core)

jenkins-bot (Code Review) Mon, 02 Nov 2015 11:37:10 -0800

jenkins-bot has submitted this change and it was merged.

Change subject: Installer: Validate password against sysop/bureaucrat policies
......................................................................



Installer: Validate password against sysop/bureaucrat policies

Previously, user-group-specific policies were not checked, because the
user hadn't been created yet, and so wasn't assigned to any groups. In his
overhaul of password policy, Chris wrote a function that was designed for
exactly this purpose (UserPasswordPolicy::checkUserPasswordForGroups) but
didn't put it into use.

Some changes to the error handling code are needed so the error messages
display correctly.

Bug: T115700
Change-Id: I1391c77c9667b646b29003bb0b2abcdc21d8c4d8
---
M includes/installer/WebInstaller.php
M includes/installer/WebInstallerPage.php
2 files changed, 25 insertions(+), 12 deletions(-)

Approvals:
  CSteipp: Looks good to me, but someone else must approve
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/installer/WebInstaller.php 
b/includes/installer/WebInstaller.php
index 9edc25a..e8433f2 100644
--- a/includes/installer/WebInstaller.php
+++ b/includes/installer/WebInstaller.php
@@ -386,15 +386,19 @@
        }
 
        /**
-        * Show an error message in a box. Parameters are like wfMessage().
-        * @param string $msg
+        * Show an error message in a box. Parameters are like wfMessage(), or
+        * alternatively, pass a Message object in.
+        * @param string|Message $msg
         */
        public function showError( $msg /*...*/ ) {
-               $args = func_get_args();
-               array_shift( $args );
-               $args = array_map( 'htmlspecialchars', $args );
-               $msg = wfMessage( $msg, $args )->useDatabase( false )->plain();
-               $this->output->addHTML( $this->getErrorBox( $msg ) );
+               if ( !( $msg instanceof Message ) ) {
+                       $args = func_get_args();
+                       array_shift( $args );
+                       $args = array_map( 'htmlspecialchars', $args );
+                       $msg = wfMessage( $msg, $args );
+               }
+               $text = $msg->useDatabase( false )->plain();
+               $this->output->addHTML( $this->getErrorBox( $text ) );
        }
 
        /**
diff --git a/includes/installer/WebInstallerPage.php 
b/includes/installer/WebInstallerPage.php
index 191c752..0fcda7d 100644
--- a/includes/installer/WebInstallerPage.php
+++ b/includes/installer/WebInstallerPage.php
@@ -830,6 +830,8 @@
         * @return bool
         */
        public function submit() {
+               global $wgPasswordPolicy;
+
                $retVal = true;
                $this->parent->setVarsFromRequest( array( 'wgSitename', 
'_NamespaceType',
                        '_AdminName', '_AdminPassword', 
'_AdminPasswordConfirm', '_AdminEmail',
@@ -906,14 +908,21 @@
                $pwd = $this->getVar( '_AdminPassword' );
                $user = User::newFromName( $cname );
                if ( $user ) {
-                       $status = $user->checkPasswordValidity( $pwd, 'create' 
);
-                       $valid = $status->isGood() ? true : 
$status->getMessage()->escaped();
+                       $upp = new UserPasswordPolicy(
+                               $wgPasswordPolicy['policies'],
+                               $wgPasswordPolicy['checks']
+                       );
+                       $status = $upp->checkUserPasswordForGroups(
+                               $user,
+                               $pwd,
+                               array( 'bureaucrat', 'sysop' )  // per 
Installer::createSysop()
+                       );
+                       $valid = $status->isGood() ? true : 
$status->getMessage();
                } else {
                        $valid = 'config-admin-name-invalid';
                }
                if ( strval( $pwd ) === '' ) {
-                       # $user->getPasswordValidity just checks for 
$wgMinimalPasswordLength.
-                       # This message is more specific and helpful.
+                       // Provide a more specific and helpful message if 
password field is left blank
                        $msg = 'config-admin-password-blank';
                } elseif ( $pwd !== $this->getVar( '_AdminPasswordConfirm' ) ) {
                        $msg = 'config-admin-password-mismatch';
@@ -921,7 +930,7 @@
                        $msg = $valid;
                }
                if ( $msg !== false ) {
-                       call_user_func_array( array( $this->parent, 'showError' 
), (array)$msg );
+                       call_user_func( array( $this->parent, 'showError' ), 
$msg );
                        $this->setVar( '_AdminPassword', '' );
                        $this->setVar( '_AdminPasswordConfirm', '' );
                        $retVal = false;

-- 
To view, visit https://gerrit.wikimedia.org/r/249722
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1391c77c9667b646b29003bb0b2abcdc21d8c4d8
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: TTO <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Chad <[email protected]>
Gerrit-Reviewer: Siebrand <[email protected]>
Gerrit-Reviewer: TTO <[email protected]>
Gerrit-Reviewer: Waldir <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Installer: Validate password against sysop/bureaucrat policies - change (mediawiki/core)

Reply via email to