jenkins-bot has submitted this change and it was merged.
Change subject: Change secure login to use a user preference
......................................................................
Change secure login to use a user preference
Removed the wpStickHTTPS checkbox from the login form, and instead
just use the user's preferences along with whether they came from
HTTPS or not to determine if they should stay in HTTPS.
Bug: 29898
Bug: 52283
Change-Id: I69e9cb23b8d700e821b8a961c672958e4e19e4f8
---
M RELEASE-NOTES-1.22
M includes/DefaultSettings.php
M includes/Preferences.php
M includes/User.php
M includes/Wiki.php
M includes/specials/SpecialUserlogin.php
M includes/templates/Userlogin.php
M languages/messages/MessagesEn.php
M languages/messages/MessagesQqq.php
M maintenance/language/messages.inc
10 files changed, 51 insertions(+), 22 deletions(-)
Approvals:
Aaron Schulz: Looks good to me, approved
jenkins-bot: Verified
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index b1e88a4..51eeb85 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -46,6 +46,9 @@
* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
default gallery mode.
* New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
+* The checkbox for staying in HTTPS displayed on the login form when
$wgSecureLogin is
+ enabled has been removed. Instead, whether the user stays in HTTPS will be
determined
+ based on the user's preferences, and whether they came from HTTPS or not.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements
and attributes.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 87c1b6b..8f8f508 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3965,6 +3965,7 @@
'watchmoves' => 0,
'wllimit' => 250,
'useeditwarning' => 1,
+ 'prefershttps' => 1,
);
/**
diff --git a/includes/Preferences.php b/includes/Preferences.php
index 2bb1e64..9791d8b 100644
--- a/includes/Preferences.php
+++ b/includes/Preferences.php
@@ -188,7 +188,8 @@
global $wgAuth, $wgContLang, $wgParser, $wgCookieExpiration,
$wgLanguageCode,
$wgDisableTitleConversion, $wgDisableLangConversion,
$wgMaxSigChars,
$wgEnableEmail, $wgEmailConfirmToEdit,
$wgEnableUserEmail, $wgEmailAuthentication,
- $wgEnotifWatchlist, $wgEnotifUserTalk,
$wgEnotifRevealEditorAddress;
+ $wgEnotifWatchlist, $wgEnotifUserTalk,
$wgEnotifRevealEditorAddress,
+ $wgSecureLogin;
// retrieving user name for GENDER and misc.
$userName = $user->getName();
@@ -313,6 +314,15 @@
'section' => 'personal/info',
);
}
+ // Only show preferhttps if secure login is turned on
+ if ( $wgSecureLogin ) {
+ $defaultPreferences['prefershttps'] = array(
+ 'type' => 'toggle',
+ 'label-message' => 'tog-prefershttps',
+ 'default' => true,
+ 'section' => 'personal/info'
+ );
+ }
// Language
$languages = Language::fetchLanguageNames( null, 'mw' );
diff --git a/includes/User.php b/includes/User.php
index 72f66f0..dcfc511 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2600,6 +2600,21 @@
}
/**
+ * Determine based on the wiki configuration and the user's options,
+ * whether this user must be over HTTPS no matter what.
+ *
+ * @return bool
+ */
+ public function requiresHTTPS() {
+ global $wgSecureLogin;
+ if ( !$wgSecureLogin ) {
+ return false;
+ } else {
+ return $this->getBoolOption( 'prefershttps' );
+ }
+ }
+
+ /**
* Get the user preferred stub threshold
*
* @return int
@@ -3186,7 +3201,7 @@
* will cause the site to redirect the user to HTTPS, if they
access
* it over HTTP. Bug 29898.
