Deprecate PasswordNotInLargeBlacklist
Bug: T254799 Change-Id: If5a23dc2cbe675bac8cc4979bba8c3d4527997a0
This commit is contained in:
Reedy
James D. Forrester
parent
880a5dcdf8
commit
a67a1bc923
5 changed files with 23 additions and 16 deletions
|
|
@ -4830,10 +4830,14 @@ $wgCentralIdLookupProvider = 'local';
|
|||
* commonly chosen. Set to integer n to ban the top n passwords.
|
||||
* If you want to ban all common passwords on file, use the
|
||||
* PHP_INT_MAX constant.
|
||||
* Deprecated since 1.33. Use PasswordNotInLargeBlacklist instead.
|
||||
* Deprecated since 1.33. Use PasswordNotInCommonList instead.
|
||||
* - PasswordNotInLargeBlacklist - Password not in best practices list of
|
||||
* 100,000 commonly used passwords. Due to the size of the list this
|
||||
* is a probabilistic test.
|
||||
* Deprecated since 1.35, use PasswordNotInCommonList instead.
|
||||
* - PasswordNotInCommonList - Password not in best practices list of
|
||||
* 100,000 commonly used passwords. Due to the size of the list this
|
||||
* is a probabilistic test.
|
||||
*
|
||||
* If you add custom checks, for Special:PasswordPolicies to display them correctly,
|
||||
* every check should have a corresponding passwordpolicies-policy-<check> message,
|
||||
|
|
@ -4873,7 +4877,7 @@ $wgPasswordPolicy = [
|
|||
],
|
||||
'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
|
||||
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
|
||||
'PasswordNotInLargeBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
|
||||
'PasswordNotInCommonList' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
|
||||
],
|
||||
],
|
||||
'checks' => [
|
||||
|
|
@ -4885,7 +4889,8 @@ $wgPasswordPolicy = [
|
|||
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
|
||||
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
|
||||
'PasswordCannotBePopular' => 'PasswordPolicyChecks::checkPopularPasswordBlacklist',
|
||||
'PasswordNotInLargeBlacklist' => 'PasswordPolicyChecks::checkPasswordNotInLargeBlacklist',
|
||||
'PasswordNotInLargeBlacklist' => 'PasswordPolicyChecks::checkPasswordNotInCommonList',
|
||||
'PasswordNotInCommonList' => 'PasswordPolicyChecks::checkPasswordNotInCommonList',
|
||||
],
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
|
||||
use Cdb\Reader as CdbReader;
|
||||
use MediaWiki\MediaWikiServices;
|
||||
use Wikimedia\PasswordBlacklist;
|
||||
use Wikimedia\CommonPasswords\CommonPasswords;
|
||||
|
||||
/**
|
||||
* Functions to check passwords against a policy requirement.
|
||||
|
|
@ -205,9 +205,9 @@ class PasswordPolicyChecks {
|
|||
}
|
||||
|
||||
/**
|
||||
* Ensure the password isn't in the list of passwords blacklisted by the
|
||||
* wikimedia/password-blacklist library, which contains (as of 0.1.4) the
|
||||
* 100.000 top passwords from SecLists (as a Bloom filter, with an
|
||||
* Ensure the password isn't in the list of common passwords by the
|
||||
* wikimedia/common-passwords library, which contains (as of 0.2.0) the
|
||||
* 100,000 top passwords from SecLists (as a Bloom filter, with an
|
||||
* 0.000001 false positive ratio).
|
||||
*
|
||||
* @param bool $policyVal Whether to apply this policy
|
||||
|
|
@ -218,10 +218,10 @@ class PasswordPolicyChecks {
|
|||
*
|
||||
* @return Status
|
||||
*/
|
||||
public static function checkPasswordNotInLargeBlacklist( $policyVal, User $user, $password ) {
|
||||
public static function checkPasswordNotInCommonList( $policyVal, User $user, $password ) {
|
||||
$status = Status::newGood();
|
||||
if ( $policyVal && PasswordBlacklist\PasswordBlacklist::isBlacklisted( $password ) ) {
|
||||
$status->error( 'passwordinlargeblacklist' );
|
||||
if ( $policyVal && CommonPasswords::isCommon( $password ) ) {
|
||||
$status->error( 'passwordincommonlist' );
|
||||
}
|
||||
|
||||
return $status;
|
||||
|
|
|
|||
|
|
@ -490,7 +490,7 @@
|
|||
"passwordtooshort": "Passwords must be at least {{PLURAL:$1|1 character|$1 characters}}.",
|
||||
"passwordtoolong": "Passwords cannot be longer than {{PLURAL:$1|1 character|$1 characters}}.",
|
||||
"passwordtoopopular": "Commonly chosen passwords cannot be used. Please choose a password that is more difficult to guess.",
|
||||
"passwordinlargeblacklist": "The password entered is in a list of very commonly used passwords. Please choose a more unique password.",
|
||||
"passwordincommonlist": "The password entered is in a list of very commonly used passwords. Please choose a more unique password.",
|
||||
"password-name-match": "Your password must be different from your username.",
|
||||
