Rewrite GoogleLogin to be a PrimaryAuthenticationProvider

This change implements: * A new primarey authentication provider (GooglePrimaryAuthenticationProvider), which let the user authenticate with the Google account. * A workaround for the requirement of a static redirect uri of Google (including an own CSRF protection using Google's state field) using a new Special page (Special:GoogleLoginReturn) which handles the required checks for all data and redirects to Special:UserLogin with the correct original csrf token of the user login special page. * Reworks Special:GoogleLogin to be an information special page only (with links to link and unlink) * Reworked GoogleUser as a static class (which also doesn't inherit from User anymore) for: * Get an User object from a Google ID * Get a Google ID for a User object * Connect an User object with a Google ID * Terminate a connection between a Google ID and an User * Check, if a Google ID is already connected or not * Reworked GoogleLogin.body.php (GoogleLogin class) to remove unnecessary functions, and work with new GoogleUser object. * Cleaned up GoogleLogin.hooks.php to remove unnecessary hooks * Cleaned up extension.json to remove definition for unused hooks * Removed now unused ResourceLoader modules * Added a Google icon and a style module that styles the login/create with Google button on Special:UserLogin and Special:CreateAccount according to the brand guidelines of Google * Put any class (except Api) into GoogleLogin namespaces * Reworks how Google account connections are handled. Now the user can have as much Google accounts connected with the wiki account as he wants. This changes the 1:1 relationship (used until yet) to a 1:n relationship. * Added a SQL patch to add an index for the user_id field in the user_google_user table Bug: T110294 Change-Id: I0d0447eb35ff38fab8bd4d945469cd66cabe0f73
wikimedia · Jun 9, 2016 · fdbdcaf · fdbdcaf
1 parent 74acabc
commit fdbdcaf
Show file tree

Hide file tree

Showing 32 changed files with 1,151 additions and 1,594 deletions.
diff --git a/GoogleLogin.alias.php b/GoogleLogin.alias.php
@@ -10,6 +10,7 @@
 /** English (English) */
 $specialPageAliases['en'] = array(
 	'GoogleLogin' => array( 'GoogleLogin', 'Login with Google' ),
+	'GoogleLoginReturn' => array( 'GoogleLoginReturn', 'GoogleLoginReturn' ),
 	'ManageGoogleLogin' => array( 'ManageGoogleLogin', 'Manage GoogleLogin connections' ),
 );
 
@@ -91,4 +92,4 @@
 /** Traditional Chinese (中文（繁體）‎) */
 $specialPageAliases['zh-hant'] = array(
 	'GoogleLogin' => array( 'Google_登入' ),
-);
+);
diff --git a/README.md b/README.md
@@ -6,9 +6,9 @@ the MediaWiki User account.
 
 Requirements
 ==
-* MediaWiki Version 1.23+
+* MediaWiki Version 1.28+
 * MySQL (sorry, no PostgreSQL or SQLite support for now)
-* PHP 5.3+
+* PHP 5.5+
 * Google Developer Account with Google+ API access
 * Google+ API access
 * API Credentials for Webapplication (Client ID and Client Secret)

