Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
use MediaWiki\Auth\AuthManager;
|
2019-09-14 07:58:42 +00:00
|
|
|
use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest;
|
2019-03-19 18:56:10 +00:00
|
|
|
use MediaWiki\Block\CompositeBlock;
|
2020-01-10 00:00:51 +00:00
|
|
|
use MediaWiki\Block\DatabaseBlock;
|
Separate Block into AbstractBlock, Block and SystemBlock
This commit splits the existing Block class into AbstractBlock, Block
and SystemBlock.
Before this patch, the Block class represents several types of
blocks, which can be separated into blocks stored in the database,
and temporary blocks created by the system. These are now
represented by Block and SystemBlock, which inherit from
AbstractBlock.
This lays the foundations for:
* enforcing block parameters from multiple blocks that apply to a
user/IP address
* improvements to the Block API, including the addition of services
Breaking changes: functions expecting a Block object should still
expect a Block object if it came from the database, but other
functions may now need to expect an AbstractBlock or SystemBlock
object. (Note that an alternative naming scheme, in which the
abstract class is called Block and the subclasses are DatabaseBlock
and SystemBlock, avoids this breakage. However, it introduces more
breakages to calls to static Block methods and new Block
instantiations.)
Changes to tests: system blocks don't set the $blockCreateAccount or
$mExipry block properties, so remove/change any tests that assume
they do.
Bug: T222737
Change-Id: I83bceb5e5049e254c90ace060f8f8fad44696c67
2019-03-18 22:09:49 +00:00
|
|
|
use MediaWiki\Block\SystemBlock;
|
2019-09-10 02:49:12 +00:00
|
|
|
use MediaWiki\Config\ServiceOptions;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
use MediaWiki\MediaWikiServices;
|
2020-10-02 23:02:31 +00:00
|
|
|
use MediaWiki\User\UserFactory;
|
|
|
|
|
use MediaWiki\User\UserOptionsLookup;
|
2019-09-10 02:49:12 +00:00
|
|
|
use Psr\Log\NullLogger;
|
|
|
|
|
use Wikimedia\Rdbms\ILoadBalancer;
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
|
|
|
|
|
/**
|
2017-12-25 07:27:12 +00:00
|
|
|
* @covers PasswordReset
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
* @group Database
|
|
|
|
|
*/
|
2020-06-30 15:09:24 +00:00
|
|
|
class PasswordResetTest extends MediaWikiIntegrationTestCase {
|
2020-05-16 00:27:13 +00:00
|
|
|
private const VALID_IP = '1.2.3.4';
|
|
|
|
|
private const VALID_EMAIL = 'foo@bar.baz';
|
2019-09-10 02:49:12 +00:00
|
|
|
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
/**
|
|
|
|
|
* @dataProvider provideIsAllowed
|
|
|
|
|
*/
|
|
|
|
|
public function testIsAllowed( $passwordResetRoutes, $enableEmail,
|
2017-05-01 06:36:49 +00:00
|
|
|
$allowsAuthenticationDataChange, $canEditPrivate, $block, $globalBlock, $isAllowed
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
) {
|
2019-09-14 07:58:42 +00:00
|
|
|
$config = $this->makeConfig( $enableEmail, $passwordResetRoutes, false );
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
|
|
|
|
|
$authManager = $this->getMockBuilder( AuthManager::class )->disableOriginalConstructor()
|
|
|
|
|
->getMock();
|
2021-04-22 08:40:46 +00:00
|
|
|
$authManager->method( 'allowsAuthenticationDataChange' )
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
->willReturn( $allowsAuthenticationDataChange ? Status::newGood() : Status::newFatal( 'foo' ) );
|
|
|
|
|
|
2017-04-05 23:39:50 +00:00
|
|
|
$user = $this->getMockBuilder( User::class )->getMock();
|
2021-04-22 08:40:46 +00:00
|
|
|
$user->method( 'getName' )->willReturn( 'Foo' );
|
|
|
|
|
$user->method( 'getBlock' )->willReturn( $block );
|
|
|
|
|
$user->method( 'getGlobalBlock' )->willReturn( $globalBlock );
|
2021-05-26 03:20:01 +00:00
|
|
|
$user->method( 'isAllowed' )->with( 'editmyprivateinfo' )->willReturn( $canEditPrivate );
|
2019-08-21 02:01:06 +00:00
|
|
|
|
2019-11-21 03:46:00 +00:00
|
|
|
$loadBalancer = $this->createMock( ILoadBalancer::class );
|
2019-09-10 02:49:12 +00:00
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$hookContainer = $this->createHookContainer();
|
|
|
|
|
|
2020-10-02 23:02:31 +00:00
|
|
|
$mwServices = MediaWikiServices::getInstance();
|
2019-08-21 02:01:06 +00:00
|
|
|
$passwordReset = new PasswordReset(
|
|
|
|
|
$config,
|
2020-10-02 23:02:31 +00:00
|
|
|
new NullLogger(),
|
2019-08-21 02:01:06 +00:00
|
|
|
$authManager,
|
2020-10-02 23:02:31 +00:00
|
|
|
$hookContainer,
|
2019-09-10 02:49:12 +00:00
|
|
|
$loadBalancer,
|
2020-10-02 23:02:31 +00:00
|
|
|
$mwServices->getUserFactory(),
|
|
|
|
|
$mwServices->getUserNameUtils(),
|
|
|
|
|
$mwServices->getUserOptionsLookup()
|
2019-08-21 02:01:06 +00:00
|
|
|
);
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
|
|
|
|
|
$this->assertSame( $isAllowed, $passwordReset->isAllowed( $user )->isGood() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function provideIsAllowed() {
|
|
|
|
|
return [
|
2017-05-01 06:36:49 +00:00
|
|
|
'no routes' => [
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'passwordResetRoutes' => [],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
2017-05-01 06:36:49 +00:00
|
|
|
'block' => null,
|
|
|
|
|
'globalBlock' => null,
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'isAllowed' => false,
|
|
|
|
|
],
|
2017-05-01 06:36:49 +00:00
|
|
|
'email disabled' => [
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => false,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
2017-05-01 06:36:49 +00:00
|
|
|
'block' => null,
|
|
|
|
|
'globalBlock' => null,
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'isAllowed' => false,
|
|
|
|
|
],
|
2017-05-01 06:36:49 +00:00
|
|
|
'auth data change disabled' => [
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => false,
|
|
|
|
|
'canEditPrivate' => true,
|
2017-05-01 06:36:49 +00:00
|
|
|
'block' => null,
|
|
|
|
|
'globalBlock' => null,
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'isAllowed' => false,
|
|
|
|
|
],
|
2017-05-01 06:36:49 +00:00
|
|
|
'cannot edit private data' => [
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => false,
|
2017-05-01 06:36:49 +00:00
|
|
|
'block' => null,
|
|
|
|
|
'globalBlock' => null,
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'isAllowed' => false,
|
|
|
|
|
],
|
2017-05-01 06:36:49 +00:00
|
|
|
'blocked with account creation disabled' => [
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
2019-05-13 14:18:07 +00:00
|
|
|
'block' => new DatabaseBlock( [ 'createAccount' => true ] ),
|
2017-05-01 06:36:49 +00:00
|
|
|
'globalBlock' => null,
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'isAllowed' => false,
|
|
|
|
|
],
|
2017-05-01 06:36:49 +00:00
|
|
|
'blocked w/o account creation disabled' => [
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
2019-05-13 14:18:07 +00:00
|
|
|
'block' => new DatabaseBlock( [] ),
|
2017-05-01 06:36:49 +00:00
|
|
|
'globalBlock' => null,
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'isAllowed' => true,
|
|
|
|
|
],
|
2017-05-01 06:36:49 +00:00
|
|
|
'using blocked proxy' => [
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
Separate Block into AbstractBlock, Block and SystemBlock
This commit splits the existing Block class into AbstractBlock, Block
and SystemBlock.
Before this patch, the Block class represents several types of
blocks, which can be separated into blocks stored in the database,
and temporary blocks created by the system. These are now
represented by Block and SystemBlock, which inherit from
AbstractBlock.
This lays the foundations for:
* enforcing block parameters from multiple blocks that apply to a
user/IP address
* improvements to the Block API, including the addition of services
Breaking changes: functions expecting a Block object should still
expect a Block object if it came from the database, but other
functions may now need to expect an AbstractBlock or SystemBlock
object. (Note that an alternative naming scheme, in which the
abstract class is called Block and the subclasses are DatabaseBlock
and SystemBlock, avoids this breakage. However, it introduces more
breakages to calls to static Block methods and new Block
instantiations.)
Changes to tests: system blocks don't set the $blockCreateAccount or
$mExipry block properties, so remove/change any tests that assume
they do.
Bug: T222737
Change-Id: I83bceb5e5049e254c90ace060f8f8fad44696c67
2019-03-18 22:09:49 +00:00
|
|
|
'block' => new SystemBlock(
|
|
|
|
|
[ 'systemBlock' => 'proxy' ]
|
|
|
|
|
),
|
2017-05-01 06:36:49 +00:00
|
|
|
'globalBlock' => null,
|
|
|
|
|
'isAllowed' => false,
|
|
|
|
|
],
|
|
|
|
|
'globally blocked with account creation not disabled' => [
|
|
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
|
|
|
|
'block' => null,
|
Separate Block into AbstractBlock, Block and SystemBlock
This commit splits the existing Block class into AbstractBlock, Block
and SystemBlock.
