jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/324968 )
Change subject: API: Add action=validatepassword ...................................................................... API: Add action=validatepassword This will allow for checking passwords against the wiki's password policy from the account creation and password change forms. Bug: T111303 Change-Id: I0de281483bd83e47d80aa1ea37149d14f2ae5ebd --- M RELEASE-NOTES-1.29 M autoload.php M docs/hooks.txt M includes/api/ApiMain.php A includes/api/ApiValidatePassword.php M includes/api/i18n/en.json M includes/api/i18n/qqq.json 7 files changed, 104 insertions(+), 0 deletions(-) Approvals: Gergő Tisza: Looks good to me, approved jenkins-bot: Verified diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29 index 3af1654..10b152d 100644 --- a/RELEASE-NOTES-1.29 +++ b/RELEASE-NOTES-1.29 @@ -75,6 +75,8 @@ 'stasherrors' rather than a 'stashfailed' text string. * action=watch reports 'errors' and 'warnings' instead of a single 'error', and no longer returns a 'message' on success. +* Added action=validatepassword to validate passwords for the account creation + and password change forms. === Action API internal changes in 1.29 === * New methods were added to ApiBase to handle errors and warnings using i18n diff --git a/autoload.php b/autoload.php index 941b335..d85b679 100644 --- a/autoload.php +++ b/autoload.php @@ -147,6 +147,7 @@ 'ApiUpload' => __DIR__ . '/includes/api/ApiUpload.php', 'ApiUsageException' => __DIR__ . '/includes/api/ApiUsageException.php', 'ApiUserrights' => __DIR__ . '/includes/api/ApiUserrights.php', + 'ApiValidatePassword' => __DIR__ . '/includes/api/ApiValidatePassword.php', 'ApiWatch' => __DIR__ . '/includes/api/ApiWatch.php', 'ArchivedFile' => __DIR__ . '/includes/filerepo/file/ArchivedFile.php', 'ArrayDiffFormatter' => __DIR__ . '/includes/diff/ArrayDiffFormatter.php', diff --git a/docs/hooks.txt b/docs/hooks.txt index 1ecc1f8..862f9f0 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -592,6 +592,10 @@ &$tokenTypes: supported token types in format 'type' => callback function used to retrieve this type of tokens. +'ApiValidatePassword': Called from ApiValidatePassword. +$module: ApiValidatePassword instance. +&$r: Result array. + 'Article::MissingArticleConditions': Before fetching deletion & move log entries to display a message of a non-existing page being deleted/moved, give extensions a chance to hide their (unrelated) log entries. diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 54679a8..4220fb8 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -79,6 +79,7 @@ 'tokens' => 'ApiTokens', 'checktoken' => 'ApiCheckToken', 'cspreport' => 'ApiCSPReport', + 'validatepassword' => 'ApiValidatePassword', // Write modules 'purge' => 'ApiPurge', diff --git a/includes/api/ApiValidatePassword.php b/includes/api/ApiValidatePassword.php new file mode 100644 index 0000000..6968523 --- /dev/null +++ b/includes/api/ApiValidatePassword.php @@ -0,0 +1,81 @@ +<?php + +use MediaWiki\Auth\AuthManager; + +/** + * @ingroup API + */ +class ApiValidatePassword extends ApiBase { + + public function execute() { + $params = $this->extractRequestParams(); + + // For sanity + $this->requirePostedParameters( [ 'password' ] ); + + if ( $params['user'] !== null ) { + $user = User::newFromName( $params['user'], 'creatable' ); + if ( !$user ) { + $encParamName = $this->encodeParamName( 'user' ); + $this->dieWithError( + [ 'apierror-baduser', $encParamName, wfEscapeWikiText( $params['user'] ) ], + "baduser_{$encParamName}" + ); + } + + if ( !$user->isAnon() || AuthManager::singleton()->userExists( $user->getName() ) ) { + $this->dieWithError( 'userexists' ); + } + + $user->setEmail( (string)$params['email'] ); + $user->setRealName( (string)$params['realname'] ); + } else { + $user = $this->getUser(); + } + + $validity = $user->checkPasswordValidity( $params['password'] ); + $r['validity'] = $validity->isGood() ? 'Good' : ( $validity->isOK() ? 'Change' : 'Invalid' ); + $messages = array_merge( + $this->getErrorFormatter()->arrayFromStatus( $validity, 'error' ), + $this->getErrorFormatter()->arrayFromStatus( $validity, 'warning' ) + ); + if ( $messages ) { + $r['validitymessages'] = $messages; + } + + Hooks::run( 'ApiValidatePassword', [ $this, &$r ] ); + + $this->getResult()->addValue( null, $this->getModuleName(), $r ); + } + + public function mustBePosted() { + return true; + } + + public function getAllowedParams() { + return [ + 'password' => [ + ApiBase::PARAM_TYPE => 'password', + ApiBase::PARAM_REQUIRED => true + ], + 'user' => [ + ApiBase::PARAM_TYPE => 'user', + ], + 'email' => null, + 'realname' => null, + ]; + } + + protected function getExamplesMessages() { + return [ + 'action=validatepassword&password=foobar' + => 'apihelp-validatepassword-example-1', + 'action=validatepassword&password=querty&user=Example' + => 'apihelp-validatepassword-example-2', + ]; + } + + public function getHelpUrls() { + return 'https://www.mediawiki.org/wiki/API:Validatepassword'; + } +} diff --git a/includes/api/i18n/en.json b/includes/api/i18n/en.json index d748894..f6eeffe 100644 --- a/includes/api/i18n/en.json +++ b/includes/api/i18n/en.json @@ -1431,6 +1431,14 @@ "apihelp-userrights-example-user": "Add user <kbd>FooBot</kbd> to group <kbd>bot</kbd>, and remove from groups <kbd>sysop</kbd> and <kbd>bureaucrat</kbd>.", "apihelp-userrights-example-userid": "Add the user with ID <kbd>123</kbd> to group <kbd>bot</kbd>, and remove from groups <kbd>sysop</kbd> and <kbd>bureaucrat</kbd>.", + "apihelp-validatepassword-description": "Validate a password against the wiki's password policies.\n\nValidity is reported as <samp>Good</samp> if the password is acceptable, <samp>Change</samp> if the password may be used for login but must be changed, or <samp>Invalid</samp> if the password is not usable.", + "apihelp-validatepassword-param-password": "Password to validate.", + "apihelp-validatepassword-param-user": "User name, for use when testing account creation. The named user must not exist.", + "apihelp-validatepassword-param-email": "Email address, for use when testing account creation.", + "apihelp-validatepassword-param-realname": "Real name, for use when testing account creation.", + "apihelp-validatepassword-example-1": "Validate the password <kbd>foobar</kbd> for the current user.", + "apihelp-validatepassword-example-2": "Validate the password <kbd>qwerty</kbd> for creating user <kbd>Example</kbd>.", + "apihelp-watch-description": "Add or remove pages from the current user's watchlist.", "apihelp-watch-param-title": "The page to (un)watch. Use <var>$1titles</var> instead.", "apihelp-watch-param-unwatch": "If set the page will be unwatched rather than watched.", diff --git a/includes/api/i18n/qqq.json b/includes/api/i18n/qqq.json index 2bdc64a..1fbc3d0 100644 --- a/includes/api/i18n/qqq.json +++ b/includes/api/i18n/qqq.json @@ -1331,6 +1331,13 @@ "apihelp-userrights-param-reason": "{{doc-apihelp-param|userrights|reason}}", "apihelp-userrights-example-user": "{{doc-apihelp-example|userrights}}", "apihelp-userrights-example-userid": "{{doc-apihelp-example|userrights}}", + "apihelp-validatepassword-description": "{{doc-apihelp-description|validatepassword}}", + "apihelp-validatepassword-param-email": "{{doc-apihelp-param|validatepassword|email}}", + "apihelp-validatepassword-param-password": "{{doc-apihelp-param|validatepassword|password}}", + "apihelp-validatepassword-param-realname": "{{doc-apihelp-param|validatepassword|realname}}", + "apihelp-validatepassword-param-user": "{{doc-apihelp-param|validatepassword|user}}", + "apihelp-validatepassword-example-1": "{{doc-apihelp-example|validatepassword}}", + "apihelp-validatepassword-example-2": "{{doc-apihelp-example|validatepassword}}", "apihelp-watch-description": "{{doc-apihelp-description|watch}}", "apihelp-watch-param-title": "{{doc-apihelp-param|watch|title}}", "apihelp-watch-param-unwatch": "{{doc-apihelp-param|watch|unwatch}}", -- To view, visit https://gerrit.wikimedia.org/r/324968 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I0de281483bd83e47d80aa1ea37149d14f2ae5ebd Gerrit-PatchSet: 3 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Anomie <bjor...@wikimedia.org> Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: Legoktm <lego...@member.fsf.org> Gerrit-Reviewer: Siebrand <siebr...@kitano.nl> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits