[06:59:56] hi! I'm tryting to develop SessionProvider extension to login with Discord Oauth, but I have some troubles and google didnt help [07:01:08] at the begining of provideSessionInfo() method I'm trying to $request->getSessionData('123') and it results in 502 error. What am I doing wrong? [07:02:00] I've tried to use generic php sessions and it didnt work at all, data being wiped on every page reload [07:02:54] all I need is to store somehow data from Discord OAuth and to use them in SessionProvider [07:51:30] this is from nginx logx upstream prematurely closed connection while reading response header from upstream [07:51:35] "upstream prematurely closed connection while reading response header from upstream" [07:51:57] so, MediaWiki somehow close the connection.. why? [08:29:51] ok, I temporarily decided to imitate sessions mechanism with files and cookies, and it works. But I really need to rewrite it and make this code better. Please help, when you can :D [08:33:49] dmitrydlmw: that sounds better suited to a PrimaryAuthenticationProvider [08:34:06] SessionProvider is for things that are checked on every request [08:35:02] you can do an OAuth login and then use normal MediaWiki sessions [08:35:39] check out WSOAuth for example [08:35:50] or GoogleLogin for something more complex [08:36:23] I started from GoogleLgoin, but it's way more complex than I need for my hobby project [08:37:27] and it actually does not serve the exact purpose: I want it to check in DB, if this Discord member has a particular role, which allows him to use MediaWiki [08:37:31] WSOAuth is an abstraction for OAuth logins, you can write your own plugin for it [08:37:45] that's probably the easiest [08:38:08] Discord's OAuth idenficiation returns the roles, presumably? [08:38:18] maybe it was, but I already used as an example this extension: https://github.com/Vekseid/ForumSessionProvider/ [08:38:35] no, discord oauth does not returns roles. I have them from bot [08:38:57] in that case, you can always make an API request afterwards [08:39:30] anyway, SessionProvider is for authentication information that's provided with every request [08:39:40] like cookies or client certificates [08:39:49] so, what I want is this: user can click on "Login" link, enter with Discord OAuth, then he cant use his account without Discord OAuth (so he need to relogin with Discord each time his session dies) and he cant get account any other way, without Discord [08:39:57] yes, I understand that [08:40:10] I created a Special Page, which does OAuth thing [08:40:27] again, this is what AuthenticationProviders are for [08:41:14] they are a bit complicated but PluggableAuth or WSOAuth provide a simpler interface on top of them [08:41:20] so I'd recommend those [08:41:36] then it store data in files (because I failed to make sessions works) and now on every request it gets discord data from file, identifying user by cookie (pretty much like PHP session works) [08:42:08] and now I'm goign to add another check, which will verifty that user has this role in another DB [08:42:25] what do you need from sessions in the first place? [08:42:29] it's ugly, but I need it ASAP and then I'll have time to improve [08:43:59] ideally I want to create a good extension for DiscordOAuth later and, if I succeed, share it with everyone, so I'll try to rewrite and when I'll do it, I'm going to use your advice about WSOAuth. Maybe it'll work better [08:44:21] better is not the point, it's much simpler [08:44:25] from sessions I want ability to store data, obtained from Discord: user id and login [08:44:37] this is Facebook login via WSOAuth: https://github.com/WikibaseSolutions/WSOAuth/blob/master/src/AuthenticationProvider/FacebookAuth.php [08:45:26] I have around 1 hour to complete this now, so I'd like to stay with what I already have and just add another functionality. It's kind of a hackaton in our community, so I'm in a rush. Then I'll have a 2 weeks to improve and rewrite it [08:46:14] that sounds ambitious :) [08:46:24] if it's possible to make session works, I'll try it now, but I'm afraid I'll be late if I'd go to rewrite thing from scratch [08:46:43] I still don't understand what you are trying to do with sessions [08:46:57] well, it already kind of works,althiugh it is very ugly :D [08:47:14] about sessions [08:47:54] I'm getting Discord OAuth details (id, username) with SpecialPage. It works. Now, when I get it, I want to store it somewhere and then check on every request with SessionProvider. [08:48:19] that's what sessions do [08:48:28] any kind of session, I mean [08:48:35] currently I store it in a text files, which imitate PHP sessions, because they didnt work, I dont know why [08:48:43] why do you need a custom type of session for that? [08:49:07] I've tried to use $request->setSessionData() and request->getSessionData() [08:49:23] it sets session data on special page [08:49:28] and it works [08:49:55] those work, although the common way to do it is $request->getSession()->get()/set() [08:50:01] but when I try to use $request->getSessionData() in SessionProvider method provideSessionInfo(WebRequest, it falls down with 502 error [08:50:25] this is from nginx logs: upstream prematurely closed connection while reading response header from upstream [08:50:26] yeah, but why do you try to do that? [08:50:52] because I need that data in that method. Or at least I think I need it there [08:51:07] trying to read data session in a method that's supposed to establish the session is of course not going to work well [08:51:27] oh [08:51:37] now I feel stupid and somehow enlightened [08:51:55] ok, now I see why it didnt work in general [08:52:16] the fundamental role of SessionProvider is to derive a session id from the request [08:52:40] the session data is stored keyed with that id in some backend [08:53:44] you really only need to mess with custom SessionProviders if you want to have some other session mechanism than putting the session id in a cookie [08:54:05] uh oh [08:54:20] then my ugly code is all I can get for now [08:54:30] typically that means that the user puts auth information in every request. Client certs, OAuth-signed requests, IP-based authentication and such. [08:55:49] here's an example of a WSOAuth wiki: https://wikispore.wmflabs.org/ [08:56:08] you click login, you get sent elsewhere for an OAuth identification, and you are logged in [08:56:24] (elsewhere is another MediaWiki in this case but doesn't have to be) [08:56:38] I think that's what you are after [08:56:51] I guess I need to rewrite it then, but I dont have time, so for now I'm going to stick with files. Ok. Later I'll try to rewrite it as Auth provider. Can it block any other way to login, so user would only be able to login with Discord? [08:57:24] yeah, there is only one way to log in on that wiki [08:57:29] great [08:58:18] and is there is any way to create users by discord ID, not by username? [08:58:39] currently I just use their ID as login, because discord logins could be changed [08:58:58] as a rough prototype it works, but of course it's not a good way of doing things [08:59:02] MediaWiki needs a username, that's what it uses for all kinds of internals [08:59:33] commonly you would store the discord ID / MediaWiki ID association in a table, and look it up on login [08:59:58] but you can use the discord ID as the MediaWiki username as a quick and dirty hack [09:00:07] and if username changes, can I easily update it? [09:00:22] not easily, no [09:00:50] then maybe I can store username as additional/optional field and display it instead of login? [09:00:58] instead of username* [09:01:11] MediaWiki uses the username as the DB key for all sorts of things, it can be changed but not easily [09:02:03] I'm ok if actual username will be discord ID, if it's possible to display an optional field instead of username on the page [09:02:31] maybe there is a way to put some hook, something like "get_username", which will replace actual username with optional field? [09:02:43] which will be easily updated [09:03:25] I don't think there is an easy way to do that [09:03:48] all users have a wiki page and message page which are named after the username [09:04:03] so for username changes you need to rename those pages [09:04:42] nono, I mean, maybe I can display optional field instead of real username (which will be discord ID) in the right top corner of the page? [09:04:51] and in edit journal [09:05:00] in the top right corner, sure [09:05:28] but the user's profile page will still be named after the real username, so it will be confusing [09:05:33] and in edit journal and places like this? If so, then there is no problem, it'd be even better with this ID as actual page name [09:05:59] there are extensions for showing an alternative name alongside the username, e.g. https://www.mediawiki.org/wiki/Extension:Realnames [09:06:14] great! [09:06:17] thank you [09:06:34] maybe I'll even have enough time to implement it before deadline [09:06:43] good luck [09:06:51] I still have around 40 minutes to verify user group and display real name, sooo [09:07:11] thank you very much, I'll be back later to rewrite it in a right way :D [09:34:51] it works! somehow. not without a bugs, but as a rough prototype -- just fine [09:35:12] thanks again, I'm going to rethink this thing and read some code of WSOAuth [09:35:28] and come back with questions :D