2016-07-19

Extension:GoogleLogin/pt-br added to category

New page

<languages />

{{TNT|Extension

|name = GoogleLogin

|status = beta

|type = user identity

|type2 = special page

|hook1 = UserLogoutComplete

|hook2 = LoadExtensionSchemaUpdates

|hook3 = UserLoginForm

|hook4 = UserCreateForm

|hook5 = PersonalUrls

|hook6 = SpecialPage_initList

|hook7 = GetPreferences

|hook8 = RecentChange_save

|hook9 = ListDefinedTags

|hook10 = ChangeTagsListActive

|username = Florianschmidtwelzow

|author = Florian Schmidt

|php = 5.3+ (since 0.4.0: 5.5+)

|needs-updatephp = yes

|license = MIT

|download = {{TNT|WikimediaDownload|GoogleLogin}}

|readme =

|image = GoogleLogin-Screenshot.PNG

|changelog = [[Extension:GoogleLogin/Changelog]]

|description = Provides login with Google account (using Google API)

|version = see [[/Version_lifecycle|the version lifecycle]]

|update = 2015-04-23

|mediawiki = see [[/Version_lifecycle|the version lifecycle]]

|bugzilla = GoogleLogin

|phabricator = GoogleLogin

}}

{{note|If you're installing GoogleLogin for a MediaWiki installation with the [[AuthManager|new authentication system]] (also referred to as ''AuthManager''), please see the sub page [[Special:MyLanguage/Extension:GoogleLogin/PostAuthManager|which explains the new installation steps and requirements]]. Thanks.}}

The '''GoogleLogin''' extension allows wiki users to login with their Google Account. The extension uses Google API to request user data. If the user logged in first time, the extension allows to create a user with the Google e-mail-address and Google username (or given name, or an own name).

== Requirements ==

To use this extension you need:

* MediaWiki 1.23+ (for version v0.2.0 and above you need at least MediaWiki 1.24)

* MySQL (no PostgreSQL or SQLite support for now!)

* PHP 5.3+

* [https://developers.google.com/console/help/new/ Google Developer] Access

* Google+ API access

* API Credentials for Webapplication (Client ID and Client Secret)

* Version v0.2.1 until version 0.3.1 requires the [[Extension:GoogleAPIClient|Extension GoogleAPIClient]]<ref>https://www.mediawiki.org/wiki/Extension:GoogleLogin/Changelog/v0.2.1</ref>, otherwise run <code>composer update</code>, only.

== Installation ==

{{TNT|ExtensionInstall

|db-update=Yes

|custom-steps=<nowiki/>

* [[#Configuration|Configure the required parameters]]

* Make sure ./wiki/extensions/GoogleLogin/cache is writeable for root

}}

{{anchor|Configuration}}

== Configuration ==

{{TNT|Note}} Ensure that all settings reside under the "require_once" directive added for this plugin. Otherwise any custom settings will be overwritten by the default settings, as referenced here: [[Topic:Si6ituq6hmxb07xm]]

The extension provides two configuration variables to set the Client ID and Client Secret (you get this pair in Google Developer Console, remove "<" and ">").

<source lang="php">

$wgGLSecret = '<your-client-secret>';

$wgGLAppId = '<your-client-id>';

</source>

=== Additional Configuration parameter ===

{| class="wikitable" style="width:100%;"

! Configuration variable

! since version

! Default value

! Description

|-

| $wgGLShowCreateReason<ref group="gerrit" name="git142805">https://gerrit.wikimedia.org/r/#/c/142805/</ref>

| v0.1.1 (removed in v0.4.0)

| <code>false</code>

| If true, adds ''via GoogleLogin'' as reason in create account log entry.

|-

| $wgGLAllowedDomains<ref group="gerrit" name="git142741">https://gerrit.wikimedia.org/r/#/c/142741/</ref>

| v0.1.1

| <code><nowiki>''</nowiki></code>

| An array of E-Maildomains, which are allowed to use with GoogleLogin, e.g. <code>array( 'example.com' );</code>. Default: all domains are allowed.

|-

| $wgGLAllowedDomainsStrict<ref group="gerrit" name="git142741"></ref>

| v0.1.1

| <code>false</code>

| Only observed, if <code>$wgGLAllowedDomains</code> is an array. If set to true, the E-Maildomain will be checked completly against the allowed domains (instead of only the TLD), e.g.:<br>

''test.example.com'' isn't allowed if <code>$wgGLAllowedDomainsStrict</code> is true and ''example.com'' is an allowed domain.<br>

