[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth on officewiki - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/290278 Change subject: Enable Ex:OATHAuth on officewiki .. Enable Ex:OATHAuth on officewiki Enable Ex:OATHAuth, and make it available to all users, on officeiwki. Bug: T135889 Change-Id: Ide6c38a1edc6efcc7e43141f6f7c271c6acf55a0 --- M wmf-config/CommonSettings.php M wmf-config/InitialiseSettings.php 2 files changed, 11 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/78/290278/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 594868e..15ce98c 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -3169,8 +3169,11 @@ if ( $wmgUseOATHAuth ) { wfLoadExtension( 'OATHAuth' ); - // Roll this feature out to specific groups initially - $wgGroupPermissions['*']['oathauth-enable'] = false; + + if ( $wmgOATHAuthDisableRight ) { + $wgGroupPermissions['*']['oathauth-enable'] = false; + } + if ( $wmgUseCentralAuth ) { $wgOATHAuthDatabase = 'centralauth'; } diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index 6f2c536..e9c4bf6 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -16953,6 +16953,12 @@ 'private' => false, 'fishbowl' => false, 'nonglobal' => false, + 'officewiki' => true, +], + +'wmgOATHAuthDisableRight' => [ + 'default' => true, // Roll out to specific groups + 'officewiki' => false, ], ]; -- To view, visit https://gerrit.wikimedia.org/r/290278 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ide6c38a1edc6efcc7e43141f6f7c271c6acf55a0 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Enable Ex:OATH on CentralAuth wikis, limited rights - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/290271 Change subject: Enable Ex:OATH on CentralAuth wikis, limited rights .. Enable Ex:OATH on CentralAuth wikis, limited rights Enable Ex:OATH on all CentralAuth wikis, but don't give the user right to enable OATH to any user groups. The right will be given to a small pilot group for UX testing. Bug: T107605 Change-Id: I4078f8045b3d05e4236f2320f4f12944c6eb9850 --- M wmf-config/InitialiseSettings.php 1 file changed, 4 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/71/290271/1 diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index 5eaa881..6f2c536 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -16949,9 +16949,10 @@ ], 'wmgUseOATHAuth' => [ - 'default' => false, - 'testwiki' => true, - 'test2wiki' => true, + 'default' => true, + 'private' => false, + 'fishbowl' => false, + 'nonglobal' => false, ], ]; -- To view, visit https://gerrit.wikimedia.org/r/290271 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4078f8045b3d05e4236f2320f4f12944c6eb9850 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Redo local password enforcement - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/289780 Change subject: Redo local password enforcement .. Redo local password enforcement Use https://gerrit.wikimedia.org/r/#/c/289778/ to move much of the special handling logic for local groups into CentralAuth. Also get rid of LoginAuthenticateAudit hook, since policies for those groups are now enforced. Bug: T119736 Change-Id: I534127f8a9d2934e91d8cd08cfda2d30567f0de9 --- M wmf-config/CommonSettings.php 1 file changed, 11 insertions(+), 51 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/80/289780/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 7aae128..f1d4b61 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -391,19 +391,6 @@ 'PasswordCannotBePopular' => 1, ]; - if ( array_intersect( - [ 'bureaucrat', 'sysop', 'checkuser', 'oversight', 'interface-editor' ], - $central->getLocalGroups() - ) ) { - $effectivePolicy = UserPasswordPolicy::maxOfPolicies( - $effectivePolicy, - $privilegedPolicy - ); - return true; - } - - // Result should be cached by getLocalGroups() above - $attachInfo = $central->queryAttached(); $enforceWikiGroups = [ 'centralnoticeadmin' => [ 'metawiki', 'testwiki' ], 'templateeditor' => [ 'fawiki', 'rowiki' ], @@ -411,21 +398,19 @@ 'translator' => [ 'incubatorwiki' ], 'technician' => [ 'trwiki' ], 'wikidata-staff' => [ 'wikidata' ], + 'bureaucrat' => '*', + 'sysop' => '*', + 'checkuser' => '*', + 'oversight' => '*', + 'interface-editor' => '*', ]; - foreach ( $enforceWikiGroups as $group => $wikis ) { - foreach ( $wikis as $wiki ) { - if ( isset( $attachInfo[$wiki]['groups'] ) - && in_array( $group, $attachInfo[$wiki]['groups'] ) ) - { - $effectivePolicy = UserPasswordPolicy::maxOfPolicies( - $effectivePolicy, - $privilegedPolicy - ); - return true; - } - } - } + $effectivePolicy = CentralAuthUtils::enforcePasswordPolicyIfInLocalWikiGroup( + $central, + $enforceWikiGroups, + $privilegedPolicy, + $effectivePolicy + ); return true; }; @@ -1452,31 +1437,6 @@ " - " . @$headers['X-Forwarded-For'] . ' - ' . @$headers['User-Agent'] ); - } - return true; -}; - -// Estimate users affected if we increase the minimum -// password length to 8 for privileged groups, i.e. -// T104370, T104371, T104372, T104373 -$wgHooks['LoginAuthenticateAudit'][] = function( $user, $pass, $retval ) { - global $wmgUseCentralAuth; - if ( $retval == LoginForm::SUCCESS - && strlen( $pass ) < 8 - ) { - if ( $wmgUseCentralAuth ) { - $central = CentralAuthUser::getInstance( $user ); - if ( $central->exists() && array_intersect( - [ 'staff', 'sysadmin', 'steward', 'ombudsman', 'checkuser' ], - array_merge( - $central->getLocalGroups(), - $central->getGlobalGroups() - ) - ) ) { - $logger = LoggerFactory::getInstance( 'badpass' ); - $logger->info( "Login by privileged user '{$user->getName()}' with too short password" ); - } - } } return true; }; -- To view, visit https://gerrit.wikimedia.org/r/289780 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I534127f8a9d2934e91d8cd08cfda2d30567f0de9 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp
[MediaWiki-commits] [Gerrit] Safely handle policies for local groups - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/289778 Change subject: Safely handle policies for local groups .. Safely handle policies for local groups Add helper functions in CentralAuth to apply password policies based on the user's local group membership on particular wikis. Also account for CentralAuthUser objects where the localuser table has an entry, but the local account does not exist, causing CentralAuthUser::localUserData() to throw an exception. Bug: T119736 Change-Id: I6eb014af44364640de74c32ae4603c0571d42aff --- M includes/CentralAuthHooks.php M includes/CentralAuthUser.php M includes/CentralAuthUtils.php 3 files changed, 85 insertions(+), 29 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/78/289778/1 diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php index 76e3352..e506694 100644 --- a/includes/CentralAuthHooks.php +++ b/includes/CentralAuthHooks.php @@ -1508,40 +1508,22 @@ $central = CentralAuthUser::getInstance( $user ); if ( $central->exists() ) { - try { - $localPolicyGroups = array_intersect( - array_keys( $wgCentralAuthGlobalPasswordPolicies ), - $central->getLocalGroups() - ); - } catch ( Exception $e ) { - // T104615 - race condition in attaching user and creating local - // wiki account can cause this Exception from - // CentralAuthUser::localUserData. Allow the password for now, and - // we'll catch them next login if their password isn't valid. - // And T119736 - if localuser table gets out of sync, don't - // deny logins - if ( substr( $e->getMessage(), 0 , 34 ) - === 'Could not find local user data for' - ) { - wfDebugLog( - 'CentralAuth', - sprintf( 'Bug T104615 hit for %s@%s', - $user->getName(), - wfWikiId() - ) - ); - return true; - } - - throw $e; - } - $effectivePolicy = UserPasswordPolicy::getPoliciesForGroups( $wgCentralAuthGlobalPasswordPolicies, - array_merge( $central->getGlobalGroups(), $localPolicyGroups ), + $central->getGlobalGroups(), $effectivePolicy ); + + foreach ( $wgCentralAuthGlobalPasswordPolicies as $group => $policy ) { + $effectivePolicy = CentralAuthUtils::enforcePasswordPolicyIfInLocalWikiGroup( + $central, + [ $group => '*' ], + $policy, + $effectivePolicy + ); + } } + return true; } diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php index 1e8264a..68291c9 100644 --- a/includes/CentralAuthUser.php +++ b/includes/CentralAuthUser.php @@ -2215,6 +2215,38 @@ } /** +* Returns true if a user is a member of a particular group, on a particular set +* of wikis. +* @param array $wikiGroups list of groups (keys) and either an array of wiki +* names, or the string '*' for any wiki. E.g., if a user is a sysop on enwiki, +* and $wikiGroups=['sysop'=>'*'] or $wikiGroups=['sysop'=>['enwiki','dewiki']] +* then this function will return true. +* @return array of group names where the user is a member on at least one wiki +*/ + public function inLocalWikiGroups( array $wikiGroups ) { + $allGroups = $this->getLocalGroups(); + $attachInfo = $this->queryAttached(); + foreach ( $wikiGroups as $group => $wikis ) { + if ( $wikis === '*' ) { + if ( in_array( $group, $allGroups ) ) { + return true; + } +
[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth on test wikis, disabled for all users - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/289486 Change subject: Enable Ex:OATHAuth on test wikis, disabled for all users .. Enable Ex:OATHAuth on test wikis, disabled for all users Bug: T107605 Change-Id: I7e453e1b73c53be1abed0a8677af1879a8681755 --- M wmf-config/CommonSettings.php M wmf-config/InitialiseSettings.php 2 files changed, 14 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/86/289486/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 43eeb24..7aae128 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -3164,6 +3164,14 @@ wfLoadExtension( 'ParsoidBatchAPI' ); } +if ( $wmgUseOATHAuth ) { + wfLoadExtension( 'OATHAuth' ); + // Roll this feature out to specific groups initially + $wgGroupPermissions['*']['oathauth-enable'] = false; + if ( $wmgUseCentralAuth ) { + $wgOATHAuthDatabase = 'centralauth'; + } +} ### End (roughly) of general extensions diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index 7692822..27e1684 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -16956,6 +16956,12 @@ 'wikivoyage' => true, ], +'wmgUseOATHAuth' => [ + 'default' => false, + 'testwiki' => true, + 'test2wiki' => true, +], + ]; ### WMF Labs override # -- To view, visit https://gerrit.wikimedia.org/r/289486 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7e453e1b73c53be1abed0a8677af1879a8681755 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth in beta, disabled for all users - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/283569 Change subject: Enable Ex:OATHAuth in beta, disabled for all users .. Enable Ex:OATHAuth in beta, disabled for all users Enable OATHAuth in beta, but disable it for all users. For testing, we'll give the user right to the global Staff group. Trying this again, with the DB table correctly created this time. Bug: T131420 Change-Id: Id13a8b8aa11b91ccc770fafbdec28834c9cc2afc --- M wmf-config/CommonSettings-labs.php M wmf-config/InitialiseSettings-labs.php M wmf-config/extension-list-labs 3 files changed, 12 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/69/283569/1 diff --git a/wmf-config/CommonSettings-labs.php b/wmf-config/CommonSettings-labs.php index c1625fb..2cfec24 100644 --- a/wmf-config/CommonSettings-labs.php +++ b/wmf-config/CommonSettings-labs.php @@ -342,6 +342,13 @@ wfLoadExtension( 'Newsletter' ); } +if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) { + wfLoadExtension( 'OATHAuth' ); + $wgOATHAuthDatabase = 'centralauth'; + // Roll this feature out to specific groups initially + $wgGroupPermissions['*']['oathauth-enable'] = false; +} + // Experimental $wgGadgetsCaching = false; diff --git a/wmf-config/InitialiseSettings-labs.php b/wmf-config/InitialiseSettings-labs.php index 738730e..592b3de 100644 --- a/wmf-config/InitialiseSettings-labs.php +++ b/wmf-config/InitialiseSettings-labs.php @@ -643,5 +643,9 @@ 'wmgUseNewsletter' => array( 'default' => true, // T127297 ), + // Test enabling OATH for 2FA + 'wmgUseOATHAuth' => array( + 'default' => true, + ), ); } # wmflLabsSettings() diff --git a/wmf-config/extension-list-labs b/wmf-config/extension-list-labs index f195f2e..9d93b1b 100644 --- a/wmf-config/extension-list-labs +++ b/wmf-config/extension-list-labs @@ -5,3 +5,4 @@ $IP/extensions/Kartographer/extension.json $IP/extensions/ORES/extension.json $IP/extensions/Newsletter/extension.json +$IP/extensions/OATHAuth/extension.json -- To view, visit https://gerrit.wikimedia.org/r/283569 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id13a8b8aa11b91ccc770fafbdec28834c9cc2afc Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert "Enable Ex:OATHAuth in beta, disabled for all users" - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/282808 Change subject: Revert "Enable Ex:OATHAuth in beta, disabled for all users" .. Revert "Enable Ex:OATHAuth in beta, disabled for all users" This reverts commit 614c46853ac30bbb7a393fe5d4595b3a3446aa4e. Change-Id: I304da0b1044eccc7c1a266eb207d452d99da2ca6 --- M wmf-config/CommonSettings-labs.php M wmf-config/InitialiseSettings-labs.php 2 files changed, 0 insertions(+), 11 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/08/282808/1 diff --git a/wmf-config/CommonSettings-labs.php b/wmf-config/CommonSettings-labs.php index fa44c37..59de815 100644 --- a/wmf-config/CommonSettings-labs.php +++ b/wmf-config/CommonSettings-labs.php @@ -341,13 +341,6 @@ wfLoadExtension( 'Newsletter' ); } -if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) { - wfLoadExtension( 'OATHAuth' ); - $wgOATHAuthDatabase = 'centralauth'; - // Roll this feature out to specific groups initially - $wgGroupPermissions['*']['oathauth-enable'] = false; -} - // Experimental $wgGadgetsCaching = false; diff --git a/wmf-config/InitialiseSettings-labs.php b/wmf-config/InitialiseSettings-labs.php index a72ace8..f5be518 100644 --- a/wmf-config/InitialiseSettings-labs.php +++ b/wmf-config/InitialiseSettings-labs.php @@ -653,9 +653,5 @@ 'wmgUseNewsletter' => array( 'default' => true, // T127297 ), - // Test enabling OATH for 2FA - 'wmgUseOATHAuth' => array( - 'default' => true, - ), ); } # wmflLabsSettings() -- To view, visit https://gerrit.wikimedia.org/r/282808 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I304da0b1044eccc7c1a266eb207d452d99da2ca6 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth in beta, disabled for all users - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/282198 Change subject: Enable Ex:OATHAuth in beta, disabled for all users .. Enable Ex:OATHAuth in beta, disabled for all users Second try at this. Enable OATHAuth in beta, but disable it for all users. For testing, we'll give the user right to the global Staff group. Change-Id: I08064e64ed5e34f7b2932aaec28130cf2f9a9f2d --- M wmf-config/CommonSettings-labs.php M wmf-config/InitialiseSettings-labs.php 2 files changed, 11 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/98/282198/1 diff --git a/wmf-config/CommonSettings-labs.php b/wmf-config/CommonSettings-labs.php index 59de815..fa44c37 100644 --- a/wmf-config/CommonSettings-labs.php +++ b/wmf-config/CommonSettings-labs.php @@ -341,6 +341,13 @@ wfLoadExtension( 'Newsletter' ); } +if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) { + wfLoadExtension( 'OATHAuth' ); + $wgOATHAuthDatabase = 'centralauth'; + // Roll this feature out to specific groups initially + $wgGroupPermissions['*']['oathauth-enable'] = false; +} + // Experimental $wgGadgetsCaching = false; diff --git a/wmf-config/InitialiseSettings-labs.php b/wmf-config/InitialiseSettings-labs.php index f5be518..a72ace8 100644 --- a/wmf-config/InitialiseSettings-labs.php +++ b/wmf-config/InitialiseSettings-labs.php @@ -653,5 +653,9 @@ 'wmgUseNewsletter' => array( 'default' => true, // T127297 ), + // Test enabling OATH for 2FA + 'wmgUseOATHAuth' => array( + 'default' => true, + ), ); } # wmflLabsSettings() -- To view, visit https://gerrit.wikimedia.org/r/282198 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I08064e64ed5e34f7b2932aaec28130cf2f9a9f2d Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert "Revert "Enable Ex:OATHAuth in beta, disabled for all... - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/282193 Change subject: Revert "Revert "Enable Ex:OATHAuth in beta, disabled for all users"" .. Revert "Revert "Enable Ex:OATHAuth in beta, disabled for all users"" This reverts commit a68190100f7d6831b84a366f895f1dc800183e98. Change-Id: Iac773171e98c76d3eef81729000146508fbf99d3 --- M wmf-config/CommonSettings-labs.php M wmf-config/InitialiseSettings-labs.php 2 files changed, 11 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/93/282193/1 diff --git a/wmf-config/CommonSettings-labs.php b/wmf-config/CommonSettings-labs.php index 8bf542b..a5ef67c 100644 --- a/wmf-config/CommonSettings-labs.php +++ b/wmf-config/CommonSettings-labs.php @@ -337,6 +337,13 @@ $wgOresBaseUrl = 'https://ores.wmflabs.org/'; } +if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) { + wfLoadExtension( 'OATHAuth' ); + $wgOATHAuthDatabase = 'centralauth'; + // Roll this feature out to specific groups initially + $wgGroupPermissions['*']['oathauth-enable'] = false; +} + // Experimental $wgGadgetsCaching = false; diff --git a/wmf-config/InitialiseSettings-labs.php b/wmf-config/InitialiseSettings-labs.php index 4f6240e..81d4b18 100644 --- a/wmf-config/InitialiseSettings-labs.php +++ b/wmf-config/InitialiseSettings-labs.php @@ -652,5 +652,9 @@ 'wmgUseCollection' => array( 'zhwiki' => true, // T128425 ), + // Test enabling OATH for 2FA + 'wmgUseOATHAuth' => array( + 'default' => true, + ) ); } # wmflLabsSettings() -- To view, visit https://gerrit.wikimedia.org/r/282193 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iac773171e98c76d3eef81729000146508fbf99d3 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Fixup DB/uid handling for SUL wikis - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/282192 Change subject: Fixup DB/uid handling for SUL wikis .. Fixup DB/uid handling for SUL wikis We need to pass the db name to getConnection, in addition to wfGetLB. Also, use core's CentralIdLookup for mapping local user to CentralId when using a central DB for OATH secret storage. Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef (cherry picked from commit 65543e1f6c01dc30bf8bff4151dd378d65f4c5c9) --- M OATHAuth.hooks.php M OATHAuthKey.php M OATHUserRepository.php 3 files changed, 12 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/92/282192/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 1f02646..6b95649 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -79,14 +79,15 @@ $oathrepo = self::getOATHUserRepository(); $oathuser = $oathrepo->findByUser( $user ); + $uid = CentralIdLookup::factory()->centralIdFromLocalUser( $user ); if ( $oathuser->getKey() !== null && !$request->getCheck( 'token' ) ) { $encData = OATHAuthUtils::encryptSessionData( $request->getValues(), - $user->getId() + $uid ); $request->setSessionData( 'oath_login', $encData ); - $request->setSessionData( 'oath_uid', $user->getId() ); + $request->setSessionData( 'oath_uid', $uid ); $output->redirect( SpecialPage::getTitleFor( 'OATH' )->getFullURL( '', false, PROTO_CURRENT ) ); return false; } else { diff --git a/OATHAuthKey.php b/OATHAuthKey.php index c5ce239..fb67283 100644 --- a/OATHAuthKey.php +++ b/OATHAuthKey.php @@ -89,7 +89,8 @@ // Prevent replay attacks $memc = ObjectCache::newAnything( array() ); - $memcKey = wfMemcKey( 'oauthauth', 'usedtokens', $user->getUser()->getId() ); + $uid = CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ); + $memcKey = wfMemcKey( 'oauthauth', 'usedtokens', $uid ); $lastWindow = (int)$memc->get( $memcKey ); $retval = false; diff --git a/OATHUserRepository.php b/OATHUserRepository.php index 946578d..5699c7e 100644 --- a/OATHUserRepository.php +++ b/OATHUserRepository.php @@ -6,14 +6,16 @@ private $dbw; public function __construct( LoadBalancer $lb ) { - $this->dbr = $lb->getConnection( DB_SLAVE ); - $this->dbw = $lb->getConnection( DB_MASTER ); + global $wgOATHAuthDatabase; + $this->dbr = $lb->getConnection( DB_SLAVE, array(), $wgOATHAuthDatabase ); + $this->dbw = $lb->getConnection( DB_MASTER, array(), $wgOATHAuthDatabase ); } public function findByUser( User $user ) { $oathUser = new OATHUser( $user, null ); - $res = $this->dbr->selectRow( 'oathauth_users', '*', array( 'id' => $user->getId() ), __METHOD__ ); + $uid = CentralIdLookup::factory()->centralIdFromLocalUser( $user ); + $res = $this->dbr->selectRow( 'oathauth_users', '*', array( 'id' => $uid ), __METHOD__ ); if ($res) { $key = new OATHAuthKey( $res->secret, explode( ',', $res->scratch_tokens ) ); $oathUser->setKey( $key ); @@ -27,7 +29,7 @@ 'oathauth_users', array( 'id' ), array( - 'id' => $user->getUser()->getId(), + 'id' => CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ), 'secret' => $user->getKey()->getSecret(), 'scratch_tokens' => implode( ',', $user->getKey()->getScratchTokens() ), ), @@ -38,7 +40,7 @@ public function remove( OATHUser $user ) { $this->dbw->delete( 'oathauth_users', - array( 'id' => $user->getUser()->getId() ), + array( 'id' => CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ) ), __METHOD__ ); } -- To view, visit https://gerrit.wikimedia.org/r/282192 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OATHAuth Gerrit-Branch: wmf/1.27.0-wmf.20 Gerrit-Owner: CSteipp
[MediaWiki-commits] [Gerrit] Delete users who didn't complete setup on upgrade - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/281956 Change subject: Delete users who didn't complete setup on upgrade .. Delete users who didn't complete setup on upgrade Users who started the "Enable two-factor" process, but never confirmed their setup were stored in the database under the previous format. After Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19, we no longer look at the is_validated column to see if the user confirmed their 2fa setup, and instead only store users in the table who have confirmed. Delete these users from the table when updating the table format. Bug: T130892 Change-Id: I54a706043b44db50344d138207b472c35d00724e --- M OATHAuth.hooks.php 1 file changed, 9 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/56/281956/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 8bbc24d..aca7c1d 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -209,7 +209,12 @@ return true; } - $res = $db->select( 'oathauth_users', array( 'id', 'scratch_tokens' ), '', __METHOD__ ); + $res = $db->select( + 'oathauth_users', + array( 'id', 'scratch_tokens' ), + array( 'is_validated != 0' ), + __METHOD__ + ); foreach ( $res as $row ) { $scratchTokens = unserialize( base64_decode( $row->scratch_tokens ) ); @@ -223,6 +228,9 @@ } } + // Remove rows from the table where user never completed the setup process + $db->delete( 'oathauth_users', array( 'is_validated' => 0 ), __METHOD__ ); + return true; } } -- To view, visit https://gerrit.wikimedia.org/r/281956 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I54a706043b44db50344d138207b472c35d00724e Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OATHAuth Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Fixup DB/uid handling for SUL wikis - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/281034 Change subject: Fixup DB/uid handling for SUL wikis .. Fixup DB/uid handling for SUL wikis We need to pass the db name to getConnection, in addition to wfGetLB. Also, use core's CentralIdLookup for mapping local user to CentralId when using a central DB for OATH secret storage. Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef --- M OATHUserRepository.php 1 file changed, 7 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/34/281034/1 diff --git a/OATHUserRepository.php b/OATHUserRepository.php index 946578d..5699c7e 100644 --- a/OATHUserRepository.php +++ b/OATHUserRepository.php @@ -6,14 +6,16 @@ private $dbw; public function __construct( LoadBalancer $lb ) { - $this->dbr = $lb->getConnection( DB_SLAVE ); - $this->dbw = $lb->getConnection( DB_MASTER ); + global $wgOATHAuthDatabase; + $this->dbr = $lb->getConnection( DB_SLAVE, array(), $wgOATHAuthDatabase ); + $this->dbw = $lb->getConnection( DB_MASTER, array(), $wgOATHAuthDatabase ); } public function findByUser( User $user ) { $oathUser = new OATHUser( $user, null ); - $res = $this->dbr->selectRow( 'oathauth_users', '*', array( 'id' => $user->getId() ), __METHOD__ ); + $uid = CentralIdLookup::factory()->centralIdFromLocalUser( $user ); + $res = $this->dbr->selectRow( 'oathauth_users', '*', array( 'id' => $uid ), __METHOD__ ); if ($res) { $key = new OATHAuthKey( $res->secret, explode( ',', $res->scratch_tokens ) ); $oathUser->setKey( $key ); @@ -27,7 +29,7 @@ 'oathauth_users', array( 'id' ), array( - 'id' => $user->getUser()->getId(), + 'id' => CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ), 'secret' => $user->getKey()->getSecret(), 'scratch_tokens' => implode( ',', $user->getKey()->getScratchTokens() ), ), @@ -38,7 +40,7 @@ public function remove( OATHUser $user ) { $this->dbw->delete( 'oathauth_users', - array( 'id' => $user->getUser()->getId() ), + array( 'id' => CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ) ), __METHOD__ ); } -- To view, visit https://gerrit.wikimedia.org/r/281034 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OATHAuth Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert "Enable Ex:OATHAuth in beta, disabled for all users" - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/280796 Change subject: Revert "Enable Ex:OATHAuth in beta, disabled for all users" .. Revert "Enable Ex:OATHAuth in beta, disabled for all users" This reverts commit 2b9a3cca4bdf16a96a730960a754e93f31f0fd35. Change-Id: Icb5361e797cac15f8061747e5338164131550664 --- M wmf-config/CommonSettings-labs.php M wmf-config/InitialiseSettings-labs.php 2 files changed, 0 insertions(+), 11 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/96/280796/1 diff --git a/wmf-config/CommonSettings-labs.php b/wmf-config/CommonSettings-labs.php index a5ef67c..8bf542b 100644 --- a/wmf-config/CommonSettings-labs.php +++ b/wmf-config/CommonSettings-labs.php @@ -337,13 +337,6 @@ $wgOresBaseUrl = 'https://ores.wmflabs.org/'; } -if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) { - wfLoadExtension( 'OATHAuth' ); - $wgOATHAuthDatabase = 'centralauth'; - // Roll this feature out to specific groups initially - $wgGroupPermissions['*']['oathauth-enable'] = false; -} - // Experimental $wgGadgetsCaching = false; diff --git a/wmf-config/InitialiseSettings-labs.php b/wmf-config/InitialiseSettings-labs.php index 81d4b18..4f6240e 100644 --- a/wmf-config/InitialiseSettings-labs.php +++ b/wmf-config/InitialiseSettings-labs.php @@ -652,9 +652,5 @@ 'wmgUseCollection' => array( 'zhwiki' => true, // T128425 ), - // Test enabling OATH for 2FA - 'wmgUseOATHAuth' => array( - 'default' => true, - ) ); } # wmflLabsSettings() -- To view, visit https://gerrit.wikimedia.org/r/280796 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Icb5361e797cac15f8061747e5338164131550664 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Encrypt password when stored in user session - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/280780 Change subject: Encrypt password when stored in user session .. Encrypt password when stored in user session During the two-step login, users with OATH enabled need to have their login details saved into their session while we prompt them for their OATH code. This encrypts that data, so we don't write their user's password into our session storage. Change-Id: I9969871205ac5c438706df41ef1519cb4cd7a964 --- M OATHAuth.hooks.php A OATHAuthUtils.php M extension.json M special/SpecialOATH.php M special/SpecialOATHLogin.php 5 files changed, 120 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/80/280780/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 4e78c0a..0fd551c 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -81,7 +81,12 @@ $oathuser = $oathrepo->findByUser( $user ); if ( $oathuser->getKey() !== null && !$request->getCheck( 'token' ) ) { - $request->setSessionData( 'oath_login', $request->getValues() ); + $encData = OATHAuthUtils::encryptSessionData( + $request->getValues(), + $user->getId() + ); + $request->setSessionData( 'oath_login', $encData ); + $request->setSessionData( 'oath_uid', $user->getId() ); $output->redirect( SpecialPage::getTitleFor( 'OATH' )->getFullURL( '', false, PROTO_CURRENT ) ); return false; } else { diff --git a/OATHAuthUtils.php b/OATHAuthUtils.php new file mode 100644 index 000..9d8b401 --- /dev/null +++ b/OATHAuthUtils.php @@ -0,0 +1,105 @@ + substr( $keymats, 0, 32 ), + 'hmac' => substr( $keymats, 32, 32 ), + ); + } + + /** +* Actually encrypt the data, using a new random IV, and prepend the hmac +* of the encrypted data + IV, using a separate hmac key. +* @return $hmac.$iv.$ciphertext, each component b64 encoded +*/ + private static function seal( $data, $encKey, $hmacKey ) { + $iv = MWCryptRand::generate( 16, true ); + $ciphertext = openssl_encrypt( + $data, + 'aes-256-ctr', + $encKey, + OPENSSL_RAW_DATA, + $iv + ); + $sealed = base64_encode( $iv ) . '.' . base64_encode( $ciphertext ); + $hmac = hash_hmac( 'sha256', $sealed, $hmacKey, true ); + return base64_encode( $hmac ) . '.' . $sealed; + } + + /** +* Decrypt data sealed using seal(). First checks the hmac to prevent various +* attacks. +* @return plaintext +*/ + private static function unseal( $encrypted, $encKey, $hmacKey ) { + $pieces = explode( '.', $encrypted ); + if ( count( $pieces ) !== 3 ) { + throw new InvalidArgumentException( 'Invalid sealed-secret format' ); + } + + list( $hmac, $iv, $ciphertext ) = $pieces; + $integCalc = hash_hmac( 'sha256', $iv . '.' . $ciphertext, $hmacKey, true ); + if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) { + throw new Exception( 'Sealed secret has been tampered with, aborting.' ); + } + + return openssl_decrypt( + base64_decode( $ciphertext ), + 'aes-256-ctr', + $encKey, + OPENSSL_RAW_DATA, + base64_decode( $iv ) + ); + } + +} diff --git a/extension.json b/extension.json index 29151b2..d028cff 100644 --- a/extension.json +++ b/extension.json @@ -8,6 +8,7 @@ "AutoloadClasses": { "OATHAuthHooks": "OATHAuth.hooks.php", "OATHAuthKey": "OATHAuthKey.php", + "OATHAuthUtils": "OATHAuthUtils.php", "OATHUserRepository": "OATHUserRepository.php", "HOTP": "lib/hotp.php", "HOTPResult": "lib/hotp.php", @@ -46,7 +47,8 @@ }, "config": { "OATHAuthWindowRadius": 4, - "OATHAuthDatabase": false + "OATHAuthDatabase": false, + "OATHAuthSecret": false }, "ResourceModules": { "ext.oathauth": { diff --git a/special/SpecialOATH.php b/special/SpecialOATH.php index 7f8a580..ae99c39 100644 --- a/special/SpecialOATH.php +++ b/special/SpecialOATH.php @@ -20,8 +20,12 @@ $page = null; if ( $this->getUser()->isAnon() && $loginInfo !==
