Page MenuHomePhabricator

GoogleLogin Auto Account Creation
Closed, ResolvedPublic

Description

Per the method described by @Tgr below, requesting that GoogleLogin be modified to give the option to automatically create accounts based on valid Google identity logins using the remote identity information (email address or full name) to create local usernames using a PASS response:

“the external identity provider can just decide to treat everyone with a valid remote identity as an existing user and autocreate an account for them. This requires the provider to be able to map remote identities to local usernames; you then just return that username in a PASS response and it will be autocreated if it does not exist. This would work nicely with email addresses as usernames (might involve changing $wgInvalidUsernameCharacters) or realnames as usernames (if that’s a thing returned by the external identity provider)."

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 31 2018, 12:24 AM
Tgr added a comment.Jan 31 2018, 2:30 AM

I feel this should be opt-in, if at all implemented. As I said in the thread,

This is how most other web applications work I think, howewer those tend to rely on the displayed username being easy to change (so they can use the email as the fundamental user identifier, generate a username from the email prefix or the realname or whatever, use a very streamline registration process where registration is not any different from login, and leave it to the user to change their nick later if they want). MediaWiki uses the username as a primary identifier which makes this awkward. Also this will use account autocreation and not account creation and so bypass anything that is set up in the registration workflow (such as account creation throttling, or a form to get extra data) - that might or might not be a problem, depending on what the site owner wants.

Basically this could allow account takeover if set up incorrectly.
(Although allowing account creation this way, but not allowing logging into an existing account, unless it has been linked, should be safe.)

@Florian I've found a way around this for now by editing Special:UserLogin to add the appropriate links, but an automatic method of creating accounts would be greatly appreciated. Any estimate on how long this would take to effect? Thanks.

Florian added a comment.EditedJan 27 2019, 8:37 PM

I think, because:

that I'll implement such a feature for the meantime. The current thing I've in mind would work something like that:

  • There's a feature flag that is required to be set to opt-in to this functionality
  • If there're other primary providers set, GoogleLogin will directly fail with a COnfigurationException (or something like that), ensuring, that GoogleLogin is the only way to login in order to ensure that no-one can login into an account they do not own
  • GoogleLogin will most likely use the e-mail address of the user to auto-create the user, hence it will fail with a ConfigurationException if $wgInvalidUsernameCharacters contains the @ character
  • The linking table of GoogleLogin will take precedence, which should allow a user to link a second Google account to the locally existing wiki account, which prevents that a second account will be created

I think that's what I've in mind so far, if I forgot anything, please give me a hint, so that this will be taken into account :)

And, btw.: Sorry for the very very late reply/reaction on this task :(

Change 524283 had a related patch set uploaded (by Florianschmidtwelzow; owner: Florianschmidtwelzow):
[mediawiki/extensions/GoogleLogin@master] Autocreate accounts when configured and the only auth provider

https://gerrit.wikimedia.org/r/524283

Florian closed this task as Resolved.Aug 16 2019, 9:37 PM

Change 524283 merged by jenkins-bot:
[mediawiki/extensions/GoogleLogin@master] Autocreate accounts when configured and the only auth provider

https://gerrit.wikimedia.org/r/524283