diff --git a/extension.json b/extension.json
@@ -1,18 +1,18 @@
 {
 	"name": "GoogleLogin",
-	"version": "0.3.1-git",
+	"version": "0.4.0-git",
 	"author": "Florian Schmidt",
 	"url": "https://www.mediawiki.org/wiki/Extension:GoogleLogin",
-	"descriptionmsg": "googlelogin-desc",
+	"descriptionmsg": "googlelogin-desc-authmanager",
 	"license-name": "MIT",
-	"type": "specialpage",
+	"type": "auth",
 	"GroupPermissions": {
 		"sysop": {
 			"managegooglelogin": true
 		}
 	},
 	"requires": {
-		"MediaWiki": ">= 1.26.0"
+		"MediaWiki": ">= 1.28.0"
 	},
 	"AvailableRights": [
 		"managegooglelogin"
@@ -21,8 +21,9 @@
 		"googlelogin": "GlobalVarConfig::newInstance"
 	},
 	"SpecialPages": {
-		"GoogleLogin": "SpecialGoogleLogin",
-		"ManageGoogleLogin": "SpecialManageGoogleLogin"
+		"GoogleLogin": "GoogleLogin\\Specials\\SpecialGoogleLogin",
+		"GoogleLoginReturn": "GoogleLogin\\Specials\\SpecialGoogleLoginReturn",
+		"ManageGoogleLogin": "GoogleLogin\\Specials\\SpecialManageGoogleLogin"
 	},
 	"APIModules": {
 		"googleplusprofileinfo": "ApiGoogleLoginInfo"
@@ -36,13 +37,28 @@
 		"GoogleLoginAlias": "GoogleLogin.alias.php"
 	},
 	"AutoloadClasses": {
-		"GoogleLogin": "includes/GoogleLogin.body.php",
-		"SpecialGoogleLogin": "includes/specials/SpecialGoogleLogin.php",
-		"SpecialManageGoogleLogin": "includes/specials/SpecialManageGoogleLogin.php",
-		"GoogleLoginHooks": "includes/GoogleLogin.hooks.php",
+		"GoogleLogin\\GoogleLogin": "includes/GoogleLogin.body.php",
+		"GoogleLogin\\HTMLGoogleLoginButtonField": "includes/htmlform/HTMLGoogleLoginButtonField.php",
+		"GoogleLogin\\Specials\\SpecialGoogleLogin": "includes/specials/SpecialGoogleLogin.php",
+		"GoogleLogin\\Specials\\SpecialGoogleLoginReturn": "includes/specials/SpecialGoogleLoginReturn.php",
+		"GoogleLogin\\Specials\\SpecialManageGoogleLogin": "includes/specials/SpecialManageGoogleLogin.php",
+		"GoogleLogin\\GoogleLoginHooks": "includes/GoogleLogin.hooks.php",
 		"GoogleLogin\\GoogleUser": "includes/GoogleUser.php",
+		"GoogleLogin\\Auth\\GooglePrimaryAuthenticationProvider": "includes/auth/GooglePrimaryAuthenticationProvider.php",
+		"GoogleLogin\\Auth\\GoogleServerAuthenticationRequest": "includes/auth/GoogleServerAuthenticationRequest.php",
+		"GoogleLogin\\Auth\\GoogleAuthenticationRequest": "includes/auth/GoogleAuthenticationRequest.php",
+		"GoogleLogin\\Auth\\GoogleRemoveAuthenticationRequest": "includes/auth/GoogleRemoveAuthenticationRequest.php",
+		"GoogleLogin\\Auth\\GoogleUserInfoAuthenticationRequest": "includes/auth/GoogleUserInfoAuthenticationRequest.php",
 		"ApiGoogleLoginInfo": "includes/api/ApiGoogleLoginInfo.php"
 	},
+	"AuthManagerAutoConfig": {
+		"primaryauth": {
+			"GoogleLogin\\Auth\\GooglePrimaryAuthenticationProvider": {
+				"class": "GoogleLogin\\Auth\\GooglePrimaryAuthenticationProvider",
+				"sort": 101
+			}
+		}
+	},
 	"ResourceModules": {
 		"ext.GoogleLogin.style": {
 			"styles": "style/ext.GoogleLogin.css",
@@ -52,9 +68,21 @@
 				"mobile"
 			]
 		},
-		"ext.GoogleLogin.right.style": {
