Page MenuHomePhabricator
Create Task
Maniphest T363483

Split CentralAuth primary authentication provider into loginwiki and non-loginwiki version
Open, In Progress, Needs TriagePublic
Actions

Description

We want to implement T362713: Implement the new login process which redirects to the central login wiki for showing the login/signup form by using a primary authentication provider which redirects to the login wiki. Specifically:

  • CentralAuthPrimaryAuthenticationProvider should be modified to only handle logins and signups on the central login wiki (on other wikis, it should return empty from getAuthenticationRequests() and return an ABSTAIN response from beginPrimaryAuthentication() / continuePrimaryAuthentication())
  • CentralAuth should register another primary authentication provider (an AbstractPrimaryAuthenticationProvider subclass) which only handles logins on wikis other than the central login wiki, and handles them by redirecting to that wiki (ie. it should return a ButtonAuthenticationRequest from getAuthenticationRequests() and a REDIRECT response from beginPrimaryAuthentication()). It does not need to handle signups (can return TYPE_NONE from accountCreationType()) as from the POV of the local wiki, signups aren't really different from logins (the actual account creation will happen on a different wiki).
  • CentralAuth will need to use the PostLoginRedirect hook on the central login wiki to make sure the user is returned to the origin wiki and the local authentication process continues there. For now, it can do this by putting the return URL (which on the local wiki is available via AuthenticationRequest::$returnToUrl) into the redirect as a query parameter, and passing the username as another query parameter. This will have to be rewritten later.
  • The new provider's continuePrimaryAuthentication() method will be called once the redirect chain ends. For now, it can just read the username from the URL and return it as a successful authentication response.
  • All this needs to be hidden behind a feature flag to not interfere with how logins work in production until all the related changes are done.

Resources:

Details

SubjectRepoBranchLines +/-
Enforce logins & account creation on Wikimedia's login wikimediawiki/extensions/CentralAuthmaster+247 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tgr created this task.Thu, Apr 25, 3:01 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptThu, Apr 25, 3:01 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Tgr added a comment.Thu, Apr 25, 3:02 PM

Whether the local login page is displayed is determined by LoginSignupSpecialPage::canBypassForm().

Tgr added a parent task: T362713: Implement the new login process which redirects to the central login wiki for showing the login/signup form.Thu, Apr 25, 3:02 PM
DAlangi_WMF claimed this task.Thu, Apr 25, 3:10 PM
DAlangi_WMF moved this task from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.
gerritbot added a comment.Tue, Apr 30, 9:35 AM

Change #1025698 had a related patch set uploaded (by D3r1ck01; author: Derick Alangi):

[mediawiki/extensions/CentralAuth@master] Enforce logins/account creation on login wiki

https://gerrit.wikimedia.org/r/1025698

gerritbot added a project: Patch-For-Review.Tue, Apr 30, 9:35 AM
DAlangi_WMF changed the task status from Open to In Progress.Thu, May 9, 9:38 PM
Tgr added a project: SUL3.Tue, May 14, 1:07 PM
Tgr moved this task from Backlog to In progress on the SUL3 board.Tue, May 14, 1:27 PM
Tgr mentioned this in T362713: Implement the new login process which redirects to the central login wiki for showing the login/signup form.Tue, May 14, 1:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL