Anomie has uploaded a new change for review. https://gerrit.wikimedia.org/r/282202
Change subject: AuthManager release notes ...................................................................... AuthManager release notes Change-Id: I0f28e6493e6e5ff8ce4eeee1d8cc976ad2eb6d0b --- M RELEASE-NOTES-1.27 1 file changed, 51 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/02/282202/1 diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27 index a6dfecc..779cd95 100644 --- a/RELEASE-NOTES-1.27 +++ b/RELEASE-NOTES-1.27 @@ -114,6 +114,26 @@ module should express a dependency on it. * Removed configuration option $wgCopyrightIcon (deprecated since 1.18). Use $wgFooterIcons['copyright']['copyright'] instead. +* Massive overhaul to authentication: +** AuthPlugin and AuthPluginUser are deprecated. +** LoginForm and associated templates are deprecated. +** The following hooks are deprecated: +*** AbortAutoAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead) +*** AbortLogin (create a MediaWiki\Auth\PreAuthenticationProvider instead) +*** AbortNewAccount (create a MediaWiki\Auth\PreAuthenticationProvider instead) +*** AddNewAccount (use LocalUserCreated instead) +*** AuthPluginSetup (create a MediaWiki\Auth\PrimaryAuthenticationProvider instead) +*** ChangePasswordForm (use AuthChangeFormFields instead, or security levels) +*** LoginUserMigrated (create a MediaWiki\Auth\PreAuthenticationProvider instead) +*** UserCreateForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead) +*** UserLoginForm (create a MediaWiki\Auth\AuthenticationProvider of some type instead) +** The following hooks are removed: +*** AbortChangePassword +*** LoginPasswordResetMessage +*** PrefsPasswordAudit +** The UserLoginComplete hook will no longer be called for all logins, only for + those via the web UI. Use UserLoggedIn if you need to do something on all + logins. === New features in 1.27 === * $wgDataCenterUpdateStickTTL was also added. This decides how long a user @@ -188,6 +208,22 @@ and error messages. It is available client-side via mw.config.get( 'wgRequestId' ). The request ID supplants exception IDs. Accordingly, MWExceptionHandler::getLogId() is deprecated. +* MediaWiki\Auth infrastructure (called "AuthManager") allows for more flexible + configuration of multiple authentication pieces that was possible with + AuthPlugin. For example, it's now easy to plug in second-factor + authentication, or add additional checks to the login process, or to support + multiple login methods at once, or to support non-password-based login methods. +** A global, $wgDisableAuthManager, is temporarily available to disable + AuthManager until extensions are ready to support it. +** New hook, AuthChangeFormFields, to adjust the form fields on + AuthManager-related special pages. +** New hook, AuthManagerLoginAuthenticateAudit, for additional logging of + AuthManager-related authentication requests. +** New hook, ChangeAuthenticationDataAudit, for additional logging of + AuthManager-related authentication data changes. +** New hook, SecuritySensitiveOperationStatus, to work with the new mechanism + for requiring a recent login before taking security-sensitive operations + like changing a password. === External library changes in 1.27 === @@ -229,6 +265,18 @@ merely need to change the username and password used after setting up a bot password. * action=upload no longer understands statuskey, asyncdownload or leavemessage. +* Several changes when $wgDisableAuthManager is false: +** action=login is deprecated for uses other than bot passwords. +** list=users will now indicate if a missing username is creatable. +** action=createaccount is changed in a non-backwards-compatible manner. +** Added action=query&meta=authmanagerinfo. +** Added action=clientlogin to be used to log into the main account instead of + action=login. +** Added action=linkaccount. +** Added action=unlinkaccount. +** Added action=changeauthenticationdata. +** Added action=removeauthenticationdata. +** Added action=resetpassword. === Action API internal changes in 1.27 === * ApiQueryORM removed. @@ -261,6 +309,7 @@ * ApiMain::addFormat() was removed (deprecated in 1.21). * ApiMain::getFormats() was removed (deprecated in 1.21). * ApiPageSet::finishPageSetGeneration() was removed (deprecated in 1.21). +* ApiCreateAccount is deprecated, and will be removed soon. === Languages updated in 1.27 === @@ -412,6 +461,8 @@ * UserMailer::send() no longer accepts $replyto as the 5th argument and $contentType as the 6th. These must be passed in the options array now. * Title::newFromRedirectRecurse() was removed (deprecated in 1.21). +* User::addNewUserLogEntry() was deprecated. +* User::addNewUserLogEntryAutoCreate() was deprecated. == Compatibility == -- To view, visit https://gerrit.wikimedia.org/r/282202 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0f28e6493e6e5ff8ce4eeee1d8cc976ad2eb6d0b Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Anomie <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