Before this patch, the Block class represents several types of
blocks, which can be separated into blocks stored in the database,
and temporary blocks created by the system. These are now
represented by Block and SystemBlock, which inherit from
AbstractBlock.
This lays the foundations for:
* enforcing block parameters from multiple blocks that apply to a
user/IP address
* improvements to the Block API, including the addition of services
Breaking changes: functions expecting a Block object should still
expect a Block object if it came from the database, but other
functions may now need to expect an AbstractBlock or SystemBlock
object. (Note that an alternative naming scheme, in which the
abstract class is called Block and the subclasses are DatabaseBlock
and SystemBlock, avoids this breakage. However, it introduces more
breakages to calls to static Block methods and new Block
instantiations.)
Changes to tests: system blocks don't set the $blockCreateAccount or
$mExipry block properties, so remove/change any tests that assume
they do.
Bug: T222737
Change-Id: I83bceb5e5049e254c90ace060f8f8fad44696c67
2019-03-18 22:09:49 +00:00
|
|
|
'globalBlock' => new SystemBlock(
|
|
|
|
|
[ 'systemBlock' => 'global-block' ]
|
|
|
|
|
),
|
2017-05-01 06:36:49 +00:00
|
|
|
'isAllowed' => true,
|
|
|
|
|
],
|
|
|
|
|
'blocked via wgSoftBlockRanges' => [
|
|
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
Separate Block into AbstractBlock, Block and SystemBlock
This commit splits the existing Block class into AbstractBlock, Block
and SystemBlock.
Before this patch, the Block class represents several types of
blocks, which can be separated into blocks stored in the database,
and temporary blocks created by the system. These are now
represented by Block and SystemBlock, which inherit from
AbstractBlock.
This lays the foundations for:
* enforcing block parameters from multiple blocks that apply to a
user/IP address
* improvements to the Block API, including the addition of services
Breaking changes: functions expecting a Block object should still
expect a Block object if it came from the database, but other
functions may now need to expect an AbstractBlock or SystemBlock
object. (Note that an alternative naming scheme, in which the
abstract class is called Block and the subclasses are DatabaseBlock
and SystemBlock, avoids this breakage. However, it introduces more
breakages to calls to static Block methods and new Block
instantiations.)
Changes to tests: system blocks don't set the $blockCreateAccount or
$mExipry block properties, so remove/change any tests that assume
they do.
Bug: T222737
Change-Id: I83bceb5e5049e254c90ace060f8f8fad44696c67
2019-03-18 22:09:49 +00:00
|
|
|
'block' => new SystemBlock(
|
|
|
|
|
[ 'systemBlock' => 'wgSoftBlockRanges', 'anonOnly' => true ]
|
|
|
|
|
),
|
2017-05-01 06:36:49 +00:00
|
|
|
'globalBlock' => null,
|
|
|
|
|
'isAllowed' => true,
|
|
|
|
|
],
|
2019-04-02 10:00:49 +00:00
|
|
|
'blocked with an unknown system block type' => [
|
|
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
Separate Block into AbstractBlock, Block and SystemBlock
This commit splits the existing Block class into AbstractBlock, Block
and SystemBlock.
Before this patch, the Block class represents several types of
blocks, which can be separated into blocks stored in the database,
and temporary blocks created by the system. These are now
represented by Block and SystemBlock, which inherit from
AbstractBlock.
This lays the foundations for:
* enforcing block parameters from multiple blocks that apply to a
user/IP address
* improvements to the Block API, including the addition of services
Breaking changes: functions expecting a Block object should still
expect a Block object if it came from the database, but other
functions may now need to expect an AbstractBlock or SystemBlock
object. (Note that an alternative naming scheme, in which the
abstract class is called Block and the subclasses are DatabaseBlock
and SystemBlock, avoids this breakage. However, it introduces more
breakages to calls to static Block methods and new Block
instantiations.)
Changes to tests: system blocks don't set the $blockCreateAccount or
$mExipry block properties, so remove/change any tests that assume
they do.
