It's causing quite a bit of WMF log spam because it's still used in wmf-config
Partial revert of I4c90e361b7538efeb0c5efa7ca61aed2e468591c
Change-Id: I7d1282e4260e7a42bee35b81d77470eb40dea818
Unused, the return format does not seem useful.
Also improve the documentation of $wgPasswordPolicy
and PasswordPolicyChecks.
Change-Id: Ic01e80cfefc4cfb0eee1eccc6a66942f692278a0
Changes here are:
* action=login is deprecated for use other than bot passwords
* list=users will indicate if a missing user name is creatable.
* Added action=query&meta=authmanagerinfo
* Added action=clientlogin is to be used to log into the main account
* action=createaccount is changed in a non-BC manner
* Added action=linkaccount
* Added action=unlinkaccount
* Added action=changeauthenticationdata
* Added action=removeauthenticationdata
* Added action=resetpassword
Bug: T110276
Bug: T110747
Bug: T110751
Bug: T32788
Bug: T67857
Bug: T28597
Bug: T76103
Change-Id: I244fa9b1e0623247d6d9fa30990411c6df94a496
This changes the default config to not allow the top 25 passwords
to be used by Sysop/Crats. This should almost certainly be set to
a higher number, but I think its best to wait until after this is
comitted to argue over what the best value is.
I would expect that once this is comitted, there would be a config
change for wmf wikis, so that there is no change until this has
been discussed with the community.
The included common password file was generated from the first
10000 entries of
https://github.com/danielmiessler/SecLists/blob/master/Passwords/rockyou.txt?raw=true
10,000 was chosen based on csteipp's suggestion.
Change-Id: I26a9e8f2318a1eed33d7638b125695e8de3a9796
Make password policies defined in a configurable policy, which is
defined by group. A user's password policy will be the maximum of
each group policy that the user belongs to.
Bug: T94774
Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
