Demon has uploaded a new change for review.
https://gerrit.wikimedia.org/r/79963
Change subject: Change secure login to use a user preference
......................................................................
Change secure login to use a user preference
Removed the wpStickHTTPS checkbox from the login form, and instead
just use the user's preferences along with whether they came from
HTTPS or not to determine if they should stay in HTTPS.
Bug: 29898
Bug: 52283
Change-Id: I69e9cb23b8d700e821b8a961c672958e4e19e4f8
---
M RELEASE-NOTES-1.22
M includes/DefaultSettings.php
M includes/Preferences.php
M includes/User.php
M includes/Wiki.php
M includes/specials/SpecialUserlogin.php
M includes/templates/Userlogin.php
M languages/messages/MessagesEn.php
M languages/messages/MessagesQqq.php
M maintenance/language/messages.inc
10 files changed, 51 insertions(+), 22 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/63/79963/1
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index e6836da..f5c1e13 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -46,6 +46,9 @@
* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
default gallery mode.
* New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
+* The checkbox for staying in HTTPS displayed on the login form when
$wgSecureLogin is
+ enabled has been removed. Instead, whether the user stays in HTTPS will be
determined
+ based on the user's preferences, and whether they came from HTTPS or not.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements
and attributes.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 531482a..d62b694 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3965,6 +3965,7 @@
'watchmoves' => 0,
'wllimit' => 250,
'useeditwarning' => 1,
+ 'prefershttps' => 1,
);
/**
diff --git a/includes/Preferences.php b/includes/Preferences.php
index 709f15c..66fd49c 100644
--- a/includes/Preferences.php
+++ b/includes/Preferences.php
@@ -188,7 +188,8 @@
global $wgAuth, $wgContLang, $wgParser, $wgCookieExpiration,
$wgLanguageCode,
$wgDisableTitleConversion, $wgDisableLangConversion,
$wgMaxSigChars,
$wgEnableEmail, $wgEmailConfirmToEdit,
$wgEnableUserEmail, $wgEmailAuthentication,
- $wgEnotifWatchlist, $wgEnotifUserTalk,
$wgEnotifRevealEditorAddress;
+ $wgEnotifWatchlist, $wgEnotifUserTalk,
$wgEnotifRevealEditorAddress,
+ $wgSecureLogin;
// retrieving user name for GENDER and misc.
$userName = $user->getName();
@@ -313,6 +314,15 @@
'section' => 'personal/info',
);
}
+ // Only show preferhttps if secure login is turned on
+ if ( $wgSecureLogin ) {
+ $defaultPreferences['prefershttps'] = array(
+ 'type' => 'toggle',
+ 'label-message' => 'tog-prefershttps',
+ 'default' => true,
+ 'section' => 'personal/info'
+ );
+ }
// Language
$languages = Language::fetchLanguageNames( null, 'mw' );
diff --git a/includes/User.php b/includes/User.php
index fedc6a9..5573bd8 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2597,6 +2597,21 @@
}
/**
+ * Determine based on the wiki configuration and the user's options,
+ * whether this user must be over HTTPS no matter what.
+ *
+ * @return bool
+ */
+ public function requiresHTTPS() {
+ global $wgSecureLogin;
+ if ( !$wgSecureLogin ) {
+ return false;
+ } else {
+ return $this->getBoolOption( 'prefershttps' );
+ }
+ }
+
+ /**
* Get the user preferred stub threshold
*
* @return int
@@ -3183,7 +3198,7 @@
* will cause the site to redirect the user to HTTPS, if they
access
* it over HTTP. Bug 29898.
*/
- if ( $request->getCheck( 'wpStickHTTPS' ) ) {
+ if ( $request->getCheck( 'wpStickHTTPS' ) ||
$this->requiresHTTPS() ) {
$this->setCookie( 'forceHTTPS', 'true', time() +
2592000, false ); //30 days
}
}
diff --git a/includes/Wiki.php b/includes/Wiki.php
index cb0f60a..6e72b9d 100644
--- a/includes/Wiki.php
+++ b/includes/Wiki.php
@@ -502,9 +502,16 @@
$request = $this->context->getRequest();
- if ( $request->getCookie( 'forceHTTPS' )
- && $request->detectProtocol() == 'http'
- && $request->getMethod() == 'GET'
+ // If the user has forceHTTPS set to true, or if the user
+ // is in a group requiring HTTPS, or if they have the HTTPS
+ // preference set, redirect them to HTTPS.
+ if (
+ (
+ $request->getCookie( 'forceHTTPS' ) ||
+ // Avoid checking the user and groups unless
it's enabled.
+ $this->context->getUser()->requiresHTTPS()
+ ) &&
+ $request->detectProtocol() == 'http'
) {
$redirUrl = $request->getFullRequestURL();
$redirUrl = str_replace( 'http://', 'https://',
$redirUrl );
diff --git a/includes/specials/SpecialUserlogin.php
b/includes/specials/SpecialUserlogin.php
index df1b16e..2cb5f68 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -105,7 +105,7 @@
$this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
$this->mAction = $request->getVal( 'action' );
$this->mRemember = $request->getCheck( 'wpRemember' );
- $this->mStickHTTPS = $request->getCheck( 'wpStickHTTPS' );
+ $this->mStickHTTPS = $request->getBool( 'wpStickHTTPS' );
$this->mLanguage = $request->getText( 'uselang' );
$this->mSkipCookieCheck = $request->getCheck(
'wpSkipCookieCheck' );
$this->mToken = ( $this->mType == 'signup' ) ?
