Does not work as it will also log failed login attempts due
to a wrong password.
This reverts commit 9a97a7530f.
Change-Id: I6abd19da4e6939315a7fe6f7debe5227b68d38a7
To be able to identify any users who are unable to log in when switching
from allowing local authentication to strict.
Change-Id: I2ebdccdad9c7794d1c1b13db6a646a43bc770c4e
* READ_LOCKING is a composite field, so it can yeild 00, 01,
10, or 11 for the relevant two bits. Only one of them should
pass the check to avoid locking and snapshot breaking queries
for no reason.
Change-Id: Ief04ac20c7639fcf79443a3ee39a471542a59551
* This helps if multiple account creation attempts were made in a row
and the slave selected was lagged (either too much for Chronology
Protector or the user did not resend the cookies to link the session).
* The locking also better handles concurrent attempt to make another
account, especially with CentralAuth trying to make external accounts.
This assumes that the rate of concurrent account creations with close
names is low enough given trx speed to avoid gap locking issues. This
will need to be confirmed with low error log rates to be sure.
* The User::idFromName() method now includes a $flags parameter.
Bug: T104615
Change-Id: I8385526a19efc528a016ad2bbf376b377138966b
* This still allows If-Modified-Since logic but does not
need to broadcast initialization values just because a
key fell out of cache. The value can differ between DCs
anyway via skew, this just lets them drift more. Actual
purge events are still broadcasted, which is what matters.
* The User class has now been simplified given this change.
* Added more general comments to getCheckKeyTime().
Change-Id: Ic1f4bbb1947e0d1dd47499c9e9dc86991c30580c
* This covers CentralAuthHooks::onUserLoadFromSession()
among other cases (OAuth user loading, ect).
Bug: T92357
Change-Id: I9c90027d8852ff8c1d626c03b5dbd765b95b0ce1
* Add the $wgExtendedLoginCookies configuration variable, which defines
the set of login cookies that can have their lifetime configured
independently
* Add the $wgExtendedLoginCookieExpiration configuration variable, which
dictates when the extended lifetime login cookies expire
* Default $wgExtendedLoginCookieExpiration to null so that the current
behaviour is unaffected
Bug: T68699
Change-Id: I0cc24524e4d7d9d1d21c9fa8a28c7c76b677b96c
* By default, users will load from the slave unless
the thread did a recent DB write. This is to handle
changes within a request.
* ChronologyProtector should avoid staleness in common
cases, and the CAS check on user_touched is a final
barrier to block stale user object updates.
* Note that passwords are not cached, so they hit the
DB when ever needed. Passwords now load from slaves
when possible, instead of the master.
* This should get the code closer to handling user
login and logged in users when the master is down.
* Fixed loadFromId() when READ_LOCKING is used.
* Also addressed TODO comment in load().
Bug: T92357
Change-Id: I0a8bdab720c19fe3fc2381799ae2e90ff09bb4cf
Make password policies defined in a configurable policy, which is
defined by group. A user's password policy will be the maximum of
each group policy that the user belongs to.
Bug: T94774
Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
Rather than call $this->load() unconditionally, get just the ID via
$this->getId(), potentially saving us a database lookup.
Change-Id: Ifa3b96956a1d66d3e877573ff01970758fad8790
* This adds a wgActivityUpdatesUseJobQueue setting, which lets
these updates work via the job queue, rather than direct DB
master updates.
Bug: T91284
Change-Id: Ie60e20162fd833e64d81763a6aa1dc3faf2162f3
* This should avoid duplicate logging events on races or when
the cache fails to update.
* Also added getDBTouched() method to get user_touched itself.
Bug: T48834
Change-Id: Ib2cd0a2c72629fa4e13dcff4d2d6fbac8e690b32
You can add tags at the same time as performing action=edit, as long as you
have the "applychangetags" right. Also, you can add or remove tags after
the fact from revisions and log entries using the API action=tags.
No UI is provided for either of these changes. The target audience is user
scripts, gadgets and similar tools.
Includes a new log parameter format type: "list", for a comma-separated
list of values.
Logging of change tag events is limited to those that do not accompany an
edit (i.e. those done after the fact), and is hidden from Special:Log by
default, similar to the patrol log.
Bug: T20670
Change-Id: I37275e0f73fa3127f55da0c320b892551b61ee80
* This method is used for clearing the User cache as well
as bumping the value of getTouched() for HTTP 304 logic.
These do not need to do the actual user_touched update.
* This also avoids problems with setting mTouched but
deferring the update. That confused the CAS update
logic since it expects mTouched to be in the DB.
Change-Id: I96b30f5c9c8b4714e6663b187f741954a13312cf
* This does not handle race conditions, but is a prelude to using CAS
style logic on save using the timestamp.
Change-Id: I9c31c272fcf77b686764b7c3a6a32ac29576347c
* Ideally saveSettings() would not just silently do nothing in
read-only mode as not all callers expect that behavior. This
change is just the first step.
Change-Id: Ieeaf531dac3027ddba89c60159b98f9c04de78d3
Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.
Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.
Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
* Warn when saving slave-loaded data in saveSettings()
* Respect the loading $flags for preferences/groups
* Fixed use of flags in addToDatabase()
* Made loadFromCache() protected to make this mess easier
to reason about (no callers found)
* Added some doc comments
Bug: T92232
Change-Id: Ic1dd66063cc2f98fc03861df1c523981f846a0be