[MediaWiki-commits] [Gerrit] Fix i18n merge errors - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/280701 Change subject: Fix i18n merge errors .. Fix i18n merge errors Address comments by Raimond Spekking on I39859cc59f1811de42b72f6167d332ea48812f97 Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5 --- M i18n/en.json 1 file changed, 1 insertion(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/01/280701/1 diff --git a/i18n/en.json b/i18n/en.json index da3e6cf..ea88e39 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -17,7 +17,7 @@ "oathauth-verify": "Verify two-factor token", "openstackmanager-scratchtokens": "The following list is a list of one-time use scratch tokens. These tokens can only be used once, and are for emergency use. Please write these down and keep them in a secure location. If you lose your phone, these tokens are the only way to rescue your account. These tokens will never be shown again.", "oathauth-reset": "Reset two-factor credentials", - "oathauth-donotdeleteoldsecret": "Please do not delete your old credentials until you have successfully validated your new credentials.", + "oathauth-donotdeleteoldsecret": "Please do not delete your old credentials until you have validated your new credentials.", "oathauth-token": "Token", "oathauth-currenttoken": "Current token", "oathauth-newtoken": "New token", @@ -36,7 +36,6 @@ "oathauth-notloggedin": "Login required", "oathauth-mustbeloggedin": "You must be logged in to perform this action.", "oathauth-prefs-label": "Two-factor authentication:", - "oathauth-abortlogin": "The two-factor authentication token provided was invalid.", "oathauth-abortlogin": "The two-factor authentication token provided was invalid.", "oathauth-step1": "Step 1: Download the app", "oathauth-step1-test": "Download a mobile app for two-factor authentication (such as Google Authenticator) on to your phone.", -- To view, visit https://gerrit.wikimedia.org/r/280701 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OATHAuth Gerrit-Branch: wmf/1.27.0-wmf.19 Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth in beta, disabled for all users - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/280676 Change subject: Enable Ex:OATHAuth in beta, disabled for all users .. Enable Ex:OATHAuth in beta, disabled for all users Enable OATHAuth in beta, but disable it for all users. For testing, we'll give the user right to the global Staff group. Change-Id: I29d054e60d6c81524037143fab2bc07db4a2d38e --- M wmf-config/CommonSettings-labs.php M wmf-config/InitialiseSettings-labs.php 2 files changed, 11 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/76/280676/1 diff --git a/wmf-config/CommonSettings-labs.php b/wmf-config/CommonSettings-labs.php index 8bf542b..a5ef67c 100644 --- a/wmf-config/CommonSettings-labs.php +++ b/wmf-config/CommonSettings-labs.php @@ -337,6 +337,13 @@ $wgOresBaseUrl = 'https://ores.wmflabs.org/'; } +if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) { + wfLoadExtension( 'OATHAuth' ); + $wgOATHAuthDatabase = 'centralauth'; + // Roll this feature out to specific groups initially + $wgGroupPermissions['*']['oathauth-enable'] = false; +} + // Experimental $wgGadgetsCaching = false; diff --git a/wmf-config/InitialiseSettings-labs.php b/wmf-config/InitialiseSettings-labs.php index 4f6240e..81d4b18 100644 --- a/wmf-config/InitialiseSettings-labs.php +++ b/wmf-config/InitialiseSettings-labs.php @@ -652,5 +652,9 @@ 'wmgUseCollection' => array( 'zhwiki' => true, // T128425 ), + // Test enabling OATH for 2FA + 'wmgUseOATHAuth' => array( + 'default' => true, + ) ); } # wmflLabsSettings() -- To view, visit https://gerrit.wikimedia.org/r/280676 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I29d054e60d6c81524037143fab2bc07db4a2d38e Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Move token login to separate page - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/280672 Change subject: Move token login to separate page .. Move token login to separate page Rather than have an extraneous form on the login page, move the token input to a separate page. The actual logic for logging in is identical, the only difference is that the token is added to the form data on a second page request. Bug: 53195 Change-Id: I39859cc59f1811de42b72f6167d332ea48812f97 (cherry picked from commit 1a8006317dd2c52e4f70d10f585800e8efeb5b1a) --- M OATHAuth.hooks.php M extension.json M i18n/en.json M i18n/qqq.json M special/SpecialOATH.php M special/SpecialOATHDisable.php M special/SpecialOATHEnable.php A special/SpecialOATHLogin.php 8 files changed, 175 insertions(+), 79 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/72/280672/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index c65fdf6..4e78c0a 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -7,23 +7,6 @@ */ class OATHAuthHooks { /** -* @param $template UserloginTemplate -* @return bool -*/ - static function ModifyUITemplate( &$template ) { - $input = '' - . wfMessage( 'oathauth-token' )->escaped() - . '' - . Html::input( 'wpOATHToken', null, 'text', array( - 'class' => 'loginText', 'id' => 'wpOATHToken', 'tabindex' => '3', 'size' => '20' - ) ) . ''; - - $template->set( 'extrafields', $template->get( 'extrafields', '' ) . $input ); - - return true; - } - - /** * Get the singleton OATH user repository * * @return OATHUserRepository @@ -59,7 +42,19 @@ * @return bool */ static function AbortChangePassword( $user, $password, $newpassword, &$errorMsg ) { - $result = self::authenticate( $user ); + global $wgRequest; + + $token = $wgRequest->getText( 'wpOATHToken' ); + $oathrepo = self::getOATHUserRepository(); + $oathuser = $oathrepo->findByUser( $user ); + # Though it's weird to default to true, we only want to deny + # users who have two-factor enabled and have validated their + # token. + $result = true; + + if ( $oathuser->getKey() !== null ) { + $result = $oathuser->getKey()->verifyToken( $token, $oathuser ); + } if ( $result ) { return true; @@ -78,57 +73,18 @@ * @return bool */ static function AbortLogin( $user, $password, &$abort, &$errorMsg ) { - $result = self::authenticate( $user ); - if ( $result ) { - return true; - } else { - $abort = LoginForm::ABORTED; - $errorMsg = 'oathauth-abortlogin'; - return false; - } - } + $context = RequestContext::getMain(); + $request = $context->getRequest(); + $output = $context->getOutput(); - /** -* @param $user User -* @return bool -*/ - static function authenticate( $user ) { - global $wgRequest; + $oathrepo = self::getOATHUserRepository(); + $oathuser = $oathrepo->findByUser( $user ); - $token = $wgRequest->getText( 'wpOATHToken' ); - $oathuser = self::getOATHUserRepository()->findByUser( $user ); - # Though it's weird to default to true, we only want to deny - # users who have two-factor enabled and have validated their - # token. - $result = true; - - if ( $oathuser->getKey() !== null ) { - $result = $oathuser->getKey()->verifyToken( $token, $oathuser ); - } - - return $result; - } - - /** -* Determine if two-factor authentication is enabled for $wgUser -* -* @param bool &$isEnabled Will be set to true if enabled, false otherwise -* -* @return bool False if enabled, true otherwise -*/ - static function TwoFactorIsEnabled( &$isEnabled ) { - global $wgUser; - - $user = self::getOATHUserRepository()->findByUser( $wgUser ); - if ( $user && $user->getKey() !== null ) { - $isEnabled = true; - # This two-factor extension is enabled by the user, - # we don't need to check others. + if ( $oathuser->getKey() !== null && !$request->getCheck( 'token' ) ) { +
[MediaWiki-commits] [Gerrit] Fix i18n merge errors - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/280671 Change subject: Fix i18n merge errors .. Fix i18n merge errors Address comments by Raimond Spekking on I39859cc59f1811de42b72f6167d332ea48812f97 Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5 --- M i18n/en.json 1 file changed, 1 insertion(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/71/280671/1 diff --git a/i18n/en.json b/i18n/en.json index da3e6cf..ea88e39 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -17,7 +17,7 @@ "oathauth-verify": "Verify two-factor token", "openstackmanager-scratchtokens": "The following list is a list of one-time use scratch tokens. These tokens can only be used once, and are for emergency use. Please write these down and keep them in a secure location. If you lose your phone, these tokens are the only way to rescue your account. These tokens will never be shown again.", "oathauth-reset": "Reset two-factor credentials", - "oathauth-donotdeleteoldsecret": "Please do not delete your old credentials until you have successfully validated your new credentials.", + "oathauth-donotdeleteoldsecret": "Please do not delete your old credentials until you have validated your new credentials.", "oathauth-token": "Token", "oathauth-currenttoken": "Current token", "oathauth-newtoken": "New token", @@ -36,7 +36,6 @@ "oathauth-notloggedin": "Login required", "oathauth-mustbeloggedin": "You must be logged in to perform this action.", "oathauth-prefs-label": "Two-factor authentication:", - "oathauth-abortlogin": "The two-factor authentication token provided was invalid.", "oathauth-abortlogin": "The two-factor authentication token provided was invalid.", "oathauth-step1": "Step 1: Download the app", "oathauth-step1-test": "Download a mobile app for two-factor authentication (such as Google Authenticator) on to your phone.", -- To view, visit https://gerrit.wikimedia.org/r/280671 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OATHAuth Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Encrypt password when stored in user session - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/280614 Change subject: Encrypt password when stored in user session .. Encrypt password when stored in user session During the two-step login, users with OATH enabled need to have their login details saved into their session while we prompt them for their OATH code. This encrypts that data, so we don't write their user's password into our session storage. Change-Id: I9969871205ac5c438706df41ef1519cb4cd7a964 --- M OATHAuth.hooks.php A OATHAuthUtils.php M extension.json M special/SpecialOATH.php M special/SpecialOATHLogin.php 5 files changed, 120 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/14/280614/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 4e78c0a..0fd551c 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -81,7 +81,12 @@ $oathuser = $oathrepo->findByUser( $user ); if ( $oathuser->getKey() !== null && !$request->getCheck( 'token' ) ) { - $request->setSessionData( 'oath_login', $request->getValues() ); + $encData = OATHAuthUtils::encryptSessionData( + $request->getValues(), + $user->getId() + ); + $request->setSessionData( 'oath_login', $encData ); + $request->setSessionData( 'oath_uid', $user->getId() ); $output->redirect( SpecialPage::getTitleFor( 'OATH' )->getFullURL( '', false, PROTO_CURRENT ) ); return false; } else { diff --git a/OATHAuthUtils.php b/OATHAuthUtils.php new file mode 100644 index 000..9d8b401 --- /dev/null +++ b/OATHAuthUtils.php @@ -0,0 +1,105 @@ + substr( $keymats, 0, 32 ), + 'hmac' => substr( $keymats, 32, 32 ), + ); + } + + /** +* Actually encrypt the data, using a new random IV, and prepend the hmac +* of the encrypted data + IV, using a separate hmac key. +* @return $hmac.$iv.$ciphertext, each component b64 encoded +*/ + private static function seal( $data, $encKey, $hmacKey ) { + $iv = MWCryptRand::generate( 16, true ); + $ciphertext = openssl_encrypt( + $data, + 'aes-256-ctr', + $encKey, + OPENSSL_RAW_DATA, + $iv + ); + $sealed = base64_encode( $iv ) . '.' . base64_encode( $ciphertext ); + $hmac = hash_hmac( 'sha256', $sealed, $hmacKey, true ); + return base64_encode( $hmac ) . '.' . $sealed; + } + + /** +* Decrypt data sealed using seal(). First checks the hmac to prevent various +* attacks. +* @return plaintext +*/ + private static function unseal( $encrypted, $encKey, $hmacKey ) { + $pieces = explode( '.', $encrypted ); + if ( count( $pieces ) !== 3 ) { + throw new InvalidArgumentException( 'Invalid sealed-secret format' ); + } + + list( $hmac, $iv, $ciphertext ) = $pieces; + $integCalc = hash_hmac( 'sha256', $iv . '.' . $ciphertext, $hmacKey, true ); + if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) { + throw new Exception( 'Sealed secret has been tampered with, aborting.' ); + } + + return openssl_decrypt( + base64_decode( $ciphertext ), + 'aes-256-ctr', + $encKey, + OPENSSL_RAW_DATA, + base64_decode( $iv ) + ); + } + +} diff --git a/extension.json b/extension.json index 29151b2..d028cff 100644 --- a/extension.json +++ b/extension.json @@ -8,6 +8,7 @@ "AutoloadClasses": { "OATHAuthHooks": "OATHAuth.hooks.php", "OATHAuthKey": "OATHAuthKey.php", + "OATHAuthUtils": "OATHAuthUtils.php", "OATHUserRepository": "OATHUserRepository.php", "HOTP": "lib/hotp.php", "HOTPResult": "lib/hotp.php", @@ -46,7 +47,8 @@ }, "config": { "OATHAuthWindowRadius": 4, - "OATHAuthDatabase": false + "OATHAuthDatabase": false, + "OATHAuthSecret": false }, "ResourceModules": { "ext.oathauth": { diff --git a/special/SpecialOATH.php b/special/SpecialOATH.php index 7f8a580..ae99c39 100644 --- a/special/SpecialOATH.php +++ b/special/SpecialOATH.php @@ -20,8 +20,12 @@ $page = null; if ( $this->getUser()->isAnon() && $loginInfo !==
[MediaWiki-commits] [Gerrit] [WIP] Encrypted secret storage in MediaWiki - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/279981 Change subject: [WIP] Encrypted secret storage in MediaWiki .. [WIP] Encrypted secret storage in MediaWiki * Put Pbkdf2 implmentation from Password hashing into its own class * Add SecretStore which has and api that is hard for developers to user insecurely. * Make SecretStoreAesCtrSha256 the default implementation TODO: * encode class in sealed envelope ** review password api pattern * comments Change-Id: I3a7b4830922a32aab3c9d9155ca11adf50f23064 --- M autoload.php M includes/DefaultSettings.php M includes/Setup.php A includes/crypto/Pbkdf2.php A includes/crypto/SecretStore.php A includes/crypto/SecretStoreAesCtrSha256.php M includes/password/Pbkdf2Password.php A tests/phpunit/includes/crypto/Pbkdf2Test.php A tests/phpunit/includes/crypto/SecretStoreAesCtrSha256Test.php A tests/phpunit/includes/crypto/SecretStoreTest.php 10 files changed, 617 insertions(+), 33 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/81/279981/1 diff --git a/autoload.php b/autoload.php index 673072b..9f197f2 100644 --- a/autoload.php +++ b/autoload.php @@ -577,6 +577,7 @@ 'InstallerOverrides' => __DIR__ . '/mw-config/overrides.php', 'Interwiki' => __DIR__ . '/includes/interwiki/Interwiki.php', 'InvalidPassword' => __DIR__ . '/includes/password/InvalidPassword.php', + 'ISecretStorer' => __DIR__ . '/includes/crypto/ISecretStorer.php', 'IteratorDecorator' => __DIR__ . '/includes/utils/iterators/IteratorDecorator.php', 'IuConverter' => __DIR__ . '/languages/classes/LanguageIu.php', 'JSCompilerContext' => __DIR__ . '/includes/libs/jsminplus.php', @@ -913,6 +914,7 @@ 'PathRouterPatternReplacer' => __DIR__ . '/includes/PathRouter.php', 'PatrolLog' => __DIR__ . '/includes/logging/PatrolLog.php', 'PatrolLogFormatter' => __DIR__ . '/includes/logging/PatrolLogFormatter.php', + 'Pbkdf2' => __DIR__ . '/includes/crypto/Pbkdf2.php', 'Pbkdf2Password' => __DIR__ . '/includes/password/Pbkdf2Password.php', 'PermissionsError' => __DIR__ . '/includes/exception/PermissionsError.php', 'PhpHttpRequest' => __DIR__ . '/includes/HttpFunctions.php', @@ -1102,6 +1104,8 @@ 'SearchUpdate' => __DIR__ . '/includes/deferred/SearchUpdate.php', 'SectionProfileCallback' => __DIR__ . '/includes/profiler/SectionProfiler.php', 'SectionProfiler' => __DIR__ . '/includes/profiler/SectionProfiler.php', + 'SecretStore' => __DIR__ . '/includes/crypto/SecretStore.php', + 'SecretStoreAesCtrSha256' => __DIR__ . '/includes/crypto/SecretStoreAesCtrSha256.php', 'SevenZipStream' => __DIR__ . '/maintenance/7zip.inc', 'ShiConverter' => __DIR__ . '/languages/classes/LanguageShi.php', 'ShortPagesPage' => __DIR__ . '/includes/specials/SpecialShortpages.php', diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 9eff602..3a157a8 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4476,6 +4476,21 @@ ); /** + * Configuration for a generic secret encryption mechanism. + * 'classes' maps SecretStore classes to their abbreviated name. + * 'defaultClass' is the default SecretStore class used to seal new secrets. + * 'secrets' should be an array of secret keys used to seal stored secrets. An array + * is kept so that the secret can be easily rotated in production. If this array + * is empty, $wgSecretKey is added as element 0 in Setup.php. + * 'defaultSecret' the current secret to use when sealing. + */ +$wgSecretStoreConfig = array( + 'defaultClass' => 'acs256', + 'secrets' => array(), + 'defaultSecret' => 0, +); + +/** * Whether to allow password resets ("enter some identifying data, and we'll send an email * with a temporary password you can use to get back into the account") identified by * various bits of data. Setting all of these to false (or the whole variable to false) diff --git a/includes/Setup.php b/includes/Setup.php index 67c99c9..cfc6e49 100644 --- a/includes/Setup.php +++ b/includes/Setup.php @@ -478,6 +478,11 @@ $wgPasswordPolicy['policies']['default']['MaximalPasswordLength'] = $wgMaximalPasswordLength; } +// Setup default SecretStore +if ( !$wgSecretStoreConfig['secrets'] ) { + $wgSecretStoreConfig['secrets'] = array( $wgSecretKey ); +} + // Backwards compatibility with deprecated alias // Must be before call to wfSetupSession() if ( $wgSessionsInMemcached ) { diff --git a/includes/crypto/Pbkdf2.php b/includes/crypto/Pbkdf2.php new file mode 100644 index 000..c446715 --- /dev/null +++ b/includes/crypto/Pbkdf2.php @@ -0,0 +1,78 @@ +http://www.gnu.org/copyleft/gpl.html + * + * @file + */ + +/** + * A PBKDF2-hash b/c wrapper + * @since 1.27 + */ + +class Pbkdf2 { + + /** +*
[MediaWiki-commits] [Gerrit] Add user right for enabling two-factor auth - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/279575 Change subject: Add user right for enabling two-factor auth .. Add user right for enabling two-factor auth Make new right oathauth-enable that the user must have to enable two factor authentication (disabling and logging in, of course, are still allowed). Bug: T100376 Change-Id: I18d43f8b2cf2c2ce9c2309a43961686498b5c999 --- M OATHAuth.hooks.php M extension.json M i18n/en.json M i18n/qqq.json M special/SpecialOATHEnable.php 5 files changed, 25 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/75/279575/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 4c3f68d..c65fdf6 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -142,6 +142,10 @@ * @return bool */ public static function manageOATH( User $user, array &$preferences ) { + if ( !$user->isAllowed( 'oathauth-enable' ) ) { + return true; + } + $oathUser = self::getOATHUserRepository()->findByUser( $user ); $title = SpecialPage::getTitleFor( 'OATH' ); diff --git a/extension.json b/extension.json index 09ef513..e367775 100644 --- a/extension.json +++ b/extension.json @@ -69,5 +69,13 @@ "SpecialPages": { "OATH": "SpecialOATH" }, + "AvailableRights": [ + "oathauth-enable" + ], + "GroupPermissions": { + "*": { + "oathauth-enable": true + } + }, "manifest_version": 1 } diff --git a/i18n/en.json b/i18n/en.json index 66568c1..5413063 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -42,5 +42,7 @@ "oathauth-step2alt": "Or enter the secret manually:", "oathauth-step3": "Step 3: Write down the scratch codes", "oathauth-step4": "Step 4: Verification", - "oathauth-entertoken": "Enter a code from your mobile app to verify:" + "oathauth-entertoken": "Enter a code from your mobile app to verify:", + "right-oathauth-enable": "Enable two-factor authentication", + "action-oathauth-enable": "enable two-factor authentication" } diff --git a/i18n/qqq.json b/i18n/qqq.json index 369a1e3..439c8c5 100644 --- a/i18n/qqq.json +++ b/i18n/qqq.json @@ -40,11 +40,13 @@ "oathauth-mustbeloggedin": "Plain text seen on Special:OATH when a user is not logged in.", "oathauth-prefs-label": "Plain text label seen on Special:Preferences\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]", "oathauth-abortlogin": "Error message shown on login and password change pages when authentication is aborted.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]", -"oathauth-step1": "Label for step 1 on Special:OATH form", -"oathauth-step1-test": "Text for step 1 on Special:OATH form", -"oathauth-step2": "Label for step 2, the QR code, on Special:OATH", -"oathauth-step2alt": "Label for information on how to manually do step 2 on Special:OATH", -"oathauth-step3": "Label for step 3 information on Special:OATH", -"oathauth-step4": "Label for step 4 information on Special:OATH", -"oathauth-entertoken": "Label on input field on Special:OATH asking user to enter token" + "oathauth-step1": "Label for step 1 on Special:OATH form", + "oathauth-step1-test": "Text for step 1 on Special:OATH form", + "oathauth-step2": "Label for step 2, the QR code, on Special:OATH", + "oathauth-step2alt": "Label for information on how to manually do step 2 on Special:OATH", + "oathauth-step3": "Label for step 3 information on Special:OATH", + "oathauth-step4": "Label for step 4 information on Special:OATH", + "oathauth-entertoken": "Label on input field on Special:OATH asking user to enter token", + "right-oathauth-enable": "{{doc-right|oathauth-enable}}", + "action-oathauth-enable": "{{doc-action|oathauth-enable}}" } diff --git a/special/SpecialOATHEnable.php b/special/SpecialOATHEnable.php index 1fb4bc4..4e331fd 100644 --- a/special/SpecialOATHEnable.php +++ b/special/SpecialOATHEnable.php @@ -20,7 +20,7 @@ * @param OATHUser $user */ public function __construct( OATHUserRepository $repository, OATHUser $user ) { - parent::__construct( 'OATH', '', false ); + parent::__construct( 'OATH', 'oathauth-enable', false ); $this->OATHRepository = $repository; $this->OATHUser = $user; -- To view, visit https://gerrit.wikimedia.org/r/279575 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I18d43f8b2cf2c2ce9c2309a43961686498b5c999 Gerrit-PatchSet: 1 Gerrit-Project:
[MediaWiki-commits] [Gerrit] Allow for using separate database for OATH creds - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/279427 Change subject: Allow for using separate database for OATH creds .. Allow for using separate database for OATH creds Add configuration variable for specifying what database the OATH credentials are stored in, that way wikis that use CentralAuth can centralize their two-factor authentication data as well. Bug: T100374 Change-Id: I285e2fe29fee43ddc6c5a6e51823911d43c596f6 (cherry picked from commit 67c7dd10e7dff43a3e2ae78995575775a21732af) --- M OATHAuth.hooks.php M OATHAuthKey.php M extension.json M special/SpecialOATH.php 4 files changed, 25 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/27/279427/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 2df0313..4c3f68d 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -24,6 +24,23 @@ } /** +* Get the singleton OATH user repository +* +* @return OATHUserRepository +*/ + public static function getOATHUserRepository() { + global $wgOATHAuthDatabase; + + static $service = null; + + if ( $service == null ) { + $service = new OATHUserRepository( wfGetLB( $wgOATHAuthDatabase ) ); + } + + return $service; + } + + /** * @param $extraFields array * @return bool */ @@ -43,6 +60,7 @@ */ static function AbortChangePassword( $user, $password, $newpassword, &$errorMsg ) { $result = self::authenticate( $user ); + if ( $result ) { return true; } else { @@ -78,8 +96,7 @@ global $wgRequest; $token = $wgRequest->getText( 'wpOATHToken' ); - $oathrepo = new OATHUserRepository( wfGetLB() ); - $oathuser = $oathrepo->findByUser( $user ); + $oathuser = self::getOATHUserRepository()->findByUser( $user ); # Though it's weird to default to true, we only want to deny # users who have two-factor enabled and have validated their # token. @@ -102,8 +119,7 @@ static function TwoFactorIsEnabled( &$isEnabled ) { global $wgUser; - $oathrepo = new OATHUserRepository( wfGetLB() ); - $user = $oathrepo->findByUser( $wgUser ); + $user = self::getOATHUserRepository()->findByUser( $wgUser ); if ( $user && $user->getKey() !== null ) { $isEnabled = true; # This two-factor extension is enabled by the user, @@ -126,8 +142,7 @@ * @return bool */ public static function manageOATH( User $user, array &$preferences ) { - $oathrepo = new OATHUserRepository( wfGetLB() ); - $oathUser = $oathrepo->findByUser( $user ); + $oathUser = self::getOATHUserRepository()->findByUser( $user ); $title = SpecialPage::getTitleFor( 'OATH' ); $msg = $oathUser->getKey() !== null ? 'oathauth-disable' : 'oathauth-enable'; diff --git a/OATHAuthKey.php b/OATHAuthKey.php index ac4a26b..c5ce239 100644 --- a/OATHAuthKey.php +++ b/OATHAuthKey.php @@ -117,7 +117,7 @@ if ( $token === $this->scratchTokens[$i] ) { // If there is a scratch token, remove it from the scratch token list unset( $this->scratchTokens[$i] ); - $oathrepo = new OATHUserRepository( wfGetLB() ); + $oathrepo = OATHAuthHooks::getOATHUserRepository(); $user->setKey( $this ); $oathrepo->persist( $user ); // Only return true if we removed it from the database diff --git a/extension.json b/extension.json index 9a47fa4..09ef513 100644 --- a/extension.json +++ b/extension.json @@ -50,7 +50,8 @@ ] }, "config": { - "OATHAuthWindowRadius": 4 + "OATHAuthWindowRadius": 4, + "OATHAuthDatabase": false }, "ResourceModules": { "ext.oathauth": { diff --git a/special/SpecialOATH.php b/special/SpecialOATH.php index 5ab08dd..96214cf 100644 --- a/special/SpecialOATH.php +++ b/special/SpecialOATH.php @@ -11,7 +11,7 @@ * @return SpecialOATHDisable|SpecialOATHEnable|SpecialPage */ protected function getTargetPage() { - $repo = new OATHUserRepository( wfGetLB() ); + $repo =
[MediaWiki-commits] [Gerrit] Allow all users to enable OATH 2FA - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/279271 Change subject: Allow all users to enable OATH 2FA .. Allow all users to enable OATH 2FA After I18d43f8b2cf2c2ce9c2309a43961686498b5c999 is merged, an extra user right is required to enable OATH 2FA. All users on labswiki should be allowed to enable OATH. Change-Id: If00ee6101822c73cdbf7345f5b89f16326d30f3c --- M wmf-config/wikitech.php 1 file changed, 3 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/71/279271/1 diff --git a/wmf-config/wikitech.php b/wmf-config/wikitech.php index 468cb22..a50f7df 100644 --- a/wmf-config/wikitech.php +++ b/wmf-config/wikitech.php @@ -180,4 +180,7 @@ #$wgOpenIDConsumerDenyByDefault = true; require_once( "$IP/extensions/OATHAuth/OATHAuth.php" ); +// Allow all users to enable OATH 2FA on labswiki +$wgGroupPermissions['*']['oathauth-enable'] = true; + require_once( "$IP/extensions/DynamicSidebar/DynamicSidebar.php" ); -- To view, visit https://gerrit.wikimedia.org/r/279271 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If00ee6101822c73cdbf7345f5b89f16326d30f3c Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Refactored special pages into HTMLForm and proxy - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/279253 Change subject: Refactored special pages into HTMLForm and proxy .. Refactored special pages into HTMLForm and proxy Made new class ProxySpecialPage, which acts as a proxy object to another SpecialPage object that is determined based on context information other than the title. Then Special:OATH has been split into two separate special page classes (both FormSpecialPages using HTMLForm) that are routed to by a ProxySpecialPage object. In addition, the form for enabling two-factor auth has been refactored into vform style, with some better instructions on how to enable two-factor authentication. Change-Id: Ib9117cbc9d7f044de9607db81a157e1b472b5ec0 (cherry picked from commit 0c389f50255325338a03fed8739a923ad2aefc1e) --- M OATHAuth.hooks.php M OATHAuthKey.php M OATHUser.php M extension.json M i18n/en.json M i18n/qqq.json A special/ProxySpecialPage.php M special/SpecialOATH.php A special/SpecialOATHDisable.php A special/SpecialOATHEnable.php 10 files changed, 575 insertions(+), 279 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/53/279253/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 8bbc24d..2df0313 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -2,6 +2,8 @@ /** * Hooks for Extension:OATHAuth + * + * @ingroup Extensions */ class OATHAuthHooks { /** @@ -128,39 +130,20 @@ $oathUser = $oathrepo->findByUser( $user ); $title = SpecialPage::getTitleFor( 'OATH' ); - if ( $oathUser->getKey() !== null ) { - $preferences['oath-disable'] = array( - 'type' => 'info', - 'raw' => 'true', - 'default' => Linker::link( - $title, - wfMessage( 'oathauth-disable' )->escaped(), - array(), - array( - 'action' => 'disable', - 'returnto' => SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() - ) - ), - 'label-message' => 'oathauth-prefs-label', - 'section' => 'personal/info', - ); - } else { - $preferences['oath-enable'] = array( - 'type' => 'info', - 'raw' => 'true', - 'default' => Linker::link( - $title, - wfMessage( 'oathauth-enable' )->escaped(), - array(), - array( - 'action' => 'enable', - 'returnto' => SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() - ) - ), - 'label-message' => 'oathauth-prefs-label', - 'section' => 'personal/info', - ); - } + $msg = $oathUser->getKey() !== null ? 'oathauth-disable' : 'oathauth-enable'; + + $preferences[$msg] = array( + 'type' => 'info', + 'raw' => 'true', + 'default' => Linker::link( + $title, + wfMessage( $msg )->escaped(), + array(), + array( 'returnto' => SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() ) + ), + 'label-message' => 'oathauth-prefs-label', + 'section' => 'personal/info', + ); return true; } diff --git a/OATHAuthKey.php b/OATHAuthKey.php index e50826d..ac4a26b 100644 --- a/OATHAuthKey.php +++ b/OATHAuthKey.php @@ -4,8 +4,22 @@ * Class representing a two-factor key * * Keys can be tied to OAUTHUsers + * + * @ingroup Extensions */ class OATHAuthKey { + /** +* Represents that a token corresponds to the main secret +* @see verifyToken +*/ + const MAIN_TOKEN = 1; + + /** +* Represents that a token corresponds to a scratch token +* @see verifyToken +*/ + const SCRATCH_TOKEN = -1; + /** @var string Two factor binary secret */ private $secret; @@ -63,7 +77,8 @@ * @param string $token Token to verify
[MediaWiki-commits] [Gerrit] Refactor extension key storage - change (mediawiki...OATHAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/279086 Change subject: Refactor extension key storage .. Refactor extension key storage This takes out the actual key information from OATHUser and puts it into an OATHKey class, which OATHUser depends on. This allows easily swapping keys in/out from a user. Change-Id: Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19 (cherry picked from commit 89455cdfb2111b83506149f5ef0c39bbef8fc2cf) --- M OATHAuth.hooks.php A OATHAuthKey.php M OATHUser.php A OATHUserRepository.php M extension.json M lib/hotp.php A maintenance/update_scratch_token_format.php D oathauth.sql M special/SpecialOATH.php A sql/mysql/patch-remove_reset.sql A sql/mysql/tables.sql 11 files changed, 379 insertions(+), 584 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth refs/changes/86/279086/1 diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 4aa8a67..8bbc24d 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -76,14 +76,17 @@ global $wgRequest; $token = $wgRequest->getText( 'wpOATHToken' ); - $oathuser = OATHUser::newFromUser( $user ); + $oathrepo = new OATHUserRepository( wfGetLB() ); + $oathuser = $oathrepo->findByUser( $user ); # Though it's weird to default to true, we only want to deny # users who have two-factor enabled and have validated their # token. $result = true; - if ( $oathuser && $oathuser->isEnabled() && $oathuser->isValidated() ) { - $result = $oathuser->verifyToken( $token ); + + if ( $oathuser->getKey() !== null ) { + $result = $oathuser->getKey()->verifyToken( $token, $oathuser ); } + return $result; } @@ -97,8 +100,9 @@ static function TwoFactorIsEnabled( &$isEnabled ) { global $wgUser; - $user = OATHUser::newFromUser( $wgUser ); - if ( $user && $user->isEnabled() && $user->isValidated() ) { + $oathrepo = new OATHUserRepository( wfGetLB() ); + $user = $oathrepo->findByUser( $wgUser ); + if ( $user && $user->getKey() !== null ) { $isEnabled = true; # This two-factor extension is enabled by the user, # we don't need to check others. @@ -120,10 +124,11 @@ * @return bool */ public static function manageOATH( User $user, array &$preferences ) { - $oathUser = OATHUser::newFromUser( $user ); + $oathrepo = new OATHUserRepository( wfGetLB() ); + $oathUser = $oathrepo->findByUser( $user ); $title = SpecialPage::getTitleFor( 'OATH' ); - if ( $oathUser->isEnabled() && $oathUser->isValidated() ) { + if ( $oathUser->getKey() !== null ) { $preferences['oath-disable'] = array( 'type' => 'info', 'raw' => 'true', @@ -137,20 +142,6 @@ ) ), 'label-message' => 'oathauth-prefs-label', - 'section' => 'personal/info', - ); - $preferences['oath-reset'] = array( - 'type' => 'info', - 'raw' => 'true', - 'default' => Linker::link( - $title, - wfMessage( 'oathauth-reset' )->escaped(), - array(), - array( - 'action' => 'reset', - 'returnto' => SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() - ) - ), 'section' => 'personal/info', ); } else { @@ -183,9 +174,55 @@ switch ( $updater->getDB()->getType() ) { case 'mysql': case 'sqlite': - $updater->addExtensionTable( 'oathauth_users', "$base/oathauth.sql" ); + $updater->addExtensionTable( 'oathauth_users', "$base/sql/mysql/tables.sql" ); + $updater->addExtensionUpdate( array( array( __CLASS__, 'schemaUpdateOldUsersFromInstaller' ) ) ); + $updater->dropExtensionField( 'oathauth_users', 'secret_reset', +
[MediaWiki-commits] [Gerrit] Enforce password policies on labs - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/276518 Change subject: Enforce password policies on labs .. Enforce password policies on labs In preparation for enfocing these policies in production, enforce password policies in labs, as specified by the policy RFC on meta. Bug: T119100 Change-Id: I9de88627715e4d5d63e363248bd0591c575f125d --- M wmf-config/CommonSettings-labs.php 1 file changed, 54 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/18/276518/1 diff --git a/wmf-config/CommonSettings-labs.php b/wmf-config/CommonSettings-labs.php index b952f90..bf98da9 100644 --- a/wmf-config/CommonSettings-labs.php +++ b/wmf-config/CommonSettings-labs.php @@ -355,6 +355,60 @@ $wgMessageCacheType = CACHE_ACCEL; +// Enforce password policy when users login on other wikis +if ( $wmgUseCentralAuth ) { + $wgHooks['PasswordPoliciesForUser'][] = function( User $user, array &$effectivePolicy ) { + $central = CentralAuthUser::getInstance( $user ); + if ( !$central->exists() ) { + return true; + } + + $privilegedPolicy = array( + 'MinimalPasswordLength' => 8, + 'MinimumPasswordLengthToLogin' => 1, + 'PasswordCannotBePopular' => 1, + ); + + if ( array_intersect( + array( 'bureaucrat', 'sysop', 'checkuser', 'oversight', 'interface-editor' ), + $central->getLocalGroups() + ) ) { + $effectivePolicy = UserPasswordPolicy::maxOfPolicies( + $effectivePolicy, + $privilegedPolicy + ); + return true; + } + + // Result should be cached by getLocalGroups() above + $attachInfo = $central->queryAttached(); + $enforceWikiGroups = array( + 'centralnoticeadmin' => array( 'metawiki', 'testwiki' ), + 'templateeditor' => array( 'fawiki', 'rowiki' ), + 'botadmin' => array( 'frwiktionary', 'mlwiki', 'mlwikisource', 'mlwiktionary' ), + 'translator' => array( 'incubatorwiki' ), + 'technician' => array( 'trwiki' ), + 'wikidata-staff' => array( 'wikidata' ), + ); + + foreach ( $enforceWikiGroups as $group => $wikis ) { + foreach ( $wikis as $wiki ) { + if ( isset( $attachInfo[$wiki]['groups'] ) + && in_array( $group, $attachInfo[$wiki]['groups'] ) ) + { + $effectivePolicy = UserPasswordPolicy::maxOfPolicies( + $effectivePolicy, + $privilegedPolicy + ); + return true; + } + } + } + + return true; + }; +} + // Test of new import source configuration on labs cluster $wgImportSources = false; include( "$wmfConfigDir/import.php" ); -- To view, visit https://gerrit.wikimedia.org/r/276518 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9de88627715e4d5d63e363248bd0591c575f125d Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Update default hash storage settings - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/275868 Change subject: Update default hash storage settings .. Update default hash storage settings Update the default hash settings to align output length and hash block size. Bug: T127445 Change-Id: I8419ec9db28eba5868d3a9ee9542d998bfde920b --- M includes/DefaultSettings.php 1 file changed, 3 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/68/275868/1 diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index c04602c..4cf0c40 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4496,9 +4496,9 @@ ], 'pbkdf2' => [ 'class' => 'Pbkdf2Password', - 'algo' => 'sha256', - 'cost' => '1', - 'length' => '128', + 'algo' => 'sha512', + 'cost' => '3', + 'length' => '64', ], ]; -- To view, visit https://gerrit.wikimedia.org/r/275868 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8419ec9db28eba5868d3a9ee9542d998bfde920b Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Update pbkdf2 hash parameters - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/274795 Change subject: Update pbkdf2 hash parameters .. Update pbkdf2 hash parameters Follow-up to I5fb2f656b3a640beb796e5e613524e1f660b64d5. Make the parameters apply to all wikis, not just beta. Bug: T127445 Bug: T116030 Change-Id: I1facac4bce9d859d251dd326aab8d619df47d00b --- M wmf-config/CommonSettings-labs.php M wmf-config/CommonSettings.php 2 files changed, 6 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/95/274795/1 diff --git a/wmf-config/CommonSettings-labs.php b/wmf-config/CommonSettings-labs.php index 104a63e..b952f90 100644 --- a/wmf-config/CommonSettings-labs.php +++ b/wmf-config/CommonSettings-labs.php @@ -355,13 +355,6 @@ $wgMessageCacheType = CACHE_ACCEL; -$wgPasswordConfig['pbkdf2'] = array( - 'class' => 'Pbkdf2Password', - 'algo' => 'sha512', - 'cost' => '128000', - 'length' => '64', -); - // Test of new import source configuration on labs cluster $wgImportSources = false; include( "$wmfConfigDir/import.php" ); diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 2fe3748..1421502 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -346,7 +346,12 @@ // Use PBKDF2 for password hashing (T70766) $wgPasswordDefault = 'pbkdf2'; // This needs to be increased as allowable by server performance -$wgPasswordConfig['pbkdf2']['cost'] = '64000'; +$wgPasswordConfig['pbkdf2'] = array( + 'class' => 'Pbkdf2Password', + 'algo' => 'sha512', + 'cost' => '128000', + 'length' => '64', +); if ( $wgDBname === 'labswiki' || $wgDBname === 'labtestwiki' ) { $wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10; -- To view, visit https://gerrit.wikimedia.org/r/274795 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1facac4bce9d859d251dd326aab8d619df47d00b Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Don't send Referer from private wikis - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/274414 Change subject: Don't send Referer from private wikis .. Don't send Referer from private wikis Change-Id: If904dece3828eb7d1123c2d313423735442bb219 --- M wmf-config/InitialiseSettings.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/14/274414/1 diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index d3ad521..ddc1e7d 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -11351,7 +11351,7 @@ 'wgReferrerPolicy' => array( 'default' => 'origin-when-cross-origin', - 'private' => false, + 'private' => 'no-referrer', ), 'wgUserEmailUseReplyTo' => array( -- To view, visit https://gerrit.wikimedia.org/r/274414 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If904dece3828eb7d1123c2d313423735442bb219 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Password policies for advanced permission groups - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/272660 Change subject: Password policies for advanced permission groups .. Password policies for advanced permission groups Begin implementing the results of https://meta.wikimedia.org/wiki/Requests_for_comment/Password_policy_for_users_with_certain_advanced_permissions Bug: T119100 Change-Id: I9bf79e16d61b6e7aca89cd7bd05a8ce65685a8c2 --- M wmf-config/CommonSettings.php 1 file changed, 36 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/60/272660/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index b8e05bf..1fe0299 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -353,16 +353,18 @@ if ( $wgDBname === 'labswiki' || $wgDBname === 'labtestwiki' ) { $wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10; } else { - // Temporarily set the policy for these roles to the previous WMF setting until - // we communicate the change to affected communities. - $wgPasswordPolicy['policies']['bureaucrat']['MinimalPasswordLength'] = 1; - $wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 1; + // See password policy RFC on meta + $wgPasswordPolicy['policies']['bureaucrat']['MinimalPasswordLength'] = 8; + $wgPasswordPolicy['policies']['bureaucrat']['PasswordCannotBePopular'] = 1; + $wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 8; + $wgPasswordPolicy['policies']['sysop']['PasswordCannotBePopular'] = 1; + $wgPasswordPolicy['policies']['checkuser']['MinimalPasswordLength'] = 8; + $wgPasswordPolicy['policies']['checkuser']['PasswordCannotBePopular'] = 1; + $wgPasswordPolicy['policies']['suppress']['MinimalPasswordLength'] = 8; + $wgPasswordPolicy['policies']['suppress']['PasswordCannotBePopular'] = 1; + $wgPasswordPolicy['policies']['bot']['MinimalPasswordLength'] = 1; } - -// Temporarily disable PasswordCannotBePopular policies until communicated. -unset( $wgPasswordPolicy['policies']['bureaucrat']['PasswordCannotBePopular'] ); -unset( $wgPasswordPolicy['policies']['sysop']['PasswordCannotBePopular'] ); // For global policies, see $wgCentralAuthGlobalPasswordPolicies below @@ -1278,6 +1280,32 @@ 'PasswordCannotMatchUsername' => true, ); + // See password policy RFC on meta + $wgCentralAuthGlobalPasswordPolicies['global-sysop'] = array( + 'MinimalPasswordLength' => 8, + 'PasswordCannotBePopular' => 1, + ); + $wgCentralAuthGlobalPasswordPolicies['global-interface-editor'] = array( + 'MinimalPasswordLength' => 8, + 'PasswordCannotBePopular' => 1, + ); + $wgCentralAuthGlobalPasswordPolicies['wmf-researcher'] = array( + 'MinimalPasswordLength' => 8, + 'PasswordCannotBePopular' => 1, + ); + $wgCentralAuthGlobalPasswordPolicies['new-wikis-importer'] = array( + 'MinimalPasswordLength' => 8, + 'PasswordCannotBePopular' => 1, + ); + $wgCentralAuthGlobalPasswordPolicies['ombudsman'] = array( + 'MinimalPasswordLength' => 8, + 'PasswordCannotBePopular' => 1, + ); + $wgCentralAuthGlobalPasswordPolicies['founder'] = array( + 'MinimalPasswordLength' => 8, + 'PasswordCannotBePopular' => 1, + ); + $wgCentralAuthUseSlaves = true; } -- To view, visit https://gerrit.wikimedia.org/r/272660 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9bf79e16d61b6e7aca89cd7bd05a8ce65685a8c2 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add authmanager events to logstash - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/271028 Change subject: Add authmanager events to logstash .. Add authmanager events to logstash It would be helpful to track some of these while we're making changes to password policies and throttles. Change-Id: I3660fe10900328de2fbe0eb9d96e93f7d70fb319 --- M wmf-config/InitialiseSettings.php 1 file changed, 1 insertion(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/28/271028/1 diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index e53b57b..74a1b95 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -4456,6 +4456,7 @@ 'antispoof' => 'debug', 'api' => array( 'logstash' => false ), 'api-feature-usage' => 'debug', +'authmanager' => array( 'udp2log' => false, 'logstash' => 'info' ), 'badpass' => 'debug', 'BounceHandler' => 'debug', 'Bug58676' => 'debug', # Invalid message parameter -- To view, visit https://gerrit.wikimedia.org/r/271028 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3660fe10900328de2fbe0eb9d96e93f7d70fb319 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert "Limit ip-all/subnet-all ping limts per wiki" - change (mediawiki/core)
CSteipp has submitted this change and it was merged. Change subject: Revert "Limit ip-all/subnet-all ping limts per wiki" .. Revert "Limit ip-all/subnet-all ping limts per wiki" This reverts commit 461406e31864e75fcd1c2f5ac967cb7ba5e5a182. My mistake, we've always used global keys for ip/subnet. Change-Id: I8bc1bfdf61ae5c0988a913871a7292faed372141 --- M includes/user/User.php 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: Legoktm: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/user/User.php b/includes/user/User.php index 6638fb7..da63075 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -1789,14 +1789,14 @@ // ip-based limits if ( isset( $limits['ip'] ) ) { $ip = $this->getRequest()->getIP(); - $keys[wfMemcKey( 'limiter', $action, 'ip', $ip )] = $limits['ip']; + $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip']; } // subnet-based limits if ( isset( $limits['subnet'] ) ) { $ip = $this->getRequest()->getIP(); $subnet = IP::getSubnet( $ip ); if ( $subnet !== false ) { - $keys[wfMemcKey( 'limiter', $action, 'subnet', $subnet )] = $limits['subnet']; + $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet']; } } } -- To view, visit https://gerrit.wikimedia.org/r/269470 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I8bc1bfdf61ae5c0988a913871a7292faed372141 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteippGerrit-Reviewer: CSteipp Gerrit-Reviewer: Legoktm Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Revert "Limit ip-all/subnet-all ping limts per wiki" - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/269470 Change subject: Revert "Limit ip-all/subnet-all ping limts per wiki" .. Revert "Limit ip-all/subnet-all ping limts per wiki" This reverts commit 461406e31864e75fcd1c2f5ac967cb7ba5e5a182. My mistake, we've always used global keys for ip/subnet. Change-Id: I8bc1bfdf61ae5c0988a913871a7292faed372141 --- M includes/user/User.php 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/70/269470/1 diff --git a/includes/user/User.php b/includes/user/User.php index 6638fb7..da63075 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -1789,14 +1789,14 @@ // ip-based limits if ( isset( $limits['ip'] ) ) { $ip = $this->getRequest()->getIP(); - $keys[wfMemcKey( 'limiter', $action, 'ip', $ip )] = $limits['ip']; + $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip']; } // subnet-based limits if ( isset( $limits['subnet'] ) ) { $ip = $this->getRequest()->getIP(); $subnet = IP::getSubnet( $ip ); if ( $subnet !== false ) { - $keys[wfMemcKey( 'limiter', $action, 'subnet', $subnet )] = $limits['subnet']; + $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet']; } } } -- To view, visit https://gerrit.wikimedia.org/r/269470 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8bc1bfdf61ae5c0988a913871a7292faed372141 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Limit ip-all/subnet-all ping limts per wiki - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/269366 Change subject: Limit ip-all/subnet-all ping limts per wiki .. Limit ip-all/subnet-all ping limts per wiki https://gerrit.wikimedia.org/r/#/c/266449 used a static string for ip-all/subnet-all limits, instead of generating a key unique to each wiki. Change-Id: Ie8013dc959fdeba92ecd463550e3d98d83276004 --- M includes/user/User.php 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/66/269366/1 diff --git a/includes/user/User.php b/includes/user/User.php index da63075..6638fb7 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -1789,14 +1789,14 @@ // ip-based limits if ( isset( $limits['ip'] ) ) { $ip = $this->getRequest()->getIP(); - $keys["mediawiki:limiter:$action:ip:$ip"] = $limits['ip']; + $keys[wfMemcKey( 'limiter', $action, 'ip', $ip )] = $limits['ip']; } // subnet-based limits if ( isset( $limits['subnet'] ) ) { $ip = $this->getRequest()->getIP(); $subnet = IP::getSubnet( $ip ); if ( $subnet !== false ) { - $keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet']; + $keys[wfMemcKey( 'limiter', $action, 'subnet', $subnet )] = $limits['subnet']; } } } -- To view, visit https://gerrit.wikimedia.org/r/269366 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie8013dc959fdeba92ecd463550e3d98d83276004 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Set password policy for global steward group - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/259439 Change subject: Set password policy for global steward group .. Set password policy for global steward group Discussed in person at WMF in Oct. Bug: T104371 Change-Id: Idaff88d669d71a374460bb6358759fc1a2c72ec7 --- M wmf-config/CommonSettings.php 1 file changed, 7 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/39/259439/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index e6d9673..13754c5 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -1280,6 +1280,13 @@ 'PasswordCannotMatchUsername' => true, 'PasswordCannotBePopular' => PHP_INT_MAX, ); + + // See T104371 + $wgCentralAuthGlobalPasswordPolicies['steward'] = array( + 'MinimalPasswordLength' => 8, + 'MinimumPasswordLengthToLogin' => 1, + 'PasswordCannotMatchUsername' => true, + ); } // Config for GlobalCssJs -- To view, visit https://gerrit.wikimedia.org/r/259439 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idaff88d669d71a374460bb6358759fc1a2c72ec7 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Set password policy for global sysadmin group - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/259436 Change subject: Set password policy for global sysadmin group .. Set password policy for global sysadmin group This group is mostly staff, and currently two volunteers. The group was notified last summer that the policy would be updated soon. Bug: T104370 Change-Id: Id9390456bce852e09b97d8998c54308879e066c6 --- M wmf-config/CommonSettings.php 1 file changed, 8 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/36/259436/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 062170a..e6d9673 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -1272,6 +1272,14 @@ 'PasswordCannotMatchUsername' => true, 'PasswordCannotBePopular' => PHP_INT_MAX, ); + + // WMF Staff and two volunteers + $wgCentralAuthGlobalPasswordPolicies['sysadmin'] = array( + 'MinimalPasswordLength' => 8, + 'MinimumPasswordLengthToLogin' => 1, + 'PasswordCannotMatchUsername' => true, + 'PasswordCannotBePopular' => PHP_INT_MAX, + ); } // Config for GlobalCssJs -- To view, visit https://gerrit.wikimedia.org/r/259436 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id9390456bce852e09b97d8998c54308879e066c6 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] [WIP] Show password policy on Special:ChangePassword - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/259029 Change subject: [WIP] Show password policy on Special:ChangePassword .. [WIP] Show password policy on Special:ChangePassword Show a text description of the password policy when the user is setting their password. TODO: * I'm sure there's a bug for this somewhere * need to handle PHP_INT_MAX for uncommon password requirement Change-Id: Ia2ad93ecdcecc55694ce776dc29e0c87b8260ab1 --- M includes/specials/SpecialChangePassword.php M languages/i18n/en.json M languages/i18n/qqq.json 3 files changed, 52 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/29/259029/1 diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php index 91ac4e0..b699ef0 100644 --- a/includes/specials/SpecialChangePassword.php +++ b/includes/specials/SpecialChangePassword.php @@ -92,6 +92,11 @@ 'label-message' => 'username', 'default' => $request->getVal( 'wpName', $user->getName() ), ), + 'Policy' => array( + 'type' => 'info', + 'label-message' => 'password-policy', + 'default' => $this->getPolicyList( $user ), + ), 'Password' => array( 'type' => 'password', 'label-message' => $oldpassMsg, @@ -340,4 +345,39 @@ protected function getDisplayFormat() { return 'ooui'; } + + protected function getPolicyList( User $user ) { + $list = array(); + $policyConfig = $this->getConfig()->get( 'PasswordPolicy' ); + $upp = new UserPasswordPolicy( + $policyConfig['policies'], + $policyConfig['checks'] + ); + $policy = $upp->getPoliciesForUser( $user ); + + // Only show minimal length requirement once + if ( isset( $policy['MinimalPasswordLength'] ) + && isset( $policy['MinimumPasswordLengthToLogin'] ) + ) { + + $policy['MinimalPasswordLength'] = max( + $policy['MinimalPasswordLength'], + $policy['MinimumPasswordLengthToLogin'] + ); + unset( $policy['MinimumPasswordLengthToLogin'] ); + } elseif ( isset( $policy['MinimumPasswordLengthToLogin'] ) ) { + $policy['MinimalPasswordLength'] = $policy['MinimumPasswordLengthToLogin']; + unset( $policy['MinimumPasswordLengthToLogin'] ); + } + foreach ( $policy as $pol => $val ) { + // passwordpolicy-minimalpasswordlength + // passwordpolicy-passwordcannotmatchusername + // passwordpolicy-passwordcannotbepopular + // passwordpolicy-passwordcannotmatchblacklist + // passwordpolicy-maximalpasswordlength + $msg = 'passwordpolicy-' . strtolower( $pol ); + $list[] = $this->msg( $msg, $val ); + } + return $this->getLanguage()->listToText( $list ); + } } diff --git a/languages/i18n/en.json b/languages/i18n/en.json index 70a2b80..1136083 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -557,6 +557,12 @@ "passwordreset-emailsent": "If this is a registered email address for your account, then a password reset email will be sent.", "passwordreset-emailsent-capture": "A password reset email has been sent, which is shown below.", "passwordreset-emailerror-capture": "A password reset email was generated, which is shown below, but sending it to the {{GENDER:$2|user}} failed: $1", + "password-policy": "Password policy:", + "passwordpolicy-minimalpasswordlength": "Password must be at least $1 {{PLURAL:$1|byte|bytes}} long", + "passwordpolicy-passwordcannotmatchusername": "Password cannot be your username", + "passwordpolicy-passwordcannotbepopular": "Password cannot be in the $1 most popular passwords", + "passwordpolicy-passwordcannotmatchblacklist": "Password cannot be blacklisted", + "passwordpolicy-maximalpasswordlength": "Password cannot be more than $1 bytes long", "changeemail": "Change or remove email address", "changeemail-summary": "", "changeemail-header": "Complete this form to change your email address. If you would like to remove the association of any email address from your account, leave the new email address blank when submitting the
