[MediaWiki-commits] [Gerrit] operations/mediawiki-config[master]: Test authmanager restricter in labs

Tue, 25 Apr 2017 08:28:02 -0700 

Brian Wolff has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/350231 )

Change subject: Test authmanager restricter in labs
......................................................................

Test authmanager restricter in labs

This was causing problems with logstash in production for
unknown reasons.

Change-Id: Iec2c34283b33f81dd4e27cae4bbfce945fa05786
---
M wmf-config/CommonSettings-labs.php
1 file changed, 40 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/31/350231/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index 14442de..cbe787f 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -373,4 +373,44 @@
        $wg3dProcessor = '/usr/bin/xvfb-run -a -s "-ac -screen 0 1280x1024x24" 
/srv/deployment/3d2png/deploy/src/3d2png.js';
 }
 
+
+$wgAuthManagerAutoConfig['preauth'][GuanacoProvider::class] = [
+       'class' => GuanacoProvider::class,
+       'sort' => 0,
+];
+class GuanacoProvider extends 
\MediaWiki\auth\AbstractPreAuthenticationProvider {
+       const EVILUA = 'Bawolff test';
+
+       public function testUserForCreation( $user, $autocreate, array $options 
= [] ) {
+               return $this->testUser( $user );
+       }
+       public function testForAccountCreation( $user, $creator, array $reqs ) {
+               return $this->testUser( $user );
+       }
+       public function testUser( $user ) {
+               $ua = $this->manager->getRequest()->getHeader( 'User-agent' );
+               $logger = \MediaWiki\Logger\LoggerFactory::getInstance( 
'badpass' );
+               if ( $ua === self::EVILUA ) {
+                       $logger->info( 'Account creation prevented due to UA 
{name}', [
+                               'successful' => false,
+                               'name' => $user->getName(),
+                               'ua' => $ua,
+                       ] );
+                       // To be misleading, claim its a throttle hit.
+                       // hopefully this will confuse attacker.
+                       $msg = wfMessage( 'acct_creation_throttle_hit' 
)->params( 6 )
+                               ->durationParams( 86400 );
+                       return \StatusValue::newFatal( $msg );
+               }
+
+               $logger->info( 'Account creation allowed due to UA {name}', [
+                       'successful' => true,
+                       'name' => $user->getName(),
+                       'ua' => $ua,
+               ] );
+               return \StatusValue::newGood();
+       }
+}
+
+
 } # end safeguard

-- 
To view, visit https://gerrit.wikimedia.org/r/350231
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iec2c34283b33f81dd4e27cae4bbfce945fa05786
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to