We want to implement T362713: Implement the new login process which redirects to the central login wiki for showing the login/signup form by using a primary authentication provider which redirects to the login wiki. Specifically:
- CentralAuthPrimaryAuthenticationProvider should be modified to only handle logins and signups on the central login wiki (on other wikis, it should return empty from getAuthenticationRequests() and return an ABSTAIN response from beginPrimaryAuthentication() / continuePrimaryAuthentication())
- CentralAuth should register another primary authentication provider (an AbstractPrimaryAuthenticationProvider subclass) which only handles logins on wikis other than the central login wiki, and handles them by redirecting to that wiki (ie. it should return a ButtonAuthenticationRequest from getAuthenticationRequests() and a REDIRECT response from beginPrimaryAuthentication()). It does not need to handle signups (can return TYPE_NONE from accountCreationType()) as from the POV of the local wiki, signups aren't really different from logins (the actual account creation will happen on a different wiki).
- CentralAuth will need to use the PostLoginRedirect hook on the central login wiki to make sure the user is returned to the origin wiki and the local authentication process continues there. For now, it can do this by putting the return URL (which on the local wiki is available via AuthenticationRequest::$returnToUrl) into the redirect as a query parameter, and passing the username as another query parameter. This will have to be rewritten later.
- The new provider's continuePrimaryAuthentication() method will be called once the redirect chain ends. For now, it can just read the username from the URL and return it as a successful authentication response.
- All this needs to be hidden behind a feature flag to not interfere with how logins work in production until all the related changes are done.
Resources:
- AuthManager documentation
- GoogleLogin is a good (although way more complex that what's needed for this task) example of how to do a redirect-based authentication provider