Extension:UserVerification

MediaWiki extensions manual

UserVerification Release status: beta
Implementation	Hook , Special page
Description	Provides a framework to manage verified users through different methods and to restrict performing actions to verified or email-authenticated users
Author(s)	thomas-topway-it (thomas-topway-ittalk)
Latest version	1.0 (2024-08-18)
Compatibility policy	Master maintains backward compatibility.
MediaWiki	1.35+
License	GNU General Public License 2.0 or later
Download	Download extension Git [?]: Download Git master browse repository (Phabricator · GitHub) commit history repository contributors (GitHub) code review
Parameters $wgUserVerificationRequireUserVerifiedActions $wgUserVerificationDisableVersionCheck $wgUserVerificationEmailConfirmToEdit $wgUserVerificationUploadDir
Added rights userverification-can-manage-verification
Hooks used BeforeInitialize LoadExtensionSchemaUpdates ParserFirstCallInit UserLoginComplete UserLogoutComplete getUserPermissionsErrors
Quarterly downloads	5 (Ranked 133rd)
Translate the UserVerification extension if it is available at translatewiki.net

UserVerification provides a framework to manage verified users through different methods and to restrict performing actions to verified or email-authenticated users. It is conceived to be a near-optimal solution to protect the wiki from spam users, or to restrict the execution of specific actions based on a strict user verification. Could be used in conjunction with Extension:PageOwnership and Extension:PageEncryption.

Key-features:

• sensitive user data are protected with symmetric and asymmetric encryption (based on Sodium and Defuse php-encryption)
• prevents unverified users to perform the designated set of actions
• intuitive UI by which to manage user verification (for administrators) and to enter data for users
• prevents not email authenticated users to edit the wiki as long as the global parameter $wgUserVerificationEmailConfirmToEdit is set to true

• Download and move the extracted UserVerification folder to your extensions/ directory
• Run composer update --no-dev in the extension's folder, to install the required PHP libraries
• Add the following code at the bottom of your LocalSettings.php

wfLoadExtension( 'UserVerification' );

• Run php maintenance/update.php (it will create the database tables that this extension needs)
• run php extensions/UserVerification/maintenance/CreateKeys.php --password [your password] in order to create a site-level password by which to encrypt/decrypt all sensitive data, including files with ID and proof of residence, entered by users.
•  Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

It is strongly suggested to also install the Extension:EmailNotifications which replaces the standard MediaWiki UserMailer for improved reliability

After the installation only registered users with verified email address will be able to edit the wiki, unless $wgUserVerificationEmailConfirmToEdit is set to false

The extension provides a special page by which to monitor and manage the verification status of all users, with relevant information like "email authenticated", "editcount", "autoconfirmed", etc. The verification status can be edited by authorized users between the values "none", "pending", "verified", "not required".

As long as an action is added to the global parameter $wgUserVerificationRequireUserVerifiedActions and the user does not have the right "userverification-can-manage-verification", the action is forbidden until the status of the user is not verified.

The extension will therefore show a message to the user, with a link to the following form:

by which the user is required to enter the following information:

• first name
• last name
• sex (includes the option "decline sex identity")
• date of birth
• place of birth
• country of birth
• country of residence
• address of residence
• email
• phone number (optional)
• proof of identity (file)
• proof of residence (file)

Note that these are standard information required for an official identification and they are fit to adequately identify an user. Future versions of the extensions may also feature alternate methods for user verification, like Orchid, Credas, Twitter, Liked-in, Facebook, Github, etc., only upon explicit request. ^[1].

Also note that all the entered data are encrypted with an asymmetric key created through the maintenance script CreateKeys, and then read through an encrypted private key unlocked through a symmetric encryption. (asymmetric encryption is based on Sodium and symmetric encryption on Defuse php-encryption.

Once that the user has inserted their data, they will be accessible from the Special page Manage users, after inserting the site-level password (required to decrypt the private key)

Also note that in order to let the users upload files, the folder specified from the parameter $UserVerificationUploadDir ("{$IP}/../MWUploads/UserVerification" by default) must be writable by the webserver.

Example configuration:

$wgUserVerificationEmailConfirmToEdit = true;
$wgUserVerificationRequireUserVerifiedActions = [ 'edit' ];
$wgUserVerificationUploadDir = "{$IP}/../MWUploads/UserVerification";

The extension creates the following groups: (they are assignable to users through the standard special page Special:UserRights)

The extension creates the following user rights.

• Extension:EmailNotifications
• Extension:PageOwnership
• Extension:PageEncryption
• Extension:InviteSignup
• Extension:ConfirmAccount