Enhance passwored reset message
Add a more general message for password reset request submissions. Bug: T246844 Change-Id: I45e9db992ea113c44f7603081754ac9a575a5da6
This commit is contained in:
hmonroy
parent
2c96d9d23e
commit
1426f6354c
7 changed files with 52 additions and 9 deletions
|
|
@ -859,10 +859,16 @@ class AuthManager implements LoggerAwareInterface {
|
|||
$any = false;
|
||||
$providers = $this->getPrimaryAuthenticationProviders() +
|
||||
$this->getSecondaryAuthenticationProviders();
|
||||
|
||||
foreach ( $providers as $provider ) {
|
||||
$status = $provider->providerAllowsAuthenticationDataChange( $req, $checkData );
|
||||
if ( !$status->isGood() ) {
|
||||
return Status::wrap( $status );
|
||||
// If status is not good because reset email password last attempt was within
|
||||
// $wgPasswordReminderResendTime then return good status with throttled-mailpassword value;
|
||||
// otherwise, return the $status wrapped.
|
||||
return $status->hasMessage( 'throttled-mailpassword' )
|
||||
? Status::newGood( 'throttled-mailpassword' )
|
||||
: Status::wrap( $status );
|
||||
}
|
||||
$any = $any || $status->value !== 'ignored';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -166,7 +166,7 @@ class SpecialPasswordReset extends FormSpecialPage {
|
|||
|
||||
// Information messages.
|
||||
$output->addWikiMsg( 'passwordreset-success' );
|
||||
$output->addWikiMsg( 'passwordreset-success-details' );
|
||||
$output->addWikiMsg( 'passwordreset-success-details-generic' );
|
||||
|
||||
// Confirmation of what the user has just submitted.
|
||||
$info = "\n";
|
||||
|
|
|
|||
|
|
@ -278,7 +278,15 @@ class PasswordReset implements LoggerAwareInterface {
|
|||
$req->username = $user->getName();
|
||||
$req->mailpassword = true;
|
||||
$req->caller = $performingUser->getName();
|
||||
|
||||
$status = $this->authManager->allowsAuthenticationDataChange( $req, true );
|
||||
// If status is good and the value is 'throttled-mailpassword', we want to pretend
|
||||
// that the request was a good to avoid displaying an error message and disclose
|
||||
// if a reset password was previously sent.
|
||||
if ( $status->isGood() && $status->getValue() === 'throttled-mailpassword' ) {
|
||||
return StatusValue::newGood();
|
||||
}
|
||||
|
||||
if ( $status->isGood() && $status->getValue() !== 'ignored' ) {
|
||||
$reqs[] = $req;
|
||||
} elseif ( $result->isGood() ) {
|
||||
|
|
|
|||
|
|
@ -607,7 +607,7 @@
|
|||
"passwordreset-emailtext-user": "User $1 on {{SITENAME}} requested a reset of your password for {{SITENAME}}\n($4). The following user {{PLURAL:$3|account is|accounts are}} associated with this email address:\n\n$2\n\n{{PLURAL:$3|This temporary password|These temporary passwords}} will expire in {{PLURAL:$5|one day|$5 days}}.\nYou should log in and choose a new password now. If someone else made this\nrequest, or if you have remembered your original password, and you no longer\nwish to change it, you may ignore this message and continue using your old\npassword.",
|
||||
"passwordreset-emailelement": "Username:\n$1\n\nTemporary password:\n$2",
|
||||
"passwordreset-success": "You have a requested a password reset.",
|
||||
"passwordreset-success-details": "If the information submitted is valid, a password reset email will be sent. If you haven't received an email, we recommend that you visit the [[mw:Special:MyLanguage/Help:Reset_password|reset password help page]].",
|
||||
"passwordreset-success-details-generic": "If the information submitted is valid, a password reset email will be sent. If you haven't received an email, we recommend that you visit the [[mw:Special:MyLanguage/Help:Reset_password|reset password help page]]. Note that <strong>only one password reset email will be sent per valid account every 24 hours</strong> in order to prevent abuse.",
|
||||
"passwordreset-success-info": "The details you submitted are: $1",
|
||||
"passwordreset-emailtext-require-email": "However, if you did not generate this request and want to prevent unsolicited\nemails, you may want to update your email options at\n$1.\nYou can require both username and email address to generate password reset\nemails. This may reduce the number of such incidents.",
|
||||
"passwordreset-nocaller": "A caller must be provided",
|
||||
|
|
|
|||
|
|
@ -821,7 +821,7 @@
|
|||
"passwordreset-emailtext-user": "Be consistent with {{msg-mw|Passwordreset-emailtext-ip}}.\n\nParameters:\n* $1 - a user name, no GENDER suport.\n* $2 - message {{msg-mw|Passwordreset-emailelement|notext=1}} repeated $3 times\n* $3 - the number of repetitions in $2\n* $4 - base URL of the wiki\n* $5 - number of days",
|
||||
