Page MenuHomePhabricator

Audit extensions using authentication-related hooks
Closed, ResolvedPublic


There are a few hooks other than T110414 which are related to authentication (or authentication data change) and using them is a sign that the extension might benefit from an update after AuthManager is merged. Possibly incomplete list (I just searched doc/hooks.txt for hooks with "abort", "login", "auth", "session", "email" or "password" in the name):


Login/signup/logout process:

Email change:

Password change:

Password reset:

Related Objects

Event Timeline

Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added subscribers: Aklapper, Tgr.
Tgr set Security to None.

Omitting the extensions already listed in the other audit tasks, the matching extensions (on gerrit) are (extensions that are probably not affected by AuthManager are striked through):

  • AccountAudit: just stores audit info on login
  • ArticleFeedbackv5: uses UserLoginComplete to preserve workflow through login
  • BlueSpiceExtensions: the UserManager sub-extension tries to be its own auth manager
  • Campaigns: just logs info on registration
  • CustomUserSignup: replaces the signup template with a custom one. This will probably not be possible with AuthManager. Extension is unmaintaned and superseded by Campaigns and GettingStarted so that's probably not a huge deal.
  • FlaggedRevs: does some non-auth-related session magic (review conflict prevention?) on UserLoadAfterLoadFromSession
  • GettingStarted: uses UserLogoutComplete to clean up some cookies
  • GlobalBlocking: blocks password reset via SpecialPasswordResetOnSubmit when the user is blocked; we can probably keep that
  • InviteSignup: disallow registration unless the user follows a link from an invite email. Maybe this could be a pre-auth provider, but it won't be broken by the auth framework rewrite.
  • LDAPAuthorization: authz
  • MobileFrontend: does its own login not anymore, just adds a logo to the forms
  • NetworkAuth: IP-based authentication. Should be a session handler.
  • NSFileRepo: authz
  • OnlineStatus: just updates status on login/logout
  • OnlineStatusBar: just updates status on login/logout
  • Persona: reimplements both normal and API login. Should be a provider.
  • PrivateDomains: authz
  • SecurePasswords: uses a bunch of hooks to influence password validation and storage. As long as the local password provider keeps those hooks, we should be fine.
  • SecurePoll: rolls its own authorization. Probably should be turned into a session provider but it won't be directly affected by AuthManager.
  • SimpleSecurity: authz
  • SocialLogin: login via various social media sites; should be a primary provider
  • SportsTeams: messes with Special:UserLogin in horrible hacky ways. Probably beyond saving.
  • StalkerLog: audits logins/logouts via UserLoginComplete/UserLogoutComplete
  • Sudo: probably could be rewritten cleaner as a session handler, but it won't break.
  • Translate: provides its own auth manager; that should probably be killed
  • WebPlatformAuth: exports user auth data in the (PHP) session so that it can be accessed by other websites. Probably just needs some hook name changes.
  • WikimediaIncubator: uses the auth form to pass some user data (such as which project the user is incubating). Might be cleaner as a secondary provider.
Tgr claimed this task.