[MediaWiki-commits] [Gerrit] Version 1.1 - change (mediawiki...HSTS)

Seb35 (Code Review) Tue, 16 Sep 2014 07:57:06 -0700

Seb35 has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/160665


Change subject: Version 1.1
......................................................................

Version 1.1

- Added availability for a true BetaFeature deployment
- When not a BetaFeature, enforce an HTTPS connection to change the preference
  (not possible to enforce this type of condition with BetaFeature.)
- Use static functions
- Added 3 messages (2 for the BetaFeature, 1 to enforce the HTTPS connection)

Change-Id: I970e0b5ffc063a6e9fb0b9452f1721b3ccb23e06
---
M HSTS.php
M i18n/en.json
M i18n/fr.json
3 files changed, 60 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/HSTS 
refs/changes/65/160665/1

diff --git a/HSTS.php b/HSTS.php
index 7c2df35..be97f72 100644
--- a/HSTS.php
+++ b/HSTS.php
@@ -65,13 +65,20 @@
  */
 $wgDefaultUserOptions['hsts'] = 0;
 
+/**
+ * Enable HSTS as a Beta Feature (see BetaFeatures extension)
+ * If true, the beta feature will have precedence over the
+ * user preference, which will no more be visible.
+ */
+$wgHSTSBetaFeature = false;
+
 
 /** REGISTRATION */
 $wgExtensionCredits['other'][] = array(
        'path' => __FILE__,
        'name' => 'HSTS',
        'author' => 'Seb35',
-       'version' => '1.0.0',
+       'version' => '1.1.0',
        'url' => 'https://www.mediawiki.org/wiki/Extension:HSTS',
        'descriptionmsg' => 'hsts-desc',
 );
@@ -81,7 +88,8 @@
 $wgMessagesDirs['HSTS'] = __DIR__ . '/i18n';
 $wgExtensionMessagesFiles['HSTS'] = __DIR__ . '/HSTS.i18n.php';
 
-$wgHooks['GetPreferences'][] = 'HSTSExtension::preference';
+$wgHooks['GetPreferences'][] = 'HSTSExtension::getPreferences';
+$wgHooks['GetBetaFeaturePreferences'][] = 
'HSTSExtension::getBetaFeaturePreferences';
 $wgHooks['BeforePageDisplay'][] = 'HSTSExtension::addHeader';
 
 
@@ -95,9 +103,12 @@
         * @var array $preferences Description of the preferences
         * @return true
         */
-       function preference( $user, &$preferences ) {
+       static function getPreferences( $user, &$preferences ) {
 
-               global $wgHSTSForUsers;
+               global $wgHSTSBetaFeature, $wgHSTSForUsers;
+
+               // If HSTS is activated as a Beta Feature, do not add it here
+               if( AutoLoader::loadClass( 'BetaFeatures' ) && 
$wgHSTSBetaFeature ) return true;
 
                // If HSTS is mandatory, do not display the choice
                if( $wgHSTSForUsers ) return true;
@@ -109,6 +120,40 @@
                        'section' => 'personal/info'
                );
 
+               // Enable this preference only if we are on HTTPS
+               if( $user->getRequest()->detectProtocol() !== 'https' ) {
+
+                       $preferences['hsts']['label-message'] = 
'hsts-https-tog';
+                       $preferences['hsts']['disabled'] = true;
+               }
+
+               return true;
+       }
+
+       /**
+        * Add the HSTS beta feature
+        *
+        * @var User $user Current user
+        * @var array $preferences Description of the Beta Features
+        * @return true
+        *
+        * @todo Add a screenshot (a padlock?)
+        */
+       static function getBetaFeaturePreferences( $user, &$preferences ) {
+
+               global $wgHSTSBetaFeature;
+
+               // If HSTS is activated as a Beta Feature, do not add it here
+               if( !$wgHSTSBetaFeature ) return true;
+
+               $preferences['hsts'] = array(
+                       'label-message' => 'hsts-beta-feature-message',
+                       'desc-message' => 'hsts-beta-feature-description',
+                       'info-link' => 
'https://www.mediawiki.org/wiki/Extension:HSTS',
+                       'discussion-link' => 
'https://www.mediawiki.org/wiki/Extension_talk:HSTS',
+                       'requirements' => array( 'betafeatures' => array( 
'prefershttps' ) )
+               );
+
                return true;
        }
 
@@ -118,12 +163,12 @@
         * @var Output $output Output object
         * @return true
         */
-       function addHeader( $output ) {
+       static function addHeader( $output ) {
 
                global $wgHSTSForAnons, $wgHSTSForUsers, 
$wgHSTSIncludeSubdomains, $wgHSTSMaxAge;
 
                // Check if the user will get STS header
-               if( $output->getRequest()->detectProtocol() != 'https' ) return 
true;
+               if( $output->getRequest()->detectProtocol() !== 'https' ) 
return true;
                if( $output->getUser()->isAnon() && !$wgHSTSForAnons ) return 
true;
                if( $output->getUser()->isLoggedIn() && !$wgHSTSForUsers && 
!$output->getUser()->getOption('hsts') ) return true;
 
diff --git a/i18n/en.json b/i18n/en.json
index 553735a..3d20350 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -5,5 +5,8 @@
         ]
     },
     "hsts-desc": "HSTS (HTTP Strict Transport Security) on a per-user basis",
-    "hsts-tog": "Enable HTTP Strict Transport Security (HSTS)"
-}
\ No newline at end of file
+    "hsts-tog": "Enable HTTP Strict Transport Security (HSTS)",
+    "hsts-https-tog": "Enable HTTP Strict Transport Security (HSTS)<br 
/>Reload this page with HTTPS to change this preference.",
+    "hsts-beta-feature-message": "Always use a secure connection",
+    "hsts-beta-feature-description": "This reinforces your security on this 
website by keeping you secure even after you log out, and assures nobody can 
spy you during your browsing. With this option activated and a recent browser 
supporting this technology (HSTS), any security alert is very probably a true 
attack against you."
+}
diff --git a/i18n/fr.json b/i18n/fr.json
index 5cf5228..7148149 100644
--- a/i18n/fr.json
+++ b/i18n/fr.json
@@ -5,5 +5,8 @@
                ]
        },
        "hsts-desc": "HSTS (HTTP Strict Transport Security) configurable par 
utilisateur",
-       "hsts-tog": "Activer HTTP Strict Transport Security (HSTS)"
+       "hsts-tog": "Activer HTTP Strict Transport Security (HSTS)",
+       "hsts-https-tog": "Activer HTTP Strict Transport Security (HSTS)<br 
/>Rechargez cette page avec HTTPS pour changer cette préférence",
+       "hsts-beta-feature-message": "Toujours utiliser une connexion 
sécurisée",
+       "hsts-beta-feature-description": "Ceci renforce votre sécurité sur ce 
site web en gardant une connexion sécurisée même après que vous vous soyez 
déconnecté et vous assure que personne ne peut vous espionner pendant votre 
navigation. Lorsque cette option est activée et que vous utilisez un navigateur 
récent avec cette technologie (HSTS), toute alerte de sécurité est très 
probablement une vraie attaque contre vous."
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/160665
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I970e0b5ffc063a6e9fb0b9452f1721b3ccb23e06
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/HSTS
Gerrit-Branch: master
Gerrit-Owner: Seb35 <seb35wikipe...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Version 1.1 - change (mediawiki...HSTS)

Reply via email to