u );
$wgUser = $u;
$lp = new \LoginForm();
// Call LoginForm::successfulCreation() on create, or successfulLogin()
$lp->$method();
break;
should become
$this->getContext()->setUser( $u );
$wgUser = $u;
// Modified as per https://phabricator.wikimedia.org/T207351
//$lp = new \LoginForm();
// Call LoginForm::successfulCreation() on create, or successfulLogin()
//$lp->$method();
$r = new \ReflectionMethod('\SpecialUserLogin', 'successfulAction');
$r->setAccessible(true);
$r->invoke(new \SpecialUserLogin());
break;
As mentioned, this is very dirty, but it is quick and makes the extension workable again till a more permanent solution (probably with a new release) is found.
If you are interested in further development on this, keep an eye on the already mentioned extension's page and Phabricator ticket.
Top comments (0)