$request->getVal( 'wpCreateaccountToken' ) : $request->getVal( 'wpLoginToken' );
@@ -747,6 +747,10 @@
$user->invalidateCache();
}
+ if ( $user->requiresHTTPS() ) {
+ $this->mStickHTTPS = true;
+ }
+
if ( $wgSecureLogin && !$this->mStickHTTPS ) {
$user->setCookies( null, false );
} else {
@@ -1151,7 +1155,7 @@
$template->set( 'usereason', $user->isLoggedIn() );
$template->set( 'remember', $user->getOption(
'rememberpassword' ) || $this->mRemember );
$template->set( 'cansecurelogin', ( $wgSecureLogin === true ) );
- $template->set( 'stickHTTPS', $this->mStickHTTPS );
+ $template->set( 'stickHTTPS', (int)$this->mStickHTTPS );
if ( $this->mType === 'signup' && $user->isLoggedIn() ) {
$template->set( 'createAnother', true );
diff --git a/includes/templates/Userlogin.php b/includes/templates/Userlogin.php
index b9825a6..f41f403 100644
--- a/includes/templates/Userlogin.php
+++ b/includes/templates/Userlogin.php
@@ -151,18 +151,6 @@
<?php } ?>
</div>
- <?php if ( $this->data['cansecurelogin'] ) { ?>
- <div>
- <label class="mw-ui-checkbox-label">
- <input name="wpStickHTTPS" type="checkbox"
value="1" id="wpStickHTTPS" tabindex="5"
- <?php if ( $this->data['stickHTTPS'] ) {
- echo 'checked="checked"';
- } ?>
- >
- <?php $this->msg( 'securelogin-stick-https' );
?>
- </label>
- </div>
- <?php } ?>
<div>
<?php
echo Html::input( 'wpLoginAttempt', $this->getMsg(
'login' )->text(), 'submit', array(
@@ -182,6 +170,7 @@
<?php } ?>
<?php if ( $this->haveData( 'uselang' ) ) { ?><input type="hidden"
name="uselang" value="<?php $this->text( 'uselang' ); ?>" /><?php } ?>
<?php if ( $this->haveData( 'token' ) ) { ?><input type="hidden"
name="wpLoginToken" value="<?php $this->text( 'token' ); ?>" /><?php } ?>
+<?php if ( $this->data['cansecurelogin'] ) {?><input type="hidden"
name="wpStickHTTPS" value="<?php $this->text( 'stickHTTPS' ); ?>" /><?php } ?>
</form>
</div>
</div>
diff --git a/languages/messages/MessagesEn.php
b/languages/messages/MessagesEn.php
index 67fe889..dcfc931 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -694,6 +694,7 @@
'tog-noconvertlink' => 'Disable link title conversion', # only
translate this message to other languages if you have to change it
'tog-norollbackdiff' => 'Omit diff after performing a rollback',
'tog-useeditwarning' => 'Warn me when I leave an edit page with
unsaved changes',
+'tog-prefershttps' => 'Always use a secure connection when logged
in',
'underline-always' => 'Always',
'underline-never' => 'Never',
@@ -1116,7 +1117,6 @@
'remembermypassword' => 'Remember my login on this browser (for a
maximum of $1 {{PLURAL:$1|day|days}})',
'userlogin-remembermypassword' => 'Keep me logged in',
'userlogin-signwithsecure' => 'Use secure connection',
-'securelogin-stick-https' => 'Stay connected to HTTPS after login',
'yourdomainname' => 'Your domain:',
'password-change-forbidden' => 'You cannot change passwords on this
wiki.',
'externaldberror' => 'There was either an authentication
database error or you are not allowed to update your external account.',
diff --git a/languages/messages/MessagesQqq.php
b/languages/messages/MessagesQqq.php
index 986bf67..dd03458 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -202,6 +202,7 @@
'tog-ccmeonemails' => 'Option in [[Special:Preferences]] >
{{int:prefs-personal}} > {{int:email}}. {{Gender}}',
'tog-diffonly' => 'Toggle option used in [[Special:Preferences]]. {{Gender}}',
'tog-showhiddencats' => 'Toggle option used in [[Special:Preferences]].
{{Gender}}',
+'tog-prefershttps' => 'Toggle option used in [[Special:Preferences]] that
indicates if the user wants to use a secure connection when logged in',
'tog-noconvertlink' => "{{optional}}
''(the message is considered optional because it is only used in wikis with
language variants)''",
@@ -1222,7 +1223,6 @@
'userlogin-signwithsecure' => 'Text of link to HTTPS login form.
See example: [[Special:UserLogin]]',
-'securelogin-stick-https' => 'Used as label for checkbox.',
'yourdomainname' => 'Used as label for listbox.',
'password-change-forbidden' => 'Error message shown when an external
authentication source does not allow the password to be changed.',
'externaldberror' => 'This message is thrown when a valid attempt to change
the wiki password for a user fails because of a database error or an error from
an external system.',
diff --git a/maintenance/language/messages.inc
b/maintenance/language/messages.inc
index 5a42091..e2cc506 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -70,6 +70,7 @@
'tog-noconvertlink',
'tog-norollbackdiff',
'tog-useeditwarning',
+ 'tog-prefershttps'
),
'underline' => array(
'underline-always',
@@ -459,7 +460,6 @@
'remembermypassword',
'userlogin-remembermypassword',
'userlogin-signwithsecure',
- 'securelogin-stick-https',
'yourdomainname',
'password-change-forbidden',
'externaldberror',
--
To view, visit https://gerrit.wikimedia.org/r/79963
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I69e9cb23b8d700e821b8a961c672958e4e19e4f8
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.22wmf13
Gerrit-Owner: Demon <[email protected]>
Gerrit-Reviewer: Parent5446 <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