"password-substring-username-match": "Your password must not appear within your username.",
|
||||
"password-login-forbidden": "The use of this username and password has been forbidden.",
|
||||
|
|
@ -4291,6 +4291,7 @@
|
|||
"passwordpolicies-policy-maximalpasswordlength": "Password must be less than $1 {{PLURAL:$1|character|characters}} long",
|
||||
"passwordpolicies-policy-passwordcannotbepopular": "Password cannot be {{PLURAL:$1|the popular password|in the list of $1 popular passwords}}",
|
||||
"passwordpolicies-policy-passwordnotinlargeblacklist": "Password cannot be in the list of 100,000 most commonly used passwords.",
|
||||
"passwordpolicies-policy-passwordnotincommonlist": "Password cannot be in the list of 100,000 most commonly used passwords.",
|
||||
"passwordpolicies-policyflag-forcechange": "must change on login",
|
||||
"passwordpolicies-policyflag-suggestchangeonlogin": "suggest change on login",
|
||||
"mycustomjsredirectprotected": "You do not have permission to edit this JavaScript page because it is a redirect and it does not point inside your userspace.",
|
||||
|
|
|
|||
|
|
@ -705,7 +705,7 @@
|
|||
"passwordtooshort": "This message is shown in [[Special:Preferences]] and [[Special:CreateAccount]].\n\nParameters:\n* $1 - the minimum number of characters in the password",
|
||||
"passwordtoolong": "This message is shown in [[Special:Preferences]], [[Special:CreateAccount]], and [[Special:Userlogin]].\n\nParameters:\n* $1 - the maximum number of characters in the password",
|
||||
"passwordtoopopular": "Shown if the user chooses a really popular password.",
|
||||
"passwordinlargeblacklist": "Shown if the user chooses a very common password.",
|
||||
"passwordincommonlist": "Shown if the user chooses a very common password.",
|
||||
"password-name-match": "Used as error message when password validity check failed.",
|
||||
"password-substring-username-match": "Used as error message when password validity check failed.",
|
||||
"password-login-forbidden": "Error message shown when the user has tried to log in using one of the special username/password combinations used for MediaWiki testing. (See [[mwr:75589]], [[mwr:75605]].)",
|
||||
|
|
@ -4506,6 +4506,7 @@
|
|||
"passwordpolicies-policy-maximalpasswordlength": "Password policy that enforces a maximum number of characters a password must be. $1 - maximum number of characters that a password can be",
|
||||
"passwordpolicies-policy-passwordcannotbepopular": "Password policy that enforces that a password is not in a list of $1 number of \"popular\" passwords. $1 - number of popular passwords the password will be checked against",
|
||||
"passwordpolicies-policy-passwordnotinlargeblacklist": "Password policy that enforces that a password is not in a list of 100,000 number of \"popular\" passwords.",
|
||||
"passwordpolicies-policy-passwordnotincommonlist": "Password policy that enforces that a password is not in a list of 100,000 number of \"popular\" passwords.",
|
||||
"passwordpolicies-policyflag-forcechange": "Password policy flag that enforces changing invalid passwords on login.",
|
||||
"passwordpolicies-policyflag-suggestchangeonlogin": "Password policy flag that suggests changing invalid passwords on login.",
|
||||
"mycustomjsredirectprotected": "Error message shown when user tries to edit their own JS page that is a foreign redirect without the 'mycustomjsredirectprotected' right. See also {{msg-mw|mycustomjsprotected}}.",
|
||||
|
|
|
|||
|
|
@ -197,7 +197,7 @@ class PasswordPolicyChecksTest extends MediaWikiTestCase {
|
|||
$this->assertSame( $expected, $status->isGood() );
|
||||
}
|
||||
|
||||
public static function provideLargeBlacklist() {
|
||||
public static function provideCommonList() {
|
||||
return [
|
||||
[ false, 'testpass' ],
|
||||
[ false, 'password' ],
|
||||
|
|
@ -208,12 +208,12 @@ class PasswordPolicyChecksTest extends MediaWikiTestCase {
|
|||
}
|
||||
|
||||
/**
|
||||
* @covers PasswordPolicyChecks::checkPasswordNotInLargeBlacklist
|
||||
* @dataProvider provideLargeBlacklist
|
||||
* @covers PasswordPolicyChecks::checkPasswordNotInCommonList
|
||||
* @dataProvider provideCommonList
|
||||
*/
|
||||
public function testCheckNotInLargeBlacklist( $expected, $password ) {
|
||||
$user = User::newFromName( 'username' );
|
||||
$status = PasswordPolicyChecks::checkPasswordNotInLargeBlacklist( true, $user, $password );
|
||||
$status = PasswordPolicyChecks::checkPasswordNotInCommonList( true, $user, $password );
|
||||
$this->assertSame( $expected, $status->isGood() );
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue