Merge "Add Special:PasswordPolicies"
This commit is contained in:
jenkins-bot
Gerrit Code Review
commit
d1f826c746
8 changed files with 215 additions and 2 deletions
|
|
@ -1445,6 +1445,7 @@ $wgAutoloadLocalClasses = [
|
|||
'SpecialPageFactory' => __DIR__ . '/includes/specialpage/SpecialPageFactory.php',
|
||||
'SpecialPageLanguage' => __DIR__ . '/includes/specials/SpecialPageLanguage.php',
|
||||
'SpecialPagesWithProp' => __DIR__ . '/includes/specials/SpecialPagesWithProp.php',
|
||||
'SpecialPasswordPolicies' => __DIR__ . '/includes/specials/SpecialPasswordPolicies.php',
|
||||
'SpecialPasswordReset' => __DIR__ . '/includes/specials/SpecialPasswordReset.php',
|
||||
'SpecialPermanentLink' => __DIR__ . '/includes/specials/SpecialPermanentLink.php',
|
||||
'SpecialPreferences' => __DIR__ . '/includes/specials/SpecialPreferences.php',
|
||||
|
|
|
|||
|
|
@ -112,6 +112,7 @@ class SpecialPageFactory {
|
|||
'Listbots' => SpecialListBots::class,
|
||||
'Userrights' => UserrightsPage::class,
|
||||
'EditWatchlist' => SpecialEditWatchlist::class,
|
||||
'PasswordPolicies' => SpecialPasswordPolicies::class,
|
||||
|
||||
// Recent changes and logs
|
||||
'Newimages' => SpecialNewFiles::class,
|
||||
|
|
|
|||
163
includes/specials/SpecialPasswordPolicies.php
Normal file
163
includes/specials/SpecialPasswordPolicies.php
Normal file
|
|
@ -0,0 +1,163 @@
|
|||
<?php
|
||||
/**
|
||||
* Implements Special:PasswordPolicies
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
* http://www.gnu.org/copyleft/gpl.html
|
||||
*
|
||||
* @file
|
||||
* @ingroup SpecialPage
|
||||
*/
|
||||
|
||||
/**
|
||||
* This special page lists the defined password policies for user groups.
|
||||
* See also @ref $wgPasswordPolicy.
|
||||
*
|
||||
* @ingroup SpecialPage
|
||||
* @since 1.32
|
||||
*/
|
||||
class SpecialPasswordPolicies extends SpecialPage {
|
||||
public function __construct() {
|
||||
parent::__construct( 'PasswordPolicies' );
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the special page
|
||||
* @param string|null $par
|
||||
*/
|
||||
public function execute( $par ) {
|
||||
$this->setHeaders();
|
||||
$this->outputHeader();
|
||||
|
||||
$out = $this->getOutput();
|
||||
$out->addModuleStyles( 'mediawiki.special' );
|
||||
|
||||
$this->addHelpLink( 'Help:Password policies' );
|
||||
|
||||
$out->addHTML(
|
||||
Xml::openElement( 'table', [ 'class' => 'wikitable mw-passwordpolicies-table' ] ) .
|
||||
'<tr>' .
|
||||
Xml::element( 'th', null, $this->msg( 'passwordpolicies-group' )->text() ) .
|
||||
Xml::element( 'th', null, $this->msg( 'passwordpolicies-policies' )->text() ) .
|
||||
'</tr>'
|
||||
);
|
||||
|
||||
$config = $this->getConfig();
|
||||
$policies = $config->get( 'PasswordPolicy' );
|
||||
|
||||
$groupPermissions = $config->get( 'GroupPermissions' );
|
||||
$revokePermissions = $config->get( 'RevokePermissions' );
|
||||
$addGroups = $config->get( 'AddGroups' );
|
||||
$removeGroups = $config->get( 'RemoveGroups' );
|
||||
$groupsAddToSelf = $config->get( 'GroupsAddToSelf' );
|
||||
$groupsRemoveFromSelf = $config->get( 'GroupsRemoveFromSelf' );
|
||||
$allGroups = array_unique( array_merge(
|
||||
array_keys( $groupPermissions ),
|
||||
array_keys( $revokePermissions ),
|
||||
array_keys( $addGroups ),
|
||||
array_keys( $removeGroups ),
|
||||
array_keys( $groupsAddToSelf ),
|
||||
array_keys( $groupsRemoveFromSelf )
|
||||
) );
|
||||
asort( $allGroups );
|
||||
|
||||
$linkRenderer = $this->getLinkRenderer();
|
||||
|
||||
foreach ( $allGroups as $group ) {
|
||||
if ( $group == '*' ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$groupnameLocalized = UserGroupMembership::getGroupName( $group );
|
||||
|
||||
$grouppageLocalizedTitle = UserGroupMembership::getGroupPage( $group )
|
||||
?: Title::newFromText( MWNamespace::getCanonicalName( NS_PROJECT ) . ':' . $group );
|
||||
|
||||
$grouppage = $linkRenderer->makeLink(
|
||||
$grouppageLocalizedTitle,
|
||||
$groupnameLocalized
|
||||
);
|
||||
|
||||
if ( $group === 'user' ) {
|
||||
// Link to Special:listusers for implicit group 'user'
|
||||
$grouplink = '<br />' . $linkRenderer->makeKnownLink(
|
||||
SpecialPage::getTitleFor( 'Listusers' ),
|
||||
$this->msg( 'listgrouprights-members' )->text()
|
||||
);
|
||||
} elseif ( !in_array( $group, $config->get( 'ImplicitGroups' ) ) ) {
|
||||
$grouplink = '<br />' . $linkRenderer->makeKnownLink(
|
||||
SpecialPage::getTitleFor( 'Listusers' ),
|
||||
$this->msg( 'listgrouprights-members' )->text(),
|
||||
[],
