[07:07:11] legoktm: unlinking was not tested that much, since it's not used in WMF production, so it could easily have bugs [07:07:34] you should be able to see a list of the specific accounts to unlink there, though [07:08:06] hm, I don't [07:08:36] as long as you return them from getAuthenticationRequests and override getUniqueId [07:08:39] I'll upload my code tomorrow in case I missed something [07:10:15] yeah, I'm doing that... [14:26:36] hey when i try to login i keep getting 'There seems to be a problem with your login session; this action has been cancelled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again' -- is there a way to reset account manually? [15:10:04] anev: I think so, look at the maintenance/ folder [15:10:13] it has scripts for tasks like that [17:55:10] Hey, I'm running MW 1.27, and I've run into an issue with AuthManager and the LdapAuthentication extension (authing with Active Directory). Is there anyway to stop AuthManager from changing _ to spaces? That's preventing some accounts from authenticating properly (since it's the incorrect username). [18:26:23] Rosencrantz: MediaWiki usernames cannot have underscores [18:26:59] LDAP usernames could, AuthManager does not interfere with anything an auth plugin does with the contents of the form fields [18:27:27] including reading from the username field and then using that as an LDAP username [18:27:59] Hmmmm [18:28:29] so that is probably the extension's doing (which has been unmaintained for years, see also https://www.mediawiki.org/wiki/LDAP_hub ) [18:30:22] I'll keep digging in the debugger then, I thought it had come into LdapAuth's->authenticate without the underscore, but maybe it changed somewhere first... [18:32:16] Worst case maybe I'll just put something above the bind section that changes spaces to underscores. Dirty hack, but it might be my only option. [18:32:54] Rosencrantz: yes, LdapAuth is based on a compatibility wrapper (as authenticate() is not part of the auth interface anymore) and that does normalize usernames [18:33:47] but that could be easily fixed in the extension [18:34:30] ...where by "easily" I mean it's probably a lot of work [18:34:56] you don't need to do hacks or change core, though [18:35:42] see also the commit message of https://gerrit.wikimedia.org/r/c/mediawiki/extensions/LdapAuthentication/+/286705 [18:41:45] Oh! Is that completely separate from the rest of the extension? [20:27:18] Rosencrantz: in the past auth extensions had to subclass AuthPlugin; these days it's deprecated and you are supposed to implement PrimaryAuthenticationProvider [20:27:55] there is B/C code so that an AuthPlugin subclass still works (with various shortcomings), that's what LdapAuth uses [20:30:00] so you have LdapPrimaryAuthenticationProvider which basically just translates PrimaryAuthenticationProvider calls into AuthPlugin calls, and LdapAuthenticationPlugin with the actual LDAP logic [20:30:59] Ahhh [20:31:45] LdapPrimaryAuthenticationProvider receives the username as typed and then normalizes it: https://github.com/wikimedia/mediawiki-extensions-LdapAuthentication/blob/96515b7f0ef3953357f61c27d7624bddec57e215/LdapPrimaryAuthenticationProvider.php#L187 [20:33:16] so it's easy to pass the original username to LdapAuthenticationPlugin::authenticate instead, I'm just not sure if it causes any problems [20:33:55] :q [20:34:02] (oops wrong window) [20:36:13] ok, if there's B/C code in there, how do I get it to route through the PrimaryAuthProvider stuff instead? [20:37:08] I assume I'd have to change it from $wgAuth = stuff to something else (non-$wgAuth related?) [20:45:22] Rosencrantz: not sure, as far as I can see neither entry point is configured by default [20:45:38] you'll probably need to add it to https://www.mediawiki.org/wiki/Manual:$wgAuthManagerAutoConfig