Page MenuHomePhabricator

Allow creating accounts and logging in on the producer wiki through Oauth
Open, Needs TriagePublic8 Estimated Story Points

Description

Producer wiki accounts should be linked to meta account.

Event Timeline

I've managed to create a user on a wiki on my local machine by doing the following:

  1. Install OAuth on the wiki where there is an account.
    • In this case I used the producer wiki, though it will play the part of the consumer wiki in this scenario.
  2. Add an OAuth consumer to the consumer wiki and approve it.
    • I'm not sure what rights are actually needed and ended up adding mwoauthproposeconsumer, mwoauthmanageconsumer, mwoauthmanagemygrants, mwoauthupdateownconsumer for sysop.
    • I followed the instructions for WSOAuth here, but later had to change the callback URL (it should be /w/ instead of /wiki/ for the Vagrant wiki). I couldn't find any way to do this in the web interface so I changed it in the database.
  3. Install WSOAuth on the producer wiki, here played by local wiki. There was a role in Vagrant for it so that was quick and painless.
  4. Add the OAuth provide for WSOAuth following the instructions.
  5. Go to the login page, click the button for the provider and login and approve on the consumer wiki.

After this I ended up on the producer wiki logged in with the same name as I used on the consumer wiki. The account was created automatically. I did get a message "Fatal error authenticating user." so maybe everything isn't good.

The error message I got didn't show up when I logged in again, so that may just have been a hiccup. On the other hand it seems that WSOAuth has broken the preferences page which now gives the following error:

[a5fb9a3843ea7a1c9375fd12] /wiki/Special:Preferences Error: Interface 'MediaWiki\Extension\PluggableAuth\Hook\PluggableAuthPopulateGroups' not found

Backtrace:

from /vagrant/mediawiki/extensions/WSOAuth/src/WSOAuthHooks.php(34)
#0 /vagrant/mediawiki/includes/AutoLoader.php(221): require()
#1 [internal function]: AutoLoader::autoload()
#2 /vagrant/mediawiki/vendor/wikimedia/object-factory/src/ObjectFactory.php(240): spl_autoload_call()
#3 /vagrant/mediawiki/vendor/wikimedia/object-factory/src/ObjectFactory.php(149): Wikimedia\ObjectFactory\ObjectFactory::getObjectFromSpec()
#4 /vagrant/mediawiki/includes/HookContainer/HookContainer.php(505): Wikimedia\ObjectFactory\ObjectFactory->createObject()
#5 /vagrant/mediawiki/includes/HookContainer/HookContainer.php(156): MediaWiki\HookContainer\HookContainer->getHandlers()
#6 /vagrant/mediawiki/includes/HookContainer/HookRunner.php(1904): MediaWiki\HookContainer\HookContainer->run()
#7 /vagrant/mediawiki/includes/preferences/DefaultPreferencesFactory.php(261): MediaWiki\HookContainer\HookRunner->onGetPreferences()
#8 /vagrant/mediawiki/includes/preferences/DefaultPreferencesFactory.php(1841): MediaWiki\Preferences\DefaultPreferencesFactory->getFormDescriptor()
#9 /vagrant/mediawiki/includes/specials/SpecialPreferences.php(142): MediaWiki\Preferences\DefaultPreferencesFactory->getForm()
#10 /vagrant/mediawiki/includes/specials/SpecialPreferences.php(109): SpecialPreferences->getFormObject()
#11 /vagrant/mediawiki/includes/specialpage/SpecialPage.php(701): SpecialPreferences->execute()
#12 /vagrant/mediawiki/includes/specialpage/SpecialPageFactory.php(1554): SpecialPage->run()
#13 /vagrant/mediawiki/includes/MediaWiki.php(328): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
#14 /vagrant/mediawiki/includes/MediaWiki.php(925): MediaWiki->performRequest()
#15 /vagrant/mediawiki/includes/MediaWiki.php(579): MediaWiki->main()
#16 /vagrant/mediawiki/index.php(50): MediaWiki->run()
#17 /vagrant/mediawiki/index.php(46): wfIndexMain()
#18 /var/www/w/index.php(5): require(string)
#19 {main}

After trying a few different version combinations, the following doesn't give the error:

MediaWiki: 1.39.3
PluggableAuth: 6.3 (c27f329)
WSOAuth: 6.1.1 (3c54c48)

I started testing on the server because getting correct versions in Vagrant is a nightmare. I haven't tried actually using WSOAuth to log in yet.

I had some further issues. First, I didn't read the installation instructions for WSOAuth, specifically that you need to run composer to install things if you use Git.

Now there's a problem with curl_init(). It was missing at first, so I installed php-curl. Now it works in PHP interactive mode, but there are still errors from mediawiki/oauthclient:

2023-06-14 14:11:34 producer wiki: [9d934398817b1be443f6968b] /wiki/Special:PluggableAuthLogin   Error: Call to undefined function MediaWiki\OAuthClient\curl_init()
#0 /var/www/mediawiki-1.39.3/extensions/WSOAuth/vendor/mediawiki/oauthclient/src/Client.php(263): MediaWiki\OAuthClient\Client->makeCurlCall()
#1 /var/www/mediawiki-1.39.3/extensions/WSOAuth/vendor/mediawiki/oauthclient/src/Client.php(141): MediaWiki\OAuthClient\Client->makeOAuthCall()
#2 /var/www/mediawiki-1.39.3/extensions/WSOAuth/src/AuthenticationProvider/MediaWikiAuth.php(60): MediaWiki\OAuthClient\Client->initiate()
#3 /var/www/mediawiki-1.39.3/extensions/WSOAuth/src/WSOAuth.php(206): WSOAuth\AuthenticationProvider\MediaWikiAuth->login()
#4 /var/www/mediawiki-1.39.3/extensions/WSOAuth/src/WSOAuth.php(140): WSOAuth\WSOAuth->initiateLogin()
#5 /var/www/mediawiki-1.39.3/extensions/PluggableAuth/includes/PluggableAuthLogin.php(93): WSOAuth\WSOAuth->authenticate()
#6 /var/www/mediawiki-1.39.3/includes/specialpage/SpecialPage.php(701): MediaWiki\Extension\PluggableAuth\PluggableAuthLogin->execute()
#7 /var/www/mediawiki-1.39.3/includes/specialpage/SpecialPageFactory.php(1428): SpecialPage->run()
#8 /var/www/mediawiki-1.39.3/includes/MediaWiki.php(316): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
#9 /var/www/mediawiki-1.39.3/includes/MediaWiki.php(904): MediaWiki->performRequest()
#10 /var/www/mediawiki-1.39.3/includes/MediaWiki.php(562): MediaWiki->main()
#11 /var/www/mediawiki-1.39.3/index.php(50): MediaWiki->run()
#12 /var/www/mediawiki-1.39.3/index.php(46): wfIndexMain()
#13 {main}

Since it was a hassle to debug on the live server I went back to Vagrant. It took a few tries to get MW 1.39 installed, but with that, and the corresponding extension versions, it seems to work. I haven't seen any of the errors yet.

The versions in question are:
MediaWiki: 1.39.3 (309675a)
PluggableAuth: 7.0.0 (068be5d)
WSOAuth: 9.0.0 (e339811)

I spoke too soon. Now there's the following error when visiting Special:Preferences:

2023-06-16 06:55:52 vagrant wiki: [7748a7ba382dd3c809d08d3a] /wiki/Special:Preferences   PHP Fatal Error from line 49 of /vagrant/mediawiki/includes/http/MWCallbackStream.php: Declaration of MWCallbackStream::write($string) must be compatible with Psr\Http\Message\StreamInterface::write(string $string): int
#0 [internal function]: MWExceptionHandler::handleFatalError()
#1 {main}

Disabling and re-enabling the wsoauth role somehow fixed this.

Tried with same versions of the extensions on the server and still get the error.

I think I've tracked down what the problem was. WSOAuth has it's own vendor/ directory that contains psr/http-message/ that looks different from the one in core's vendor/, despite them both being version 1.0.1 (according to CHANGELOG.md).

I tried renaming the directory in the extension folder, which appears to cause the core version to be used instead. With this setup I don't get the error anymore.

Sebastian_Berlin-WMSE renamed this task from Allow creating accounts on the producer wiki through Oauth to Allow creating accounts and logging in on the producer wiki through Oauth.Jun 19 2023, 8:16 AM

By default logging in will take you to the Meta login and then back to the producer wiki. There are ways to allow seeing the local login page and login to local accounts. I don't think that should be needed though.

@Lokal_Profil, do you want to create an account and see that it works for you? I already had an account (I briefly created another from Meta, but surgically removed it and linked the one I already had instead). Let me know when you have one and I'll give you permissions.

I think I've tracked down what the problem was. WSOAuth has its own vendor/ directory that contains psr/http-message/ that looks different from the one in core's vendor/, despite them both being version 1.0.1 (according to CHANGELOG.md.

@Sebastian_Berlin-WMSE That doesnt sound good. Was this when installing WSOAuth into the vagrant install ? Can you describe which steps you took, so that we know where that vendor directory was produced ? I'm wondering if it came from Special:ExtensionDistributor/WSOAuth or from another source.

Checking the extension, it seems that the extension's Facebook dependency includes league/oauth2-client which includes its own guzzle, which includes psr/http-message

You can find what was installed in vender at vendor/composer/installed.json. For the 1.39 WSOAuth tarball I downloaded from https://www.mediawiki.org/wiki/Special:ExtensionDistributor?extdistname=WSOAuth&extdistversion=REL1_39 it was

"name": "psr/http-message",
"version": "2.0",
"version_normalized": "2.0.0.0",

@Sebastian_Berlin-WMSE That doesnt sound good. Was this when installing WSOAuth into the vagrant install ?

Yes, this was in Vagrant.

Can you describe which steps you took, so that we know where that vendor directory was produced ?

I don't have it fresh in memory, but I think I ended up installing WSOAtuh with vagrant roles enable wsoauth --provision with MW version set to REL1_39.

I'm wondering if it came from Special:ExtensionDistributor/WSOAuth or from another source.

The definition of the StreamInterface::write() looks the same in the version from Special:ExtensionDistributor/WSOAuth, so I'd imagine that it would yield the same error.

@Lokal_Profil, do you want to create an account and see that it works for you? I already had an account (I briefly created another from Meta, but surgically removed it and linked the one I already had instead). Let me know when you have one and I'll give you permissions.

Apologies for missing this ping. Unsure exactly what you wanted me to do. I cannot trigger a Create Account screen from https://wikispeech-producer.wmcloud.org. And the Login screen does not contain any options for OAuthing.

There was an error with the WSOAuth extension (T337827#8937513) that meant all API calls to the producer wiki failed. This was triggered by the latest MW-update (where all the extensions were also downloaded again). I forgot that I had found a workaround.

@Lokal_Profil, if you can try again it should work now.

Works. Lokal_Profil now has an account there.

What remains for this task is to document how this is done on Extension:Wikispeech.

Mentioned in SAL (#wikimedia-cloud) [2023-10-03T14:33:11Z] <sebastian-wmse> wikispeech-producer.wmcloud.org: Updated MediaWiki to 1.39.5. Installed the following extra extensions: UniversalLanguageSelector, PluggableAuth, Wikispeech, WSOAuth. Applied workaround in https://phabricator.wikimedia.org/T337827#8938778 for WSOAuth.