|
||||
[ 'group' => $group ]
|
||||
);
|
||||
} else {
|
||||
// No link to Special:listusers for other implicit groups as they are unlistable
|
||||
$grouplink = '';
|
||||
}
|
||||
|
||||
$out->addHTML( Html::rawElement( 'tr', [ 'id' => Sanitizer::escapeIdForAttribute( $group ) ], "
|
||||
<td>$grouppage$grouplink</td>
|
||||
<td>" . $this->formatPolicies( $policies, $group ) . '</td>
|
||||
'
|
||||
) );
|
||||
|
||||
}
|
||||
|
||||
$out->addHTML( Xml::closeElement( 'table' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a HTML list of password policies for $group
|
||||
*
|
||||
* @param array $policies Original $wgPasswordPolicy array
|
||||
* @param array $group Group to format password policies for
|
||||
*
|
||||
* @return string HTML list of all applied password policies
|
||||
*/
|
||||
private function formatPolicies( $policies, $group ) {
|
||||
$groupPolicies = UserPasswordPolicy::getPoliciesForGroups(
|
||||
$policies['policies'],
|
||||
[ $group ],
|
||||
$policies['policies']['default']
|
||||
);
|
||||
|
||||
$ret = [];
|
||||
foreach ( $groupPolicies as $gp => $val ) {
|
||||
if ( $val === false ) {
|
||||
// Policy isn't enabled, so no need to dislpay it
|
||||
continue;
|
||||
} elseif ( $val === true ) {
|
||||
$msg = $this->msg( 'passwordpolicies-policy-' . strtolower( $gp ) );
|
||||
} else {
|
||||
$msg = $this->msg( 'passwordpolicies-policy-' . strtolower( $gp ) )->numParams( $val );
|
||||
}
|
||||
$ret[] = $this->msg(
|
||||
'passwordpolicies-policy-display',
|
||||
$msg,
|
||||
'<span class="mw-passwordpolicies-policy-name">' . $gp . '</span>'
|
||||
)->parse();
|
||||
}
|
||||
if ( !count( $ret ) ) {
|
||||
return '';
|
||||
} else {
|
||||
return '<ul><li>' . implode( "</li>\n<li>", $ret ) . '</li></ul>';
|
||||
}
|
||||
}
|
||||
|
||||
protected function getGroupName() {
|
||||
return 'users';
|
||||
}
|
||||
}
|
||||
|
|
@ -4469,5 +4469,17 @@
|
|||
"pagedata-text": "This page provides a data interface to pages. Please provide the page title in the URL, using subpage syntax.\n* Content negotiation applies based on your client's Accept header. This means that the page data will be provided in the format preferred by your client.",
|
||||
"pagedata-not-acceptable": "No matching format found. Supported MIME types: $1",
|
||||
"pagedata-bad-title": "Invalid title: $1.",
|
||||
"unregistered-user-config": "For security reasons JavaScript, CSS and JSON user subpages cannot be loaded for unregistered users."
|
||||
"unregistered-user-config": "For security reasons JavaScript, CSS and JSON user subpages cannot be loaded for unregistered users.",
|
||||
"passwordpolicies": "Password policies",
|
||||
"passwordpolicies-summary": "This is a list of the effective password policies for the user groups defined in this wiki.",
|
||||
"passwordpolicies-helppage": "Manual:$wgPasswordPolicy",
|
||||
"passwordpolicies-group": "Group",
|
||||
"passwordpolicies-policies": "Policies",
|
||||
"passwordpolicies-policy-display": "<span class=\"passwordpolicies-policy\">$1 <code>($2)</code></span>",
|
||||
"passwordpolicies-policy-minimalpasswordlength": "Password must be at least $1 {{PLURAL:$1|character|characters}} long",
|
||||
"passwordpolicies-policy-minimumpasswordlengthtologin": "Password must be at least $1 {{PLURAL:$1|character|characters}} long to be able to login",
|
||||
"passwordpolicies-policy-passwordcannotmatchusername": "Password cannot be the same as username",
|
||||
"passwordpolicies-policy-passwordcannotmatchblacklist": "Password cannot match specifically blacklisted passwords",
|
||||
"passwordpolicies-policy-maximalpasswordlength": "Password must be less than $1 {{PLURAL:$1|character|characters}} long",
|
||||
"passwordpolicies-policy-passwordcannotbepopular": "Password cannot be {{PLURAL:$1|the popular password|in the list of $1 popular passwords}}"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4667,5 +4667,18 @@
|
|||
"pagedata-text": "Error shown when none of the formats acceptable to the client is supported (HTTP error 406). Parameters:\n* $1 - the list of supported MIME types",
|
||||
"pagedata-not-acceptable": "No matching format found. Supported MIME types: $1",
|
||||
"pagedata-bad-title": "Error shown when the requested title is invalid. Parameters:\n* $1: the malformed ID",
|
||||
"unregistered-user-config": "Shown when viewing a user JS, CSS or JSON subpage with ?action=raw&ctype=<mime type> where there is no such user. It is shown as a paragraph after a header saying 'Forbidden'."
