jenkins-bot has submitted this change and it was merged.
Change subject: Setup cookies security based on user preference
......................................................................
Setup cookies security based on user preference
Use the user pref instead of the login form checkbox for setting up
cookie security on login.
The preferences menu is still broken (always shows checked, even if
preference has been turned off), but this will log the user in (over
https), and then redirect them back to http if they have selected to
not use https. Likewise, if they have the default preference to use
https, they get the forceHTTPS cookie and other cookies secure.
Change-Id: I08f67b35f355ef193ae86cb9cca3799e247ead4e
---
M includes/DefaultSettings.php
M includes/SkinTemplate.php
M includes/specials/SpecialUserlogin.php
M includes/templates/Userlogin.php
4 files changed, 6 insertions(+), 25 deletions(-)
Approvals:
Demon: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index d62b694..340d5b4 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -3999,13 +3999,6 @@
*/
$wgSecureLogin = false;
-/**
- * By default, keep users logged in via HTTPS when $wgSecureLogin is also
- * true. Users opt-out of HTTPS when they login by de-selecting the checkbox.
- * @since 1.21
- */
-$wgSecureLoginDefaultHTTPS = true;
-
/** @} */ # end user accounts }
/************************************************************************//**
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index 686d8d7..0469937 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -617,10 +617,6 @@
}
}
- if ( $wgSecureLogin && $request->detectProtocol() === 'https' )
{
- $a['wpStickHTTPS'] = true;
- }
-
$returnto = wfArrayToCgi( $a );
if ( $this->loggedin ) {
$personal_urls['userpage'] = array(
diff --git a/includes/specials/SpecialUserlogin.php
b/includes/specials/SpecialUserlogin.php
index d4fac5c..87e15c8 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -105,7 +105,8 @@
$this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
$this->mAction = $request->getVal( 'action' );
$this->mRemember = $request->getCheck( 'wpRemember' );
- $this->mStickHTTPS = $request->getBool( 'wpStickHTTPS' );
+ $this->mFromHTTP = $request->getBool( 'fromhttp', false );
+ $this->mStickHTTPS = ( !$this->mFromHTTP &&
$request->detectProtocol() === 'https' ) || $request->getBool( 'wpForceHttps',
false );
$this->mLanguage = $request->getText( 'uselang' );
$this->mSkipCookieCheck = $request->getCheck(
'wpSkipCookieCheck' );
$this->mToken = ( $this->mType == 'signup' ) ?
$request->getVal( 'wpCreateaccountToken' ) : $request->getVal( 'wpLoginToken' );
@@ -175,10 +176,10 @@
$query = array(
'returnto' => $this->mReturnTo,
'returntoquery' => $this->mReturnToQuery,
- 'wpStickHTTPS' => $this->mStickHTTPS
);
$url = $title->getFullURL( $query, false, PROTO_HTTPS );
if ( $wgSecureLogin && wfCanIPUseHTTPS(
$this->getRequest()->getIP() ) ) {
+ $url = wfAppendQuery( $url, 'fromhttp=1' );
$this->getOutput()->redirect( $url );
return;
} else {
@@ -1038,7 +1039,7 @@
global $wgEnableEmail, $wgEnableUserEmail;
global $wgHiddenPrefs, $wgLoginLanguageSelector;
global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
- global $wgSecureLogin, $wgSecureLoginDefaultHTTPS,
$wgPasswordResetRoutes;
+ global $wgSecureLogin, $wgPasswordResetRoutes;
$titleObj = $this->getTitle();
$user = $this->getUser();
@@ -1121,15 +1122,6 @@
$template->set( 'link', '' );
}
- // Decide if we default stickHTTPS on
- if ( $wgSecureLoginDefaultHTTPS
- && $this->mAction != 'submitlogin'
- && !$this->mLoginattempt
- && wfCanIPUseHTTPS( $this->getRequest()->getIP() ) )
- {
- $this->mStickHTTPS = true;
- }
-
$resetLink = $this->mType == 'signup'
? null
: is_array( $wgPasswordResetRoutes ) && in_array( true,
array_values( $wgPasswordResetRoutes ) );
@@ -1159,7 +1151,7 @@
$template->set( 'usereason', $user->isLoggedIn() );
$template->set( 'remember', $user->getOption(
'rememberpassword' ) || $this->mRemember );
$template->set( 'cansecurelogin', ( $wgSecureLogin === true ) );
- $template->set( 'stickHTTPS', (int)$this->mStickHTTPS );
+ $template->set( 'stickhttps', (int) $this->mStickHTTPS );
if ( $this->mType === 'signup' && $user->isLoggedIn() ) {
$template->set( 'createAnother', true );
diff --git a/includes/templates/Userlogin.php b/includes/templates/Userlogin.php
index f41f403..8b4e7bb 100644
--- a/includes/templates/Userlogin.php
+++ b/includes/templates/Userlogin.php
@@ -170,7 +170,7 @@
<?php } ?>
<?php if ( $this->haveData( 'uselang' ) ) { ?><input type="hidden"
name="uselang" value="<?php $this->text( 'uselang' ); ?>" /><?php } ?>
<?php if ( $this->haveData( 'token' ) ) { ?><input type="hidden"
name="wpLoginToken" value="<?php $this->text( 'token' ); ?>" /><?php } ?>
-<?php if ( $this->data['cansecurelogin'] ) {?><input type="hidden"
name="wpStickHTTPS" value="<?php $this->text( 'stickHTTPS' ); ?>" /><?php } ?>
+<?php if ( $this->data['cansecurelogin'] ) {?><input type="hidden"
name="wpForceHttps" value="<?php $this->text( 'stickhttps' ); ?>" /><?php } ?>
</form>
</div>
</div>
--
To view, visit https://gerrit.wikimedia.org/r/80723
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I08f67b35f355ef193ae86cb9cca3799e247ead4e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.22wmf13
Gerrit-Owner: Demon <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Daniel Friesen <[email protected]>
Gerrit-Reviewer: Demon <[email protected]>
Gerrit-Reviewer: Jack Phoenix <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