*/
- if ( $request->getCheck( 'wpStickHTTPS' ) ) {
+ if ( $request->getCheck( 'wpStickHTTPS' ) ||
$this->requiresHTTPS() ) {
$this->setCookie( 'forceHTTPS', 'true', time() +
2592000, false ); //30 days
}
}
diff --git a/includes/Wiki.php b/includes/Wiki.php
index cb0f60a..6e72b9d 100644
--- a/includes/Wiki.php
+++ b/includes/Wiki.php
@@ -502,9 +502,16 @@
$request = $this->context->getRequest();
- if ( $request->getCookie( 'forceHTTPS' )
- && $request->detectProtocol() == 'http'
- && $request->getMethod() == 'GET'
+ // If the user has forceHTTPS set to true, or if the user
+ // is in a group requiring HTTPS, or if they have the HTTPS
+ // preference set, redirect them to HTTPS.
+ if (
+ (
+ $request->getCookie( 'forceHTTPS' ) ||
+ // Avoid checking the user and groups unless
it's enabled.
+ $this->context->getUser()->requiresHTTPS()
+ ) &&
+ $request->detectProtocol() == 'http'
) {
$redirUrl = $request->getFullRequestURL();
$redirUrl = str_replace( 'http://', 'https://',
$redirUrl );
diff --git a/includes/specials/SpecialUserlogin.php
b/includes/specials/SpecialUserlogin.php
index cfd617e..2081dd9 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -105,7 +105,7 @@
$this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
$this->mAction = $request->getVal( 'action' );
$this->mRemember = $request->getCheck( 'wpRemember' );
- $this->mStickHTTPS = $request->getCheck( 'wpStickHTTPS' );
+ $this->mStickHTTPS = $request->getBool( 'wpStickHTTPS' );
$this->mLanguage = $request->getText( 'uselang' );
$this->mSkipCookieCheck = $request->getCheck(
'wpSkipCookieCheck' );
$this->mToken = ( $this->mType == 'signup' ) ?
$request->getVal( 'wpCreateaccountToken' ) : $request->getVal( 'wpLoginToken' );
@@ -747,6 +747,10 @@
$user->invalidateCache();
}
+ if ( $user->requiresHTTPS() ) {
+ $this->mStickHTTPS = true;
+ }
+
if ( $wgSecureLogin && !$this->mStickHTTPS ) {
$user->setCookies( null, false );
} else {
@@ -1154,7 +1158,7 @@
$template->set( 'usereason', $user->isLoggedIn() );
$template->set( 'remember', $user->getOption(
'rememberpassword' ) || $this->mRemember );
$template->set( 'cansecurelogin', ( $wgSecureLogin === true ) );
- $template->set( 'stickHTTPS', $this->mStickHTTPS );
+ $template->set( 'stickHTTPS', (int)$this->mStickHTTPS );
if ( $this->mType === 'signup' && $user->isLoggedIn() ) {
$template->set( 'createAnother', true );
diff --git a/includes/templates/Userlogin.php b/includes/templates/Userlogin.php
index b9825a6..f41f403 100644
--- a/includes/templates/Userlogin.php
+++ b/includes/templates/Userlogin.php
@@ -151,18 +151,6 @@
<?php } ?>
</div>
- <?php if ( $this->data['cansecurelogin'] ) { ?>
- <div>
- <label class="mw-ui-checkbox-label">
- <input name="wpStickHTTPS" type="checkbox"
value="1" id="wpStickHTTPS" tabindex="5"
- <?php if ( $this->data['stickHTTPS'] ) {
- echo 'checked="checked"';
- } ?>
- >
- <?php $this->msg( 'securelogin-stick-https' );
?>
- </label>
- </div>
- <?php } ?>
<div>
<?php
echo Html::input( 'wpLoginAttempt', $this->getMsg(
'login' )->text(), 'submit', array(
@@ -182,6 +170,7 @@
<?php } ?>
<?php if ( $this->haveData( 'uselang' ) ) { ?><input type="hidden"
name="uselang" value="<?php $this->text( 'uselang' ); ?>" /><?php } ?>
<?php if ( $this->haveData( 'token' ) ) { ?><input type="hidden"
name="wpLoginToken" value="<?php $this->text( 'token' ); ?>" /><?php } ?>
+<?php if ( $this->data['cansecurelogin'] ) {?><input type="hidden"
name="wpStickHTTPS" value="<?php $this->text( 'stickHTTPS' ); ?>" /><?php } ?>
</form>
</div>
</div>
diff --git a/languages/messages/MessagesEn.php
b/languages/messages/MessagesEn.php
