From af337a12e6f084556400fa93c71304ad63f1efa6 Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Fri, 23 Sep 2016 12:41:01 +0300
Subject: Initial commit

---
 pkgs/mediawikiExtensions/Sproxy/Sproxy.php | 218 +++++++++++++++++++++++++++++
 pkgs/mediawikiExtensions/default.nix       |  52 +++++++
 2 files changed, 270 insertions(+)
 create mode 100644 pkgs/mediawikiExtensions/Sproxy/Sproxy.php
 create mode 100644 pkgs/mediawikiExtensions/default.nix

(limited to 'pkgs/mediawikiExtensions')

diff --git a/pkgs/mediawikiExtensions/Sproxy/Sproxy.php b/pkgs/mediawikiExtensions/Sproxy/Sproxy.php
new file mode 100644
index 0000000..697c596
--- /dev/null
+++ b/pkgs/mediawikiExtensions/Sproxy/Sproxy.php
@@ -0,0 +1,218 @@
+<?php
+
+// This program is free software: you can redistribute it and/or modify it
+// under the terms of the GNU General Public License as published by the Free
+// Software Foundation, either version 2 of the License, or (at your option)
+// any later version.
+//
+// This program is distributed in the hope that it will be useful, but WITHOUT
+// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+// more details.
+//
+// You should have received a copy of the GNU General Public License along with
+// this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+// Copyright 2006 Otheus Shelling
+// Copyright 2007 Rusty Burchfield
+// Copyright 2009 James Kinsman
+// Copyright 2010 Daniel Thomas
+// Copyright 2010 Ian Ward Comfort
+// Copyright 2013-2016 Zalora South East Asia Pte Ltd
+//
+// In 2009, the copyright holders determined that the original publishing of this code
+// under GPLv3 was legally and logistically in error, and re-licensed it under GPLv2.
+//
+// See http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER
+//
+// Adapted by Rusty to be compatible with version 1.9 of MediaWiki
+// Optional settings from Emmanuel Dreyfus
+// Adapted by VibroAxe (James Kinsman) to be compatible with version 1.16 of MediaWiki
+// Adapted by VibroAxe (James Kinsman) to allow domain substitution for Integrated Windows Authentication
+// Adapted by drt24 (Daniel Thomas) to add the optional $wgAuthRemoteuserMailDomain and remove hardcoding
+//   of permissions for anonymous users.
+// Adapted by Ian Ward Comfort to detect mismatches between the session user and REMOTE_USER
+// Adapted to sproxy by Chris Forno
+// Extension credits that show up on Special:Version
+
+$wgExtensionCredits['other'][] = array(
+  'name' => 'Sproxy',
+  'version' => '0.2.0',
+  'author' => array(
+    'Otheus Shelling',
+    'Rusty Burchfield',
+    'James Kinsman',
+    'Daniel Thomas',
+    'Ian Ward Comfort',
+    'Chris Forno'
+  ) ,
+  'url' => '',
+  'description' => 'Automatically authenticates users using sproxy HTTP headers.',
+);
+
+// We must allow zero length passwords. This extension does not work in MW 1.16 without this.
+$wgMinimalPasswordLength = 0;
+
+function sproxy_hook()
+{
+  global $wgUser, $wgRequest, $wgAuth;
+
+  // For a few special pages, don't do anything.
+  $skipPages = array(
+    Title::makeName(NS_SPECIAL, 'UserLogin') ,
+    Title::makeName(NS_SPECIAL, 'UserLogout') ,
+  );
+
+  if (in_array($wgRequest->getVal('title') , $skipPages)) {
+    return;
+  }
+
+  // Don't do anything if there's already a valid session.
+  $user = User::newFromSession();
+  if (!$user->isAnon()) {
+    return;
+  }
+
+  // If the login form returns NEED_TOKEN try once more with the right token
+  $trycount = 0;
+  $token = '';
+  $errormessage = '';
+  do {
+    $tryagain = false;
+    // Submit a fake login form to authenticate the user.
+    $params = new FauxRequest(array(
+      'wpName' => sproxy_username() ,
+      'wpPassword' => '',
+      'wpDomain' => '',
+      'wpLoginToken' => $token,
+      'wpRemember' => '',
+    ));
+    // Authenticate user data will automatically create new users.
+    $loginForm = new LoginForm($params);
+    $result = $loginForm->authenticateUserData();
+    switch ($result) {
+    case LoginForm::SUCCESS:
+      $wgUser->setOption('rememberpassword', 1);
+      $wgUser->setCookies();
+      break;
+
+    case LoginForm::NEED_TOKEN:
+      $token = $loginForm->getLoginToken();
+      $tryagain = ($trycount == 0);
+      break;
+
+    default:
+      error_log("Unexpected sproxy authentication failure (code: $result)");
+      break;
+    }
+    $trycount++;
+  }
+  while ($tryagain);
+}
+
+$wgExtensionFunctions[] = 'sproxy_hook';
+function sproxy_email()
+{
+  return $_SERVER['HTTP_FROM'];
+}
+
+function sproxy_username()
+{
+  // We can't rely on X-Given-Name/X-Family name because they can be
+  // set by the user. I've personally seen someone set their name to