[MediaWiki-commits] [Gerrit] Set initial Staff password policy - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/258385 Change subject: Set initial Staff password policy .. Set initial Staff password policy Increase minimum length to 8-bytes (for real this time). Followup from Ifc12c74d5382f8adc1c261c8d6c12ef5892bf642. Bug: T104370 Change-Id: Ie906bb646f8b8675e994432996b569f05ceff0be --- M wmf-config/CommonSettings.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/85/258385/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 1263675..1bab1c5 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -333,7 +333,7 @@ // Require 8-byte password for staff. Set MinimumPasswordLengthToLogin // to 8 also, once staff have time to update. -$wgPasswordPolicy['policies']['staff'] = array( +$wgCentralAuthGlobalPasswordPolicies['staff'] = array( 'MinimalPasswordLength' => 8, 'MinimumPasswordLengthToLogin' => 1, 'PasswordCannotMatchUsername' => true, -- To view, visit https://gerrit.wikimedia.org/r/258385 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie906bb646f8b8675e994432996b569f05ceff0be Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Set initial Staff password policy - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/258387 Change subject: Set initial Staff password policy .. Set initial Staff password policy Increase minimum length to 8-bytes (for really, real this time). Followup from Ie906bb646f8b8675e994432996b569f05ceff0be. Bug: T104370 Change-Id: Ief95dd1e40c0fd5b9631bd854a17f30a17f0684b --- M wmf-config/CommonSettings.php 1 file changed, 11 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/87/258387/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 1bab1c5..1d02542 100644 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -331,14 +331,8 @@ unset( $wgPasswordPolicy['policies']['bureaucrat']['PasswordCannotBePopular'] ); unset( $wgPasswordPolicy['policies']['sysop']['PasswordCannotBePopular'] ); -// Require 8-byte password for staff. Set MinimumPasswordLengthToLogin -// to 8 also, once staff have time to update. -$wgCentralAuthGlobalPasswordPolicies['staff'] = array( - 'MinimalPasswordLength' => 8, - 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, - 'PasswordCannotBePopular' => 25, -); +// For global policies, see $wgCentralAuthGlobalPasswordPolicies below + if ( PHP_SAPI === 'cli' ) { $wgShowExceptionDetails = true; @@ -1258,6 +1252,15 @@ if ( $wmfRealm === 'production' ) { $wgCentralAuthAutoCreateWikis[] = 'mediawikiwiki'; } + + // Require 8-byte password for staff. Set MinimumPasswordLengthToLogin + // to 8 also, once staff have time to update. + $wgCentralAuthGlobalPasswordPolicies['staff'] = array( + 'MinimalPasswordLength' => 8, + 'MinimumPasswordLengthToLogin' => 1, + 'PasswordCannotMatchUsername' => true, + 'PasswordCannotBePopular' => 25, + ); } // Config for GlobalCssJs -- To view, visit https://gerrit.wikimedia.org/r/258387 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ief95dd1e40c0fd5b9631bd854a17f30a17f0684b Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add warning comment on formatLinksInComment - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/256867 Change subject: Add warning comment on formatLinksInComment .. Add warning comment on formatLinksInComment Bug: T120324 Change-Id: If4423e14737a7e9d80661da27ad6f5463798a7d7 --- M includes/Linker.php 1 file changed, 4 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/67/256867/1 diff --git a/includes/Linker.php b/includes/Linker.php index 842d276..5255b9a 100644 --- a/includes/Linker.php +++ b/includes/Linker.php @@ -1393,7 +1393,10 @@ * is ignored * * @todo FIXME: Doesn't handle sub-links as in image thumb texts like the main parser -* @param string $comment Text to format links in +* @param string $comment Text to format links in. WARNING! Since the output of this +* function is html, $comment must be sanitized for use as html. You probably want +* to pass $comment through Sanitizer::escapeHtmlAllowEntities() before calling +* this function. * @param Title|null $title An optional title object used to links to sections * @param bool $local Whether section links should refer to local page * @param string|null $wikiId Id of the wiki to link to (if not the local wiki), -- To view, visit https://gerrit.wikimedia.org/r/256867 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If4423e14737a7e9d80661da27ad6f5463798a7d7 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Update cached user ID after user is added to the database - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/254480 Change subject: Update cached user ID after user is added to the database .. Update cached user ID after user is added to the database Bug: T119021 Change-Id: I5e0599d1d045b0389a7825fddc2b346e4cfd001d (cherry picked from commit 780c368b5e4231daffd415ce8911c2c0fb56b70f) --- M includes/User.php 1 file changed, 2 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/80/254480/1 diff --git a/includes/User.php b/includes/User.php index b09e4e4..611f603 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2423,7 +2423,7 @@ * through the web interface. */ private function setPasswordInternal( $str ) { - $id = self::idFromName( $this->getName() ); + $id = self::idFromName( $this->getName(), self::READ_LATEST ); if ( $id == 0 ) { throw new LogicException( 'Cannot set a password for a user that is not in the database.' ); } @@ -3898,6 +3898,7 @@ return Status::newFatal( 'userexists' ); } $this->mId = $dbw->insertId(); + self::$idCacheByName[$this->mName] = $this->mId; // Clear instance cache other than user table data, which is already accurate $this->clearInstanceCache(); -- To view, visit https://gerrit.wikimedia.org/r/254480 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5e0599d1d045b0389a7825fddc2b346e4cfd001d Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: wmf/1.27.0-wmf.7 Gerrit-Owner: CSteippGerrit-Reviewer: Gergő Tisza ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Use User::getId instead of trying to fix the ID in BlockTest - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/254483 Change subject: Use User::getId instead of trying to fix the ID in BlockTest .. Use User::getId instead of trying to fix the ID in BlockTest User::setId() has no effect on User::addToDatabase whatsoever, and directly messing with the database is fragile due to internal ID caching. Just use the insert ID instead. Change-Id: Ib92f2b6d73deacaec90dc06634d8b3ad195d53e3 (cherry picked from commit 4b72ec94d1db804aceb5fd25c5e808f5524f5d18) --- M tests/phpunit/includes/BlockTest.php 1 file changed, 7 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/83/254483/1 diff --git a/tests/phpunit/includes/BlockTest.php b/tests/phpunit/includes/BlockTest.php index e69fa20..2a2b603 100644 --- a/tests/phpunit/includes/BlockTest.php +++ b/tests/phpunit/includes/BlockTest.php @@ -136,8 +136,9 @@ public function testBlockedUserCanNotCreateAccount() { $username = 'BlockedUserToCreateAccountWith'; $u = User::newFromName( $username ); - $u->setId( 14146 ); $u->addToDatabase(); + $userId = $u->getId(); + $this->assertNotEquals( 0, $userId, 'sanity' ); TestUser::setPasswordForUser( $u, 'NotRandomPass' ); unset( $u ); @@ -157,7 +158,7 @@ // Foreign perspective (blockee not on current wiki)... $blockOptions = array( 'address' => $username, - 'user' => 14146, + 'user' => $userId, 'reason' => 'crosswiki block...', 'timestamp' => wfTimestampNow(), 'expiry' => $this->db->getInfinity(), @@ -205,13 +206,13 @@ // Local perspective (blockee on current wiki)... $user = User::newFromName( 'UserOnForeignWiki' ); $user->addToDatabase(); - // Set user ID to match the test value - $this->db->update( 'user', array( 'user_id' => 14146 ), array( 'user_id' => $user->getId() ) ); + $userId = $user->getId(); + $this->assertNotEquals( 0, $userId, 'sanity' ); // Foreign perspective (blockee not on current wiki)... $blockOptions = array( 'address' => 'UserOnForeignWiki', - 'user' => 14146, + 'user' => $user->getId(), 'reason' => 'crosswiki block...', 'timestamp' => wfTimestampNow(), 'expiry' => $this->db->getInfinity(), @@ -234,7 +235,7 @@ $block->getTarget()->getName(), 'Correct blockee name' ); - $this->assertEquals( '14146', $block->getTarget()->getId(), 'Correct blockee id' ); + $this->assertEquals( $userId, $block->getTarget()->getId(), 'Correct blockee id' ); $this->assertEquals( 'MetaWikiUser', $block->getBlocker(), 'Correct blocker name' ); $this->assertEquals( 'MetaWikiUser', $block->getByName(), 'Correct blocker name' ); $this->assertEquals( 0, $block->getBy(), 'Correct blocker id' ); -- To view, visit https://gerrit.wikimedia.org/r/254483 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ib92f2b6d73deacaec90dc06634d8b3ad195d53e3 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: wmf/1.27.0-wmf.7 Gerrit-Owner: CSteippGerrit-Reviewer: Gergő Tisza ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] [WIP]Set password policy for enwiki sysops - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/251678 Change subject: [WIP]Set password policy for enwiki sysops .. [WIP]Set password policy for enwiki sysops Consensus seems to be forming that at minimum, sysops should have a 6-8 character password. * Might include Functionary group * Might include a check against most-popular passwords https://en.wikipedia.org/wiki/Wikipedia:Security_review_RfC Change-Id: I16b96c1b6c893bdacd7aded4b972585b692258b8 --- M wmf-config/CommonSettings.php M wmf-config/InitialiseSettings.php 2 files changed, 16 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/78/251678/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 5587324..0655f9e 100755 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -319,9 +319,11 @@ // Temporarily set the policy for these roles to the previous WMF setting until // we communicate the change to affected communities. $wgPasswordPolicy['policies']['bureaucrat']['MinimalPasswordLength'] = 1; -$wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 1; $wgPasswordPolicy['policies']['bot']['MinimalPasswordLength'] = 1; +// Set password policy at the request of the affected groups +$wgPasswordPolicy['policies']['sysop'] = $wmgLocalSysopPasswordPolicy; + if ( PHP_SAPI === 'cli' ) { $wgShowExceptionDetails = true; } diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index 301b51b..ffb7c58 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -4197,6 +4197,19 @@ 'plwiki' => array( 'editor', 'sysop' ), // T50374 ), +'wmgLocalSysopPasswordPolicy' => array( + 'default' => array( + 'MinimalPasswordLength' => 1, + 'MinimumPasswordLengthToLogin' => 1, + 'PasswordCannotMatchUsername' => true, + ), + 'enwiki' => array( +'MinimalPasswordLength' => 8, +'MinimumPasswordLengthToLogin' => 1, +'PasswordCannotMatchUsername' => true, +), +), + 'wgSiteNotice' => array( 'default' => '', ), -- To view, visit https://gerrit.wikimedia.org/r/251678 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I16b96c1b6c893bdacd7aded4b972585b692258b8 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Document $wgCentralAuthGlobalPasswordPolicies - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/251008 Change subject: Document $wgCentralAuthGlobalPasswordPolicies .. Document $wgCentralAuthGlobalPasswordPolicies Add more documentation for setting global policies Change-Id: I754371ffe88ca3f9d30b32bfc762d7eaef2af93d --- M CentralAuth.php 1 file changed, 4 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/08/251008/1 diff --git a/CentralAuth.php b/CentralAuth.php index 4f51cba..48260e6 100644 --- a/CentralAuth.php +++ b/CentralAuth.php @@ -269,8 +269,11 @@ /** * Global Password Policies. These are applied like local password policies, - * the strongest policy applicable to a user is used. + * the strongest policy applicable to a user is used. Policies can apply to + * either a local group (if the user is a member of that group on any wiki, + * the policy will apply to that user) or global group. * @var array + * @see $wgPasswordPolicy */ $wgCentralAuthGlobalPasswordPolicies = array(); -- To view, visit https://gerrit.wikimedia.org/r/251008 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I754371ffe88ca3f9d30b32bfc762d7eaef2af93d Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/CentralAuth Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Re-add global password policies - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/251009 Change subject: Re-add global password policies .. Re-add global password policies Allow enforcing password policies for global user groups. Account for weird race condition in CentralAuth. The race condition may be fixed by https://gerrit.wikimedia.org/r/224201 but will be obvious in the logs if that is not the case. Depends on Iad8e49ffcffed38df6293db0ef31a227d3962003 in core. Bug: T94774 Bug: T104615 Change-Id: I82108834e7844499e15e505c09164224663237e0 (cherry picked from commit 09646c0f31138f374f3bd5daeb0c98476fe4797f) --- M CentralAuth.php M includes/CentralAuthHooks.php M includes/CentralAuthUser.php M tests/phpunit/CentralAuthUserTest.php 4 files changed, 151 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/09/251009/1 diff --git a/CentralAuth.php b/CentralAuth.php index 420be69..4f51cba 100644 --- a/CentralAuth.php +++ b/CentralAuth.php @@ -268,6 +268,13 @@ $wgCentralAuthCheckSULMigration = false; /** + * Global Password Policies. These are applied like local password policies, + * the strongest policy applicable to a user is used. + * @var array + */ +$wgCentralAuthGlobalPasswordPolicies = array(); + +/** * Initialization of the autoloaders, and special extension pages. */ $caBase = __DIR__; @@ -391,6 +398,7 @@ $wgHooks['SpecialPage_initList'][] = 'CentralAuthHooks::onSpecialPage_initList'; $wgHooks['ResourceLoaderForeignApiModules'][] = 'CentralAuthHooks::onResourceLoaderForeignApiModules'; $wgHooks['ResourceLoaderTestModules'][] = 'CentralAuthHooks::onResourceLoaderTestModules'; +$wgHooks['PasswordPoliciesForUser'][] = 'CentralAuthHooks::onPasswordPoliciesForUser'; // For interaction with the Special:Renameuser extension $wgHooks['RenameUserWarning'][] = 'CentralAuthHooks::onRenameUserWarning'; diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php index 5b2aaa1..d2d7687 100644 --- a/includes/CentralAuthHooks.php +++ b/includes/CentralAuthHooks.php @@ -2195,4 +2195,50 @@ ); return true; } + + /** +* Apply global password policies when calculating the effective policy for +* a user. +* @param User $user +* @param array $effectivePolicy +*/ + public static function onPasswordPoliciesForUser( User $user, array &$effectivePolicy ) { + global $wgCentralAuthGlobalPasswordPolicies; + $central = CentralAuthUser::getInstance( $user ); + + if ( $central->exists() ) { + try { + $localPolicyGroups = array_intersect( + array_keys( $wgCentralAuthGlobalPasswordPolicies ), + $central->getLocalGroups() + ); + } catch ( Exception $e ) { + // T104615 - race condition in attaching user and creating local + // wiki account can cause this Exception from + // CentralAuthUser::localUserData. Allow the password for now, and + // we'll catch them next login if their password isn't valid. + if ( $user->idForName() === 0 + && substr( $e->getMessage(), 0 , 34 ) === 'Could not find local user data for' + ) { + wfDebugLog( + 'CentralAuth', + sprintf( 'Bug T104615 hit for %s@%s', + $user->getName(), + wfWikiId() + ) + ); + return true; + } + + throw $e; + } + + $effectivePolicy = UserPasswordPolicy::getPoliciesForGroups( + $wgCentralAuthGlobalPasswordPolicies, + array_merge( $central->getGlobalGroups(), $localPolicyGroups ), + $effectivePolicy + ); + } + return true; + } } diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php index f51d431..f9159fd 100644 --- a/includes/CentralAuthUser.php +++ b/includes/CentralAuthUser.php @@ -2021,6 +2021,24 @@ } /** +* Returns a list of all groups where the user is a member of the group on at +* least one wiki where their account is
[MediaWiki-commits] [Gerrit] Add extra escaping in template - change (mediawiki...PageTriage)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/250830 Change subject: Add extra escaping in template .. Add extra escaping in template Add the followup patch from Grunny on T111029. Bug: T111029 Change-Id: I8345f9bfeabefe48a1cd363e0f7afa20c359894a --- M modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/PageTriage refs/changes/30/250830/1 diff --git a/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html b/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html index 9a57fd4..091cecb 100644 --- a/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html +++ b/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html @@ -52,7 +52,7 @@ <%= mw.msg( 'pagetriage-info-history-header' ) %> <%= mw.msg( 'pagetriage-edits', rev_count ) %> - <%= mw.msg( 'pagetriage-info-history-show-full' ) %> + <%= mw.message( 'pagetriage-info-history-show-full' ).escaped() %> -- To view, visit https://gerrit.wikimedia.org/r/250830 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8345f9bfeabefe48a1cd363e0f7afa20c359894a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/PageTriage Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Script to wrap legacy passwords with pbkdf2 - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/240275 Change subject: Script to wrap legacy passwords with pbkdf2 .. Script to wrap legacy passwords with pbkdf2 Strengthen legacy passwords with pbkdf2. This is the CentralAuth version of wrapOldPasswords.php in core, with a few optimizations. Bug: T112359 Change-Id: I165d030d01fd651c3e9799ab977cd9af552479e2 --- A maintenance/wrapPasswordHash.php 1 file changed, 156 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/75/240275/1 diff --git a/maintenance/wrapPasswordHash.php b/maintenance/wrapPasswordHash.php new file mode 100644 index 000..2837251 --- /dev/null +++ b/maintenance/wrapPasswordHash.php @@ -0,0 +1,156 @@ +mDescription = "Wrap all passwords of a certain type in a new layered type"; + $this->addOption( 'type', + 'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)', true, true ); + $this->addOption( 'verbose', 'Enables verbose output', false, false, 'v' ); + $this->addOption( 'start', 'Start wrapping passwords at gu_id', false, true ); + $this->addOption( 'end', 'Wnd wrapping passwords at gu_id', false, true ); + $this->addOption( 'backup', + 'Backup unwrapped hashes to a local file. Once you have successfully ' . + 'migrated passwords, you should delete this backup.', false, true ); + $this->setBatchSize( 100 ); + } + + public function execute() { + global $wgAuth; + + if ( !$wgAuth->allowSetLocalPassword() ) { + $this->error( '$wgAuth does not allow local passwords. Aborting.', 1 ); + } + + $passwordFactory = new PasswordFactory(); + $passwordFactory->init( RequestContext::getMain()->getConfig() ); + + $typeInfo = $passwordFactory->getTypes(); + $layeredType = $this->getOption( 'type' ); + + // Check that type exists and is a layered type + if ( !isset( $typeInfo[$layeredType] ) ) { + $this->error( 'Undefined password type', 1 ); + } + + $passObj = $passwordFactory->newFromType( $layeredType ); + if ( !$passObj instanceof LayeredParameterizedPassword ) { + $this->error( 'Layered parameterized password type must be used.', 1 ); + } + + // Extract the first layer type + $typeConfig = $typeInfo[$layeredType]; + $firstType = $typeConfig['types'][0]; + + // Get a list of password types that are applicable + $dbw = CentralAuthUser::getCentralDB(); + $typeCond = 'gu_password' . $dbw->buildLike( ":$firstType:", $dbw->anyString() ); + + // Old-style passwords are either :A:: or + if ( $layeredType === 'pbkdf2-legacyA' ) { + $typeCond = $dbw->makeList( + array( $typeCond, 'LENGTH( gu_password ) = 32' ), + LIST_OR + ); + } + + // Setup backup file + $backupFileName = $this->getOption( 'backup', false ); + $backupFile = false; + if ( $backupFileName ) { + umask( 077 ); + $backupFile = fopen( $backupFileName, 'w' ); + if ( !$backupFile ) { + $this->error( 'Could not open backup, aborting', 1 ); + } + if ( substr( sprintf( '%o', fileperms( $backupFileName ) ), -4 ) !== '0600' + && !chmod( $backupFileName, 0600 ) + ) { + $this->error( 'Could not chmod backup file, aborting', 1 ); + } + } + + $startUserId = (int) $this->getOption( 'start', 0 ); + $endUserId = (int) $this->getOption( 'end', null ); + + if ( $endUserId === null ) { + $endUserId = $dbw->selectField( 'globaluser', 'MAX( gu_id ) as max' ); + } + + do { + $selectEnd = min( $startUserId + $this->mBatchSize, $endUserId ); + $dbw->begin(); + $res = $dbw->select( 'globaluser', + array( 'gu_id', 'gu_name', 'gu_salt', 'gu_password' ), + array( + 'gu_id >= ' . $dbw->addQuotes( $startUserId ), + 'gu_id <= ' . $dbw->addQuotes( $selectEnd ), +
[MediaWiki-commits] [Gerrit] Enable captchas on testwiki - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/238357 Change subject: Enable captchas on testwiki .. Enable captchas on testwiki Bug: T86460 Change-Id: I791182190e4717e87f7b983a362d076405d03898 --- M wmf-config/InitialiseSettings.php 1 file changed, 0 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/57/238357/1 diff --git a/wmf-config/InitialiseSettings.php b/wmf-config/InitialiseSettings.php index c28dd37..0409907 100644 --- a/wmf-config/InitialiseSettings.php +++ b/wmf-config/InitialiseSettings.php @@ -10137,9 +10137,6 @@ 'fishbowl' => false, 'closed' => false, - // testing - 'testwiki' => false, - // 'global-multiwrite' backend isn't available, so disable for now 'labswiki' => false, ), -- To view, visit https://gerrit.wikimedia.org/r/238357 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I791182190e4717e87f7b983a362d076405d03898 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Set mobile flag for autologin js - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/233091 Change subject: Set mobile flag for autologin js .. Set mobile flag for autologin js Set mobile=1 when doing autologin from a mobile domain with javascript. Bug: T100413 Change-Id: Ib88ac635747db823fee7b38d92599ba7d50747bd --- M CentralAuth.php M includes/CentralAuthHooks.php M modules/ext.centralauth.centralautologin.js A modules/ext.centralauth.centralautologin.mobile.js A modules/ext.centralauth.utils.js 5 files changed, 84 insertions(+), 48 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/91/233091/1 diff --git a/CentralAuth.php b/CentralAuth.php index 693d5de..516c7d0 100644 --- a/CentralAuth.php +++ b/CentralAuth.php @@ -519,9 +519,8 @@ ), ) + $commonModuleInfo; -$wgResourceModules['ext.centralauth.centralautologin'] = array( - 'scripts' = 'ext.centralauth.centralautologin.js', - 'styles' = 'ext.centralauth.centralautologin.css', +$wgResourceModules['ext.centralauth.utils'] = array( + 'scripts' = 'ext.centralauth.utils.js', 'position' = 'top', 'targets' = array( 'mobile', 'desktop' ), 'dependencies' = array( @@ -529,6 +528,25 @@ 'mediawiki.jqueryMsg', ), ) + $commonModuleInfo; +$wgResourceModules['ext.centralauth.centralautologin'] = array( + 'scripts' = 'ext.centralauth.centralautologin.js', + 'styles' = 'ext.centralauth.centralautologin.css', + 'position' = 'top', + 'targets' = array( 'mobile', 'desktop' ), + 'dependencies' = array( + 'ext.centralauth.utils', + ), +) + $commonModuleInfo; +$wgResourceModules['ext.centralauth.centralautologin.mobile'] = array( + 'scripts' = 'ext.centralauth.centralautologin.mobile.js', + 'styles' = 'ext.centralauth.centralautologin.css', + 'position' = 'top', + 'targets' = array( 'mobile', 'desktop' ), + 'dependencies' = array( + 'ext.centralauth.utils', + ), +) + $commonModuleInfo; + $wgResourceModules['ext.centralauth.centralautologin.clearcookie'] = array( 'scripts' = 'ext.centralauth.centralautologin.clearcookie.js', 'position' = 'top', diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php index f67f5f9..8361f9d 100644 --- a/includes/CentralAuthHooks.php +++ b/includes/CentralAuthHooks.php @@ -1491,8 +1491,11 @@ global $wgCentralAuthLoginWiki, $wgCentralAuthUseEventLogging; if ( $out-getUser()-isAnon() ) { if ( $wgCentralAuthLoginWiki wfWikiID() !== $wgCentralAuthLoginWiki ) { - $out-addModules( 'ext.centralauth.centralautologin' ); - + if ( self::isMobileDomain() ) { + $out-addModules( 'ext.centralauth.centralautologin.mobile' ); + } else { + $out-addModules( 'ext.centralauth.centralautologin' ); + } // For non-JS clients. Use WikiMap to avoid localization of the // 'Special' namespace, see bug 54195. $wiki = WikiMap::getWiki( wfWikiID() ); diff --git a/modules/ext.centralauth.centralautologin.js b/modules/ext.centralauth.centralautologin.js index 7fc71c6..f72dfcb 100644 --- a/modules/ext.centralauth.centralautologin.js +++ b/modules/ext.centralauth.centralautologin.js @@ -1,45 +1,3 @@ ( function ( mw ) { - // Are we already logged in? - if ( mw.config.get( 'wgUserName' ) !== null ) { - return; - } - - // Do we already know we're logged out centrally? - if ( mw.config.get( 'wgCanonicalSpecialPageName' ) !== 'Userlogin' ) { - try { - if ( +localStorage.getItem( 'CentralAuthAnon' ) new Date().getTime() ) { - return; - } - } catch ( e ) {} - - // Can't use $.cookie(), because we want to check this at the top of - // the page and that isn't loaded until the bottom. - if ( /(^|; )CentralAuthAnon=1/.test( document.cookie ) ) { - return; - } - } - - // Ok, perform the acutal logged-in check via a script tag. The - // referenced URL will 302 a few times and then return appropriate - // JavaScript to complete the process. - var url, params, len, param, i; - - url = mw.config.get( 'wgCentralAuthCheckLoggedInURL' ); - if ( url ) { - url += 'proto=' + encodeURIComponent( location.protocol.replace( ':', '' ) ); - if ( mw.config.get( 'wgCanonicalSpecialPageName' ) === 'Userlogin' ) { -
[MediaWiki-commits] [Gerrit] Revert Enable users to watch category membership changes - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/232764 Change subject: Revert Enable users to watch category membership changes .. Revert Enable users to watch category membership changes This reverts commit f6879ea16edf008eb012bd4dbe133e2ba4b9338f. Change-Id: I770d8d33a4cff3829bdea9a4df24de209cbe691b --- M autoload.php M includes/DefaultSettings.php M includes/Defines.php M includes/Preferences.php M includes/api/ApiFeedRecentChanges.php M includes/api/ApiQueryRecentChanges.php M includes/api/ApiQueryWatchlist.php M includes/api/i18n/en.json M includes/api/i18n/qqq.json D includes/changes/CategoryMembershipChange.php M includes/changes/ChangesList.php M includes/changes/EnhancedChangesList.php M includes/changes/OldChangesList.php M includes/changes/RCCacheEntryFactory.php M includes/changes/RecentChange.php M includes/deferred/LinksUpdate.php M includes/jobqueue/jobs/RefreshLinksJob.php M includes/page/WikiPage.php M includes/specialpage/ChangesListSpecialPage.php M includes/specials/SpecialRecentchanges.php M includes/specials/SpecialWatchlist.php M languages/i18n/en.json M languages/i18n/qqq.json M tests/phpunit/includes/changes/EnhancedChangesListTest.php M tests/phpunit/includes/changes/TestRecentChangesHelper.php M tests/phpunit/includes/deferred/LinksUpdateTest.php 26 files changed, 57 insertions(+), 614 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/64/232764/1 diff --git a/autoload.php b/autoload.php index acb272f..6444e3e 100644 --- a/autoload.php +++ b/autoload.php @@ -197,7 +197,6 @@ 'CapsCleanup' = __DIR__ . '/maintenance/cleanupCaps.php', 'Category' = __DIR__ . '/includes/Category.php', 'CategoryFinder' = __DIR__ . '/includes/CategoryFinder.php', - 'CategoryMembershipChange' = __DIR__ . '/includes/changes/CategoryMembershipChange.php', 'CategoryPage' = __DIR__ . '/includes/page/CategoryPage.php', 'CategoryPager' = __DIR__ . '/includes/specials/SpecialCategories.php', 'CategoryViewer' = __DIR__ . '/includes/CategoryViewer.php', diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 12aa938..6050ba7 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4503,7 +4503,6 @@ 'gender' = 'unknown', 'hideminor' = 0, 'hidepatrolled' = 0, - 'hidecategorization' = 0, 'imagesize' = 2, 'math' = 1, 'minordefault' = 0, @@ -4535,7 +4534,6 @@ 'watchlisthideminor' = 0, 'watchlisthideown' = 0, 'watchlisthidepatrolled' = 0, - 'watchlisthidecategorization' = 0, 'watchmoves' = 0, 'watchrollback' = 0, 'wllimit' = 250, diff --git a/includes/Defines.php b/includes/Defines.php index 38f2d42..d55bbcf 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -170,7 +170,6 @@ define( 'RC_NEW', 1 ); define( 'RC_LOG', 3 ); define( 'RC_EXTERNAL', 5 ); -define( 'RC_CATEGORIZE', 6 ); /**@}*/ /**@{ diff --git a/includes/Preferences.php b/includes/Preferences.php index deea757..9497ee7 100644 --- a/includes/Preferences.php +++ b/includes/Preferences.php @@ -888,12 +888,6 @@ 'section' = 'rc/advancedrc', ); - $defaultPreferences['hidecategorization'] = array( - 'type' = 'toggle', - 'label-message' = 'tog-hidecategorization', - 'section' = 'rc/advancedrc', - ); - if ( $user-useRCPatrol() ) { $defaultPreferences['hidepatrolled'] = array( 'type' = 'toggle', @@ -999,12 +993,6 @@ 'type' = 'toggle', 'section' = 'watchlist/advancedwatchlist', 'label-message' = 'tog-watchlisthideliu', - ); - - $defaultPreferences['watchlisthidecategorization'] = array( - 'type' = 'toggle', - 'section' = 'watchlist/advancedwatchlist', - 'label-message' = 'tog-watchlisthidecategorization', ); if ( $user-useRCPatrol() ) { diff --git a/includes/api/ApiFeedRecentChanges.php b/includes/api/ApiFeedRecentChanges.php index 5adde87..d24112c 100644 --- a/includes/api/ApiFeedRecentChanges.php +++ b/includes/api/ApiFeedRecentChanges.php @@ -155,7 +155,6 @@ 'hideliu' = false, 'hidepatrolled' = false, 'hidemyself' = false, - 'hidecategorization' = false, 'tagfilter' = array( ApiBase::PARAM_TYPE = 'string', diff --git a/includes/api/ApiQueryRecentChanges.php b/includes/api/ApiQueryRecentChanges.php index b6d2c40..74bccc2 100644 ---