-			"styles": "style/ext.GoogleLogin.right.css",
-			"position": "top"
+		"ext.GoogleLogin.userlogincreate.style": {
+			"styles": "style/ext.GoogleLogin.userlogincreate.less",
+			"position": "top",
+			"targets": [
+				"desktop",
+				"mobile"
+			]
+		},
+		"ext.GoogleLogin.userlogincreate.ooui.style": {
+			"styles": "style/ext.GoogleLogin.userlogincreate.ooui.less",
+			"position": "top",
+			"targets": [
+				"desktop",
+				"mobile"
+			]
 		},
 		"ext.GoogleLogin.specialManage.scripts": {
 			"dependencies": [
@@ -81,85 +109,35 @@
 				"googlelogin-manage-unknownerror",
 				"googlelogin-manage-plusinfo-title"
 			]
-		},
-		"ext.GoogleLogin.specialGoogleLogin.chooseown": {
-			"dependencies": [
-				"oojs-ui"
-			],
-			"scripts": [
-				"javascripts/specialpages/ext.GoogleLogin.specialGoogleLogin.chooseown.js"
-			],
-			"targets": [
-				"desktop",
-				"mobile"
-			]
 		}
 	},
 	"ResourceFileModulePaths": {
 		"localBasePath": "",
 		"remoteExtPath": "GoogleLogin"
 	},
 	"Hooks": {
+		"AuthChangeFormFields": [
+			"GoogleLogin\\GoogleLoginHooks::onAuthChangeFormFields"
+		],
 		"UserLogoutComplete": [
-			"GoogleLoginHooks::onUserLogoutComplete"
+			"GoogleLogin\\GoogleLoginHooks::onUserLogoutComplete"
 		],
 		"LoadExtensionSchemaUpdates": [
-			"GoogleLoginHooks::onLoadExtensionSchemaUpdates"
-		],
-		"UserLoginForm": [
-			"GoogleLoginHooks::onUserLoginForm"
-		],
-		"UserCreateForm": [
-			"GoogleLoginHooks::onUserCreateForm"
-		],
-		"PersonalUrls": [
-			"GoogleLoginHooks::onPersonalUrls"
-		],
-		"SpecialPage_initList": [
-			"GoogleLoginHooks::onSpecialPage_initList"
-		],
-		"GetPreferences": [
-			"GoogleLoginHooks::onGetPreferences"
-		],
-		"RecentChange_save": [
-			"GoogleLoginHooks::onRecentChange_save"
-		],
-		"ListDefinedTags": [
-			"GoogleLoginHooks::onListDefinedAndActiveTags"
-		],
-		"ChangeTagsListActive": [
-			"GoogleLoginHooks::onListDefinedAndActiveTags"
-		],
-		"LoginFormValidErrorMessages": [
-			"GoogleLoginHooks::onLoginFormValidErrorMessages"
-		],
-		"UnitTestsList": [
-			"GoogleLoginHooks::onUnitTestsList"
+			"GoogleLogin\\GoogleLoginHooks::onLoadExtensionSchemaUpdates"
 		],
 		"MergeAccountFromTo": [
-			"GoogleLoginHooks::onMergeAccountFromTo"
+			"GoogleLogin\\GoogleLoginHooks::onMergeAccountFromTo"
 		],
 		"UserMergeAccountDeleteTables": [
-			"GoogleLoginHooks::onUserMergeAccountDeleteTables"
+			"GoogleLogin\\GoogleLoginHooks::onUserMergeAccountDeleteTables"
 		]
 	},
 	"config": {
-		"GLResourcePath": {
-			"localBasePath": "/var/www/html/media/extensions/GoogleLogin",
-			"remoteExtPath": "GoogleLogin"
-		},
 		"GLSecret": "",
 		"GLAppId": "",
 		"GLAllowedDomains": "",
 		"GLAllowedDomainsStrict": false,
-		"GLShowCreateReason": false,
-		"GLShowKeepLogin": true,
-		"GLForceKeepLogin": false,
-		"GLAllowAccountCreation": null,
-		"GLReplaceMWLogin": false,
-		"GLAPIKey": "",
-		"GLShowRight": false,
-		"GLNeedsConfirmEmail": true
+		"GLAPIKey": ""
 	},
 	"load_composer_autoloader": true,
 	"manifest_version": 1

