Wiki:OSM AuthPlugin

From OpenStreetMap Wiki
Jump to navigation Jump to search

broom

This article or section may contain out-of-date information. The information may no longer be correct, or may no longer have relevance.
If you know about the current state of affairs, please help keep everyone informed by updating this information. (Discussion)
Test it here: [1]

An attempt to create a MediaWiki AuthPlugin to perform logins against OSM db rather than MW's separate db (Single sign on)

Source for a release 20080929-5 is available at /source.. Latest release here.


Interface

The following are required by the AuthPlugin interface:

userExists

bool userExists(string $username)

From testing, it appears this method is tried before authenticate.

authenticate

bool authenticate(string $username, string $password)

Rudimentary implementation with PEAR HTTP_Request done, but needs userExists to work before it can be tested.

setPassword

bool setPassword(User $user, string $password)

If there's nothing in the API, this should return false. Otherwise, allowPasswordChange should be true.

initUser

(void) initUser(User &$user, bool $autocreate=false)

Fills preferences, etc. Can be used to do things like pulling the email address from OSM into MW.

getCanonicalName

string getCanonicalName(string $username)

MW capitalizes the first letter, and translates all underscores to spaces.

Parameters

autoCreate: create internal account on Wiki for users that exist on the main DB but not here? Probably should be true.

allowPasswordChange: can users change their passwords? Unless there's something in the API to do this, false.

canCreateAccounts: can accounts on the OSM DB be created through the MW interface? Without API support, false.

strict: should failures against the OSM DB be fatal? For the moment, this should probably be false to allow people with different account names to login using their MW details.

Shopping list

Things needed to push forward:

  • A URL that returns very little data, that the Authorization: header can be sent to (preferably via HTTP HEAD), and actually returns something other than HTTP 200 when this fails.
Answer http://www.openstreetmap.org/api/0.5/user/details
  • Some means (preferably via an API call) of establishing simply whether or not a given username is taken.
  • Confirmation that there are no usernames containing both spaces and underscores, and that no usernames contain [ or ].