schine / mw-oauth2client Goto Github PK

Mediawiki 1.34.0
PHP 7.3.11

Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.
Package satooshi/php-coveralls is abandoned, you should avoid using it. Use php-coveralls/php-coveralls instead.

If you have a closed wiki (without public read access, i.e. $wgGroupPermissions['*']['read'] = false;), login via this extension is not possible because the page Special:OAuth2Client/redirect is not accessible for not logged in users...

When visiting /wiki/Special:BotPasswords you get asked to confirm your identity by logging in again.

The problem here is that you can't do that as you're not really a Database user. I'm thinking it's because OAuth2 isn't making use of the PluggableAuth extension and it therefore not capable of this process.

For me this isn't a major issue, I'll just use the local Admin account. Just thought I'd add it to the radar in case someone else suffers with it.

I'm setting up a wiki to utilize Discord authentication through this extension, but I'm wondering if it's possible to filter and allow authentication from a specific item returned from the scope. Specifically, I'm looking to allow login if the user is part of a specific Discord server (which is already returned in the scope)

I have checked \vendor\guzzlehttp\guzzle\src\Util.php and verified that the method does indeed exist.

[08282aca7c36d813ecff7482] /index.php?title=Special:OAuth2Client/redirect Error: Call to undefined method GuzzleHttp\Utils::chooseHandler()

Backtrace:

from C:\WinNMP2021\WWW\bcwiki\vendor\guzzlehttp\guzzle\src\functions.php(61)
#0 C:\WinNMP2021\WWW\bcwiki\extensions\MW-OAuth2Client\vendors\oauth2-client\vendor\guzzlehttp\guzzle\src\HandlerStack.php(42): GuzzleHttp\choose_handler()
#1 C:\WinNMP2021\WWW\bcwiki\extensions\MW-OAuth2Client\vendors\oauth2-client\vendor\guzzlehttp\guzzle\src\Client.php(65): GuzzleHttp\HandlerStack::create()
#2 C:\WinNMP2021\WWW\bcwiki\extensions\MW-OAuth2Client\vendors\oauth2-client\src\Provider\AbstractProvider.php(131): GuzzleHttp\Client->__construct(array)
#3 C:\WinNMP2021\WWW\bcwiki\extensions\MW-OAuth2Client\vendors\oauth2-client\src\Provider\GenericProvider.php(99): League\OAuth2\Client\Provider\AbstractProvider->__construct(array, array)
#4 C:\WinNMP2021\WWW\bcwiki\extensions\MW-OAuth2Client\SpecialOAuth2Client.php(54): League\OAuth2\Client\Provider\GenericProvider->__construct(array)
#5 C:\WinNMP2021\WWW\bcwiki\vendor\wikimedia\object-factory\src\ObjectFactory\ObjectFactory.php(244): SpecialOAuth2Client->__construct()
#6 C:\WinNMP2021\WWW\bcwiki\vendor\wikimedia\object-factory\src\ObjectFactory\ObjectFactory.php(150): Wikimedia\ObjectFactory\ObjectFactory::getObjectFromSpec(array, array)
#7 C:\WinNMP2021\WWW\bcwiki\includes\specialpage\SpecialPageFactory.php(1218): Wikimedia\ObjectFactory\ObjectFactory->createObject(string, array)
#8 C:\WinNMP2021\WWW\bcwiki\includes\MediaWiki.php(273): MediaWiki\SpecialPage\SpecialPageFactory->getPage(string)
#9 C:\WinNMP2021\WWW\bcwiki\includes\MediaWiki.php(930): MediaWiki->performRequest()
#10 C:\WinNMP2021\WWW\bcwiki\includes\MediaWiki.php(564): MediaWiki->main()
#11 C:\WinNMP2021\WWW\bcwiki\index.php(53): MediaWiki->run()
#12 C:\WinNMP2021\WWW\bcwiki\index.php(46): wfIndexMain()
#13 {main}

Hey,

I have used this extension for a while now but I recently updated my CAS application (apereoCAS) because of the log4j vulnerability.
Now when I try to log in, I get this error:

Is anyone able to help me?

hi,
I am able to use this plugin for keycloak to login mediawiki, But every time I log in, I log in to the home page. If there is a url with a path to access mediawiki, it will not automatically jump to the specified path, always jump to the home page.
Is the plugin not supported, or is my configuration incorrect?

Hi

I am setting MW-OAuth2Client with WP OAuth Server. But Mediawiki raise League\OAuth2\Client\Provider\Exception\IdentityProviderException.