Bug: T222737
Change-Id: I83bceb5e5049e254c90ace060f8f8fad44696c67
2019-03-18 22:09:49 +00:00
|
|
|
'block' => new SystemBlock( [ 'systemBlock' => 'unknown' ] ),
|
2019-04-02 10:00:49 +00:00
|
|
|
'globalBlock' => null,
|
|
|
|
|
'isAllowed' => false,
|
|
|
|
|
],
|
2019-03-19 18:56:10 +00:00
|
|
|
'blocked with multiple blocks, all allowing password reset' => [
|
|
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
|
|
|
|
'block' => new CompositeBlock( [
|
|
|
|
|
'originalBlocks' => [
|
|
|
|
|
new SystemBlock( [ 'systemBlock' => 'wgSoftBlockRanges', 'anonOnly' => true ] ),
|
|
|
|
|
new Block( [] ),
|
|
|
|
|
]
|
|
|
|
|
] ),
|
|
|
|
|
'globalBlock' => null,
|
|
|
|
|
'isAllowed' => true,
|
|
|
|
|
],
|
|
|
|
|
'blocked with multiple blocks, not all allowing password reset' => [
|
|
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
|
|
|
|
'block' => new CompositeBlock( [
|
|
|
|
|
'originalBlocks' => [
|
|
|
|
|
new SystemBlock( [ 'systemBlock' => 'wgSoftBlockRanges', 'anonOnly' => true ] ),
|
|
|
|
|
new SystemBlock( [ 'systemBlock' => 'proxy' ] ),
|
|
|
|
|
]
|
|
|
|
|
] ),
|
|
|
|
|
'globalBlock' => null,
|
|
|
|
|
'isAllowed' => false,
|
|
|
|
|
],
|
2017-05-01 06:36:49 +00:00
|
|
|
'all OK' => [
|
|
|
|
|
'passwordResetRoutes' => [ 'username' => true ],
|
|
|
|
|
'enableEmail' => true,
|
|
|
|
|
'allowsAuthenticationDataChange' => true,
|
|
|
|
|
'canEditPrivate' => true,
|
|
|
|
|
'block' => null,
|
|
|
|
|
'globalBlock' => null,
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
'isAllowed' => true,
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-14 07:58:42 +00:00
|
|
|
public function testExecute_notAllowed() {
|
2019-10-05 22:14:35 +00:00
|
|
|
$user = $this->createMock( User::class );
|
2019-09-14 07:58:42 +00:00
|
|
|
/** @var User $user */
|
|
|
|
|
|
|
|
|
|
$passwordReset = $this->getMockBuilder( PasswordReset::class )
|
|
|
|
|
->disableOriginalConstructor()
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'isAllowed' ] )
|
2019-09-14 07:58:42 +00:00
|
|
|
->getMock();
|
2021-04-22 08:40:46 +00:00
|
|
|
$passwordReset->method( 'isAllowed' )
|
2019-09-14 07:58:42 +00:00
|
|
|
->with( $user )
|
|
|
|
|
->willReturn( Status::newFatal( 'somestatuscode' ) );
|
|
|
|
|
/** @var PasswordReset $passwordReset */
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
|
2019-10-11 22:22:26 +00:00
|
|
|
$this->expectException( \LogicException::class );
|
2019-09-14 07:58:42 +00:00
|
|
|
$passwordReset->execute( $user );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideExecute
|
|
|
|
|
* @param string|bool $expectedError
|
|
|
|
|
* @param ServiceOptions $config
|
|
|
|
|
* @param User $performingUser
|
|
|
|
|
* @param AuthManager $authManager
|
|
|
|
|
* @param string|null $username
|
|
|
|
|
* @param string|null $email
|
|
|
|
|
* @param User[] $usersWithEmail
|
2020-04-08 00:13:54 +00:00
|
|
|
* @covers SendPasswordResetEmailUpdate
|
2019-09-14 07:58:42 +00:00
|
|
|
*/
|
|
|
|
|
public function testExecute(
|
|
|
|
|
$expectedError,
|
|
|
|
|
ServiceOptions $config,
|
|
|
|
|
User $performingUser,
|
|
|
|
|
AuthManager $authManager,
|
|
|
|
|
$username = '',
|
|
|
|
|
$email = '',
|
|
|
|
|
array $usersWithEmail = []
|
|
|
|
|
) {
|
2017-09-18 01:10:27 +00:00
|
|
|
// Unregister the hooks for proper unit testing
|
|
|
|
|
$this->mergeMwGlobalArrayValue( 'wgHooks', [
|
2017-09-28 15:20:45 +00:00
|
|
|
'User::mailPasswordInternal' => [],
|
2017-09-18 01:10:27 +00:00
|
|
|
'SpecialPasswordResetOnSubmit' => [],
|
|
|
|
|
] );
|
|
|
|
|
|
2019-11-21 03:46:00 +00:00
|
|
|
$loadBalancer = $this->createMock( ILoadBalancer::class );
|
2019-09-14 07:58:42 +00:00
|
|
|
|
|
|
|
|
$users = $this->makeUsers();
|
|
|
|
|
|
2020-10-02 23:02:31 +00:00
|
|
|
// Only User1 has `requireemail` true, everything else false
|
|
|
|
|
$userRequiresEmail = function ( $user, $option ) {
|
|
|
|
|
$this->assertSame( 'requireemail', $option );
|
|
|
|
|
return ( $user->getName() === 'User1' );
|
|
|
|
|
};
|
|
|
|
|
$userOptionsLookup = $this->getMockBuilder( UserOptionsLookup::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'getBoolOption' ] )
|
2020-10-02 23:02:31 +00:00
|
|
|
->getMockForAbstractClass();
|
|
|
|
|
$userOptionsLookup->method( 'getBoolOption' )
|
|
|
|
|
->willReturnCallback( $userRequiresEmail );
|
|
|
|
|
|
|
|
|
|
// Similar to $lookupUser callback, but with null instead of false
|
|
|
|
|
$userFactory = $this->createMock( UserFactory::class );
|
|
|
|
|
$userFactory->method( 'newFromName' )
|
|
|
|
|
->willReturnCallback(
|
2021-02-07 13:10:36 +00:00
|
|
|
static function ( $username ) use ( $users ) {
|
2020-10-02 23:02:31 +00:00
|
|
|
return $users[ $username ] ?? null;
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
|
2021-02-06 19:30:20 +00:00
|
|
|
$lookupUser = static function ( $username ) use ( $users ) {
|
2019-09-14 07:58:42 +00:00
|
|
|
return $users[ $username ] ?? false;
|
|
|
|
|
};
|
|
|
|
|
|
2020-10-02 23:02:31 +00:00
|
|
|
$mwServices = MediaWikiServices::getInstance();
|
2019-09-14 07:58:42 +00:00
|
|
|
$passwordReset = $this->getMockBuilder( PasswordReset::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'getUsersByEmail', 'isAllowed' ] )
|
2019-09-14 07:58:42 +00:00
|
|
|
->setConstructorArgs( [
|
|
|
|
|
$config,
|
2020-10-02 23:02:31 +00:00
|
|
|
new NullLogger(),
|
2019-09-14 07:58:42 +00:00
|
|
|
$authManager,
|
2020-10-02 23:02:31 +00:00
|
|
|
$mwServices->getHookContainer(),
|
2019-09-14 07:58:42 +00:00
|
|
|
$loadBalancer,
|
2020-10-02 23:02:31 +00:00
|
|
|
$userFactory,
|
|
|
|
|
$mwServices->getUserNameUtils(),
|
|
|
|
|
$userOptionsLookup
|
2019-09-14 07:58:42 +00:00
|
|
|
] )
|
|
|
|
|
->getMock();
|
|
|
|
|
$passwordReset->method( 'getUsersByEmail' )->with( $email )
|
|
|
|
|
->willReturn( array_map( $lookupUser, $usersWithEmail ) );
|
|
|
|
|
$passwordReset->method( 'isAllowed' )
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
->willReturn( Status::newGood() );
|
|
|
|
|
|
2019-09-14 07:58:42 +00:00
|
|
|
/** @var PasswordReset $passwordReset */
|
|
|
|
|
$status = $passwordReset->execute( $performingUser, $username, $email );
|
|
|
|
|
$this->assertStatus( $status, $expectedError );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function provideExecute() {
|
|
|
|
|
$defaultConfig = $this->makeConfig( true, [ 'username' => true, 'email' => true ], false );
|
|
|
|
|
$emailRequiredConfig = $this->makeConfig( true, [ 'username' => true, 'email' => true ], true );
|
|
|
|
|
$performingUser = $this->makePerformingUser( self::VALID_IP, false );
|
|
|
|
|
$throttledUser = $this->makePerformingUser( self::VALID_IP, true );
|
|
|
|
|
|
|
|
|
|
return [
|
2020-04-18 03:37:38 +00:00
|
|
|
'Throttled, pretend everything is ok' => [
|
|
|
|
|
'expectedError' => false,
|
2019-09-14 07:58:42 +00:00
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $throttledUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
2020-04-18 03:37:38 +00:00
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'Throttled, email required for resets, is invalid, pretend everything is ok' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $emailRequiredConfig,
|
|
|
|
|
'performingUser' => $throttledUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '[invalid email]',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'Invalid email, pretend everything is OK' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
2019-09-14 07:58:42 +00:00
|
|
|
'username' => '',
|
|
|
|
|
'email' => '[invalid email]',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'No username, no email' => [
|
|
|
|
|
'expectedError' => 'passwordreset-nodata',
|
|
|
|
|
'config' => $defaultConfig,
|
2020-04-18 03:37:38 +00:00
|
|
|
'performingUser' => $performingUser,
|
2019-09-14 07:58:42 +00:00
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => '',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'Email route not enabled' => [
|
|
|
|
|
'expectedError' => 'passwordreset-nodata',
|
|
|
|
|
'config' => $this->makeConfig( true, [ 'username' => true ], false ),
|
2020-04-18 03:37:38 +00:00
|
|
|
'performingUser' => $performingUser,
|
2019-09-14 07:58:42 +00:00
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => '',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'Username route not enabled' => [
|
|
|
|
|
'expectedError' => 'passwordreset-nodata',
|
|
|
|
|
'config' => $this->makeConfig( true, [ 'email' => true ], false ),
|
2020-04-18 03:37:38 +00:00
|
|
|
'performingUser' => $performingUser,
|
2019-09-14 07:58:42 +00:00
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'No routes enabled' => [
|
|
|
|
|
'expectedError' => 'passwordreset-nodata',
|
|
|
|
|
'config' => $this->makeConfig( true, [], false ),
|
2020-04-18 03:37:38 +00:00
|
|
|
'performingUser' => $performingUser,
|
2019-09-14 07:58:42 +00:00
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
2020-04-15 20:40:44 +00:00
|
|
|
'Email required for resets but is empty, pretend everything is OK' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $emailRequiredConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
2019-09-14 07:58:42 +00:00
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
2020-04-18 03:37:38 +00:00
|
|
|
'Email required for resets but is invalid, pretend everything is OK' => [
|
|
|
|
|
'expectedError' => false,
|
2020-04-15 20:40:44 +00:00
|
|
|
'config' => $emailRequiredConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '[invalid email]',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
2020-03-10 21:11:50 +00:00
|
|
|
'Password email already sent within 24 hours, pretend everything is ok' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User1' ], 0, [], [ 'User1' ] ),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [ 'User1' ],
|
|
|
|
|
],
|
2019-12-10 06:48:56 +00:00
|
|
|
'No user by this username, pretend everything is OK' => [
|
|
|
|
|
'expectedError' => false,
|
2019-09-14 07:58:42 +00:00
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'Nonexistent user',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
2019-12-10 06:48:56 +00:00
|
|
|
'Username is not valid' => [
|
|
|
|
|
'expectedError' => 'noname',
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'Invalid|username',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
2019-09-14 07:58:42 +00:00
|
|
|
'If no users with this email found, pretend everything is OK' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => '',
|
|
|
|
|
'email' => 'some@not.found.email',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
2019-12-10 06:48:56 +00:00
|
|
|
'No email for the user, pretend everything is OK' => [
|
|
|
|
|
'expectedError' => false,
|
2019-09-14 07:58:42 +00:00
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'BadUser',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
2019-10-20 07:10:12 +00:00
|
|
|
'Email required for resets, no match' => [
|
2019-09-14 07:58:42 +00:00
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $emailRequiredConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => 'some@other.email',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
"Couldn't determine the performing user's IP" => [
|
|
|
|
|
'expectedError' => 'badipaddress',
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $this->makePerformingUser( null, false ),
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'User is allowed, but ignored' => [
|
|
|
|
|
'expectedError' => 'passwordreset-ignored',
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User1' ], 0, [ 'User1' ] ),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'One of users is ignored' => [
|
|
|
|
|
'expectedError' => 'passwordreset-ignored',
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User1', 'User2' ], 0, [ 'User2' ] ),
|
|
|
|
|
'username' => '',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
'usersWithEmail' => [ 'User1', 'User2' ],
|
|
|
|
|
],
|
|
|
|
|
'User is rejected' => [
|
|
|
|
|
'expectedError' => 'rejected by test mock',
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager(),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => '',
|
|
|
|
|
'usersWithEmail' => [],
|
|
|
|
|
],
|
|
|
|
|
'One of users is rejected' => [
|
|
|
|
|
'expectedError' => 'rejected by test mock',
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User1' ] ),
|
|
|
|
|
'username' => '',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
'usersWithEmail' => [ 'User1', 'User2' ],
|
|
|
|
|
],
|
|
|
|
|
'Reset one user via password' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User1' ], 1 ),
|
|
|
|
|
'username' => 'User1',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
// Make sure that only the user specified by username is reset
|
|
|
|
|
'usersWithEmail' => [ 'User1', 'User2' ],
|
|
|
|
|
],
|
|
|
|
|
'Reset one user via email' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User1' ], 1 ),
|
|
|
|
|
'username' => '',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
'usersWithEmail' => [ 'User1' ],
|
|
|
|
|
],
|
|
|
|
|
'Reset multiple users via email' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $defaultConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User1', 'User2' ], 2 ),