index 7bb3bd2..a9c1360 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -694,6 +694,7 @@
'tog-noconvertlink' => 'Disable link title conversion', # only
translate this message to other languages if you have to change it
'tog-norollbackdiff' => 'Omit diff after performing a rollback',
'tog-useeditwarning' => 'Warn me when I leave an edit page with
unsaved changes',
+'tog-prefershttps' => 'Always use a secure connection when logged
in',
'underline-always' => 'Always',
'underline-never' => 'Never',
@@ -1116,7 +1117,6 @@
'remembermypassword' => 'Remember my login on this browser (for a
maximum of $1 {{PLURAL:$1|day|days}})',
'userlogin-remembermypassword' => 'Keep me logged in',
'userlogin-signwithsecure' => 'Use secure connection',
-'securelogin-stick-https' => 'Stay connected to HTTPS after login',
'yourdomainname' => 'Your domain:',
'password-change-forbidden' => 'You cannot change passwords on this
wiki.',
'externaldberror' => 'There was either an authentication
database error or you are not allowed to update your external account.',
diff --git a/languages/messages/MessagesQqq.php
b/languages/messages/MessagesQqq.php
index e7e9897..d208c15 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -202,6 +202,7 @@
'tog-ccmeonemails' => 'Option in [[Special:Preferences]] >
{{int:prefs-personal}} > {{int:email}}. {{Gender}}',
'tog-diffonly' => 'Toggle option used in [[Special:Preferences]]. {{Gender}}',
'tog-showhiddencats' => 'Toggle option used in [[Special:Preferences]].
{{Gender}}',
+'tog-prefershttps' => 'Toggle option used in [[Special:Preferences]] that
indicates if the user wants to use a secure connection when logged in',
'tog-noconvertlink' => "{{optional}}
''(the message is considered optional because it is only used in wikis with
language variants)''",
@@ -1222,7 +1223,6 @@
'userlogin-signwithsecure' => 'Text of link to HTTPS login form.
See example: [[Special:UserLogin]]',
-'securelogin-stick-https' => 'Used as label for checkbox.',
'yourdomainname' => 'Used as label for listbox.',
'password-change-forbidden' => 'Error message shown when an external
authentication source does not allow the password to be changed.',
'externaldberror' => 'This message is thrown when a valid attempt to change
the wiki password for a user fails because of a database error or an error from
an external system.',
diff --git a/maintenance/language/messages.inc
b/maintenance/language/messages.inc
index aa8d7cc..68b2d17 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -70,6 +70,7 @@
'tog-noconvertlink',
'tog-norollbackdiff',
'tog-useeditwarning',
+ 'tog-prefershttps'
),
'underline' => array(
'underline-always',
@@ -459,7 +460,6 @@
'remembermypassword',
'userlogin-remembermypassword',
'userlogin-signwithsecure',
- 'securelogin-stick-https',
'yourdomainname',
'password-change-forbidden',
'externaldberror',
--
To view, visit https://gerrit.wikimedia.org/r/47089
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I69e9cb23b8d700e821b8a961c672958e4e19e4f8
Gerrit-PatchSet: 12
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Parent5446 <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: Alex Monk <[email protected]>
Gerrit-Reviewer: Brion VIBBER <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Demon <[email protected]>
Gerrit-Reviewer: Greg Grossmeier <[email protected]>
Gerrit-Reviewer: Krinkle <[email protected]>
Gerrit-Reviewer: MZMcBride <[email protected]>
Gerrit-Reviewer: Mattflaschen <[email protected]>
Gerrit-Reviewer: Parent5446 <[email protected]>
Gerrit-Reviewer: Siebrand <[email protected]>
Gerrit-Reviewer: TheDJ <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