"passwordreset-emailelement": "This is a body of a password reset email to allow them into the system with a new password. Parameters:\n* $1 - the user's login name. This parameter can be used for GENDER.\n* $2 - the temporary password given by the system",
|
||||
"passwordreset-success": "Displayed after a user has requested a password reset email via [[Special:PasswordReset]]. Does not mean that the email has actually been sent.",
|
||||
"passwordreset-success-details": "Extra information about the password-reset process, shown directly after {{msg-mw|passwordreset-success}}.",
|
||||
"passwordreset-success-details-generic": "Generic extra information about the password-reset process, shown directly after {{msg-mw|passwordreset-success}}.",
|
||||
"passwordreset-success-info": "Displayed below {{msg-mw|passwordreset-success-details}} to remind the user what they entered in the form.\n* $1 is a wikitext list of the user's supplied information.",
|
||||
"passwordreset-emailtext-require-email": "Used in password reset emails if the corresponding preference is allowed but not enabled by user.\n\nParameters:\n* $1 - URL to the appropriate section of [[Special:Preferences]]\n\nSee also:\n* {{msg-mw|tog-requireemail}}\n* {{msg-mw|prefs-help-requireemail}}",
|
||||
"passwordreset-nocaller": "Shown when a password reset was requested but the process failed due to an internal error related to missing details about the origin (caller) of the password reset request.",
|
||||
|
|
|
|||
|
|
@ -1343,6 +1343,8 @@ class AuthManagerTest extends \MediaWikiTestCase {
|
|||
$okFromSecondary = StatusValue::newGood();
|
||||
$okFromSecondary->warning( 'warning-from-secondary' );
|
||||
|
||||
$throttledMailPassword = \StatusValue::newFatal( 'throttled-mailpassword' );
|
||||
|
||||
return [
|
||||
[
|
||||
StatusValue::newGood(),
|
||||
|
|
@ -1384,6 +1386,11 @@ class AuthManagerTest extends \MediaWikiTestCase {
|
|||
$okFromSecondary,
|
||||
\Status::wrap( $okFromSecondary ),
|
||||
],
|
||||
[
|
||||
StatusValue::newGood(),
|
||||
$throttledMailPassword,
|
||||
\Status::newGood( 'throttled-mailpassword' ),
|
||||
]
|
||||
];
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -357,6 +357,16 @@ class PasswordResetTest extends MediaWikiTestCase {
|
|||
'email' => '',
|
||||
'usersWithEmail' => [],
|
||||
],
|
||||
'Password email already sent within 24 hours, pretend everything is ok' => [
|
||||
'expectedError' => false,
|
||||
'config' => $defaultConfig,
|
||||
'performingUser' => $performingUser,
|
||||
'permissionManager' => $permissionManager,
|
||||
'authManager' => $this->makeAuthManager( [ 'User1' ], 0, [], [ 'User1' ] ),
|
||||
'username' => 'User1',
|
||||
'email' => '',
|
||||
'usersWithEmail' => [ 'User1' ],
|
||||
],
|
||||
'No user by this username, pretend everything is OK' => [
|
||||
'expectedError' => false,
|
||||
'config' => $defaultConfig,
|
||||
|
|
@ -578,25 +588,37 @@ class PasswordResetTest extends MediaWikiTestCase {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string[] $allowed
|
||||
* @param int $numUsersToAuth
|
||||
* @param string[] $ignored
|
||||
* @param string[] $allowed Usernames that are allowed to send password reset email
|
||||
* by AuthManager's allowsAuthenticationDataChange method.
|
||||
* @param int $numUsersToAuth Number of users that will receive email
|
||||
* @param string[] $ignored Usernames that are allowed but ignored by AuthManager's
|
||||
* allowsAuthenticationDataChange method and will not receive password reset email.
|
||||
* @param string[] $mailThrottledLimited Usernames that have already
|
||||
* received the password reset email within a given time, and AuthManager
|
||||
* changeAuthenticationData method will mark them as 'throttled-mailpassword.'
|
||||
* @return AuthManager
|
||||
*/
|
||||
private function makeAuthManager(
|
||||
array $allowed = [],
|
||||
$numUsersToAuth = 0,
|
||||
array $ignored = []
|
||||
array $ignored = [],
|
||||
array $mailThrottledLimited = []
|
||||
) : AuthManager {
|
||||
$authManager = $this->getMockBuilder( AuthManager::class )
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$authManager->method( 'allowsAuthenticationDataChange' )
|
||||
->willReturnCallback(
|
||||
function ( TemporaryPasswordAuthenticationRequest $req ) use ( $allowed, $ignored ) {
|
||||
function ( TemporaryPasswordAuthenticationRequest $req )
|
||||
use ( $allowed, $ignored, $mailThrottledLimited ) {
|
||||
if ( in_array( $req->username, $mailThrottledLimited, true ) ) {
|
||||
return Status::newGood( 'throttled-mailpassword' );
|
||||
}
|
||||
|
||||
$value = in_array( $req->username, $ignored, true )
|
||||
? 'ignored'
|
||||
: 'okie dokie';
|
||||
|
||||
return in_array( $req->username, $allowed, true )
|
||||
? Status::newGood( $value )
|
||||
: Status::newFatal( 'rejected by test mock' );
|
||||
|
|
|
|||
Loading…
Reference in a new issue