|
||||
"unregistered-user-config": "Shown when viewing a user JS, CSS or JSON subpage with ?action=raw&ctype=<mime type> where there is no such user. It is shown as a paragraph after a header saying 'Forbidden'.",
|
||||
"passwordpolicies": "The name of the special page [[Special:PasswordPolicies]].",
|
||||
"passwordpolicies-summary": "The description used on [[Special:ListGroupRights]].\n\nRefers to {{msg-mw|Passwordpolicies-helppage}}.",
|
||||
"passwordpolicies-helppage": "The link used on [[Special:PasswordPolicies]].",
|
||||
"passwordpolicies-group": "The title of the column in the table, about user groups (like you are in the ''translator'' group).\n\n{{Identical|Group}}\n{{Related|Passwordpolicies}}",
|
||||
"passwordpolicies-policies": "The title of the column in the table, about password policies.\n{{Related|Passwordpolicies}}",
|
||||
"passwordpolicies-policy-display": "{{optional}}\nParameters:\n* $1 - the text from the \"passwordpolicies-policy-...\" messages, i.e. {{msg-mw|passwordpolicies-policy-minimalpasswordlength}}\n* $2 - the name of this password policy",
|
||||
"passwordpolicies-policy-minimalpasswordlength": "Password policy that enforces a minimum number of characters a password must be. $1 - minimum number of characters that a password can be",
|
||||
"passwordpolicies-policy-minimumpasswordlengthtologin": "Password policy that enforces a minimum number of characters a password must be to be able to login to the wiki. $1 - minimum number of characters that a password can be to be able to login",
|
||||
"passwordpolicies-policy-passwordcannotmatchusername": "Password policy that enforces that the password of the account cannot be the same as the username",
|
||||
"passwordpolicies-policy-passwordcannotmatchblacklist": "Password policy that enforces that passwords are not on a list of blacklisted passwords (often previously used during MediaWiki automated testing)",
|
||||
"passwordpolicies-policy-maximalpasswordlength": "Password policy that enforces a maximum number of characters a password must be. $1 - maximum number of characters that a password can be",
|
||||
"passwordpolicies-policy-passwordcannotbepopular": "Password policy that enforces that a password is not in a list of $1 number of \"popular\" passwords. $1 - number of popular passwords the password will be checked against"
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -468,6 +468,7 @@ $specialPageAliases = [
|
|||
'PagesWithProp' => [ 'PagesWithProp', 'Pageswithprop', 'PagesByProp', 'Pagesbyprop' ],
|
||||
'PageData' => [ 'PageData' ],
|
||||
'PageLanguage' => [ 'PageLanguage' ],
|
||||
'PasswordPolicies' => [ 'PasswordPolicies' ],
|
||||
'PasswordReset' => [ 'PasswordReset' ],
|
||||
'PermanentLink' => [ 'PermanentLink', 'PermaLink' ],
|
||||
'Preferences' => [ 'Preferences' ],
|
||||
|
|
|
|||
|
|
@ -134,3 +134,8 @@
|
|||
color: #72777d;
|
||||
font-size: 90%;
|
||||
}
|
||||
|
||||
/* Special:PasswordPolicies */
|
||||
.mw-passwordpolicies-table tr {
|
||||
vertical-align: top;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -156,4 +156,21 @@ class PasswordPolicyChecksTest extends MediaWikiTestCase {
|
|||
$status = PasswordPolicyChecks::checkPopularPasswordBlacklist( PHP_INT_MAX, $user, $password );
|
||||
$this->assertSame( $expected, $status->isGood() );
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify that all password policy description messages actually exist.
|
||||
* Messages used on Special:PasswordPolicies
|
||||
*/
|
||||
public function testPasswordPolicyDescriptionsExist() {
|
||||
global $wgPasswordPolicy;
|
||||
$lang = Language::factory( 'en' );
|
||||
|
||||
foreach ( array_keys( $wgPasswordPolicy['checks'] ) as $check ) {
|
||||
$msgKey = 'passwordpolicies-policy-' . strtolower( $check );
|
||||
$this->assertTrue(
|
||||
wfMessage( $msgKey )->useDatabase( false )->inLanguage( $lang )->exists(),
|
||||
"Message '$msgKey' required by '$check' must exist"
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue