Latest Tweets

MediaWiki 1.8.2: Connecting its auth mechanism with apache using the old HttpAuthPlugin extension

Preamble

On a MediaWiki installation site, version 1.8.2, there was a need for authenticating users directly using an HTTP/BASIC Apache dialogue box. According to the MediaWiki site, a certain extension had been developed with this goal in mind: HttpAuth. After installing it, however, we still had two main problems:

  • Whenever a previously authenticated user tried to change his/her password within MediaWiki, the password would not be updated accordingly in Apache’s passwd file.
  • Whenever a previously authenticated user with administrative rights within MediaWiki created new users, these new ones would not be added to Apache’s passwd file.

These two important issues affected quite negatively the experience of using MediaWiki because whenever the first one happened, the user was not able to login due to “password incorrect” messages, and when it came to the second one the problem was even more annoying: the new users simply did not exist in Apache’s passwd file, therefore they would not be able to login at all.

Solving the issues

Two main files where in charge of updating the user’s preferences – among them, his/her password – and creating new ones. In order to fix these two issues, I added some code to these files.

Updating the user password in Apache’s passwd file

The file in charge of saving the user’s preferences is located here: includes/SpecialPreferences.php. Any time an authenticated user in MediaWiki saves his/her preferences, including the password, the function savePreferences() is called. Therefore, I added some trivial lines of code right in this function in order to update the user’s password in Apache’s passwd file. I made this small change right after calling the saveSettings() function. This can be clearly seen in the following code snippet:

               ...
                $wgUser->setPassword( $this->mNewpass );
                /* Store the password before losing it : */
                $npwd = $this->mNewpass;
               ...
 
                $wgUser->saveSettings();
 
                /* TCG update apache password */
                $strcmd = "/usr/bin/htpasswd -b /path/to/the/.htpasswd " .
                                strtolower($wgUser->getName()) . " " . $npwd;
                exec($strcmd, $ar_out , $val);
              ...

Adding the new user to Apache’s passwd file

 The file in charge of creating a new account inside MediaWiki is located here: includes/SpecialUserlogin.php. Every time a new user has to be created inside MediaWiki’s database, a call to the function addNewAccount() is made. Thus, I added some lines of code right here, right after the call to saveSettings(), in order to add the new user to the apache’s passwd file. This is shown below:

               ...
                $u->saveSettings();
 
                $strcmd = "/usr/bin/htpasswd -b /path/to/the/.htpasswd " .
                        strtolower($u->getName()) . " " . $this->mPassword;
                exec($strcmd, $ar_out , $val);
               ...

The patch

To apply these small changes, all you have to do is download these two files from here, and replaced the original ones inside your MediaWiki’s includes directory. The old HttpAuthLogin extension can still be download from here, too.