Last modified: 2010-05-15 16:03:48 UTC
Created attachment 5498 [details] Journal of MW 1.13.2 setup I administer a closed wiki which allows to read its content only to 'emailconfirmed' users. This is because of educational exceptions of copyright (I cannot left it open). I tried to upgrade from MW 1.11 to 1.13.2 last week but my effort failed. After cca 20 hours of detailed exploration I discovered that even the plain straight installation of MW 1.13.2 does not work as was expected in the previous version (it means when I make no upgrade, I just setup a new wiki from mediawiki-1.13.2.tar.gz and perform several simple actions only). Since I include: # HF: Do not show pages to anonymous users (only to emailconfirmed) $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['user' ]['read'] = false; $wgGroupPermissions['autoconfirmed' ]['read'] = false; $wgGroupPermissions['emailconfirmed' ]['read'] = true; # HF: Except of following "white" pages listed $wgWhitelistRead = array(":Main Page", "Special:UserLogin", "Special:UserLogout", "Special:Preferences", "Special:ConfirmEmail"); into LocalSettings.php the content of the wiki becomes inaccessible - it shows "Permission error The action you have requested is limited to users in the group emailconfirmed." Neither former really "emailconfirmed" users (ie. Test1) nor the freshly created users (ie. Test2) are able to access the content of the wiki now. The core of the bug seems to be in the part of the wiki code which is invoked when the confirmation link received by email is visited by the browser. Despite the browser receives "Confirm e-mail address Your e-mail address has been confirmed. You may now log in and enjoy the wiki." it seems that the group 'emailconfirmed' is not set really! Why this is the likely point of failure? 1) In the past it was possible to visit successfully the page with the e-mailed link only once! After that you never received the positive confirmation again. With MW 1.13.2 you may visit the same link as many times as you like and you always get a positive confirmation. 2) When you install MW 1.13.2 than no really e-mail confirmed user is granted access later. However when you update MW 1.11 to 1.13.2 than those users which were migrated from 1.11 are still granted access, only the new one are not. Thus it seems that either the former code did work entirely correctly and set the 'emailconfirmed' group as necessary or that update.php converted these settings correctly as well. I attach the detailed log of my setup procedure. It contains also the content of the entire LocalSettings.php. This installation was created from the scratch - ie. no extensions, several pages only, en language. I would be glad to be informed when this bug is solved. Kind regards, Huck
What are the user groups on the database? That would be SELECT user_id,user_name,ug_group FROM user LEFT JOIN user_groups ON user_id=ug_user; From your output it seems like they're given emailconfirmed status, but it's not applied. The name of the groups being in red is not relevant. You just don't have a page on the wiki talking about them.
I am not experienced in which manner MW stores which status information. The result of your proposed action is following: ================= [root@mail ~]# mysql -u root -p mysql Enter password: **** mysql> SELECT user_id,user_name,ug_group FROM user LEFT JOIN user_groups ON user_id=ug_user; ERROR 1146 (42S02): Table 'mysql.user_groups' doesn't exist mysql> ================= I have mapped the wiki, which's setup is described in the attachment, here: http://www.axonnet.eu:8000/test/index.php/Main_Page This is not a production system at all thus you may try whatever you wish. This is a very simple installation made from the Mediawiki installation files only. However I shall have to switch this computer off later in the night (say around 22:00). Now it is 18:09 hours here in Prague. I shall check emails more often. I am also available on Skype account "axonnet.eu". Regards, Huck.
Hoops, wrong MySQL user above, I guess. Test1 created before changes of LocalSettings.php, Test2 after. ========= [root@mail ~]# mysql -u testuser -p testdb mysql> SELECT user_id,user_name,ug_group FROM user LEFT JOIN user_groups ON user_id=ug_user; +---------+-----------+------------+ | user_id | user_name | ug_group | +---------+-----------+------------+ | 2 | Test1 | NULL | | 3 | Test2 | NULL | | 1 | WikiSysop | bureaucrat | | 1 | WikiSysop | sysop | +---------+-----------+------------+ 4 rows in set (0.00 sec) =========
mysql> SELECT user_name, user_email_authenticated FROM user; +-----------+--------------------------+ | user_name | user_email_authenticated | +-----------+--------------------------+ | WikiSysop | NULL | | Test1 | 20081101124829 | | Test2 | 20081101130257 | +-----------+--------------------------+
It's explained in the RELEASE_NOTES: Configuration changes in 1.13: * Removed the emailconfirmed implicit group by default. To re-add it, use: $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
I have read RELEASE_NOTES of both 1.13 and 1.12 and I tried even this line within LocalSettings.php without success at some stage of my elaboration last week. However, now it seems that it works as desirable, at least in this version of the installation. =========Part of LocalSettings.php========================= # HF: added according to the advice (since MW 1.13) $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED; # HF: Do not show pages to anonymous users (only to emailconfirmed) $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['user' ]['read'] = false; $wgGroupPermissions['autoconfirmed' ]['read'] = false; $wgGroupPermissions['emailconfirmed' ]['read'] = true; # HF: Except of following "white" pages listed, use UTF-8 code to include national alphabets $wgWhitelistRead = array(":Main Page", "Special:UserLogin", "Special:UserLogout", "Special:Preferences", "Special:ConfirmEmail"); ==========End of LocalSettings.php citation================= I would suggest to append this kind of LocalSettings.php configuration into one or more of the following manual pages: http://www.mediawiki.org/wiki/Manual:User_rights_management http://www.mediawiki.org/wiki/Manual:Preventing_access http://www.mediawiki.org/wiki/Manual:$wgGroupPermissions I have read even this section http://www.mediawiki.org/wiki/Manual:User_rights_management#Automatically_promote_users which claims: "By default, there is a group "autoconfirmed" and another one "emailconfirmed". Thus I supposed there is no reason to explore $wgAutopromote option more heavily. User profile Username: Test2 User ID: 3 Member of groups: Autoconfirmed users, Users, emailconfirmed {no hyperlink} When I go over http://172.20.20.49/test/index.php/Special:ListGroupRights to http://172.20.20.49/test/index.php?title=Special:ListUsers&group=emailconfirmed it shows me users. Thus I would conclude that "emailconfirmed" is a "virtual" group only, is it not? Regards.
> I would suggest to append this kind of LocalSettings.php configuration into one > or more of the following manual pages: > http://www.mediawiki.org/wiki/Manual:Preventing_access There's already a note on http://www.mediawiki.org/wiki/Manual:Preventing_access#1.10_upwards > http://www.mediawiki.org/wiki/Manual:$wgGroupPermissions It already states 'This group has been removed by default in 1.13.0' > I have read even this section > http://www.mediawiki.org/wiki/Manual:User_rights_management#Automatically_promote_users > which claims: "By default, there is a group "autoconfirmed" and another one > "emailconfirmed". Thus I supposed there is no reason to explore $wgAutopromote > option more heavily. Corrected.
1st. Now I may confirm that it works well even for the database after the upgrade. 2nd. I stil think it is underdocumented. When upgrading from MW 1.11 to MW 1.13.2 (cs - Czech version) I have to make two changes in LocalSettings.php at the same time. These are: 1) Add new line: $wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED; 2) Modify line: $wgWhitelistRead = array(..., "Speciální:Confirmemail", ... ); to $wgWhitelistRead = array(..., "Speciální:Confirmemail", "Speciální:ConfirmEmail", ... ); Unless I do both of these changes at the same time I get the "Nedostatečná oprávnění" (ie. Pemission Error) message. Perhaps this experience may help someone else. Regards, Huck.