Demon has uploaded a new change for review.
https://gerrit.wikimedia.org/r/79960
Change subject: Change secure login to use a user preference
......................................................................
Change secure login to use a user preference
Removed the wpStickHTTPS checkbox from the login form, and instead
just use the user's preferences along with whether they came from
HTTPS or not to determine if they should stay in HTTPS.
Bug: 29898
Bug: 52283
Change-Id: I69e9cb23b8d700e821b8a961c672958e4e19e4f8
---
M RELEASE-NOTES-1.22
M includes/DefaultSettings.php
M includes/Preferences.php
M includes/User.php
M includes/Wiki.php
M includes/specials/SpecialUserlogin.php
M includes/templates/Userlogin.php
M languages/messages/MessagesEn.php
M languages/messages/MessagesQqq.php
M maintenance/language/messages.inc
10 files changed, 51 insertions(+), 22 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/60/79960/1
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index c1f91bc..b314e4a 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -39,6 +39,9 @@
page protection levels. The rights 'editprotected' and 'editsemiprotected'
are now used for this purpose instead.
* (bug 40866) wgOldChangeTagsIndex removed.
+* The checkbox for staying in HTTPS displayed on the login form when
$wgSecureLogin is
+ enabled has been removed. Instead, whether the user stays in HTTPS will be
determined
+ based on the user's preferences, and whether they came from HTTPS or not.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements
and attributes.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index a6786c3..7e05d46 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3698,6 +3698,7 @@
'watchmoves' => 0,
'wllimit' => 250,
'useeditwarning' => 1,
+ 'prefershttps' => 1,
);
/** An array of preferences to not show for the user */
diff --git a/includes/Preferences.php b/includes/Preferences.php
index 16a7a6c..b65c61f 100644
--- a/includes/Preferences.php
+++ b/includes/Preferences.php
@@ -188,7 +188,8 @@
global $wgAuth, $wgContLang, $wgParser, $wgCookieExpiration,
$wgLanguageCode,
$wgDisableTitleConversion, $wgDisableLangConversion,
$wgMaxSigChars,
$wgEnableEmail, $wgEmailConfirmToEdit,
$wgEnableUserEmail, $wgEmailAuthentication,
- $wgEnotifWatchlist, $wgEnotifUserTalk,
$wgEnotifRevealEditorAddress;
+ $wgEnotifWatchlist, $wgEnotifUserTalk,
$wgEnotifRevealEditorAddress,
+ $wgSecureLogin;
// retrieving user name for GENDER and misc.
$userName = $user->getName();
@@ -313,6 +314,15 @@
'section' => 'personal/info',
);
}
+ // Only show preferhttps if secure login is turned on
+ if ( $wgSecureLogin ) {
+ $defaultPreferences['prefershttps'] = array(
+ 'type' => 'toggle',
+ 'label-message' => 'tog-prefershttps',
+ 'default' => true,
+ 'section' => 'personal/info'
+ );
+ }
// Language
$languages = Language::fetchLanguageNames( null, 'mw' );
diff --git a/includes/User.php b/includes/User.php
index 1d66503..265ffdf 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2590,6 +2590,21 @@
}
/**
+ * Determine based on the wiki configuration and the user's options,
+ * whether this user must be over HTTPS no matter what.
+ *
+ * @return bool
+ */
+ public function requiresHTTPS() {
+ global $wgSecureLogin;
+ if ( !$wgSecureLogin ) {
+ return false;
+ } else {
+ return $this->getBoolOption( 'prefershttps' );
+ }
+ }
+
+ /**
* Get the user preferred stub threshold
*
* @return int
@@ -3174,7 +3189,7 @@
* will cause the site to redirect the user to HTTPS, if they
access
* it over HTTP. Bug 29898.
*/
- if ( $request->getCheck( 'wpStickHTTPS' ) ) {
+ if ( $request->getCheck( 'wpStickHTTPS' ) ||
$this->requiresHTTPS() ) {
$this->setCookie( 'forceHTTPS', 'true', time() +
2592000, false ); //30 days
}
}
diff --git a/includes/Wiki.php b/includes/Wiki.php
index cb0f60a..6e72b9d 100644
--- a/includes/Wiki.php
+++ b/includes/Wiki.php
@@ -502,9 +502,16 @@
$request = $this->context->getRequest();
- if ( $request->getCookie( 'forceHTTPS' )
- && $request->detectProtocol() == 'http'
- && $request->getMethod() == 'GET'
+ // If the user has forceHTTPS set to true, or if the user
+ // is in a group requiring HTTPS, or if they have the HTTPS
+ // preference set, redirect them to HTTPS.
+ if (
+ (
+ $request->getCookie( 'forceHTTPS' ) ||
+ // Avoid checking the user and groups unless
it's enabled.
+ $this->context->getUser()->requiresHTTPS()
+ ) &&
+ $request->detectProtocol() == 'http'
) {
$redirUrl = $request->getFullRequestURL();
$redirUrl = str_replace( 'http://', 'https://',
$redirUrl );
diff --git a/includes/specials/SpecialUserlogin.php
b/includes/specials/SpecialUserlogin.php
index 6e557f3..f13b9cd 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -105,7 +105,7 @@
$this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
$this->mAction = $request->getVal( 'action' );
$this->mRemember = $request->getCheck( 'wpRemember' );
- $this->mStickHTTPS = $request->getCheck( 'wpStickHTTPS' );
+ $this->mStickHTTPS = $request->getBool( 'wpStickHTTPS' );
$this->mLanguage = $request->getText( 'uselang' );
$this->mSkipCookieCheck = $request->getCheck(
'wpSkipCookieCheck' );
$this->mToken = ( $this->mType == 'signup' ) ?