[MediaWiki-commits] [Gerrit] Send rate limits to main captcha log - change (mediawiki...ConfirmEdit)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/227331 Change subject: Send rate limits to main captcha log .. Send rate limits to main captcha log Log exceeding the badcaptcha rate limit to the main captcha log (e.g., captcha.log on the WMF cluster). So that we can measure the impact of things like https://gerrit.wikimedia.org/r/#/c/195886/ Change-Id: I2af26d23b9343e90db2f01f099c1292914bd7ac3 --- M SimpleCaptcha/Captcha.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/ConfirmEdit refs/changes/31/227331/1 diff --git a/SimpleCaptcha/Captcha.php b/SimpleCaptcha/Captcha.php index 4f61605..5847c98 100755 --- a/SimpleCaptcha/Captcha.php +++ b/SimpleCaptcha/Captcha.php @@ -766,7 +766,7 @@ // don't increase pingLimiter here, just check, if CAPTCHA limit exceeded if ( $wgUser-pingLimiter( 'badcaptcha', 0 ) ) { // for debugging add an proper error message, the user just see an false captcha error message - wfDebug( 'ConfirmEdit: User reached RateLimit, preventing action.' ); + $this-log( 'User reached RateLimit, preventing action.' ); return false; } -- To view, visit https://gerrit.wikimedia.org/r/227331 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2af26d23b9343e90db2f01f099c1292914bd7ac3 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/ConfirmEdit Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Add purpose to password validity check - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/224658 Change subject: Add purpose to password validity check .. Add purpose to password validity check Allow callers to specify why they are checking a passwords validity, so some checks can be modified. Only check the default policy on creation, since the account doesn't exist it's not a member of any groups. Bug: T104615 Change-Id: I56b66002562aaa1493d94a90309bc8e4ae3841c8 --- M docs/hooks.txt M includes/User.php M includes/installer/WebInstallerPage.php M includes/password/UserPasswordPolicy.php M includes/specials/SpecialUserlogin.php 5 files changed, 26 insertions(+), 23 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/58/224658/1 diff --git a/docs/hooks.txt b/docs/hooks.txt index 23df983..2fd815e6 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -2313,6 +2313,8 @@ 'PasswordPoliciesForUser': Alter the effective password policy for a user. $user: User object whose policy you are modifying $effectivePolicy: Array of policy statements that apply to this user +$purpose: string indicating purpose of the check, one of 'login', 'create', + or 'reset' 'PerformRetroactiveAutoblock': Called before a retroactive autoblock is applied to a user. diff --git a/includes/User.php b/includes/User.php index 772330b..b70eee3 100644 --- a/includes/User.php +++ b/includes/User.php @@ -838,10 +838,11 @@ * able to set their password to this. * * @param string $password Desired password +* @param string $purpose one of 'login', 'create', 'reset' * @return Status * @since 1.23 */ - public function checkPasswordValidity( $password ) { + public function checkPasswordValidity( $password, $purpose = 'login' ) { global $wgPasswordPolicy; $upp = new UserPasswordPolicy( @@ -858,7 +859,7 @@ } if ( $result === false ) { - $status-merge( $upp-checkUserPassword( $this, $password ) ); + $status-merge( $upp-checkUserPassword( $this, $password, $purpose ) ); return $status; } elseif ( $result === true ) { return $status; diff --git a/includes/installer/WebInstallerPage.php b/includes/installer/WebInstallerPage.php index 9aa6960..f7910ba 100644 --- a/includes/installer/WebInstallerPage.php +++ b/includes/installer/WebInstallerPage.php @@ -911,16 +911,8 @@ $pwd = $this-getVar( '_AdminPassword' ); $user = User::newFromName( $cname ); if ( $user ) { - $upp = new UserPasswordPolicy( - $wgPasswordPolicy['policies'], - $wgPasswordPolicy['checks'] - ); - $status = $upp-checkUserPasswordForGroups( - $user, - $pwd, - array( 'sysop', 'bureaucrat' ) - ); - $valid = $status-isGood(); + $status = $user-checkPasswordValidity( $pwd, 'create' ); + $valid = $status-isGood() ? true : $status-getMessage()-escaped(); } else { $valid = 'config-admin-name-invalid'; } diff --git a/includes/password/UserPasswordPolicy.php b/includes/password/UserPasswordPolicy.php index 70757ac..80dc669 100644 --- a/includes/password/UserPasswordPolicy.php +++ b/includes/password/UserPasswordPolicy.php @@ -67,11 +67,12 @@ * Check if a passwords meets the effective password policy for a User. * @param User $user who's policy we are checking * @param string $password the password to check +* @param string $purpose one of 'login', 'create', 'reset' * @return Status error to indicate the password didn't meet the policy, or fatal to * indicate the user shouldn't be allowed to login. */ - public function checkUserPassword( User $user, $password ) { - $effectivePolicy = $this-getPoliciesForUser( $user ); + public function checkUserPassword( User $user, $password, $purpose = 'login' ) { + $effectivePolicy = $this-getPoliciesForUser( $user, $purpose ); return $this-checkPolicies( $user, $password, @@ -126,16 +127,20 @@ * Get the policy for a user, based on their group membership. Public so * UI elements can access and inform the user. * @param User $user +* @param string $purpose one of 'login', 'create', 'reset' * @return array the effective policy for $user */ - public function getPoliciesForUser( User $user
[MediaWiki-commits] [Gerrit] Add global password policies - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/223702 Change subject: Add global password policies .. Add global password policies Allow enforcing password policies for global user groups. Account for weird race condition in CentralAuth. Depends on Iad8e49ffcffed38df6293db0ef31a227d3962003 in core. Bug: T94774 Bug: T104615 Change-Id: I82108834e7844499e15e505c09164224663237e0 --- M CentralAuth.php M includes/CentralAuthHooks.php M includes/CentralAuthUser.php M tests/phpunit/CentralAuthUserTest.php 4 files changed, 151 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/02/223702/1 diff --git a/CentralAuth.php b/CentralAuth.php index 141885d..921a2c9 100644 --- a/CentralAuth.php +++ b/CentralAuth.php @@ -268,6 +268,13 @@ $wgCentralAuthCheckSULMigration = false; /** + * Global Password Policies. These are applied like local password policies, + * the strongest policy applicable to a user is used. + * @var array + */ +$wgCentralAuthGlobalPasswordPolicies = array(); + +/** * Initialization of the autoloaders, and special extension pages. */ $caBase = __DIR__; @@ -388,6 +395,7 @@ $wgHooks['UnitTestsList'][] = 'CentralAuthHooks::onUnitTestsList'; $wgHooks['SpecialContributionsBeforeMainOutput'][] = 'CentralAuthHooks::onSpecialContributionsBeforeMainOutput'; $wgHooks['SpecialPage_initList'][] = 'CentralAuthHooks::onSpecialPage_initList'; +$wgHooks['PasswordPoliciesForUser'][] = 'CentralAuthHooks::onPasswordPoliciesForUser'; // For interaction with the Special:Renameuser extension $wgHooks['RenameUserWarning'][] = 'CentralAuthHooks::onRenameUserWarning'; diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php index 0ff63e8..c7d2154 100644 --- a/includes/CentralAuthHooks.php +++ b/includes/CentralAuthHooks.php @@ -2061,4 +2061,50 @@ ); } } + + /** +* Apply global password policies when calculating the effective policy for +* a user. +* @param User $user +* @param array $effectivePolicy +*/ + public static function onPasswordPoliciesForUser( User $user, array $effectivePolicy ) { + global $wgCentralAuthGlobalPasswordPolicies; + $central = CentralAuthUser::getInstance( $user ); + + if ( $central-exists() ) { + try { + $localPolicyGroups = array_intersect( + array_keys( $wgCentralAuthGlobalPasswordPolicies ), + $central-getLocalGroups() + ); + } catch ( Exception $e ) { + // T104615 - race condition in attaching user and creating local + // wiki account can cause this Exception from + // CentralAuthUser::localUserData. Allow the password for now, and + // we'll catch them next login if their password isn't valid. + if ( $user-idForName() === 0 +substr( $e-getMessage(), 0 , 34 ) === 'Could not find local user data for' + ) { + wfDebugLog( + 'CentralAuth', + sprintf( 'Bug T104615 hit for %s@%s', + $user-getName(), + wfWikiId() + ) + ); + return true; + } + + throw $e; + } + + $effectivePolicy = UserPasswordPolicy::getPoliciesForGroups( + $wgCentralAuthGlobalPasswordPolicies, + array_merge( $central-getGlobalGroups(), $localPolicyGroups ), + $effectivePolicy + ); + } + return true; + } } diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php index 5dd3c64..91b3954 100644 --- a/includes/CentralAuthUser.php +++ b/includes/CentralAuthUser.php @@ -2014,6 +2014,24 @@ } /** +* Returns a list of all groups where the user is a member of the group on at +* least one wiki where their account is attached. +* @return array of group names where the user is a member on at least one wiki +*/ + public function getLocalGroups() { + $localgroups = array(); + array_map( +
[MediaWiki-commits] [Gerrit] Revert Add global password policies - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/222521 Change subject: Revert Add global password policies .. Revert Add global password policies This reverts commit 35add6da8f14b758762ef69ed99979a75f7c24f1. Bug: T104615 Change-Id: I06dd171382cb7652eb0388158ab74ccb1e7f97cc --- M CentralAuth.php M includes/CentralAuthHooks.php M includes/CentralAuthUser.php D tests/CentralAuthHooksTest.php M tests/phpunit/CentralAuthUserTest.php 5 files changed, 0 insertions(+), 221 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/21/222521/1 diff --git a/CentralAuth.php b/CentralAuth.php index 921a2c9..141885d 100644 --- a/CentralAuth.php +++ b/CentralAuth.php @@ -268,13 +268,6 @@ $wgCentralAuthCheckSULMigration = false; /** - * Global Password Policies. These are applied like local password policies, - * the strongest policy applicable to a user is used. - * @var array - */ -$wgCentralAuthGlobalPasswordPolicies = array(); - -/** * Initialization of the autoloaders, and special extension pages. */ $caBase = __DIR__; @@ -395,7 +388,6 @@ $wgHooks['UnitTestsList'][] = 'CentralAuthHooks::onUnitTestsList'; $wgHooks['SpecialContributionsBeforeMainOutput'][] = 'CentralAuthHooks::onSpecialContributionsBeforeMainOutput'; $wgHooks['SpecialPage_initList'][] = 'CentralAuthHooks::onSpecialPage_initList'; -$wgHooks['PasswordPoliciesForUser'][] = 'CentralAuthHooks::onPasswordPoliciesForUser'; // For interaction with the Special:Renameuser extension $wgHooks['RenameUserWarning'][] = 'CentralAuthHooks::onRenameUserWarning'; diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php index 8f5d307..0ff63e8 100644 --- a/includes/CentralAuthHooks.php +++ b/includes/CentralAuthHooks.php @@ -2061,28 +2061,4 @@ ); } } - - /** -* Apply global password policies when calculating the effective policy for -* a user. -* @param User $user -* @param array $effectivePolicy -*/ - public static function onPasswordPoliciesForUser( User $user, array $effectivePolicy ) { - global $wgCentralAuthGlobalPasswordPolicies; - $central = CentralAuthUser::getInstance( $user ); - if ( $central-exists() ) { - $localPolicyGroups = array_intersect( - array_keys( $wgCentralAuthGlobalPasswordPolicies ), - $central-getLocalGroups() - ); - - $effectivePolicy = UserPasswordPolicy::getPoliciesForGroups( - $wgCentralAuthGlobalPasswordPolicies, - array_merge( $central-getGlobalGroups(), $localPolicyGroups ), - $effectivePolicy - ); - } - return true; - } } diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php index 91b3954..5dd3c64 100644 --- a/includes/CentralAuthUser.php +++ b/includes/CentralAuthUser.php @@ -2014,24 +2014,6 @@ } /** -* Returns a list of all groups where the user is a member of the group on at -* least one wiki where their account is attached. -* @return array of group names where the user is a member on at least one wiki -*/ - public function getLocalGroups() { - $localgroups = array(); - array_map( - function ( $local ) use ( $localgroups ) { - $localgroups = array_unique( array_merge( - $localgroups, $local['groups'] - ) ); - }, - $this-queryAttached() - ); - return $localgroups; - } - - /** * Get information about each local user attached to this account * * @return array Map of database name to property table with members: diff --git a/tests/CentralAuthHooksTest.php b/tests/CentralAuthHooksTest.php deleted file mode 100644 index 3b666e8..000 --- a/tests/CentralAuthHooksTest.php +++ /dev/null @@ -1,92 +0,0 @@ -?php -/** - * Tests for CentralAuthHooks. Only tests that do not - * require the database to be set up. - * - * @group CentralAuth - */ -class CentralAuthHooksTest extends MediaWikiTestCase { - - /** -* @covers CentralAuthHooks::onPasswordPoliciesForUser -* @dataProvider provideOnPasswordPoliciesForUser -*/ - public function testOnPasswordPoliciesForUser( $localgroups, $globalgroups, $expected ) { - $this-setMwGlobals( array( - 'wgCentralAuthGlobalPasswordPolicies' = array( - 'bureaucrat' = array( -
[MediaWiki-commits] [Gerrit] Revert Add global password policies - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/222520 Change subject: Revert Add global password policies .. Revert Add global password policies This reverts commit 35add6da8f14b758762ef69ed99979a75f7c24f1. Change-Id: I06dd171382cb7652eb0388158ab74ccb1e7f97cc --- M CentralAuth.php M includes/CentralAuthHooks.php M includes/CentralAuthUser.php D tests/CentralAuthHooksTest.php M tests/phpunit/CentralAuthUserTest.php 5 files changed, 0 insertions(+), 221 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/20/222520/1 diff --git a/CentralAuth.php b/CentralAuth.php index bbe92e2..0fb0e7e 100644 --- a/CentralAuth.php +++ b/CentralAuth.php @@ -258,13 +258,6 @@ $wgCentralAuthCheckSULMigration = false; /** - * Global Password Policies. These are applied like local password policies, - * the strongest policy applicable to a user is used. - * @var array - */ -$wgCentralAuthGlobalPasswordPolicies = array(); - -/** * Initialization of the autoloaders, and special extension pages. */ $caBase = __DIR__; @@ -383,7 +376,6 @@ $wgHooks['UnitTestsList'][] = 'CentralAuthHooks::onUnitTestsList'; $wgHooks['SpecialContributionsBeforeMainOutput'][] = 'CentralAuthHooks::onSpecialContributionsBeforeMainOutput'; $wgHooks['SpecialPage_initList'][] = 'CentralAuthHooks::onSpecialPage_initList'; -$wgHooks['PasswordPoliciesForUser'][] = 'CentralAuthHooks::onPasswordPoliciesForUser'; // For interaction with the Special:Renameuser extension $wgHooks['RenameUserWarning'][] = 'CentralAuthHooks::onRenameUserWarning'; diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php index c4871db..14c3f29 100644 --- a/includes/CentralAuthHooks.php +++ b/includes/CentralAuthHooks.php @@ -2060,28 +2060,4 @@ ); } } - - /** -* Apply global password policies when calculating the effective policy for -* a user. -* @param User $user -* @param array $effectivePolicy -*/ - public static function onPasswordPoliciesForUser( User $user, array $effectivePolicy ) { - global $wgCentralAuthGlobalPasswordPolicies; - $central = CentralAuthUser::getInstance( $user ); - if ( $central-exists() ) { - $localPolicyGroups = array_intersect( - array_keys( $wgCentralAuthGlobalPasswordPolicies ), - $central-getLocalGroups() - ); - - $effectivePolicy = UserPasswordPolicy::getPoliciesForGroups( - $wgCentralAuthGlobalPasswordPolicies, - array_merge( $central-getGlobalGroups(), $localPolicyGroups ), - $effectivePolicy - ); - } - return true; - } } diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php index 91b3954..5dd3c64 100644 --- a/includes/CentralAuthUser.php +++ b/includes/CentralAuthUser.php @@ -2014,24 +2014,6 @@ } /** -* Returns a list of all groups where the user is a member of the group on at -* least one wiki where their account is attached. -* @return array of group names where the user is a member on at least one wiki -*/ - public function getLocalGroups() { - $localgroups = array(); - array_map( - function ( $local ) use ( $localgroups ) { - $localgroups = array_unique( array_merge( - $localgroups, $local['groups'] - ) ); - }, - $this-queryAttached() - ); - return $localgroups; - } - - /** * Get information about each local user attached to this account * * @return array Map of database name to property table with members: diff --git a/tests/CentralAuthHooksTest.php b/tests/CentralAuthHooksTest.php deleted file mode 100644 index 3b666e8..000 --- a/tests/CentralAuthHooksTest.php +++ /dev/null @@ -1,92 +0,0 @@ -?php -/** - * Tests for CentralAuthHooks. Only tests that do not - * require the database to be set up. - * - * @group CentralAuth - */ -class CentralAuthHooksTest extends MediaWikiTestCase { - - /** -* @covers CentralAuthHooks::onPasswordPoliciesForUser -* @dataProvider provideOnPasswordPoliciesForUser -*/ - public function testOnPasswordPoliciesForUser( $localgroups, $globalgroups, $expected ) { - $this-setMwGlobals( array( - 'wgCentralAuthGlobalPasswordPolicies' = array( - 'bureaucrat' = array( -
[MediaWiki-commits] [Gerrit] Set initial Staff password policy - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/222057 Change subject: Set initial Staff password policy .. Set initial Staff password policy Increase minimum length to 8-bytes. Bug: T104370 Change-Id: Ifc12c74d5382f8adc1c261c8d6c12ef5892bf642 --- M wmf-config/CommonSettings.php 1 file changed, 8 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/57/222057/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 0d6fa89..2f83253 100755 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -325,6 +325,14 @@ $wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 1; $wgPasswordPolicy['policies']['bot']['MinimalPasswordLength'] = 1; +// Require 8-byte password for staff. Set MinimumPasswordLengthToLogin +// to 8 also, once staff have time to update. +$wgPasswordPolicy['policies']['staff'] = array( + 'MinimalPasswordLength' = 8, + 'MinimumPasswordLengthToLogin' = 1, + 'PasswordCannotMatchUsername' = true, +); + # Not CLI, see http://bugs.php.net/bug.php?id=47540 if ( PHP_SAPI != 'cli' ) { ignore_user_abort( true ); -- To view, visit https://gerrit.wikimedia.org/r/222057 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifc12c74d5382f8adc1c261c8d6c12ef5892bf642 Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Log privileged users with short passwords - change (operations/mediawiki-config)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/222025 Change subject: Log privileged users with short passwords .. Log privileged users with short passwords To estimate the impact of requiring an 8-byte minimum password length for privileged accounts, log users who would be affected. Bug: T94774 Change-Id: Idc3c1fde32c249d7192877e8e1afd722a0fa744b --- M wmf-config/CommonSettings.php 1 file changed, 28 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config refs/changes/25/222025/1 diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php index 04cda5a..b456790 100755 --- a/wmf-config/CommonSettings.php +++ b/wmf-config/CommonSettings.php @@ -1341,6 +1341,34 @@ return true; }; +// Estimate users effected if we increase the minimum +// password length to 8 for privileged groups. +$wgHooks['LoginAuthenticateAudit'][] = function( $user, $pass, $retval ) { + if ( $retval == LoginForm::SUCCESS +strlen( $pass ) 8 + ) { + $central = CentralAuthUser::getInstance( $user ); + if ( $central-exists() array_intersect( + array( 'staff', 'steward', 'ombudsman', 'checkuser', 'sysop' ), + array_merge( $central-getGlobalGroups(), $central-getGlobalGroups() ) + ) ) { + if ( strlen( $pass ) = 4 ) { + $bucket = '4-7'; + } else { + $bucket = ' 4'; + } + $groups = implode( ', ', array_intersect( + array( 'staff', 'steward', 'ombudsman', 'checkuser', 'sysop' ), + array_merge( $central-getGlobalGroups(), $central-getGlobalGroups() ) + ) ); + + $logger = LoggerFactory::getInstance( 'badpass' ); + $logger-info( Login by user in $groups with password length: $bucket ); + } + } + return true; +}; + $wgHooks['PrefsEmailAudit'][] = function( $user, $old, $new ) { if ( $user-isAllowed( 'delete' ) ) { global $wgRequest; -- To view, visit https://gerrit.wikimedia.org/r/222025 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idc3c1fde32c249d7192877e8e1afd722a0fa744b Gerrit-PatchSet: 1 Gerrit-Project: operations/mediawiki-config Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Check install user's password as sysop/bureaucrat - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/221797 Change subject: Check install user's password as sysop/bureaucrat .. Check install user's password as sysop/bureaucrat Refactor password checking a little to allow skipping the normal flow in a special situation like this. Bug: T104092 Change-Id: Ib4a4e1f34b6963a6414c6f88893884b0ec369ca5 --- M includes/installer/WebInstallerPage.php M includes/password/UserPasswordPolicy.php 2 files changed, 48 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/97/221797/1 diff --git a/includes/installer/WebInstallerPage.php b/includes/installer/WebInstallerPage.php index f40de71..9aa6960 100644 --- a/includes/installer/WebInstallerPage.php +++ b/includes/installer/WebInstallerPage.php @@ -833,6 +833,8 @@ * @return bool */ public function submit() { + global $wgPasswordPolicy; + $retVal = true; $this-parent-setVarsFromRequest( array( 'wgSitename', '_NamespaceType', '_AdminName', '_AdminPassword', '_AdminPasswordConfirm', '_AdminEmail', @@ -909,7 +911,16 @@ $pwd = $this-getVar( '_AdminPassword' ); $user = User::newFromName( $cname ); if ( $user ) { - $valid = $user-getPasswordValidity( $pwd ); + $upp = new UserPasswordPolicy( + $wgPasswordPolicy['policies'], + $wgPasswordPolicy['checks'] + ); + $status = $upp-checkUserPasswordForGroups( + $user, + $pwd, + array( 'sysop', 'bureaucrat' ) + ); + $valid = $status-isGood(); } else { $valid = 'config-admin-name-invalid'; } diff --git a/includes/password/UserPasswordPolicy.php b/includes/password/UserPasswordPolicy.php index cdad9ba..70757ac 100644 --- a/includes/password/UserPasswordPolicy.php +++ b/includes/password/UserPasswordPolicy.php @@ -72,22 +72,53 @@ */ public function checkUserPassword( User $user, $password ) { $effectivePolicy = $this-getPoliciesForUser( $user ); - $status = Status::newGood(); + return $this-checkPolicies( + $user, + $password, + $effectivePolicy, + $this-policyCheckFunctions + ); + } - foreach ( $effectivePolicy as $policy = $value ) { - if ( !isset( $this-policyCheckFunctions[$policy] ) ) { + /** +* Check if a passwords meets the effective password policy for a User, using a set +* of groups they may or may not belong to. This function does not use the DB, so can +* be used in the installer. +* @param User $user who's policy we are checking +* @param string $password the password to check +* @param array $groups list of groups to which we assume the user belongs +* @return Status error to indicate the password didn't meet the policy, or fatal to +* indicate the user shouldn't be allowed to login. +*/ + public function checkUserPasswordForGroups( User $user, $password, array $groups ) { + $effectivePolicy = self::getPoliciesForGroups( + $this-policies, + $groups, + $this-policies['default'] + ); + return $this-checkPolicies( + $user, + $password, + $effectivePolicy, + $this-policyCheckFunctions + ); + } + + private function checkPolicies( User $user, $password, $policies, $policyCheckFunctions ) { + $status = Status::newGood(); + foreach ( $policies as $policy = $value ) { + if ( !isset( $policyCheckFunctions[$policy] ) ) { throw new DomainException( 'Invalid password policy config' ); } $status-merge( call_user_func( - $this-policyCheckFunctions[$policy], + $policyCheckFunctions[$policy], $value, $user, $password ) ); } - return $status; } -- To view, visit https://gerrit.wikimedia.org/r/221797 To
[MediaWiki-commits] [Gerrit] Don't allow control characters in redirects - change (operations/puppet)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/220337 Change subject: Don't allow control characters in redirects .. Don't allow control characters in redirects Bug: T101739 Change-Id: I3707922149a7ff608656eb69c799648ce06a8db8 --- M modules/mediawiki/files/apache/sites/redirects.conf M modules/mediawiki/files/apache/sites/redirects/refreshDomainRedirects 2 files changed, 265 insertions(+), 265 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/37/220337/1 diff --git a/modules/mediawiki/files/apache/sites/redirects.conf b/modules/mediawiki/files/apache/sites/redirects.conf index 4d84893..4945438 100644 --- a/modules/mediawiki/files/apache/sites/redirects.conf +++ b/modules/mediawiki/files/apache/sites/redirects.conf @@ -535,154 +535,154 @@ RewriteRule . %{ENV:RW_PROTO}://store.wikimedia.org/ [R=301,L,NE] # rewrite donate.mediawiki.orghttps://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.mediawiki.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wikibooks.orghttps://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wikibooks.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wikimediafoundation.org https://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wikimediafoundation.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wikinews.org https://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wikinews.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wikipedia.comhttps://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wikipedia.com - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wikiquote.orghttps://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wikiquote.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wikisource.org https://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wikisource.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wikispecies.org https://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wikispecies.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wikiversity.org https://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wikiversity.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # rewrite donate.wiktionary.org https://donate.wikimedia.org RewriteCond %{HTTP_HOST} =donate.wiktionary.org - RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE] # funnelsep11.wikipedia.org http://wayback.archive.org/web/2003031500*/http://sep11.wikipedia.org/wiki/In_Memoriam RewriteCond %{HTTP_HOST} =sep11.wikipedia.org RewriteRule . http://wayback.archive.org/web/2003031500*/http://sep11.wikipedia.org/wiki/In_Memoriam [R=301,L,NE] # rewrite be-x-old.wikisource.org //be.wikisource.org # T43755 RewriteCond %{HTTP_HOST} =be-x-old.wikisource.org - RewriteRule .* %{ENV:RW_PROTO}://be.wikisource.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* %{ENV:RW_PROTO}://be.wikisource.org$0 [R=301,L,NE] # rewrite de-beta.wikipedia.org //de.wikipedia.org RewriteCond %{HTTP_HOST} =de-beta.wikipedia.org - RewriteRule .* %{ENV:RW_PROTO}://de.wikipedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* %{ENV:RW_PROTO}://de.wikipedia.org$0 [R=301,L,NE] # rewrite cz.wikipedia.org//cs.wikipedia.org RewriteCond %{HTTP_HOST} =cz.wikipedia.org - RewriteRule .* %{ENV:RW_PROTO}://cs.wikipedia.org$0 [R=301,L,NE] + RewriteRule ^[^\x00-\x1F]* %{ENV:RW_PROTO}://cs.wikipedia.org$0 [R=301,L,NE] # rewrite cz.wikipedia.com