+  // "ZALORA".
+  //
+  // Instead, we'll try to extract the real name from the first part
+  // of the email address.
+  list($username, $_) = explode('@', sproxy_email());
+  // So we have something like firstname.lastname or firstname.l or
+  // firstname.
+  return $username;
+}
+
+function sproxy_real_name()
+{
+  return $_SERVER['HTTP_X_GIVEN_NAME'] . ' ' . $_SERVER['HTTP_X_FAMILY_NAME'];
+}
+
+class AuthSproxy extends AuthPlugin
+{
+  public function userExists($username)
+  {
+    // This does not mean does the user already exist in the Mediawiki database.
+    return true;
+  }
+
+  public function authenticate($username, $password)
+  {
+    // All users are already authenticated.
+    return true;
+  }
+
+  public function autoCreate()
+  {
+    // Automatically create Mediawiki users for sproxy users.
+    return true;
+  }
+
+  function allowPasswordChange()
+  {
+    // This doesn't make any sense so don't allow it.
+    return false;
+  }
+
+  public function strict()
+  {
+    // Don't check passwords against the Mediawiki database;
+    return true;
+  }
+
+  public function initUser(&$user, $autocreate = false)
+  {
+    $user->setEmail(sproxy_email());
+    $user->mEmailAuthenticated = wfTimestampNow();
+    $user->setToken();
+    $user->setRealName(sproxy_real_name());
+
+    // turn on e-mail notifications
+    if (isset($wgAuthRemoteuserNotify) && $wgAuthRemoteuserNotify) {
+      $user->setOption('enotifwatchlistpages', 1);
+      $user->setOption('enotifusertalkpages', 1);
+      $user->setOption('enotifminoredits', 1);
+      $user->setOption('enotifrevealaddr', 1);
+    }
+    $user->saveSettings();
+  }
+}
+
+$wgAuth = new AuthSproxy();
+
+// Don't let anonymous people do things...
+$wgGroupPermissions['*']['createaccount'] = false;
+$wgGroupPermissions['*']['read'] = false;
+$wgGroupPermissions['*']['edit'] = false;
+
+// see http://www.mediawiki.org/wiki/Manual:Hooks/SpecialPage_initList
+// and http://www.mediawiki.org/w/Manual:Special_pages
+// and http://lists.wikimedia.org/pipermail/mediawiki-l/2009-June/031231.html
+// disable login and logout functions for all users
+function LessSpecialPages(&$list)
+{
+  unset($list['ChangeEmail']);
+  unset($list['Userlogin']);
+  unset($list['Userlogout']);
+  return true;
+}
+$wgHooks['SpecialPage_initList'][] = 'LessSpecialPages';
+
+// http://www.mediawiki.org/wiki/Extension:Windows_NTLM_LDAP_Auto_Auth
+// remove login and logout buttons for all users
+function StripLogin(&$personal_urls, &$wgTitle)
+{
+  unset($personal_urls["login"]);
+  unset($personal_urls["logout"]);
+  unset($personal_urls['anonlogin']);
+  return true;
+}
+$wgHooks['PersonalUrls'][] = 'StripLogin';
+
diff --git a/pkgs/mediawikiExtensions/default.nix b/pkgs/mediawikiExtensions/default.nix
new file mode 100644
index 0000000..f2ae6f1
--- /dev/null
+++ b/pkgs/mediawikiExtensions/default.nix
@@ -0,0 +1,52 @@
+{ lib, fetchgit, mediawiki }:
+
+let
+  inherit (lib) filter genAttrs;
+
+  bundled = filter (n: n != "out") mediawiki.outputs;
+
+in genAttrs bundled (e: mediawiki.${e}) //
+{
+
+  EmbedVideo= fetchgit {
+    url = https://github.com/HydraWiki/mediawiki-embedvideo.git;
+    rev = "1c1904bfc040bc948726719cbef41708c62546b3";
+    sha256 = "07sxpaks1hik710izilpslnqlcjz2nphqkx9b9qh6qv9xb0a9n6v";
+  };
+
+  GraphViz = fetchgit {
+    url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/GraphViz.git;
+    rev = "c968ec19090ab6febcd12ccd5816c5875fddc9df";
+    sha256 = "a0f9b7a67c1b166bba7ce3100b9b2666938af50666a526b1e9e4a83359e4a10d";
+  };
+
+/* TODO Use with Mediawiki 1.26+
+  MathJax = fetchgit {
+    url = https://github.com/hbshim/mediawiki-mathjax.git;
+    rev = "56061635eaeffbd13d50d243077e44fcbf3f5da1";
+    sha256 = "1xx9cpcl5c8n1jn3qckcva5dnl8z7i1bd2ff4ycpd2cdp930gsy6";
+  };
+*/
+
+  MathJax = fetchgit {
+    url = https://github.com/zalora/Mediawiki-MathJax.git;
+    rev = "880adf7f9da55dbe257043fe431f825211ee96e1";
+    sha256 = "17s3pbxj6jhywsbdss1hqmss8slb89jkwirlsbd0h16m130q72n8";
+  };
+
+  MsUpload = fetchgit {
+    url = https://phabricator.wikimedia.org/diffusion/EMSU/extension-msupload.git;
+    rev = "d2983b9cd44203173b39e64bf25cdcd73612fcc0";
+    sha256 = "18n4iyvp85ipgggjgwrk6pn75gciwrkjb7mr1zvqsh9kv3rpd5n9";
+  };
+
+  Sproxy = ./Sproxy; # TODO: review, update & publish
+
+  UserPageEditProtection = fetchgit {
+    url = https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UserPageEditProtection.git;
+    rev = "13ff835e8278654ab8cfae03c8b8196bdfe6e410";
+    sha256 = "0hjsgq8hhqw6wxqfc14jq1wb09q8zf9xv7jz0hkhl5ma6338j7q9";
+  };
+
+}
+
-- 
cgit v1.2.3