My Configurations:

$wgLanguageCode = "pt-br";
$wgWhitelistRead = ['Especial:OAuth2Client', 'Especial:OAuth2Client/redirect', "MediaWiki:Common.css", "MediaWiki:Common.js"];

$wgOAuth2Client['client']['id']     = '<client_id>'; // The client ID assigned to you by the provider
$wgOAuth2Client['client']['secret'] = '<client_secret>'; // The client secret assigned to you by the provider

$wgOAuth2Client['configuration']['authorize_endpoint']     = 'https://<my-domain>/oauth/authorize/'; // Authorization URL
$wgOAuth2Client['configuration']['access_token_endpoint']  = 'https://<my-domain>/oauth/token/'; // Token URL
$wgOAuth2Client['configuration']['api_endpoint']           = 'https://<my-domain>/oauth/me/'; // URL to fetch user JSON
$wgOAuth2Client['configuration']['redirect_uri']           = 'https://<my-domain>/wiki/?title=Especial:OAuth2Client/callback'; // URL for OAuth2 server to redirect to

$wgOAuth2Client['configuration']['username'] = 'user_login'; // JSON path to username
$wgOAuth2Client['configuration']['email'] = 'user_email'; // JSON path to email

$wgOAuth2Client['configuration']['scopes'] = 'basic';

Backtrace

/wiki/?title=Especial:OAuth2Client/callback&code=&state= League\OAuth2\Client\Provider\Exception\IdentityProviderException from line 216 of /wiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/GenericProvider.php: invalid_request

0 /wiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php(649): League\OAuth2\Client\Provider\GenericProvider->checkResponse(GuzzleHttp\Psr7\Response, array)
1 /wiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php(798): League\OAuth2\Client\Provider\AbstractProvider->getResponse(GuzzleHttp\Psr7\Request)
2 /wiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php(781): League\OAuth2\Client\Provider\AbstractProvider->fetchResourceOwnerDetails(League\OAuth2\Client\Token\AccessToken)
3 /wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(118): League\OAuth2\Client\Provider\AbstractProvider->getResourceOwner(League\OAuth2\Client\Token\AccessToken)

When using the 'pivot' theme the OAUTH Login link doesn't appear anywhere on the page so users are unable to logon unless they use a local account.

Is there a better way of locating the logon link to enable it for all themes?

I'm curious why in the _userHandling function you are expecting the $response['user'][...] key instead of just $response[...]?

The OPENID spec shows a key=>value JSON response https://connect2id.com/products/server/docs/api/userinfo

At the userinfo endpoint of my SSO provider, it returns a plain JSON object with key=>value pairs that are not inside a "user" object.

Is there any way to specify the return key, if any, being used in the userinfo endpoint response? Or will I have to approach the SSO provider to return user info inside the "user" key?

protected function _userHandling( $response ) {
		global $wgOAuth2Client, $wgAuth, $wgRequest;
		$username = $response['user'][$wgOAuth2Client['configuration']['username']];
		$email = $response['user'][$wgOAuth2Client['configuration']['email']];

New to Github, sorry if I've done this wrong.

Line 145 in SpecialOAuth2Client.php errors on my MediaWiki 1.35 install. Replacing getTitle('redirect') with getPageTitle('redirect') fixes it

Hiya, thanks for writing this plugin, it's perfect for what I'm looking to do.

In my case, I'm using Slack to sign in. I've set up the client id/secret, endpoints, JSON paths and scopes. When hitting the "OAuth sign in " link, I'm taken to my Slack workspace, I approve access to my identity and my email, then it redirects me back to my Wiki.

I then get a page which just says 'unknown_method'. The URL I'm on when I get the error looks like this:
http://[IP OF MY WIKI]/wiki/Special:OAuth2Client/callback?code=[BIG CODE VALUE]&state=[STATE VALUE]

which looks like everything has gone well up to that point.

Does anyone have any pointers?

Thanks

Barny

when I tried to install MW-OAuth2Client on a freshly installed Mediawiki 1.34 in order to set up SSO with google, I got this error message:

Call to undefined function GuzzleHttp\_idn_uri_convert()

after some trial and error I found, that composer installed guzzlehttp/guzzle in version 6.5.2 (composer.json said ~6.x)

I changed this manually to 6.3.3 (the same version as installed by mediawiki itself) and now everything is working fine

should https://wiki.xxx.xxx/path/to/wiki/Special:OAuth2Client/callback or https://wiki.xxx.xxx/Special:OAuth2Client/callback

Specs:

• Mediawiki 1.28.2
• PHP 7.0.18-0ubuntu0.16.04.1 (fpm-fcgi)
• MariaDB10.1.24-MariaDB-1~xenial
  --

Login working but when redirect back to mediawiki go this error:

[85d8b524998c6edf7b9f7901] /Special:OAuth2Client/callback?code=XXXd11ce3569b196b4c72ba030d30dd8df07634efb5c2da29ecaf0adecd3dXXX&state=6XpSpbnKd7zfTaVPhXsXOFXLMcnUdx0I&session_state=H7kJyMSGJ3Tm0X%2BzUsaZSgJFh%2F9VK8Vx1HwaY94mneY%3D.a0NPZVE1VVBNaHhBTmkyTThQZkcrbEhyNUd5QytDYXBQVWZQUnNpV2dkRT0&truongfi-authcda=d1e10b9950e8e42fd2f25f3ba65450c9c515439735c72d6c08f4466d5f27b9b2 MWException from line 150 of /wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php: Could not create user with username:

Backtrace:

#0 /wiki/www/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(108): SpecialOAuth2Client->_userHandling(array)
#1 /wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(65): SpecialOAuth2Client->_handleCallback()
#2 /wiki/includes/specialpage/SpecialPage.php(522): SpecialOAuth2Client->execute(string)
#3 /wiki/includes/specialpage/SpecialPageFactory.php(577): SpecialPage->run(string)
#4 /wiki/includes/MediaWiki.php(283): SpecialPageFactory::executePath(Title, RequestContext)
#5 /wiki/includes/MediaWiki.php(851): MediaWiki->performRequest()
#6 /wiki/includes/MediaWiki.php(512): MediaWiki->main()
#7 /wiki/index.php(43): MediaWiki->run()
#8 {main}

Hi,

is it possible to somehow activate the checkbox via OAuth2 that keeps you logged in for longer? With respect to the problem addressed in PR 9, this is really annoying that for need to reauthenticate and manually go back to the site your visited to click the link again. Default authentication (without OAuth2) keeps you logged in a really long time.

Best,
Andreas

Hi,

I'm using

• MediaWiki 1.39.0
• PHP 8.2.0 (apache2handler)
• PostgreSQL 12.12 (Ubuntu 12.12-0ubuntu0.20.04.1)
• ICU 66.1

When install the MW-OAuth2Client plugin, the wiki crashes with this log:

MediaWiki internal error.

Original exception: [2e396053cc7b7c886e169824] /mediawiki/index.php/Especial:Vers%C3%A3o TypeError: call_user_func_array(): Argument #1 ($callback) must be a valid callback, class User does not have a method "isLoggedIn"
Backtrace:
from /var/www/html/mediawiki/includes/StubObject.php(120)
#0 /var/www/html/mediawiki/includes/StubObject.php(149): StubObject->_call()
#1 /var/www/html/mediawiki/extensions/MW-OAuth2Client/OAuth2Client.php(24): StubObject->__call()
#2 /var/www/html/mediawiki/includes/HookContainer/HookContainer.php(338): OAuth2ClientHooks::onPersonalUrls()
#3 /var/www/html/mediawiki/includes/HookContainer/HookContainer.php(137): MediaWiki\HookContainer\HookContainer->callLegacyHook()
#4 /var/www/html/mediawiki/includes/HookContainer/HookRunner.php(3045): MediaWiki\HookContainer\HookContainer->run()
#5 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(582): MediaWiki\HookContainer\HookRunner->onPersonalUrls()
#6 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(1262): SkinTemplate->buildPersonalUrls()
#7 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(790): SkinTemplate->buildContentNavigationUrlsInternal()
#8 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(229): SkinTemplate->getPortletsTemplateData()
#9 /var/www/html/mediawiki/includes/skins/SkinMustache.php(88): SkinTemplate->getTemplateData()
#10 /var/www/html/mediawiki/skins/Vector/includes/SkinVector.php(434): SkinMustache->getTemplateData()
#11 /var/www/html/mediawiki/skins/Vector/includes/SkinVector22.php(168): MediaWiki\Skins\Vector\SkinVector->getTemplateData()
#12 /var/www/html/mediawiki/includes/skins/SkinMustache.php(58): MediaWiki\Skins\Vector\SkinVector22->getTemplateData()
#13 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(177): SkinMustache->generateHTML()
#14 /var/www/html/mediawiki/includes/OutputPage.php(2876): SkinTemplate->outputPage()
#15 /var/www/html/mediawiki/includes/MediaWiki.php(922): OutputPage->output()
#16 /var/www/html/mediawiki/includes/MediaWiki.php(562): MediaWiki->main()
#17 /var/www/html/mediawiki/index.php(50): MediaWiki->run()
#18 /var/www/html/mediawiki/index.php(46): wfIndexMain()
#19 {main}

Exception caught inside exception handler: [2e396053cc7b7c886e169824] /mediawiki/index.php/Especial:Vers%C3%A3o Error: Call to undefined method User::isLoggedIn()
Backtrace:
from /var/www/html/mediawiki/extensions/MW-OAuth2Client/OAuth2Client.php(24)
#0 /var/www/html/mediawiki/includes/HookContainer/HookContainer.php(338): OAuth2ClientHooks::onPersonalUrls()
#1 /var/www/html/mediawiki/includes/HookContainer/HookContainer.php(137): MediaWiki\HookContainer\HookContainer->callLegacyHook()
#2 /var/www/html/mediawiki/includes/HookContainer/HookRunner.php(3045): MediaWiki\HookContainer\HookContainer->run()
#3 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(582): MediaWiki\HookContainer\HookRunner->onPersonalUrls()
#4 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(1262): SkinTemplate->buildPersonalUrls()
#5 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(790): SkinTemplate->buildContentNavigationUrlsInternal()
#6 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(229): SkinTemplate->getPortletsTemplateData()
#7 /var/www/html/mediawiki/includes/skins/SkinMustache.php(88): SkinTemplate->getTemplateData()
#8 /var/www/html/mediawiki/skins/Vector/includes/SkinVector.php(434): SkinMustache->getTemplateData()
#9 /var/www/html/mediawiki/skins/Vector/includes/SkinVector22.php(168): MediaWiki\Skins\Vector\SkinVector->getTemplateData()
#10 /var/www/html/mediawiki/includes/skins/SkinMustache.php(58): MediaWiki\Skins\Vector\SkinVector22->getTemplateData()
#11 /var/www/html/mediawiki/includes/skins/SkinTemplate.php(177): SkinMustache->generateHTML()
#12 /var/www/html/mediawiki/includes/OutputPage.php(2876): SkinTemplate->outputPage()
#13 /var/www/html/mediawiki/includes/exception/MWExceptionRenderer.php(183): OutputPage->output()
#14 /var/www/html/mediawiki/includes/exception/MWExceptionRenderer.php(102): MWExceptionRenderer::reportHTML()
#15 /var/www/html/mediawiki/includes/exception/MWExceptionHandler.php(131): MWExceptionRenderer::output()
#16 /var/www/html/mediawiki/includes/exception/MWExceptionHandler.php(248): MWExceptionHandler::report()
#17 /var/www/html/mediawiki/includes/MediaWiki.php(584): MWExceptionHandler::handleException()
#18 /var/www/html/mediawiki/index.php(50): MediaWiki->run()
#19 /var/www/html/mediawiki/index.php(46): wfIndexMain()
#20 {main} 

Login works but on redirect I get Notice: Undefined Index and Required parameter not passed: "code" when I try to use this extension. The OAuth2 provider I'm using (Dataporten; documentation) responds with the expected $response['user'][...] key so that shouldn't be a problem (issue #3).

In the start I thought it had something to do with PHP7 incompatibility, but I get the same result using PHP5.6, PHP7.0 and PHP7.1.

Setup
MediaWiki 1.30.0
PHP 7.1.12 (using php-fpm for Nginx)
PostgreSQL 9.5.10
ICU 55.1

Full errors (userid and state replaced with X's)
Notice: Undefined Index: code in /var/www/wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php on line 98

/index.php/Spesial:OAuth2Client/callback?code=XXXXXXXX-XXXX-XXXX&state=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX BadMethodCallException from line 35 of /var/www/wiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Tool/RequiredParameterTrait.php: Required parameter not passed: "code"

Backtrace:
#0 /var/www/wiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Tool/RequiredParameterTrait.php(53): League\OAuth2\Client\Grant\AbstractGrant->checkRequiredParameter(string, array)
#1 /var/www/wiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Grant/AbstractGrant.php(76): League\OAuth2\Client\Grant\AbstractGrant->checkRequiredParameters(array, array)
#2 /var/www/wiki/extensions/MW-OAuth2Client/vendors/oauth2-client/src/Provider/AbstractProvider.php(563): League\OAuth2\Client\Grant\AbstractGrant->prepareRequestParameters(array, array)
#3 /var/www/wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(98): League\OAuth2\Client\Provider\AbstractProvider->getAccessToken(League\OAuth2\Client\Grant\AuthorizationCode, array)
#4 /var/www/wiki/extensions/MW-OAuth2Client/SpecialOAuth2Client.php(65): SpecialOAuth2Client->_handleCallback()
#5 /var/www/wiki/includes/specialpage/SpecialPage.php(522): SpecialOAuth2Client->execute(string)
#6 /var/www/wiki/includes/specialpage/SpecialPageFactory.php(578): SpecialPage->run(string)
#7 /var/www/wiki/includes/MediaWiki.php(287): SpecialPageFactory::executePath(Title, RequestContext)
#8 /var/www/wiki/includes/MediaWiki.php(851): MediaWiki->performRequest()
#9 /var/www/wiki/includes/MediaWiki.php(523): MediaWiki->main()
#10 /var/www/wiki/index.php(43): MediaWiki->run()
#11 {main}

Hi,

Is this extension being supported, or is it left for dead?

If the latter, is there a viable alternative?

Thanks.