$request->getVal( 'wpCreateaccountToken' ) : $request->getVal( 'wpLoginToken' );
@@ -747,6 +747,10 @@
$user->invalidateCache();
}
+ if ( $user->requiresHTTPS() ) {
+ $this->mStickHTTPS = true;
+ }
+
if ( $wgSecureLogin && !$this->mStickHTTPS ) {
$user->setCookies( null, false );
} else {
@@ -1151,7 +1155,7 @@
$template->set( 'usereason', $user->isLoggedIn() );
$template->set( 'remember', $user->getOption(
'rememberpassword' ) || $this->mRemember );
$template->set( 'cansecurelogin', ( $wgSecureLogin === true ) );
- $template->set( 'stickHTTPS', $this->mStickHTTPS );
+ $template->set( 'stickHTTPS', (int)$this->mStickHTTPS );
if ( $this->mType === 'signup' && $user->isLoggedIn() ) {
$template->set( 'createAnother', true );
diff --git a/includes/templates/Userlogin.php b/includes/templates/Userlogin.php
index b9825a6..f41f403 100644
--- a/includes/templates/Userlogin.php
+++ b/includes/templates/Userlogin.php
@@ -151,18 +151,6 @@
<?php } ?>
</div>
- <?php if ( $this->data['cansecurelogin'] ) { ?>
- <div>
- <label class="mw-ui-checkbox-label">
- <input name="wpStickHTTPS" type="checkbox"
value="1" id="wpStickHTTPS" tabindex="5"
- <?php if ( $this->data['stickHTTPS'] ) {
- echo 'checked="checked"';
- } ?>
- >
- <?php $this->msg( 'securelogin-stick-https' );
?>
- </label>
- </div>
- <?php } ?>
<div>
<?php
echo Html::input( 'wpLoginAttempt', $this->getMsg(
'login' )->text(), 'submit', array(
@@ -182,6 +170,7 @@
<?php } ?>
<?php if ( $this->haveData( 'uselang' ) ) { ?><input type="hidden"
name="uselang" value="<?php $this->text( 'uselang' ); ?>" /><?php } ?>
<?php if ( $this->haveData( 'token' ) ) { ?><input type="hidden"
name="wpLoginToken" value="<?php $this->text( 'token' ); ?>" /><?php } ?>
+<?php if ( $this->data['cansecurelogin'] ) {?><input type="hidden"
name="wpStickHTTPS" value="<?php $this->text( 'stickHTTPS' ); ?>" /><?php } ?>
</form>
</div>
</div>
diff --git a/languages/messages/MessagesEn.php
b/languages/messages/MessagesEn.php
index b525465..3b1e0f4 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -690,6 +690,7 @@
'tog-noconvertlink' => 'Disable link title conversion', # only
translate this message to other languages if you have to change it
'tog-norollbackdiff' => 'Omit diff after performing a rollback',
'tog-useeditwarning' => 'Warn me when I leave an edit page with
unsaved changes',
+'tog-prefershttps' => 'Always use a secure connection when logged
in',
'underline-always' => 'Always',
'underline-never' => 'Never',
@@ -1112,7 +1113,6 @@
'remembermypassword' => 'Remember my login on this browser (for a
maximum of $1 {{PLURAL:$1|day|days}})',
'userlogin-remembermypassword' => 'Keep me logged in',
'userlogin-signwithsecure' => 'Use secure connection',
-'securelogin-stick-https' => 'Stay connected to HTTPS after login',
'yourdomainname' => 'Your domain:',
'password-change-forbidden' => 'You cannot change passwords on this
wiki.',
'externaldberror' => 'There was either an authentication
database error or you are not allowed to update your external account.',
diff --git a/languages/messages/MessagesQqq.php
b/languages/messages/MessagesQqq.php
index 7772843..714eff5 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -203,6 +203,7 @@
'tog-ccmeonemails' => 'Option in [[Special:Preferences]] >
{{int:prefs-personal}} > {{int:email}}. {{Gender}}',
'tog-diffonly' => 'Toggle option used in [[Special:Preferences]]. {{Gender}}',
'tog-showhiddencats' => 'Toggle option used in [[Special:Preferences]].
{{Gender}}',
+'tog-prefershttps' => 'Toggle option used in [[Special:Preferences]] that
indicates if the user wants to use a secure connection when logged in',
'tog-noconvertlink' => "{{optional}}
''(the message is considered optional because it is only used in wikis with
language variants)''",
@@ -1113,7 +1114,6 @@
'userlogin-signwithsecure' => 'Text of link to HTTPS login form.
See example: [[Special:UserLogin]]',
-'securelogin-stick-https' => 'Used as label for checkbox.',
'yourdomainname' => 'Used as label for listbox.',
'password-change-forbidden' => 'Error message shown when an external
authentication source does not allow the password to be changed.',
'externaldberror' => 'This message is thrown when a valid attempt to change
the wiki password for a user fails because of a database error or an error from
an external system.',
diff --git a/maintenance/language/messages.inc
b/maintenance/language/messages.inc
index be96d6e..d2a18b8 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -71,6 +71,7 @@
'tog-noconvertlink',
'tog-norollbackdiff',
'tog-useeditwarning',
+ 'tog-prefershttps'
),
'underline' => array(
'underline-always',
@@ -459,7 +460,6 @@
'remembermypassword',
'userlogin-remembermypassword',
'userlogin-signwithsecure',
- 'securelogin-stick-https',
'yourdomainname',
'password-change-forbidden',
'externaldberror',
--
To view, visit https://gerrit.wikimedia.org/r/79960
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I69e9cb23b8d700e821b8a961c672958e4e19e4f8
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.22wmf12
Gerrit-Owner: Demon <[email protected]>
Gerrit-Reviewer: Parent5446 <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