|
|
|
|
|
'username' => '',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
'usersWithEmail' => [ 'User1', 'User2' ],
|
|
|
|
|
],
|
|
|
|
|
"Email is required for resets, user didn't opt in" => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $emailRequiredConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User2' ], 1 ),
|
|
|
|
|
'username' => 'User2',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
'usersWithEmail' => [ 'User2' ],
|
|
|
|
|
],
|
2019-10-20 07:10:12 +00:00
|
|
|
'Reset three users via email that did not opt in, multiple users with same email' => [
|
|
|
|
|
'expectedError' => false,
|
|
|
|
|
'config' => $emailRequiredConfig,
|
|
|
|
|
'performingUser' => $performingUser,
|
|
|
|
|
'authManager' => $this->makeAuthManager( [ 'User2', 'User3', 'User4' ], 3, [ 'User1' ] ),
|
|
|
|
|
'username' => '',
|
|
|
|
|
'email' => self::VALID_EMAIL,
|
|
|
|
|
'usersWithEmail' => [ 'User1', 'User2', 'User3', 'User4' ],
|
|
|
|
|
],
|
2019-09-14 07:58:42 +00:00
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function assertStatus( StatusValue $status, $error = false ) {
|
|
|
|
|
if ( $error === false ) {
|
2020-10-02 23:02:31 +00:00
|
|
|
$this->assertTrue(
|
|
|
|
|
$status->isGood(),
|
|
|
|
|
'Expected status to be good, result was: ' . $status->__toString()
|
|
|
|
|
);
|
2019-09-14 07:58:42 +00:00
|
|
|
} else {
|
|
|
|
|
$this->assertFalse( $status->isGood(), 'Expected status to not be good' );
|
|
|
|
|
if ( is_string( $error ) ) {
|
|
|
|
|
$this->assertNotEmpty( $status->getErrors() );
|
|
|
|
|
$message = $status->getErrors()[0]['message'];
|
|
|
|
|
if ( $message instanceof MessageSpecifier ) {
|
|
|
|
|
$message = $message->getKey();
|
|
|
|
|
}
|
|
|
|
|
$this->assertSame( $error, $message );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function makeConfig( $enableEmail, array $passwordResetRoutes, $emailForResets ) {
|
|
|
|
|
$hash = [
|
|
|
|
|
'AllowRequiringEmailForResets' => $emailForResets,
|
|
|
|
|
'EnableEmail' => $enableEmail,
|
|
|
|
|
'PasswordResetRoutes' => $passwordResetRoutes,
|
|
|
|
|
];
|
|
|
|
|
|
2019-10-08 18:26:17 +00:00
|
|
|
return new ServiceOptions( PasswordReset::CONSTRUCTOR_OPTIONS, $hash );
|
2019-09-14 07:58:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param string|null $ip
|
|
|
|
|
* @param bool $pingLimited
|
|
|
|
|
* @return User
|
|
|
|
|
*/
|
|
|
|
|
private function makePerformingUser( $ip, $pingLimited ) : User {
|
|
|
|
|
$request = $this->getMockBuilder( WebRequest::class )
|
2019-09-10 02:49:12 +00:00
|
|
|
->getMock();
|
2019-09-14 07:58:42 +00:00
|
|
|
$request->method( 'getIP' )
|
|
|
|
|
->willReturn( $ip );
|
|
|
|
|
/** @var WebRequest $request */
|
2019-09-10 02:49:12 +00:00
|
|
|
|
2019-09-14 07:58:42 +00:00
|
|
|
$user = $this->getMockBuilder( User::class )
|
2021-05-26 03:20:01 +00:00
|
|
|
->onlyMethods( [ 'getName', 'pingLimiter', 'getRequest', 'isAllowed' ] )
|
2019-09-10 02:49:12 +00:00
|
|
|
->getMock();
|
|
|
|
|
|
2019-09-14 07:58:42 +00:00
|
|
|
$user->method( 'getName' )
|
|
|
|
|
->willReturn( 'SomeUser' );
|
|
|
|
|
$user->method( 'pingLimiter' )
|
|
|
|
|
->with( 'mailpassword' )
|
|
|
|
|
->willReturn( $pingLimited );
|
|
|
|
|
$user->method( 'getRequest' )
|
|
|
|
|
->willReturn( $request );
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
|
2021-05-26 03:20:01 +00:00
|
|
|
// Always has the relevant rights, just checking based on rate limits
|
|
|
|
|
$user->method( 'isAllowed' )->with( 'editmyprivateinfo' )->willReturn( true );
|
|
|
|
|
|
2019-09-14 07:58:42 +00:00
|
|
|
/** @var User $user */
|
|
|
|
|
return $user;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2020-03-10 21:11:50 +00:00
|
|
|
* @param string[] $allowed Usernames that are allowed to send password reset email
|
|
|
|
|
* by AuthManager's allowsAuthenticationDataChange method.
|
|
|
|
|
* @param int $numUsersToAuth Number of users that will receive email
|
|
|
|
|
* @param string[] $ignored Usernames that are allowed but ignored by AuthManager's
|
|
|
|
|
* allowsAuthenticationDataChange method and will not receive password reset email.
|
|
|
|
|
* @param string[] $mailThrottledLimited Usernames that have already
|
|
|
|
|
* received the password reset email within a given time, and AuthManager
|
|
|
|
|
* changeAuthenticationData method will mark them as 'throttled-mailpassword.'