''test.example.com'' is allowed if <code>$wgGLAllowedDomainsStrict</code> is false and ''example.com'' is an allowed domain.

|-

| $wgGLShowKeepLogin<ref group="gerrit" name="git147519">https://gerrit.wikimedia.org/r/#/c/147519/</ref>

| v0.1.2 (removed in v0.4.0)

| <code>true</code>

| If true, the ''keep login'' checkbox for GoogleLogin (before Login with Google button) is visible.

|-

| $wgGLAllowAccountCreation<ref group="gerrit" name="git147559">https://gerrit.wikimedia.org/r/#/c/147559</ref>

| v0.1.2 (removed in v0.4.0)

| <code>$wgGroupPermissions['*']['createaccount']</code>

| Controls, if the user can create an account with GoogleLogin or not. As default, the value of group permissions for not logged in users will be used.

|-

| $wgGLReplaceMWLogin<ref group="gerrit" name="git147559"></ref>

| v0.1.2 (removed in v0.4.0)

| <code>false</code>

| If true, the MediaWiki Login-workflow will be replaced with GoogleLogin. Includes:<br>

* Login-Link in Personal URLs

* replace of Special:UserLogin to Special:GoogleLogin

|-

|$wgGLForceKeepLogin<ref group="gerrit">https://gerrit.wikimedia.org/r/#/c/189215</ref>

|v0.2.0 (removed in v0.4.0)

|<code>false</code>

|Control, if ''Keep login'' (which means longer login sessions) is always enabled (even if the user doesn't checked the keep log box or GoogleLogin replaces MediaWiki's login!)

{{Note}} This configuration doesn't overwrite ''$wgGLShowKeepLogin'', but it will overwrite the value of the keep login checkbox, so make sure, that you set this configuration to false if you want to avoid confusion.

|-

|$wgGLAPIKey<ref group="gerrit">https://gerrit.wikimedia.org/r/#/c/187999/</ref>

|v0.2.1

|<code><nowiki>''</nowiki></code>

|Key for public API access. Used only for admin actions to check, if the user has a Google Plus profile or not.

|-

|$wgGLShowRight<ref group="gerrit">[[gerrit:218662|https://gerrit.wikimedia.org/r/218662]]</ref>

|v0.3.0 (removed in v0.4.0)

|<code>false</code>

|If set to true, the Google Login button on ''[[Special:UserLogin]]'' will move to the right side of the form.

|-

|$wgGLNeedsConfirmEmail<ref group="gerrit">[[gerrit:249470|https://gerrit.wikimedia.org/r/249470]]</ref>

|v0.3.0 (removed in v0.4.0)

|<code>true</code>

|Whether the user needs to confirm the google mail adress after registration of a new local MediaWiki account, or not.

|}

=== Settings in Google Developer Console ===

To use this extension you need a Google developer account and access to the [https://console.developers.google.com developer console]. This is a simple (a very simple!) step-by-step guide (use Step 1 of the official [https://developers.google.com/+/quickstart/php#step_1_enable_the_google_api step-by-step example] with these settings):

# Open [https://console.developers.google.com Google developer console]

# Read and accept the terms of service

# Create your first project

# Go to ''APIS & AUTH''

# Go to ''APIs'' and enable ''Google+ API'' (read and accept the terms)

# Go to ''Credentials''

# In Section ''OAuth'' click ''Create new Client ID''

# Select as ''Web application'' as ''APPLICATION TYPE'', as ''Authorized JavaScript origins'' type in your domain name (no wildcards and directories allowed!)

# Type in your ''Authorized redirect URI'' like this example:

#: If your domain is ''example.com'' and you have installed MediaWiki in Root of your domain, the redirect URI is as follows: http://example.com/index.php/Special:GoogleLogin

# Click create and copy the ''Client ID'' and ''Client Secret'' to the configuration variables in LocalSettings.php

=== "Special:GoogleLogin" or (in German for example) "Spezial:Mit_Google_anmelden" ===

The allowed redirect URI in Google developer console must be in content language. So, if your wiki has content language German, then type in "Spezial:Mit_Google_anmelden" and not "Special:GoogleLogin". If you used the wrong language, all Authentication requests will fail with ''redirect uri mismatch''.

=== Debug ===

Normally, you can see the error message on all generic error pages. Sometimes there are Internal Errors, called Exceptions. In this case, please add [[Special:MyLanguage/Manual:$wgShowExceptionDetails|$wgShowExceptionDetails]] with value ''true'' in LocalSettings.php to see the complete Exception message. For a support request, please provide always the lines of the Exception.

