HomePhabricator

Implement auto-account usurpation

Description

Implement auto-account usurpation

This commit adds the ability for users to connect a remote account to
their account. This means a logged in local wiki-user is able to connect
a remote account to their account, which they can then also use to log
in to the wiki. It also adds a configuration variable to disable
remote-only accounts. Regular account usurpation protection still
remains.

This change also introduces a special page that will guide the user
through connecting their remote account. The remote account does not
need to have the same username as the local account, as a mapping is
created when connecting a remote.

This commit solves the problem where WSOAuth would be pretty useless on
wiki's with many users already. After this change, users can easily add
their own remote account without the involvement of a sysop.

Finally, this commit contains some minor changes to the orignal WSOAuth
code, such as using parse() to display the system messages instead of
plain() as that may be a security risk. It also fixes a bug where
$user_info['name'] may have been undefined before it was passed to
ucfirst().

Bug: T283908
Change-Id: I9e0d04173b7fb538965106c7796e0a54a6f557e1