|
2019-09-14 07:58:42 +00:00
|
|
|
* @return AuthManager
|
|
|
|
|
*/
|
|
|
|
|
private function makeAuthManager(
|
|
|
|
|
array $allowed = [],
|
|
|
|
|
$numUsersToAuth = 0,
|
2020-03-10 21:11:50 +00:00
|
|
|
array $ignored = [],
|
|
|
|
|
array $mailThrottledLimited = []
|
2019-09-14 07:58:42 +00:00
|
|
|
) : AuthManager {
|
|
|
|
|
$authManager = $this->getMockBuilder( AuthManager::class )
|
|
|
|
|
->disableOriginalConstructor()
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
->getMock();
|
2019-09-14 07:58:42 +00:00
|
|
|
$authManager->method( 'allowsAuthenticationDataChange' )
|
|
|
|
|
->willReturnCallback(
|
2021-02-07 13:10:36 +00:00
|
|
|
static function ( TemporaryPasswordAuthenticationRequest $req )
|
2020-03-10 21:11:50 +00:00
|
|
|
use ( $allowed, $ignored, $mailThrottledLimited ) {
|
|
|
|
|
if ( in_array( $req->username, $mailThrottledLimited, true ) ) {
|
|
|
|
|
return Status::newGood( 'throttled-mailpassword' );
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-14 07:58:42 +00:00
|
|
|
$value = in_array( $req->username, $ignored, true )
|
|
|
|
|
? 'ignored'
|
|
|
|
|
: 'okie dokie';
|
2020-03-10 21:11:50 +00:00
|
|
|
|
2019-09-14 07:58:42 +00:00
|
|
|
return in_array( $req->username, $allowed, true )
|
|
|
|
|
? Status::newGood( $value )
|
|
|
|
|
: Status::newFatal( 'rejected by test mock' );
|
|
|
|
|
} );
|
2020-04-08 00:13:54 +00:00
|
|
|
// changeAuthenticationData is executed in the deferred update class
|
|
|
|
|
// SendPasswordResetEmailUpdate
|
2019-09-14 07:58:42 +00:00
|
|
|
$authManager->expects( $this->exactly( $numUsersToAuth ) )
|
|
|
|
|
->method( 'changeAuthenticationData' );
|
|
|
|
|
|
|
|
|
|
/** @var AuthManager $authManager */
|
|
|
|
|
return $authManager;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @return User[]
|
|
|
|
|
*/
|
|
|
|
|
private function makeUsers() {
|
|
|
|
|
$user1 = $this->getMockBuilder( User::class )->getMock();
|
|
|
|
|
$user2 = $this->getMockBuilder( User::class )->getMock();
|
2019-10-20 07:10:12 +00:00
|
|
|
$user3 = $this->getMockBuilder( User::class )->getMock();
|
|
|
|
|
$user4 = $this->getMockBuilder( User::class )->getMock();
|
2019-09-14 07:58:42 +00:00
|
|
|
$user1->method( 'getName' )->willReturn( 'User1' );
|
|
|
|
|
$user2->method( 'getName' )->willReturn( 'User2' );
|
2019-10-20 07:10:12 +00:00
|
|
|
$user3->method( 'getName' )->willReturn( 'User3' );
|
|
|
|
|
$user4->method( 'getName' )->willReturn( 'User4' );
|
2019-09-14 07:58:42 +00:00
|
|
|
$user1->method( 'getId' )->willReturn( 1 );
|
|
|
|
|
$user2->method( 'getId' )->willReturn( 2 );
|
2019-10-20 07:10:12 +00:00
|
|
|
$user3->method( 'getId' )->willReturn( 3 );
|
|
|
|
|
$user4->method( 'getId' )->willReturn( 4 );
|
2019-09-14 07:58:42 +00:00
|
|
|
$user1->method( 'getEmail' )->willReturn( self::VALID_EMAIL );
|
|
|
|
|
$user2->method( 'getEmail' )->willReturn( self::VALID_EMAIL );
|
2019-10-20 07:10:12 +00:00
|
|
|
$user3->method( 'getEmail' )->willReturn( self::VALID_EMAIL );
|
|
|
|
|
$user4->method( 'getEmail' )->willReturn( self::VALID_EMAIL );
|
2019-09-14 07:58:42 +00:00
|
|
|
|
|
|
|
|
$badUser = $this->getMockBuilder( User::class )->getMock();
|
|
|
|
|
$badUser->method( 'getName' )->willReturn( 'BadUser' );
|
2019-10-20 07:10:12 +00:00
|
|
|
$badUser->method( 'getId' )->willReturn( 5 );
|
2021-04-01 19:33:20 +00:00
|
|
|
$badUser->method( 'getEmail' )->willReturn( '' );
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
|
2019-09-14 07:58:42 +00:00
|
|
|
return [
|
|
|
|
|
'User1' => $user1,
|
|
|
|
|
'User2' => $user2,
|
2019-10-20 07:10:12 +00:00
|
|
|
'User3' => $user3,
|
|
|
|
|
'User4' => $user4,
|
2019-09-14 07:58:42 +00:00
|
|
|
'BadUser' => $badUser,
|
|
|
|
|
];
|
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
2015-09-22 22:50:04 +00:00
|
|
|
}
|
|
|
|
|
}
|