diff --git a/i18n/en.json b/i18n/en.json
@@ -4,16 +4,16 @@
 			"Florian Schmidt"
 		]
 	},
-	"apihelp-googleplusprofileinfo-description": "Makes a request to the Google+ api to find our some personal information about a given user.",
+	"apihelp-googleplusprofileinfo-description": "Makes a request to the Google+ api to find out some personal information about a given user.",
 	"apihelp-googleplusprofileinfo-param-googleid": "The Google ID of the user.",
-	"googlelogin": "Login with Google",
+	"googlelogin": "Log in with Google",
+	"googlelogin-auth-service-name": "Google",
 	"managegooglelogin": "Manage GoogleLogin connections",
 	"googlelogin-managelegend": "Find user to manage",
 	"googlelogin-manage-usersubmit": "Manage user",
-	"googlelogin-manage-notexist": "There is no user with name <strong>$1</strong>.",
 	"googlelogin-manage-user": "You manage the {{GENDER:$1|user}} <strong>$1</strong>.",
-	"googlelogin-manage-linked": "The account is linked with a Google account with the ID ",
-	"googlelogin-manage-notlinked": "The account is actually not linked with a Google account.",
+	"googlelogin-manage-linked": "The account is linked with Google account(s) with the following ID(s): ",
+	"googlelogin-manage-notlinked": "The account is actually not linked with any Google account.",
 	"googlelogin-manage-changelegend": "Change Google ID",
 	"googlelogin-manage-noplus": "<strong>Notice:</strong> The user with the Google ID you entered seems to have no Google+ profile. Maybe a typing error?",
 	"googlelogin-manage-changedsuccess": "The user is now linked with the Google account.",
@@ -33,27 +33,12 @@
 	"googlelogin-manage-unknownerror": "There was an unknown error while loading your data. Maybe the user doesn't exist on Google+ or the profile ID is false?",
 	"googlelogin-manage-plusinfo-title": "Profile information",
 	"googlelogin-manage-errorloading": "Loading error",
+	"googlelogin-manage-addlabel": "Add Google ID",
 	"googlelogin-username": "Username",
 	"googlelogin-create": "Create with Google",
-	"googlelogin-desc": "Allow users to [[Special:GoogleLogin|login with their Google account]]",
-	"googlelogin-parerror": "The requested page doesn't exist. Please go back and try the action again.",
+	"googlelogin-desc-authmanager": "Allow users to login with their Google account.",
 	"googlelogin-generic-error": "Oops, there was an error. Please go back and try again. Message: $1",
-	"googlelogin-createnotallowed": "You are not allowed to create a new account with GoogleLogin.",
 	"googlelogin-unallowed-domain": "The email domain used for the primary email address of your Google account ($1) isn't allowed to login into this wiki.",
-	"googlelogin-error-unknownconnected": "The wiki account, connected with your Google account, doesn't exist (anymore). The connection between your accounts will be removed. Please create a new wiki account or use another existing one.",
-	"googlelogin-form-choosename-title": "Choose username",
-	"googlelogin-form-choosename": "Please choose your username to create a wiki account",
-	"googlelogin-form-choosename-finish-title": "Create wiki account",
-	"googlelogin-form-choosename-finish-body": "Congratulations! You have created the wiki account $1 and linked it with your Google account.",
-	"googlelogin-form-choosename-error": "You must choose an username or choose one of our suggestion.",
-	"googlelogin-form-choosename-existerror": "The username ''$1'' is already in use, please choose another.",
-	"googlelogin-form-chooseown": "Choose own",
-	"googlelogin-form-chooseown-error": "Please let us know your desired username or take one of our suggestions.",
-	"googlelogin-form-choosename-placeholder": "Your username",
-	"googlelogin-form-merge-title": "Link user account",
-	"googlelogin-form-logout": "Login with another Google account",
-	"googlelogin-form-backlink": "Back to Google login",
-	"googlelogin-form-next": "Next",
 	"googlelogin-form-merge": "Link Google to wiki account",
 	"googlelogin-form-unlink": "Unlink Google from wiki account",
 	"googlelogin-email": "Email address",
@@ -62,14 +47,20 @@
 	"googlelogin-information-body": "In the following table you find information about your Google account and if it is linked to a wiki account or not.",
 	"googlelogin-linkstatus": "Link status",
 	"googlelogin-linked": "linked",
-	"googlelogin-login-already-registered": "I already have a {{SITENAME}} account",
-	"googlelogin-login-merge-warning": "Please login to link your Google account with your {{SITENAME}} account.",
-	"googlelogin-or": "or",
 	"googlelogin-unlinked": "not linked",
 	"googlelogin-link-other": "Your Google account is already linked to another user. Please unlink the connection or contact an administrator, if you have no other wiki account.",
-	"googlelogin-success-merge": "Your wiki account is now linked to your Google account.",
-	"googlelogin-success-unlink": "Your wiki account is no longer linked to your Google account.",
+	"googlelogin-link-same": "Your Google account is already linked to your user, so you can't link it again.",
 	"googlelogin-prefs-status": "GoogleLogin status:",
+	"googlelogin-error-no-authentication-workflow": "You requested to continue an already started Google authentication workflow, but there's no already running one. Please start a new authentication workflow by trying to login again.",
+	"googlelogin-loginbutton-help": "Authenticates you with your Google account.",
+	"googlelogin-link-help": "Link your wiki account with your Google account.",
+	"googlelogin-param-error-label": "Error code returned from Google",
+	"googlelogin-param-error-help": "In case of an authentication failure, the error code returned from Google.",
+	"googlelogin-param-code-label": "Access token from Google",
+	"googlelogin-param-code-help": "In case of a successful authentication, the access token returned from Google.",
+	"googlelogin-change-account-not-linked": "You can not remove a Google account connection, because your account isn't connected with a Google account.",
+	"googlelogin-auth-service-unknown-account": "Unknown Google account",
+	"googlelogin-access-denied": "Unable to log in. You denied the access to your Google account information.",
 	"tag-googlelogin": "[[Special:GoogleLogin|GoogleLogin]]",
 	"tag-googlelogin-description": "Registrations with this tag were made with [[Special:GoogleLogin|GoogleLogin]]",
 	"action-managegooglelogin": "manage GoogleLogin connections",