=== Use on a private wiki ===

If you have set your Wiki to private with

<syntaxhighlight lang="php">

$wgGroupPermissions['*']['read'] = false;

</syntaxhighlight>

you have to whitelist the "Special:GoogleLogin" page, so that anonymous users can access the callback URL after being redirected from the authentication provider. You can do this by adding the following line to your ''LocalSettings.php'':

<syntaxhighlight lang="php">

$wgWhitelistRead = array( 'Special:GoogleLogin' );

</syntaxhighlight>

=== Allow account creation only via GoogleLogin ===

It's possible to deactivate the account creation function of MediaWiki. Normally GoogleLogin don't give the option to create a new account, too. It's possible to change this, that Users can still create an account with GoogleLogin, but can't with the vanilla account creation form. For this you need to set up the following configuration varaibles in your <code>LocalSettings.php</code>:<syntaxhighlight lang="php">

$wgGroupPermissions['*']['createaccount'] = false;

$wgGLAllowAccountCreation = true;

</syntaxhighlight>If you want to remove the Login form of MediaWiki, too, you can set this configuration variable, too:<syntaxhighlight lang="php">

$wgGLReplaceMWLogin = true;

</syntaxhighlight>If you want to remove GoogleLogin in the future for any reason, your users can still login into your MediaWiki installation without to register a new account. GoogleLogin creates ''normal ''MediaWiki-accounts with a random password. Your users just have to reset their password with the special page [[Manual:Resetting passwords#Use Special:PasswordReset|Special:PasswordReset]].

== [[Extension:MobileFrontend|MobileFrontend]] <-> GoogleLogin conflict (only with <code>$wgGLReplaceMWLogin = true;</code> and MediaWiki <= 1.26!) ==

{{MW 1.25|and before}}

MobileFrontend, the extension to provide a mobile optimized version of your wiki, actually conflicts with GoogleLogin if you set <code>$wgGLReplaceMWLogin</code> to <code>true</code> (to disallow login with the vanilla login form). In the case, that MobileFrontend is loaded '''after''' GoogleLogin (the ''require_once'' line of MobileFrontend in your <code>LocalSettings.php</code> is after the one of GoogleLogin), the special page ''UserLogin'' (which handles the login with username and password) will be overwritten by GoogleLogin the first time and by MobileFrontend the second time (to provide a mobile optimized login page). In this case, MobileFrontends ''Replacement'' will ''win'' and mobile users can still login with username and passwords.

{{tracked|T74910|resolved}}

Actually this problem is solved in the MediaWiki release branch/version 1.26 (tracked in {{task|T74910}}) of MobileFrontend. For older versions of MediaWiki/MobileFrontend you need to change the order in which the Extensions are loaded. Put the ''require_once'' and configuration lines of GoogleLogin somewhere '''after''' the ones of MobileFrontend in your <code>LocalSettings.php</code>. This workaround should be obsolete in one of the next versions of MobileFrontend.

== What can this extension do ==

With the database update, the extension will create a new table called ''prefix_user_google_user'' which contains the needed connection between the wiki users and Google accounts. It stores only the Google UserId and the Wiki UserId.

If a user calls the special page GoogleLogin, he will instantly redirected to Google Authentication request to give your application access to some user information stored by Google . The user must accept this request (or he can not use the login with Google). After accepting, the user has the possibility, if he isn't logged in as a wiki user, to create a new account. The username he can choose self or choose one of the suggestions, based on the Google user name and given name (if one s free and createable). If the chosen username is creatable (free, valid and not blocked), a new user with the username and the Google-Mail as e-mail-address will be created and linked to the Google Account.

If the user is logged in (means: he has already a wiki account) he can link this account with the Google account, this the user must do only once. If the connection is created, the user will be able to login simply by clicking ''Login with Google'' button on Special:Login.

If the wiki account and Google account is connected, the user can, if he navigates to "Special:GoogleLogin", unlink his account and Google account.

== Google API PHP Client ==

This Extension uses the Google API PHP Client (included in versions before 0.2.1), distributed under the [https://github.com/google/google-api-php-client/blob/master/LICENSE Apache 2.0 License]. The Client can be downloaded from [https://github.com/google/google-api-php-client GitHub].

== Ciclo de vida das versões ==

{{ {{TNTN|Extension:GoogleLogin/Version_lifecycle}} }}

== References ==

=== Gerrit Code review ===

<references group="gerrit" />

[[Category:Google extensions{{translation}}]]

Show more