[MediaWiki-commits] [Gerrit] Add detection for mobile domain request - change (mediawiki...MobileFrontend)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/219272 Change subject: Add detection for mobile domain request .. Add detection for mobile domain request CentralAuth needs to know if a request came in via mobile domain, so it can redirect back to the correct domain. Bug: T100413 Change-Id: Ia90a587b0579ff2a65c9477f083692aab3945577 --- M includes/MobileContext.php 1 file changed, 13 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend refs/changes/72/219272/1 diff --git a/includes/MobileContext.php b/includes/MobileContext.php index b69c04d..a471f80 100644 --- a/includes/MobileContext.php +++ b/includes/MobileContext.php @@ -756,6 +756,19 @@ } /** +* Detect if a mobile domain was used for this request +* @return bool +*/ + public function isMobileDomainRequest() { + $bits = $bitsMobile = wfParseUrl( $this-getRequest()-detectServer() ); + if ( !$bits ) { + return false; + } + $this-updateMobileUrlHost( $bitsMobile ); + return ( $bits['host'] === $bitsMobile['host'] ); + } + + /** * Take a URL and return a copy that removes any mobile tokens * @param string $url * @return string -- To view, visit https://gerrit.wikimedia.org/r/219272 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia90a587b0579ff2a65c9477f083692aab3945577 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/MobileFrontend Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Autologin for m. domains - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/219275 Change subject: Autologin for m. domains .. Autologin for m. domains Have the central login wiki redirect to the mobile version of a wiki, if the original autologin started on a mobile domain. Depends on Ia90a587b0579ff2a65c9477f083692aab3945577 Bug: 100413 Change-Id: Ie1c373a1f039fb1ab9866543288bcfaf87c51ab4 --- M includes/CentralAuthHooks.php M includes/specials/SpecialCentralAutoLogin.php 2 files changed, 40 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/75/219275/1 diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php index 692dd8c..950660b 100644 --- a/includes/CentralAuthHooks.php +++ b/includes/CentralAuthHooks.php @@ -596,10 +596,19 @@ foreach ( $wgCentralAuthAutoLoginWikis as $alt = $wikiID ) { $wiki = WikiMap::getWiki( $wikiID ); // Use WikiReference::getFullUrl(), returns a protocol-relative URL if needed - $url = wfAppendQuery( $wiki-getFullUrl( 'Special:CentralAutoLogin/start' ), array( + $params = array( 'type' = 'icon', 'from' = wfWikiID(), - ) ); + ); + if ( class_exists( 'MobileContext' ) + MobileContext::singleton()-isMobileDomainRequest() + ) { + $params['mobile'] = 1; + } + $url = wfAppendQuery( + $wiki-getFullUrl( 'Special:CentralAutoLogin/start' ), + $params + ); $inject_html .= Xml::element( 'img', array( 'src' = $url, @@ -1315,10 +1324,16 @@ $wgCentralAuthLoginWiki, 'Special:CentralAutoLogin/checkLoggedIn' ); if ( $url !== false ) { - $vars['wgCentralAuthCheckLoggedInURL'] = wfAppendQuery( $url, array( + $params = array( 'type' = 'script', 'wikiid' = wfWikiID(), - ) ); + ); + if ( class_exists( 'MobileContext' ) + MobileContext::singleton()-isMobileDomainRequest() + ) { + $params['mobile'] = 1; + } + $vars['wgCentralAuthCheckLoggedInURL'] = wfAppendQuery( $url, $params ); } } } @@ -1423,9 +1438,18 @@ // For non-JS clients. Use WikiMap to avoid localization of the // 'Special' namespace, see bug 54195. $wiki = WikiMap::getWiki( wfWikiID() ); - $url = wfAppendQuery( $wiki-getFullUrl( 'Special:CentralAutoLogin/start' ), array( + $params = array( 'type' = '1x1', - ) ); + ); + if ( class_exists( 'MobileContext' ) + MobileContext::singleton()-isMobileDomainRequest() + ) { + $params['mobile'] = 1; + } + $url = wfAppendQuery( + $wiki-getFullUrl( 'Special:CentralAutoLogin/start' ), + $params + ); $out-addHTML( 'noscript' . Xml::element( 'img', array( 'src' = $url, diff --git a/includes/specials/SpecialCentralAutoLogin.php b/includes/specials/SpecialCentralAutoLogin.php index 3d25bc5..99aefcd 100644 --- a/includes/specials/SpecialCentralAutoLogin.php +++ b/includes/specials/SpecialCentralAutoLogin.php @@ -79,9 +79,9 @@ 'return', 'returnto', 'returntoquery', - 'proto' + 'proto', + 'mobile' ); -
[MediaWiki-commits] [Gerrit] Allow setting local email/realname from remote wiki - change (mediawiki...OAuthAuthentication)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/214092 Change subject: Allow setting local email/realname from remote wiki .. Allow setting local email/realname from remote wiki Change-Id: I9b34be7b49b5d12919f7c7b59b0e70bdca9bd079 --- M handlers/AuthenticationHandler.php M i18n/en.json M i18n/qqq.json M specials/SpecialOAuthLogin.php M utils/Hooks.php M utils/OAuthExternalUser.php 6 files changed, 70 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuthAuthentication refs/changes/92/214092/1 diff --git a/handlers/AuthenticationHandler.php b/handlers/AuthenticationHandler.php index c701d47..d23a913 100644 --- a/handlers/AuthenticationHandler.php +++ b/handlers/AuthenticationHandler.php @@ -12,6 +12,12 @@ wfGetDB( DB_MASTER ) #TODO: don't do this ); $exUser-setAccessToken( $accessToken ); + if ( isset( $identity-realname ) ) { + $exUser-setRealname( $identity-realname ); + } + if ( isset( $identity-email ) ) { + $exUser-setEmail( $identity-email ); + } $exUser-setIdentifyTS( new \MWTimestamp() ); if ( $exUser-attached() ) { @@ -57,9 +63,9 @@ return $status; } - /* TODO: Set email, realname, and language, once we can get them via /identify $u-setEmail( $exUser-getEmail() ); - $u-setRealName( $exUser-getRealName() ); + $u-setRealName( $exUser-getRealname() ); + /* $u-setOption( 'language', $exUser-getLanguage() ); */ @@ -100,9 +106,23 @@ __METHOD__ . : Associated user is Anon. Aborting. ); return \Status::newFatal( 'oauthauth-login-usernotexists' ); } -wfDebugLog( OAA, __METHOD__ . updating exuser: . print_r( $exUser, true ) ); $exUser-updateInDatabase( wfGetDB( DB_MASTER ) ); + // update private data if needed + if ( $u-getEmail() !== $exUser-getEmail() ) { + if ( $exUser-getEmail() ) { + $u-setEmail( $exUser-getEmail() ); + $u-confirmEmail(); + } else { + $u-invalidateEmail(); + } + $u-saveSettings(); + } + if ( $u-getRealName() !== $exUser-getRealname() ) { + $u-setRealName( $exUser-getRealname() ); + $u-saveSettings(); + } + $u-invalidateCache(); if ( !$wgSecureLogin ) { diff --git a/i18n/en.json b/i18n/en.json index 460f488..2c8e8b3 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -16,5 +16,7 @@ oauthauth-login-usernotexists: The OAuth user listed as connected, but the user doesn't exist on this wiki, oauthauth-nologin-policy: This wiki's policy will not let you login., oauthauth-localuser-not-allowed: The site administrator has disabled local account creation. You should $1 to create an account with OAuth., - oauthauth-loggout-policy: You have been logged out because the site policy no longer allows you to be logged in. + oauthauth-loggout-policy: You have been logged out because the site policy no longer allows you to be logged in., + oauthauth-set-email: Your attached account did not have an email the last time you logged in. Set an email on $1 to set your email here., + oauthauth-email-set: $1. Update your email on $2 to change it. } diff --git a/i18n/qqq.json b/i18n/qqq.json index d4c8872..1feb1e9 100644 --- a/i18n/qqq.json +++ b/i18n/qqq.json @@ -16,5 +16,7 @@ oauthauth-login-usernotexists: Error when the user logs in with an account that was attached on this wiki, but no longer exists., oauthauth-nologin-policy: Error the user sees hwne the local wiki's administrator has prevented their login with a policy., oauthauth-localuser-not-allowed: Error when the user attempts to create an account, but the wiki isn't configured to allow it, and instructing the user to login via OAuth.\n\nParameters:\n* $1 - link text {{msg-mw|login}}. A link to login., - oauthauth-loggout-policy: Error message when a user is logged out because their user no longer complies with the requirements set by the site administrator + oauthauth-loggout-policy: Error message when a user is logged out because their user no longer complies with the requirements set by the site administrator, + oauthauth-set-email: Instructions in the user's preferences telling
[MediaWiki-commits] [Gerrit] Update todo, fix tests - change (mediawiki...OAuthAuthentication)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/214091 Change subject: Update todo, fix tests .. Update todo, fix tests Change-Id: Ica53c5b98e1550739f9012b3e0bd1dbf3e40283f --- M TODO.txt M store/oauthauth.sql 2 files changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuthAuthentication refs/changes/91/214091/1 diff --git a/TODO.txt b/TODO.txt index b6dbd9b..b36b93c 100644 --- a/TODO.txt +++ b/TODO.txt @@ -21,4 +21,4 @@ * Reorg directories? -* Change returnto url when clicking login on Special:UserLogout +* Change returnto url when clicking login on Special:UserLogout {{done}} diff --git a/store/oauthauth.sql b/store/oauthauth.sql index 56fc6f5..dc927b4 100644 --- a/store/oauthauth.sql +++ b/store/oauthauth.sql @@ -4,7 +4,7 @@ `oaau_username` varchar(255) binary not null, `oaau_access_token` varchar(127) binary not null default '', `oaau_access_secret` varchar(127) binary not null default '', - `oaau_identify_timestamp` binary(14) not null default '', + `oaau_identify_timestamp` binary(14) not null default '' ) /*$wgDBTableOptions*/; CREATE UNIQUE INDEX /*i*/idx_rid ON /*_*/oauthauth_user (`oaau_rid`); -- To view, visit https://gerrit.wikimedia.org/r/214091 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ica53c5b98e1550739f9012b3e0bd1dbf3e40283f Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OAuthAuthentication Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Remove $status causing warning - change (mediawiki...OAuthAuthentication)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/214090 Change subject: Remove $status causing warning .. Remove $status causing warning Bug: T Change-Id: I5b307cfdfd6cdf37696fdb9323b15af1edaac978 --- M specials/SpecialOAuthLogin.php 1 file changed, 0 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuthAuthentication refs/changes/90/214090/1 diff --git a/specials/SpecialOAuthLogin.php b/specials/SpecialOAuthLogin.php index c427e7a..010ce0b 100644 --- a/specials/SpecialOAuthLogin.php +++ b/specials/SpecialOAuthLogin.php @@ -50,9 +50,6 @@ } catch ( Exception $e ) { throw new \ErrorPageError( 'oauthauth-error', $e-getMessage() ); } - if ( !$status-isGood() ) { - throw new \ErrorPageError( 'oauthauth-error', $status-getMessage() ); - } break; case 'finish': -- To view, visit https://gerrit.wikimedia.org/r/214090 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5b307cfdfd6cdf37696fdb9323b15af1edaac978 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OAuthAuthentication Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SULF is done - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/209540 Change subject: SULF is done .. SULF is done Change-Id: I0b78900493ba3e1a2d1c384415e31337aeb03016 --- D evil-plans.txt 1 file changed, 0 insertions(+), 248 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/40/209540/1 diff --git a/evil-plans.txt b/evil-plans.txt deleted file mode 100644 index 8c473ee..000 --- a/evil-plans.txt +++ /dev/null @@ -1,248 +0,0 @@ -Implementation notes... - -== Goals == - -As a reminder, some things we are and aren't trying to accomplish here: - -=== Are trying to achieve: === - -* All new accounts will be valid on all Wikimedia wikis, using a consistent - username and password everywhere. - -* Once migrated, all old accounts will be valid on all Wikimedia wikis, - using a consistent username and password everywhere. - -* Accounts will only have to set and confirm e-mail in one place. - -=== Are not trying to achieve at this time: === - -* Automatic passing of login data between sites -* Integration with non-Wikimedia authentication systems (OpenID etc) -* Total integration of user options, etc across wikis - -=== Are not trying to achieve ever: === - -* Different usernames on each wiki - - -== Migration strategies == - -The system consists of 'local' accounts (the user table entries on each wiki) -and 'global' accounts (the accounts on the central auth server). - -A local account may be in one of two states: - - unattached: old account awaiting migration - - attached: migrated, or newly created under the new system - -An attempt to login with a given name on a given wiki will encounter one of -these possible states: - - no global account: 'no such user' error - - no local account: an attached local account will be transparently created - - attached: login continues - - unattached: login-time migration will be triggered - - -=== First-stage migration === - -This is an automated process which will run when the system is put into -place: - -For each name in use on the various wikis at initial migration time, a -global account is created. - -One account for each name is selected as the 'winner', usually the most -prolific. The winner's password and email address are assigned to the -global account. - -Some accounts can be fully migrated automatically: - - Name occurred only on one wiki - - Multiple instances, but all with the same e-mail address - - Potentially, unused accounts could be subsumed automatically - -Note that passwords cannot be checked at this time due to the hashing -method used in our user table. Matching e-mail addresses can be considered -'password-equivalent' here as whoever owns that address is able to set -the password. - -If there are accounts which do not match the winning e-mail address, the -account will be left in a transitional state: - - Matching local accounts are attached, and can be used to log in. - - Non-matching local accounts are left unattached, for later migration. - - -=== Login-time migration === - -When a user attempts to login to an unattached account, this triggers -login-time migration. - -The account can now be automatically attached if: - - The given password matches both the local and global account - - The local account's email address matches the global account's - confirmed e-mail address - -(We check e-mail again as the global account's email may have been changed -since original migration time.) - - -=== Login-time renaming === - -Some portion of name conflicts really are different people, so they won't -be able to confirm themselves as the global account owner. - -If the login-time migration checks fail, the user is offered the option to -rename the account, either merging it to an existing global account or making -a brand new one. - -* FIXME: We may need to clean up some rename operations to make this safe. - - -=== Cleanup and long-term === - -The presence of a third-party unattached local account on a given wiki means -that the owner of the global account can't use his/her global account to log -in on that wiki. - -Practically speaking, not all conflicting accounts will be resolved by their -owners in a timely fashion. Some will never return; some will be malicious; -some will just forget. - -We'll require a way for unclaimed unattached accounts to be renamed forcefully. -Possibly this can require a bureaucrat's intervention; possibly this can be -done by the conflicting global account's owner after some timeout period. - - -=== Notifications === - -Conflicting accounts should be notified by e-mail where possible. - - -== Implementation: parts! == - -* Core: central database o' fun -* Edge: Wikis - -=== Communication requirements === - -* Full edge-core connectivity in cases: - - pmtpa: same database cluster - - pmtpa.enwiki: alternate database master - -* Open login sessions should
[MediaWiki-commits] [Gerrit] Password validity by policy per group - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/206156 Change subject: Password validity by policy per group .. Password validity by policy per group Make password policies defined in a configurable policy, which is defined by group. A user's password policy will be the maximum of each group policy that the user belongs to. Bug: T94774 Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003 --- M autoload.php M includes/DefaultSettings.php M includes/User.php A includes/password/UserPasswordPolicy.php M tests/phpunit/includes/UserTest.php A tests/phpunit/includes/password/UserPasswordPolicyTest.php 6 files changed, 541 insertions(+), 30 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/56/206156/1 diff --git a/autoload.php b/autoload.php index b480096..5f0c68d 100644 --- a/autoload.php +++ b/autoload.php @@ -1284,6 +1284,7 @@ 'UserMailer' = __DIR__ . '/includes/mail/UserMailer.php', 'UserNotLoggedIn' = __DIR__ . '/includes/exception/UserNotLoggedIn.php', 'UserOptions' = __DIR__ . '/maintenance/userOptions.inc', + 'UserPasswordPolicy' = __DIR__ . '/includes/password/UserPasswordPolicy.php', 'UserRightsProxy' = __DIR__ . '/includes/UserRightsProxy.php', 'UsercreateTemplate' = __DIR__ . '/includes/templates/Usercreate.php', 'UserloginTemplate' = __DIR__ . '/includes/templates/Userlogin.php', diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index dc16ae3..800c244 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4172,6 +4172,27 @@ * @{ */ +$wgPasswordPolicy = array( + 'checkuser' = array( + 'MinimalPasswordLength' = 10, + 'MinimumPasswordLengthToLogin' = 6, + 'PasswordCannotMatchUsername' = 1, + ), + 'sysop' = array( + 'MinimalPasswordLength' = 8, + 'MinimumPasswordLengthToLogin' = 1, + 'PasswordCannotMatchUsername' = 1, + ), + 'default' = array( + 'MinimalPasswordLength' = 1, + 'PasswordCannotMatchUsername' = 1, // true + 'PasswordCannotMatchBlacklist' = 1, // true + 'MaximalPasswordLength' = 4096, // prevent DoS with pbkdf2 + + ), +); + + /** * For compatibility with old installations set to false * @deprecated since 1.24 will be removed in future diff --git a/includes/User.php b/includes/User.php index f526fe0..3613c75 100644 --- a/includes/User.php +++ b/includes/User.php @@ -843,15 +843,11 @@ * @since 1.23 */ public function checkPasswordValidity( $password ) { - global $wgMinimalPasswordLength, $wgMaximalPasswordLength, $wgContLang; + global $wgPasswordPolicy; - static $blockedLogins = array( - 'Useruser' = 'Passpass', 'Useruser1' = 'Passpass1', # r75589 - 'Apitestsysop' = 'testpass', 'Apitestuser' = 'testpass' # r75605 - ); + $upp = new UserPasswordPolicy( $wgPasswordPolicy ); $status = Status::newGood(); - $result = false; //init $result to false for the internal checks if ( !Hooks::run( 'isValidPassword', array( $password, $result, $this ) ) ) { @@ -860,28 +856,8 @@ } if ( $result === false ) { - if ( strlen( $password ) $wgMinimalPasswordLength ) { - $status-error( 'passwordtooshort', $wgMinimalPasswordLength ); - return $status; - } elseif ( strlen( $password ) $wgMaximalPasswordLength ) { - // T64685: Password too long, might cause DoS attack - $status-fatal( 'passwordtoolong', $wgMaximalPasswordLength ); - return $status; - } elseif ( $wgContLang-lc( $password ) == $wgContLang-lc( $this-mName ) ) { - $status-error( 'password-name-match' ); - return $status; - } elseif ( isset( $blockedLogins[$this-getName()] ) -$password == $blockedLogins[$this-getName()] - ) { - $status-error( 'password-login-forbidden' ); - return $status; - } else { - //it seems weird returning a Good status here, but this is because of the - //initialization of $result to false above. If the hook is never run or it - //doesn't modify $result, then we will likely get down into this if with - //a valid password. -
[MediaWiki-commits] [Gerrit] Mark centralautologin for mobile - change (mediawiki...CentralAuth)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/205771 Change subject: Mark centralautologin for mobile .. Mark centralautologin for mobile Bug: T88860 Change-Id: I824ea40f9d226166992cada581ee6a625750b181 --- M CentralAuth.php 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/71/205771/1 diff --git a/CentralAuth.php b/CentralAuth.php index 53763f4..599be9d 100644 --- a/CentralAuth.php +++ b/CentralAuth.php @@ -521,6 +521,7 @@ 'scripts' = 'ext.centralauth.centralautologin.js', 'styles' = 'ext.centralauth.centralautologin.css', 'position' = 'top', + 'targets' = array( 'mobile', 'desktop' ), 'dependencies' = array( 'mediawiki.notify', 'mediawiki.jqueryMsg', @@ -529,6 +530,7 @@ $wgResourceModules['ext.centralauth.centralautologin.clearcookie'] = array( 'scripts' = 'ext.centralauth.centralautologin.clearcookie.js', 'position' = 'top', + 'targets' = array( 'mobile', 'desktop' ), ) + $commonModuleInfo; $wgResourceModules['ext.centralauth.noflash'] = array( -- To view, visit https://gerrit.wikimedia.org/r/205771 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I824ea40f9d226166992cada581ee6a625750b181 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/CentralAuth Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Add an edit token to Special:CheckUser - change (mediawiki...CheckUser)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201228 Change subject: SECURITY: Add an edit token to Special:CheckUser .. SECURITY: Add an edit token to Special:CheckUser Bug: T85858 Change-Id: I8b86ae48058ab85975b48a40008e91027387f5f8 --- M i18n/en.json M i18n/qqq.json M specials/SpecialCheckUser.php 3 files changed, 7 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CheckUser refs/changes/28/201228/1 diff --git a/i18n/en.json b/i18n/en.json index 922245c..778dd05 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -78,6 +78,7 @@ checkuser-email-action: sent an email to user \$1\, checkuser-reset-action: reset password for user \$1\, checkuser-toollinks: span class=\plainlinks\[[http://whois.domaintools.com/$1 RDNS] ·\n[http://www.robtex.com/rbls/$1.html RBLs] ·\n[http://www.dnsstuff.com/tools/tracert.ch?ip=$1 Traceroute] ·\n[http://www.ip2location.com/$1 Geolocate] ·\n[http://toolserver.org/~overlordq/scripts/checktor.fcgi?ip=$1 Tor check] ·\n[http://whois.arin.net/rest/ip/$1 WHOIS]]/span, + checkuser-token-fail: Session failure. Please try again., group-checkuser.css: /* CSS placed here will affect checkuser only */, group-checkuser.js: /* JS placed here will affect checkuser only */, apihelp-query+checkuser-description: Check which IP addresses are used by a given username or which usernames are used by a given IP., diff --git a/i18n/qqq.json b/i18n/qqq.json index 33af0ed..33bf928 100644 --- a/i18n/qqq.json +++ b/i18n/qqq.json @@ -95,6 +95,7 @@ checkuser-email-action: Logged text when a user sends an e-mail. Probably preceded by the name of the checkuser.\n\nParameters:\n* $1 - a salted MD5 hash for the user an email was sent to, checkuser-reset-action: Logged text when a user resets a password. Parameters:\n* $1 - the username for which the password was reset. Can be used for GENDER., checkuser-toollinks: {{notranslate}}\nParameters:\n* $1 - IP address, + checkuser-token-fail: Error message shown when the CSRF token does not match the current session., group-checkuser.css: {{doc-group|checkuser|css}}, group-checkuser.js: {{doc-group|checkuser|js}}, apihelp-query+checkuser-description: {{doc-apihelp-description|query+checkuser}}, diff --git a/specials/SpecialCheckUser.php b/specials/SpecialCheckUser.php index 24fbb55..eaa3eb5 100644 --- a/specials/SpecialCheckUser.php +++ b/specials/SpecialCheckUser.php @@ -48,7 +48,9 @@ # Perform one of the various submit operations... if ( $request-wasPosted() ) { - if ( $request-getVal( 'action' ) === 'block' ) { + if ( !$this-getUser()-matchEditToken( $request-getVal( 'wpEditToken' ) ) ) { + $this-getOutput()-wrapWikiMsg( 'div class=error$1/div', 'checkuser-token-fail' ); + } elseif ( $request-getVal( 'action' ) === 'block' ) { $this-doMassUserBlock( $users, $blockreason, $tag, $talkTag ); } elseif ( !$this-checkReason( $reason ) ) { $this-getOutput()-addWikiMsg( 'checkuser-noreason' ); @@ -168,6 +170,7 @@ $form .= '/tr'; $form .= Xml::closeElement( 'table' ); $form .= '/fieldset'; + $form .= Html::hidden( 'wpEditToken', $this-getUser()-getEditToken() ); $form .= Xml::closeElement( 'form' ); # Output form $this-getOutput()-addHTML( $form ); @@ -1078,6 +1081,7 @@ array( 'id' = 'checkuserblocksubmit', 'name' = 'checkuserblock' ) ) . /p\n; $s .= /fieldset\n; } + $s .= Html::hidden( 'wpEditToken', $this-getUser()-getEditToken() ); $s .= '/form'; } -- To view, visit https://gerrit.wikimedia.org/r/201228 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I8b86ae48058ab85975b48a40008e91027387f5f8 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/CheckUser Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Legoktm legoktm.wikipe...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201226 Change subject: SECURITY: Sanitize the content of Lua backtraces .. SECURITY: Sanitize the content of Lua backtraces Bug: T85113 Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 --- M engines/LuaCommon/LuaCommon.php 1 file changed, 10 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Scribunto refs/changes/26/201226/1 diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php index f8a6e2e..9f77234 100644 --- a/engines/LuaCommon/LuaCommon.php +++ b/engines/LuaCommon/LuaCommon.php @@ -936,25 +936,27 @@ } if ( strval( $info['namewhat'] ) !== '' ) { - $function = wfMessage( 'scribunto-lua-in-function', $info['name'] ); + $function = wfMessage( 'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } elseif ( $info['what'] == 'main' ) { $function = wfMessage( 'scribunto-lua-in-main' ); in_array( 'content', $msgOptions ) ? - $function = $function-inContentLanguage()-text() : - $function = $function-text(); + $function = $function-inContentLanguage()-plain() : + $function = $function-plain(); } else { // C function, tail call, or a Lua function where Lua can't // guess the name $function = '?'; } - $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line', strong$src/strong, $function ); + $backtraceLine = wfMessage( 'scribunto-lua-backtrace-line' ) + -rawParams( strong$src/strong ) + -params( $function ); in_array( 'content', $msgOptions ) ? - $backtraceLine = $backtraceLine-inContentLanguage()-text() : - $backtraceLine = $backtraceLine-text(); + $backtraceLine = $backtraceLine-inContentLanguage()-parse() : + $backtraceLine = $backtraceLine-parse(); $s .= li\n\t . $backtraceLine . \n/li\n; } -- To view, visit https://gerrit.wikimedia.org/r/201226 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Scribunto Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Always expand xml entities when checking SVG's - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201223 Change subject: SECURITY: Always expand xml entities when checking SVG's .. SECURITY: Always expand xml entities when checking SVG's XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml entities unexpanded, which can lead to false-negatives when the callback was used for filtering. Update XmlTypeCheck to use XMLReader instead, tell the library to fully expand entities, and rely on the library to error out if it encounters XML that is likely to cause a DoS if parsed. Bug: T88310 Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba --- M includes/libs/XmlTypeCheck.php M tests/phpunit/includes/libs/XmlTypeCheckTest.php M tests/phpunit/includes/upload/UploadBaseTest.php 3 files changed, 206 insertions(+), 105 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/23/201223/1 diff --git a/includes/libs/XmlTypeCheck.php b/includes/libs/XmlTypeCheck.php index 0d6c3a6..6d01986 100644 --- a/includes/libs/XmlTypeCheck.php +++ b/includes/libs/XmlTypeCheck.php @@ -2,6 +2,11 @@ /** * XML syntax and type checker. * + * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us + * more control over the expansion of XML entities. When passed to the + * callback, entities will be fully expanded, but may report the XML is + * invalid if expanding the entities are likely to cause a DoS. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -25,7 +30,7 @@ * Will be set to true or false to indicate whether the file is * well-formed XML. Note that this doesn't check schema validity. */ - public $wellFormed = false; + public $wellFormed = null; /** * Will be set to true if the optional element filter returned @@ -78,12 +83,7 @@ function __construct( $input, $filterCallback = null, $isFile = true, $options = array() ) { $this-filterCallback = $filterCallback; $this-parserOptions = array_merge( $this-parserOptions, $options ); - - if ( $isFile ) { - $this-validateFromFile( $input ); - } else { - $this-validateFromString( $input ); - } + $this-validateFromInput( $input, $isFile ); } /** @@ -125,140 +125,211 @@ return $this-rootElement; } - /** -* Get an XML parser with the root element handler. -* @see XmlTypeCheck::rootElementOpen() -* @return resource a resource handle for the XML parser -*/ - private function getParser() { - $parser = xml_parser_create_ns( 'UTF-8' ); - // case folding violates XML standard, turn it off - xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false ); - xml_set_element_handler( $parser, array( $this, 'rootElementOpen' ), false ); - if ( $this-parserOptions['processing_instruction_handler'] ) { - xml_set_processing_instruction_handler( - $parser, - array( $this, 'processingInstructionHandler' ) - ); - } - return $parser; - } /** * @param string $fname the filename */ - private function validateFromFile( $fname ) { - $parser = $this-getParser(); - - if ( file_exists( $fname ) ) { - $file = fopen( $fname, rb ); - if ( $file ) { - do { - $chunk = fread( $file, 32768 ); - $ret = xml_parse( $parser, $chunk, feof( $file ) ); - if ( $ret == 0 ) { - $this-wellFormed = false; - fclose( $file ); - xml_parser_free( $parser ); - return; - } - } while ( !feof( $file ) ); - - fclose( $file ); - } - } - $this-wellFormed = true; - - xml_parser_free( $parser ); - } - - /** -* -* @param string $string the XML-input-string to be checked. -*/ - private function validateFromString( $string ) { - $parser = $this-getParser(); - $ret = xml_parse( $parser, $string, true ); -
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow embedded application/xml in SVG's - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201218 Change subject: SECURITY: Don't allow embedded application/xml in SVG's .. SECURITY: Don't allow embedded application/xml in SVG's Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got around our blacklist on embedded href targets. Use a whitelist instead. Bug: T85850 Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28 --- M includes/upload/UploadBase.php M tests/phpunit/includes/upload/UploadBaseTest.php 2 files changed, 23 insertions(+), 14 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/18/201218/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index a001fea..8c3f174 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1412,20 +1412,16 @@ } } - # href with embedded svg as target - if ( $stripped == 'href' preg_match( '!data:[^,]*image/svg[^,]*,!sim', $value ) ) { - wfDebug( __METHOD__ . : Found href to embedded svg - . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); - - return true; - } - - # href with embedded (text/xml) svg as target - if ( $stripped == 'href' preg_match( '!data:[^,]*text/xml[^,]*,!sim', $value ) ) { - wfDebug( __METHOD__ . : Found href to embedded svg - . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); - - return true; + # only allow data: targets that should be safe. This prevents vectors like, + # image/svg, text/xml, application/xml, and text/html, which can contain scripts + if ( $stripped == 'href' strncasecmp( 'data:', $value, 5 ) === 0 ) { + // rfc2397 parameters. This is only slightly slower than (;[\w;]+)*. + $parameters = '(?;[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+=(?[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+|(?[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|[\0-\x7f])*))*(?:;base64)?'; + if ( !preg_match( !^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i, $value ) ) { + wfDebug( __METHOD__ . : Found href to unwhitelisted data: uri + . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); + return true; + } } # Change href with animate from (http://html5sec.org/#137). This doesn't seem diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index dd43af9..8c5c923 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -163,6 +163,12 @@ 'SVG with javascript xlink (http://html5sec.org/#87)' ), array( + 'svg xmlns=http://www.w3.org/2000/svg; xmlns:xlink=http://www.w3.org/1999/xlink;use xlink:href=data:application/xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjUwIiBjeD0iMTAwIiBjeT0iMTAwIiBzdHlsZT0iZmlsbDogI0YwMCI+CjxzZXQgYXR0cmlidXRlTmFtZT0iZmlsbCIgYXR0cmlidXRlVHlwZT0iQ1NTIiBvbmJlZ2luPSdhbGVydChkb2N1bWVudC5jb29raWUpJwpvbmVuZD0nYWxlcnQoIm9uZW5kIiknIHRvPSIjMDBGIiBiZWdpbj0iMXMiIGR1cj0iNXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test/ /svg', + true, + true, + 'SVG with Opera image xlink (http://html5sec.org/#88 - c)' + ), + array( 'svg xmlns=http://www.w3.org/2000/svg; xmlns:xlink=http://www.w3.org/1999/xlink; animation xlink:href=javascript:alert(1)/ /svg', true, true, @@ -337,6 +343,13 @@ true, 'SVG with remote background image using image() (bug 69008)' ), + array( + // As reported by Cure53 + 'svg xmlns=http://www.w3.org/2000/svg; xmlns:xlink=http://www.w3.org/1999/xlink; a xlink:href=data:text/html;charset=utf-8;base64, PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ%2BDQo%3D circle
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow entities in XMP with HHVM - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201225 Change subject: SECURITY: Don't allow entities in XMP with HHVM .. SECURITY: Don't allow entities in XMP with HHVM Test for, and refuse to parse, XMP chunks with a doctype declaration when parsing XMP under HHVM. Bug: T85848 Change-Id: Iea4feb077ee85a35509a920153daaa9321ee69f3 --- M includes/media/BitmapMetadataHandler.php M includes/media/JpegMetadataExtractor.php M includes/media/XMP.php A tests/phpunit/data/xmp/doctype-included.result.php A tests/phpunit/data/xmp/doctype-included.xmp A tests/phpunit/data/xmp/doctype-not-included.xmp M tests/phpunit/includes/media/XMPTest.php 7 files changed, 179 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/25/201225/1 diff --git a/includes/media/BitmapMetadataHandler.php b/includes/media/BitmapMetadataHandler.php index bb7a1e8..c8d37bb 100644 --- a/includes/media/BitmapMetadataHandler.php +++ b/includes/media/BitmapMetadataHandler.php @@ -154,7 +154,7 @@ * @throws MWException On invalid file. */ static function Jpeg( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $meta = new self(); $seg = JpegMetadataExtractor::segmentSplitter( $filename ); @@ -196,7 +196,7 @@ * @return array Array for storage in img_metadata. */ public static function PNG( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $meta = new self(); $array = PNGMetadataExtractor::getMetadata( $filename ); @@ -236,7 +236,7 @@ $meta-addMetadata( array( 'GIFFileComment' = $baseArray['comment'] ), 'native' ); } - if ( $baseArray['xmp'] !== '' function_exists( 'xml_parser_create_ns' ) ) { + if ( $baseArray['xmp'] !== '' XMPReader::isSupported() ) { $xmp = new XMPReader(); $xmp-parse( $baseArray['xmp'] ); $xmpRes = $xmp-getResults(); diff --git a/includes/media/JpegMetadataExtractor.php b/includes/media/JpegMetadataExtractor.php index 0d8013d..ae4af8d 100644 --- a/includes/media/JpegMetadataExtractor.php +++ b/includes/media/JpegMetadataExtractor.php @@ -48,7 +48,7 @@ * @throws MWException If given invalid file. */ static function segmentSplitter( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $segmentCount = 0; diff --git a/includes/media/XMP.php b/includes/media/XMP.php index 0d341aa..50f04ae 100644 --- a/includes/media/XMP.php +++ b/includes/media/XMP.php @@ -80,6 +80,12 @@ /** @var int */ private $extendedXMPOffset = 0; + /** @var int Flag determining if the XMP is safe to parse **/ + private $parsable = 0; + + /** @var string Buffer of XML to parse **/ + private $xmlParsableBuffer = ''; + /** * These are various mode constants. * they are used to figure out what to do @@ -107,6 +113,12 @@ const NS_RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#'; const NS_XML = 'http://www.w3.org/XML/1998/namespace'; + + // States used while determining if XML is safe to parse + const PARSABLE_UNKNOWN = 0; + const PARSABLE_OK = 1; + const PARSABLE_BUFFERING = 2; + const PARSABLE_NO = 3; /** * Constructor. @@ -145,6 +157,9 @@ array( $this, 'endElement' ) ); xml_set_character_data_handler( $this-xmlParser, array( $this, 'char' ) ); + + $this-parsable = self::PARSABLE_UNKNOWN; + $this-xmlParsableBuffer = ''; } /** Destroy the xml parser @@ -154,6 +169,13 @@ function __destruct() { // not sure if this is needed. xml_parser_free( $this-xmlParser ); + } + + /** +* Check if this instance supports using this class +*/ + public static function isSupported() { + return function_exists( 'xml_parser_create_ns' ) class_exists( 'XMLReader' ); } /** Get the result array. Do some post-processing before returning @@ -305,6 +327,27 @@ wfRestoreWarnings(); } + // Ensure the XMP block does not have an xml doctype declaration, which + // could declare entities unsafe to parse with xml_parse (T85848/T71210). + if ( $this-parsable !== self::PARSABLE_OK ) { + if ( $this-parsable ===
[MediaWiki-commits] [Gerrit] SECURITY: Make SVG @import checking case insensitive - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201217 Change subject: SECURITY: Make SVG @import checking case insensitive .. SECURITY: Make SVG @import checking case insensitive @import in embedded CSS is case-insensitive, meaning an attacker can put @iMpOrT and it should still work. This uses stripos instead of strpos to make the check case insensitive. Bug: T85349 Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1 --- M includes/upload/UploadBase.php M tests/phpunit/includes/upload/UploadBaseTest.php 2 files changed, 7 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/17/201217/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index a79526e..a001fea 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1524,7 +1524,7 @@ private static function checkCssFragment( $value ) { # Forbid external stylesheets, for both reliability and to protect viewer's privacy - if ( strpos( $value, '@import' ) !== false ) { + if ( stripos( $value, '@import' ) !== false ) { return true; } diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index 63ad8c0..dd43af9 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -306,6 +306,12 @@ 'SVG with @import in style element and child element (bug 69008#c11)' ), array( + 'svg xmlns=http://www.w3.org/2000/svg; viewBox=6 3 177 153 xmlns:xlink=http://www.w3.org/1999/xlink; style@imporT https://fonts.googleapis.com/css?family=Bitter:700amp;text=WebPlatform.org;;/style g transform=translate(-.5,-.5) text fill=#474747 x=95 y=150 text-anchor=middle font-family=Bitter font-size=20 font-weight=boldWebPlatform.org/text /g /svg', + true, + true, + 'SVG with case-insensitive @import in style element (bug T85349)' + ), + array( 'svg xmlns=http://www.w3.org/2000/svg; rect width=100 height=100 style=background-image:url(https://www.google.com/images/srpr/logo11w.png)/ /svg', true, true, -- To view, visit https://gerrit.wikimedia.org/r/201217 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Parent5446 tylerro...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Set maximal password length for DoS - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201220 Change subject: SECURITY: Set maximal password length for DoS .. SECURITY: Set maximal password length for DoS Prevent DoS attacks caused by the amount of time it takes to hash long passwords by setting a limit on password length. Slightly restructures the behavior of User::checkPasswordValidity in order to accommodate for the difference between passwords the user should be able to log in with and passwords they should not. Bug: T64685 Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e --- M includes/DefaultSettings.php M includes/User.php M includes/specials/SpecialUserlogin.php M languages/i18n/en.json M languages/i18n/qqq.json M tests/phpunit/includes/UserTest.php 6 files changed, 58 insertions(+), 23 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/20/201220/1 diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 5ab557e..84dc3aa 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4227,6 +4227,18 @@ $wgMinimalPasswordLength = 1; /** + * Specifies the maximal length of a user password (T64685). + * + * It is not recommended to make this greater than the default, as it can + * allow DoS attacks by users setting really long passwords. In addition, + * this should not be lowered too much, as it enforces weak passwords. + * + * @warning Unlike other password settings, user with passwords greater than + * the maximum will not be able to log in. + */ +$wgMaximalPasswordLength = 4096; + +/** * Specifies if users should be sent to a password-reset form on login, if their * password doesn't meet the requirements of User::isValidPassword(). * @since 1.23 diff --git a/includes/User.php b/includes/User.php index 89ff299..2e88978 100644 --- a/includes/User.php +++ b/includes/User.php @@ -826,15 +826,24 @@ } /** -* Check if this is a valid password for this user. Status will be good if -* the password is valid, or have an array of error messages if not. +* Check if this is a valid password for this user +* +* Create a Status object based on the password's validity. +* The Status should be set to fatal if the user should not +* be allowed to log in, and should have any errors that +* would block changing the password. +* +* If the return value of this is not OK, the password +* should not be checked. If the return value is not Good, +* the password can be checked, but the user should not be +* able to set their password to this. * * @param string $password Desired password * @return Status * @since 1.23 */ public function checkPasswordValidity( $password ) { - global $wgMinimalPasswordLength, $wgContLang; + global $wgMinimalPasswordLength, $wgMaximalPasswordLength, $wgContLang; static $blockedLogins = array( 'Useruser' = 'Passpass', 'Useruser1' = 'Passpass1', # r75589 @@ -853,6 +862,10 @@ if ( $result === false ) { if ( strlen( $password ) $wgMinimalPasswordLength ) { $status-error( 'passwordtooshort', $wgMinimalPasswordLength ); + return $status; + } elseif ( strlen( $password ) $wgMaximalPasswordLength ) { + // T64685: Password too long, might cause DoS attack + $status-fatal( 'passwordtoolong', $wgMaximalPasswordLength ); return $status; } elseif ( $wgContLang-lc( $password ) == $wgContLang-lc( $this-mName ) ) { $status-error( 'password-name-match' ); @@ -2382,17 +2395,9 @@ throw new PasswordError( wfMessage( 'password-change-forbidden' )-text() ); } - if ( !$this-isValidPassword( $str ) ) { - global $wgMinimalPasswordLength; - $valid = $this-getPasswordValidity( $str ); - if ( is_array( $valid ) ) { - $message = array_shift( $valid ); - $params = $valid; - } else { - $message = $valid; - $params = array( $wgMinimalPasswordLength ); - } - throw new PasswordError( wfMessage( $message, $params )-text() ); + $status = $this-checkPasswordValidity( $str ); + if ( !$status-isGood() ) {
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow directly calling Xml::isWellFormed - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201224 Change subject: SECURITY: Don't allow directly calling Xml::isWellFormed .. SECURITY: Don't allow directly calling Xml::isWellFormed Changing Xml::isWellFormed to private. In WMF hosted repos, there are no callers to isWellFormed directly. Bug: T85848 Change-Id: I104427989b89c386de571b8e60642095331a1132 --- M includes/Xml.php 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/24/201224/1 diff --git a/includes/Xml.php b/includes/Xml.php index 78b8715..f0bd70b 100644 --- a/includes/Xml.php +++ b/includes/Xml.php @@ -703,13 +703,15 @@ /** * Check if a string is well-formed XML. * Must include the surrounding tag. +* This function is a DoS vector if an attacker can define +* entities in $text. * * @param string $text String to test. * @return bool * * @todo Error position reporting return */ - public static function isWellFormed( $text ) { + private static function isWellFormed( $text ) { $parser = xml_parser_create( UTF-8 ); # case folding violates XML standard, turn it off -- To view, visit https://gerrit.wikimedia.org/r/201224 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I104427989b89c386de571b8e60642095331a1132 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Escape in Html::expandAttributes - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201222 Change subject: SECURITY: Escape in Html::expandAttributes .. SECURITY: Escape in Html::expandAttributes Escape characters in attributes, so we don't confuse post-processing, like LanguageConverter. Bug: T73394 Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 --- M includes/Html.php M tests/parser/parserTests.txt 2 files changed, 7 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/22/201222/1 diff --git a/includes/Html.php b/includes/Html.php index 4b69885..effc488 100644 --- a/includes/Html.php +++ b/includes/Html.php @@ -600,17 +600,20 @@ } else { // Apparently we need to entity-encode \n, \r, \t, although the // spec doesn't mention that. Since we're doing strtr() anyway, - // and we don't need escaped here, we may as well not call - // htmlspecialchars(). + // we may as well not call htmlspecialchars(). // @todo FIXME: Verify that we actually need to // escape \n\r\t here, and explain why, exactly. # // We could call Sanitizer::encodeAttribute() for this, but we // don't because we're stubborn and like our marginal savings on // byte size from not having to encode unnecessary quotes. + // The only difference between this transform and the one by + // Sanitizer::encodeAttribute() is '' is only encoded here if + // $wgWellFormedXml is set, and ' is not encoded. $map = array( '' = 'amp;', '' = 'quot;', + '' = 'gt;', \n = '#10;', \r = '#13;', \t = '#9;' diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index 2b7f4cd..f660678 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -13901,7 +13901,7 @@ /ul /div -h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: text textedit/aspan class=mw-editsection-bracket]/span/span/h2 +h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: text gt; textedit/aspan class=mw-editsection-bracket]/span/span/h2 psection 1 /p h2span class=mw-headline id=text_.3C_texttext lt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: text lt; textedit/aspan class=mw-editsection-bracket]/span/span/h2 @@ -19608,7 +19608,7 @@ /div h2span class=mw-headline id=Hellosup class=in-h2Hello/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: Helloedit/aspan class=mw-editsection-bracket]/span/span/h2 -h2span class=mw-headline id=b.22.3EEvilbyesup bgt;Evilbye/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: bquot;Evilbyeedit/aspan class=mw-editsection-bracket]/span/span/h2 +h2span class=mw-headline id=b.22.3EEvilbyesup bgt;Evilbye/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: bquot;gt;Evilbyeedit/aspan class=mw-editsection-bracket]/span/span/h2 !! end -- To view, visit https://gerrit.wikimedia.org/r/201222 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Don't execute another user's CSS or JS on preview - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201221 Change subject: SECURITY: Don't execute another user's CSS or JS on preview .. SECURITY: Don't execute another user's CSS or JS on preview Someone could theoretically try to hide malicious code in their user common.js and then trick an admin into previewing it by asking for help. Bug: T85855 Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a --- M includes/EditPage.php M includes/OutputPage.php 2 files changed, 18 insertions(+), 12 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/21/201221/1 diff --git a/includes/EditPage.php b/includes/EditPage.php index a5994e7..e113426 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -2670,19 +2670,21 @@ array( 'userinvalidcssjstitle', $this-mTitle-getSkinFromCssJsSubpage() ) ); } - if ( $this-formtype !== 'preview' ) { - if ( $this-isCssSubpage $wgAllowUserCss ) { - $wgOut-wrapWikiMsg( - div id='mw-usercssyoucanpreview'\n$1\n/div, - array( 'usercssyoucanpreview' ) - ); - } + if ( $this-getTitle()-isSubpageOf( $wgUser-getUserPage() ) ) { + if ( $this-formtype !== 'preview' ) { + if ( $this-isCssSubpage $wgAllowUserCss ) { + $wgOut-wrapWikiMsg( + div id='mw-usercssyoucanpreview'\n$1\n/div, + array( 'usercssyoucanpreview' ) + ); + } - if ( $this-isJsSubpage $wgAllowUserJs ) { - $wgOut-wrapWikiMsg( - div id='mw-userjsyoucanpreview'\n$1\n/div, - array( 'userjsyoucanpreview' ) - ); + if ( $this-isJsSubpage $wgAllowUserJs ) { + $wgOut-wrapWikiMsg( + div id='mw-userjsyoucanpreview'\n$1\n/div, + array( 'userjsyoucanpreview' ) + ); + } } } } diff --git a/includes/OutputPage.php b/includes/OutputPage.php index edeae0d..73d0cba 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -3288,6 +3288,10 @@ if ( !$this-getTitle()-isJsSubpage() !$this-getTitle()-isCssSubpage() ) { return false; } + if ( !$this-getTitle()-isSubpageOf( $this-getUser()-getUserPage() ) ) { + // Don't execute another user's CSS or JS on preview (T85855) + return false; + } return !count( $this-getTitle()-getUserPermissionsErrors( 'edit', $this-getUser() ) ); } -- To view, visit https://gerrit.wikimedia.org/r/201221 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Anomie bjor...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Fix animate blacklist - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201219 Change subject: SECURITY: Fix animate blacklist .. SECURITY: Fix animate blacklist The blacklist should prevent animating any element's xlink:href to a javascript url. Bug: T86711 Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a --- M includes/upload/UploadBase.php M tests/phpunit/includes/upload/UploadBaseTest.php 2 files changed, 15 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/19/201219/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 8c3f174..6da8250 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1424,11 +1424,10 @@ } } - # Change href with animate from (http://html5sec.org/#137). This doesn't seem - # possible without embedding the svg, but filter here in case. - if ( $stripped == 'from' + # Change href with animate from (http://html5sec.org/#137). + if ( $stripped === 'attributename' $strippedElement === 'animate' -!preg_match( '!^https?://!im', $value ) +$this-stripXmlNamespace( $value ) == 'href' ) { wfDebug( __METHOD__ . : Found animate that might be changing href using from . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index 8c5c923..c027af6 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -279,6 +279,18 @@ true, 'SVG with animate from (http://html5sec.org/#137)' ), + array( + 'svg xmlns=http://www.w3.org/2000/svg; xmlns:xlink=http://www.w3.org/1999/xlink; atext y=1emClick me/text animate attributeName=xlink:href values=javascript:alert(\'Bang!\') begin=0s dur=0.1s fill=freeze / /a/svg', + true, + true, + 'SVG with animate xlink:href (http://html5sec.org/#137)' + ), + array( + 'svg xmlns=http://www.w3.org/2000/svg; xmlns:y=http://www.w3.org/1999/xlink; a y:href=# text y=1emClick me/text animate attributeName=y:href values=javascript:alert(\'Bang!\') begin=0s dur=0.1s fill=freeze / /a /svg', + true, + true, + 'SVG with animate y:href (http://html5sec.org/#137)' + ), // Other hostile SVG's array( -- To view, visit https://gerrit.wikimedia.org/r/201219 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] [TEST] Ignore this - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201007 Change subject: [TEST] Ignore this .. [TEST] Ignore this Test commit from caesium Change-Id: Ibe8f3119be1ae616606f008cf1a4e182fb3b4230 --- M README 1 file changed, 2 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/07/201007/1 diff --git a/README b/README index 29577bc..200acfe 100644 --- a/README +++ b/README @@ -1,5 +1,7 @@ == MediaWiki == +TEST! + MediaWiki is a free and open-source wiki software package written in PHP. It serves as the platform for Wikipedia and the other projects of the Wikimedia Foundation, which deliver content in over 280 languages to more than half a -- To view, visit https://gerrit.wikimedia.org/r/201007 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibe8f3119be1ae616606f008cf1a4e182fb3b4230 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Escape in Html::expandAttributes - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201027 Change subject: SECURITY: Escape in Html::expandAttributes .. SECURITY: Escape in Html::expandAttributes Escape characters in attributes, so we don't confuse post-processing, like LanguageConverter. Bug: T73394 Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 --- M includes/Html.php M tests/parser/parserTests.txt 2 files changed, 7 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/27/201027/1 diff --git a/includes/Html.php b/includes/Html.php index b1d4f00..ca0c76e 100644 --- a/includes/Html.php +++ b/includes/Html.php @@ -531,17 +531,20 @@ } else { // Apparently we need to entity-encode \n, \r, \t, although the // spec doesn't mention that. Since we're doing strtr() anyway, - // and we don't need escaped here, we may as well not call - // htmlspecialchars(). + // we may as well not call htmlspecialchars(). // @todo FIXME: Verify that we actually need to // escape \n\r\t here, and explain why, exactly. # // We could call Sanitizer::encodeAttribute() for this, but we // don't because we're stubborn and like our marginal savings on // byte size from not having to encode unnecessary quotes. + // The only difference between this transform and the one by + // Sanitizer::encodeAttribute() is '' is only encoded here if + // $wgWellFormedXml is set, and ' is not encoded. $map = array( '' = 'amp;', '' = 'quot;', + '' = 'gt;', \n = '#10;', \r = '#13;', \t = '#9;' diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index e8e71b8..c3e972e 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -11642,7 +11642,7 @@ /ul /div -h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: text textedit/aspan class=mw-editsection-bracket]/span/span/h2 +h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: text gt; textedit/aspan class=mw-editsection-bracket]/span/span/h2 psection 1 /p h2span class=mw-headline id=text_.3C_texttext lt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: text lt; textedit/aspan class=mw-editsection-bracket]/span/span/h2 @@ -16905,7 +16905,7 @@ /div h2span class=mw-headline id=Hellosup class=in-h2Hello/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: Helloedit/aspan class=mw-editsection-bracket]/span/span/h2 -h2span class=mw-headline id=b.22.3EEvilbyesup bgt;Evilbye/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: bquot;Evilbyeedit/aspan class=mw-editsection-bracket]/span/span/h2 +h2span class=mw-headline id=b.22.3EEvilbyesup bgt;Evilbye/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: bquot;gt;Evilbyeedit/aspan class=mw-editsection-bracket]/span/span/h2 !! end -- To view, visit https://gerrit.wikimedia.org/r/201027 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_23 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow embedded application/xml in SVG's - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201012 Change subject: SECURITY: Don't allow embedded application/xml in SVG's .. SECURITY: Don't allow embedded application/xml in SVG's Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got around our blacklist on embedded href targets. Use a whitelist instead. Bug: T85850 Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28 --- M includes/upload/UploadBase.php M tests/phpunit/includes/upload/UploadBaseTest.php 2 files changed, 23 insertions(+), 14 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/12/201012/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index df86091..5781627 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1416,20 +1416,16 @@ } } - # href with embedded svg as target - if ( $stripped == 'href' preg_match( '!data:[^,]*image/svg[^,]*,!sim', $value ) ) { - wfDebug( __METHOD__ . : Found href to embedded svg - . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); - - return true; - } - - # href with embedded (text/xml) svg as target - if ( $stripped == 'href' preg_match( '!data:[^,]*text/xml[^,]*,!sim', $value ) ) { - wfDebug( __METHOD__ . : Found href to embedded svg - . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); - - return true; + # only allow data: targets that should be safe. This prevents vectors like, + # image/svg, text/xml, application/xml, and text/html, which can contain scripts + if ( $stripped == 'href' strncasecmp( 'data:', $value, 5 ) === 0 ) { + // rfc2397 parameters. This is only slightly slower than (;[\w;]+)*. + $parameters = '(?;[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+=(?[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+|(?[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|[\0-\x7f])*))*(?:;base64)?'; + if ( !preg_match( !^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i, $value ) ) { + wfDebug( __METHOD__ . : Found href to unwhitelisted data: uri + . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); + return true; + } } # Change href with animate from (http://html5sec.org/#137). This doesn't seem diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index 475513e..ac8cc43 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -168,6 +168,12 @@ 'SVG with javascript xlink (http://html5sec.org/#87)' ), array( + 'svg xmlns=http://www.w3.org/2000/svg; xmlns:xlink=http://www.w3.org/1999/xlink;use xlink:href=data:application/xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjUwIiBjeD0iMTAwIiBjeT0iMTAwIiBzdHlsZT0iZmlsbDogI0YwMCI+CjxzZXQgYXR0cmlidXRlTmFtZT0iZmlsbCIgYXR0cmlidXRlVHlwZT0iQ1NTIiBvbmJlZ2luPSdhbGVydChkb2N1bWVudC5jb29raWUpJwpvbmVuZD0nYWxlcnQoIm9uZW5kIiknIHRvPSIjMDBGIiBiZWdpbj0iMXMiIGR1cj0iNXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test/ /svg', + true, + true, + 'SVG with Opera image xlink (http://html5sec.org/#88 - c)' + ), + array( 'svg xmlns=http://www.w3.org/2000/svg; xmlns:xlink=http://www.w3.org/1999/xlink; animation xlink:href=javascript:alert(1)/ /svg', true, true, @@ -342,6 +348,13 @@ true, 'SVG with remote background image using image() (bug 69008)' ), + array( + // As reported by Cure53 + 'svg xmlns=http://www.w3.org/2000/svg; xmlns:xlink=http://www.w3.org/1999/xlink; a xlink:href=data:text/html;charset=utf-8;base64, PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ%2BDQo%3D circle
[MediaWiki-commits] [Gerrit] SECURITY: Fix animate blacklist - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201035 Change subject: SECURITY: Fix animate blacklist .. SECURITY: Fix animate blacklist The blacklist should prevent animating any element's xlink:href to a javascript url. Bug: T86711 Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a --- M includes/upload/UploadBase.php 1 file changed, 3 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/35/201035/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index db96ca3..06375f8 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1222,11 +1222,10 @@ } } - # Change href with animate from (http://html5sec.org/#137). This doesn't seem - # possible without embedding the svg, but filter here in case. - if ( $stripped == 'from' + # Change href with animate from (http://html5sec.org/#137). + if ( $stripped === 'attributename' $strippedElement === 'animate' -!preg_match( '!^https?://!im', $value ) +$this-stripXmlNamespace( $value ) == 'href' ) { wfDebug( __METHOD__ . : Found animate that might be changing href using from . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); -- To view, visit https://gerrit.wikimedia.org/r/201035 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_19 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow entities in XMP - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201039 Change subject: SECURITY: Don't allow entities in XMP .. SECURITY: Don't allow entities in XMP Test for, and refuse to parse, XMP chunks with a doctype declaration when parsing XMP. Bug: T85848 Change-Id: Iea4feb077ee85a35509a920153daaa9321ee69f3 --- M includes/media/BitmapMetadataHandler.php M includes/media/JpegMetadataExtractor.php M includes/media/XMP.php A tests/phpunit/data/xmp/doctype-included.result.php A tests/phpunit/data/xmp/doctype-included.xmp A tests/phpunit/data/xmp/doctype-not-included.xmp M tests/phpunit/includes/media/XMPTest.php 7 files changed, 175 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/39/201039/1 diff --git a/includes/media/BitmapMetadataHandler.php b/includes/media/BitmapMetadataHandler.php index 746..566018c 100644 --- a/includes/media/BitmapMetadataHandler.php +++ b/includes/media/BitmapMetadataHandler.php @@ -126,7 +126,7 @@ * @throws MWException on invalid file. */ static function Jpeg ( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $meta = new self(); $seg = JpegMetadataExtractor::segmentSplitter( $filename ); @@ -168,7 +168,7 @@ * @return Array Array for storage in img_metadata. */ static public function PNG ( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $meta = new self(); $array = PNGMetadataExtractor::getMetadata( $filename ); @@ -205,7 +205,7 @@ $meta-addMetadata( array( 'GIFFileComment' = $baseArray['comment'] ), 'native' ); } - if ( $baseArray['xmp'] !== '' function_exists( 'xml_parser_create_ns' ) ) { + if ( $baseArray['xmp'] !== '' XMPReader::isSupported() ) { $xmp = new XMPReader(); $xmp-parse( $baseArray['xmp'] ); $xmpRes = $xmp-getResults(); diff --git a/includes/media/JpegMetadataExtractor.php b/includes/media/JpegMetadataExtractor.php index 224b4a2..7cbd2e9 100644 --- a/includes/media/JpegMetadataExtractor.php +++ b/includes/media/JpegMetadataExtractor.php @@ -24,7 +24,7 @@ * @throws MWException if given invalid file. */ static function segmentSplitter ( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $segmentCount = 0; diff --git a/includes/media/XMP.php b/includes/media/XMP.php index 0dbf563..3a4a915 100644 --- a/includes/media/XMP.php +++ b/includes/media/XMP.php @@ -40,6 +40,12 @@ protected $items; + /** @var int Flag determining if the XMP is safe to parse **/ + private $parsable = 0; + + /** @var string Buffer of XML to parse **/ + private $xmlParsableBuffer = ''; + /** * These are various mode constants. * they are used to figure out what to do @@ -68,6 +74,12 @@ const NS_RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#'; const NS_XML = 'http://www.w3.org/XML/1998/namespace'; + + // States used while determining if XML is safe to parse + const PARSABLE_UNKNOWN = 0; + const PARSABLE_OK = 1; + const PARSABLE_BUFFERING = 2; + const PARSABLE_NO = 3; /** * Constructor. @@ -106,6 +118,9 @@ array( $this, 'endElement' ) ); xml_set_character_data_handler( $this-xmlParser, array( $this, 'char' ) ); + + $this-parsable = self::PARSABLE_UNKNOWN; + $this-xmlParsableBuffer = ''; } /** Destroy the xml parser @@ -115,6 +130,13 @@ function __destruct() { // not sure if this is needed. xml_parser_free( $this-xmlParser ); + } + + /** +* Check if this instance supports using this class +*/ + public static function isSupported() { + return function_exists( 'xml_parser_create_ns' ) class_exists( 'XMLReader' ); } /** Get the result array. Do some post-processing before returning @@ -263,6 +285,27 @@ wfRestoreWarnings(); } + // Ensure the XMP block does not have an xml doctype declaration, which + // could declare entities unsafe to parse with xml_parse (T85848/T71210). + if ( $this-parsable !== self::PARSABLE_OK ) { + if ( $this-parsable === self::PARSABLE_NO ) { + throw
[MediaWiki-commits] [Gerrit] SECURITY: Always expand xml entities when checking SVG's - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201038 Change subject: SECURITY: Always expand xml entities when checking SVG's .. SECURITY: Always expand xml entities when checking SVG's XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml entities unexpanded, which can lead to false-negatives when the callback was used for filtering. Update XmlTypeCheck to use XMLReader instead, tell the library to fully expand entities, and rely on the library to error out if it encounters XML that is likely to cause a DoS if parsed. Bug: T88310 Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba --- M includes/XmlTypeCheck.php 1 file changed, 201 insertions(+), 84 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/38/201038/1 diff --git a/includes/XmlTypeCheck.php b/includes/XmlTypeCheck.php index 2062101..693580d 100644 --- a/includes/XmlTypeCheck.php +++ b/includes/XmlTypeCheck.php @@ -1,11 +1,36 @@ ?php +/** + * XML syntax and type checker. + * + * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us + * more control over the expansion of XML entities. When passed to the + * callback, entities will be fully expanded, but may report the XML is + * invalid if expanding the entities are likely to cause a DoS. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * http://www.gnu.org/copyleft/gpl.html + * + * @file + */ class XmlTypeCheck { /** * Will be set to true or false to indicate whether the file is * well-formed XML. Note that this doesn't check schema validity. */ - public $wellFormed = false; + public $wellFormed = null; /** * Will be set to true if the optional element filter returned @@ -19,7 +44,7 @@ */ public $rootElement = ''; - /** + /** * A stack of strings containing the data of each xml element as it's processed. Append * data to the top string of the stack, then pop off the string and process it when the * element is closed. @@ -44,19 +69,19 @@ ); /** -* @param $file string filename -* @param $filterCallback callable (optional) +* @param string $input a filename +* @param callable $filterCallback (optional) *Function to call to do additional custom validity checks from the *SAX element handler event. This gives you access to the element *namespace, name, attributes, and text contents. *Filter should return 'true' to toggle on $this-filterMatch * @param array $options list of additional parsing options: -* processing_instruction_handler: Callback for xml_set_processing_instruction_handler +*processing_instruction_handler: Callback for xml_set_processing_instruction_handler */ - function __construct( $file, $filterCallback=null, $options=array() ) { + function __construct( $input, $filterCallback = null, $options = array() ) { $this-filterCallback = $filterCallback; $this-parserOptions = array_merge( $this-parserOptions, $options ); - $this-run( $file ); + $this-validateFromInput( $input, true ); } /** @@ -68,119 +93,211 @@ return $this-rootElement; } - /** -* @param $fname -*/ - private function run( $fname ) { - $parser = xml_parser_create_ns( 'UTF-8' ); - - // case folding violates XML standard, turn it off - xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false ); - - xml_set_element_handler( $parser, array( $this, 'rootElementOpen' ), false ); - - if ( $this-parserOptions['processing_instruction_handler'] ) { - xml_set_processing_instruction_handler( - $parser, - array( $this, 'processingInstructionHandler' ) - ); - } - - if ( file_exists( $fname ) ) { - $file = fopen( $fname, rb ); -
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow embedded application/xml in SVG's - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201034 Change subject: SECURITY: Don't allow embedded application/xml in SVG's .. SECURITY: Don't allow embedded application/xml in SVG's Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got around our blacklist on embedded href targets. Use a whitelist instead. Bug: T85850 Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28 --- M includes/upload/UploadBase.php 1 file changed, 10 insertions(+), 10 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/34/201034/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 1f893c5..db96ca3 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1210,16 +1210,16 @@ } } - # href with embeded svg as target - if( $stripped == 'href' preg_match( '!data:[^,]*image/svg[^,]*,!sim', $value ) ) { - wfDebug( __METHOD__ . : Found href to embedded svg \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); - return true; - } - - # href with embeded (text/xml) svg as target - if( $stripped == 'href' preg_match( '!data:[^,]*text/xml[^,]*,!sim', $value ) ) { - wfDebug( __METHOD__ . : Found href to embedded svg \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); - return true; + # only allow data: targets that should be safe. This prevents vectors like, + # image/svg, text/xml, application/xml, and text/html, which can contain scripts + if ( $stripped == 'href' strncasecmp( 'data:', $value, 5 ) === 0 ) { + // rfc2397 parameters. This is only slightly slower than (;[\w;]+)*. + $parameters = '(?;[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+=(?[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+|(?[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|[\0-\x7f])*))*(?:;base64)?'; + if ( !preg_match( !^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i, $value ) ) { + wfDebug( __METHOD__ . : Found href to unwhitelisted data: uri + . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); + return true; + } } # Change href with animate from (http://html5sec.org/#137). This doesn't seem -- To view, visit https://gerrit.wikimedia.org/r/201034 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_19 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Escape in Html::expandAttributes - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201037 Change subject: SECURITY: Escape in Html::expandAttributes .. SECURITY: Escape in Html::expandAttributes Escape characters in attributes, so we don't confuse post-processing, like LanguageConverter. Bug: T73394 Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 --- M includes/Html.php M tests/parser/parserTests.txt 2 files changed, 7 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/37/201037/1 diff --git a/includes/Html.php b/includes/Html.php index 2187b5b..7fa901f 100644 --- a/includes/Html.php +++ b/includes/Html.php @@ -525,17 +525,20 @@ } else { # Apparently we need to entity-encode \n, \r, \t, although the # spec doesn't mention that. Since we're doing strtr() anyway, - # and we don't need escaped here, we may as well not call - # htmlspecialchars(). + # we may as well not call htmlspecialchars(). # @todo FIXME: Verify that we actually need to # escape \n\r\t here, and explain why, exactly. # # We could call Sanitizer::encodeAttribute() for this, but we # don't because we're stubborn and like our marginal savings on # byte size from not having to encode unnecessary quotes. + # The only difference between this transform and the one by + # Sanitizer::encodeAttribute() is '' is only encoded here if + # $wgWellFormedXml is set, and ' is not encoded. $map = array( '' = 'amp;', '' = 'quot;', + '' = 'gt;', \n = '#10;', \r = '#13;', \t = '#9;' diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index c833ef0..22fe118 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -4506,7 +4506,7 @@ li class=toclevel-1 tocsection-5a href=#text_.22_textspan class=tocnumber5/span span class=toctexttext text/span/a/li /ul /td/tr/table -h2span class=editsection[a href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: text textedit/a]/span span class=mw-headline id=text_.3E_text text gt; text /span/h2 +h2span class=editsection[a href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: text gt; textedit/a]/span span class=mw-headline id=text_.3E_text text gt; text /span/h2 psection 1 /p h2span class=editsection[a href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: text lt; textedit/a]/span span class=mw-headline id=text_.3C_text text lt; text /span/h2 @@ -9165,7 +9165,7 @@ /ul /td/tr/table h2span class=editsection[a href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: Helloedit/a]/span span class=mw-headline id=Hello sup class=in-h2Hello/sup /span/h2 -h2span class=editsection[a href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: bquot;Evilbyeedit/a]/span span class=mw-headline id=b.22.3EEvilbye sup bgt;Evilbye/sup /span/h2 +h2span class=editsection[a href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: bquot;gt;Evilbyeedit/a]/span span class=mw-headline id=b.22.3EEvilbye sup bgt;Evilbye/sup /span/h2 !! end -- To view, visit https://gerrit.wikimedia.org/r/201037 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_19 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Updated release notes and version number for MediaWiki 1.19.24 - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201040 Change subject: Updated release notes and version number for MediaWiki 1.19.24 .. Updated release notes and version number for MediaWiki 1.19.24 Change-Id: Ibd34c5b48222088dc7cec2abb0bf38d6cc442182 --- M RELEASE-NOTES-1.19 M includes/DefaultSettings.php 2 files changed, 15 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/40/201040/1 diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19 index 8306b57..3e22c86 100644 --- a/RELEASE-NOTES-1.19 +++ b/RELEASE-NOTES-1.19 @@ -3,6 +3,20 @@ Security reminder: MediaWiki does not require PHP's register_globals setting since version 1.2.0. If you have it on, turn it '''off''' if you can. +== MediaWiki 1.19.24 == + +This is a security and maintenance release of the MediaWiki 1.19 branch. + +== Changes since 1.19.23 == + +* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities, + to prevent various DoS attacks. +* (T88310) SECURITY: Always expand xml entities when checking SVG's. +* (T73394) SECURITY: Escape in Html::expandAttributes to prevent XSS. +* (T85855) SECURITY: Don't execute another user's CSS or JS on preview. +* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to + prevent XSS and protect viewer's privacy. + == MediaWiki 1.19.23 == This is a security and maintenance release of the MediaWiki 1.19 branch. diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index ff8301e..3aa86a3 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ /** @endcond */ /** MediaWiki version number */ -$wgVersion = '1.19.23'; +$wgVersion = '1.19.24'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; -- To view, visit https://gerrit.wikimedia.org/r/201040 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibd34c5b48222088dc7cec2abb0bf38d6cc442182 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_19 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Make SVG @import checking case insensitive - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201033 Change subject: SECURITY: Make SVG @import checking case insensitive .. SECURITY: Make SVG @import checking case insensitive @import in embedded CSS is case-insensitive, meaning an attacker can put @iMpOrT and it should still work. This uses stripos instead of strpos to make the check case insensitive. Bug: T85349 Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1 --- M includes/upload/UploadBase.php 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/33/201033/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 11e70e7..1f893c5 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1300,7 +1300,7 @@ private static function checkCssFragment( $value ) { # Forbid external stylesheets, for both reliability and to protect viewer's privacy - if ( strpos( $value, '@import' ) !== false ) { + if ( stripos( $value, '@import' ) !== false ) { return true; } -- To view, visit https://gerrit.wikimedia.org/r/201033 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_19 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Parent5446 tylerro...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Don't execute another user's CSS or JS on preview - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201036 Change subject: SECURITY: Don't execute another user's CSS or JS on preview .. SECURITY: Don't execute another user's CSS or JS on preview Someone could theoretically try to hide malicious code in their user common.js and then trick an admin into previewing it by asking for help. Bug: T85855 Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a --- M includes/EditPage.php M includes/OutputPage.php 2 files changed, 14 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/36/201036/1 diff --git a/includes/EditPage.php b/includes/EditPage.php index d00d911..07a5a07 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -1988,11 +1988,16 @@ if ( $this-isWrongCaseCssJsPage ) { $wgOut-wrapWikiMsg( div class='error' id='mw-userinvalidcssjstitle'\n$1\n/div, array( 'userinvalidcssjstitle', $this-mTitle-getSkinFromCssJsSubpage() ) ); } - if ( $this-formtype !== 'preview' ) { - if ( $this-isCssSubpage ) - $wgOut-wrapWikiMsg( div id='mw-usercssyoucanpreview'\n$1\n/div, array( 'usercssyoucanpreview' ) ); - if ( $this-isJsSubpage ) - $wgOut-wrapWikiMsg( div id='mw-userjsyoucanpreview'\n$1\n/div, array( 'userjsyoucanpreview' ) ); + if ( $this-getTitle()-isSubpageOf( $wgUser-getUserPage() ) ) { + if ( $this-formtype !== 'preview' ) { + if ( $this-isCssSubpage ) { + $wgOut-wrapWikiMsg( div id='mw-usercssyoucanpreview'\n$1\n/div, array( 'usercssyoucanpreview' ) ); + } + + if ( $this-isJsSubpage ) { + $wgOut-wrapWikiMsg( div id='mw-userjsyoucanpreview'\n$1\n/div, array( 'userjsyoucanpreview' ) ); + } + } } } } diff --git a/includes/OutputPage.php b/includes/OutputPage.php index e658c0e..20520bc 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -2975,6 +2975,10 @@ if ( !$this-getTitle()-isJsSubpage() !$this-getTitle()-isCssSubpage() ) { return false; } + if ( !$this-getTitle()-isSubpageOf( $this-getUser()-getUserPage() ) ) { + // Don't execute another user's CSS or JS on preview (T85855) + return false; + } return !count( $this-getTitle()-getUserPermissionsErrors( 'edit', $this-getUser() ) ); } -- To view, visit https://gerrit.wikimedia.org/r/201036 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_19 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow directly calling Xml::isWellFormed - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201018 Change subject: SECURITY: Don't allow directly calling Xml::isWellFormed .. SECURITY: Don't allow directly calling Xml::isWellFormed Changing Xml::isWellFormed to private. In WMF hosted repos, there are no callers to isWellFormed directly. Bug: T85848 Change-Id: I104427989b89c386de571b8e60642095331a1132 --- M includes/Xml.php 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/18/201018/1 diff --git a/includes/Xml.php b/includes/Xml.php index 159f711..c6c0286 100644 --- a/includes/Xml.php +++ b/includes/Xml.php @@ -707,13 +707,15 @@ /** * Check if a string is well-formed XML. * Must include the surrounding tag. +* This function is a DoS vector if an attacker can define +* entities in $text. * * @param string $text String to test. * @return bool * * @todo Error position reporting return */ - public static function isWellFormed( $text ) { + private static function isWellFormed( $text ) { $parser = xml_parser_create( UTF-8 ); # case folding violates XML standard, turn it off -- To view, visit https://gerrit.wikimedia.org/r/201018 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I104427989b89c386de571b8e60642095331a1132 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_24 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Make SVG @import checking case insensitive - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201011 Change subject: SECURITY: Make SVG @import checking case insensitive .. SECURITY: Make SVG @import checking case insensitive @import in embedded CSS is case-insensitive, meaning an attacker can put @iMpOrT and it should still work. This uses stripos instead of strpos to make the check case insensitive. Bug: T85349 Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1 --- M includes/upload/UploadBase.php M tests/phpunit/includes/upload/UploadBaseTest.php 2 files changed, 7 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/11/201011/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 89ce2b3..df86091 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1528,7 +1528,7 @@ private static function checkCssFragment( $value ) { # Forbid external stylesheets, for both reliability and to protect viewer's privacy - if ( strpos( $value, '@import' ) !== false ) { + if ( stripos( $value, '@import' ) !== false ) { return true; } diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index 41d8dee..475513e 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -311,6 +311,12 @@ 'SVG with @import in style element and child element (bug 69008#c11)' ), array( + 'svg xmlns=http://www.w3.org/2000/svg; viewBox=6 3 177 153 xmlns:xlink=http://www.w3.org/1999/xlink; style@imporT https://fonts.googleapis.com/css?family=Bitter:700amp;text=WebPlatform.org;;/style g transform=translate(-.5,-.5) text fill=#474747 x=95 y=150 text-anchor=middle font-family=Bitter font-size=20 font-weight=boldWebPlatform.org/text /g /svg', + true, + true, + 'SVG with case-insensitive @import in style element (bug T85349)' + ), + array( 'svg xmlns=http://www.w3.org/2000/svg; rect width=100 height=100 style=background-image:url(https://www.google.com/images/srpr/logo11w.png)/ /svg', true, true, -- To view, visit https://gerrit.wikimedia.org/r/201011 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_24 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Parent5446 tylerro...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Fix reflected XSS in API with wddx output under HHVM - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201020 Change subject: SECURITY: Fix reflected XSS in API with wddx output under HHVM .. SECURITY: Fix reflected XSS in API with wddx output under HHVM Bug: T85851 Change-Id: I9cdf896e7070ed51e42625d61609ad9ef91cd567 (cherry-picked from commit 39703e93187bc0aa8059fbfa666b3605424b90f3) --- M includes/api/ApiFormatWddx.php 1 file changed, 39 insertions(+), 9 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/20/201020/1 diff --git a/includes/api/ApiFormatWddx.php b/includes/api/ApiFormatWddx.php index ba90c26..ec3dc2d 100644 --- a/includes/api/ApiFormatWddx.php +++ b/includes/api/ApiFormatWddx.php @@ -38,15 +38,7 @@ public function execute() { $this-markDeprecated(); - // Some versions of PHP have a broken wddx_serialize_value, see - // PHP bug 45314. Test encoding an affected character (U+00A0) - // to avoid this. - $expected = - wddxPacket version='1.0'header/datastring\xc2\xa0/string/data/wddxPacket; - if ( function_exists( 'wddx_serialize_value' ) -!$this-getIsHtml() -wddx_serialize_value( \xc2\xa0 ) == $expected - ) { + if ( !$this-getIsHtml() !static::useSlowPrinter() ) { $this-printText( wddx_serialize_value( $this-getResultData() ) ); } else { // Don't do newlines and indentation if we weren't asked @@ -63,6 +55,44 @@ } } + public static function useSlowPrinter() { + if ( !function_exists( 'wddx_serialize_value' ) ) { + return true; + } + + // Some versions of PHP have a broken wddx_serialize_value, see + // PHP bug 45314. Test encoding an affected character (U+00A0) + // to avoid this. + $expected = + wddxPacket version='1.0'header/datastring\xc2\xa0/string/data/wddxPacket; + if ( wddx_serialize_value( \xc2\xa0 ) !== $expected ) { + return true; + } + + // Some versions of HHVM don't correctly encode ampersands. + $expected = + wddxPacket version='1.0'header/datastringamp;/string/data/wddxPacket; + if ( wddx_serialize_value( '' ) !== $expected ) { + return true; + } + + // Some versions of HHVM don't correctly encode empty arrays as subvalues. + $expected = + wddxPacket version='1.0'header/dataarray length='1'array length='0'/array/array/data/wddxPacket; + if ( wddx_serialize_value( array( array() ) ) !== $expected ) { + return true; + } + + // Some versions of HHVM don't correctly encode associative arrays with numeric keys. + $expected = + wddxPacket version='1.0'header/datastructvar name='2'number1/number/var/struct/data/wddxPacket; + if ( wddx_serialize_value( array( 2 = 1 ) ) !== $expected ) { + return true; + } + + return false; + } + /** * Recursively go through the object and output its data in WDDX format. * @param mixed $elemValue -- To view, visit https://gerrit.wikimedia.org/r/201020 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9cdf896e7070ed51e42625d61609ad9ef91cd567 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_24 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Anomie bjor...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Escape in Html::expandAttributes - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201016 Change subject: SECURITY: Escape in Html::expandAttributes .. SECURITY: Escape in Html::expandAttributes Escape characters in attributes, so we don't confuse post-processing, like LanguageConverter. Bug: T73394 Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 --- M includes/Html.php M tests/parser/parserTests.txt 2 files changed, 7 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/16/201016/1 diff --git a/includes/Html.php b/includes/Html.php index 1e16e39..2e14814 100644 --- a/includes/Html.php +++ b/includes/Html.php @@ -546,17 +546,20 @@ } else { // Apparently we need to entity-encode \n, \r, \t, although the // spec doesn't mention that. Since we're doing strtr() anyway, - // and we don't need escaped here, we may as well not call - // htmlspecialchars(). + // we may as well not call htmlspecialchars(). // @todo FIXME: Verify that we actually need to // escape \n\r\t here, and explain why, exactly. # // We could call Sanitizer::encodeAttribute() for this, but we // don't because we're stubborn and like our marginal savings on // byte size from not having to encode unnecessary quotes. + // The only difference between this transform and the one by + // Sanitizer::encodeAttribute() is '' is only encoded here if + // $wgWellFormedXml is set, and ' is not encoded. $map = array( '' = 'amp;', '' = 'quot;', + '' = 'gt;', \n = '#10;', \r = '#13;', \t = '#9;' diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index c90c4f6..f915922 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -12944,7 +12944,7 @@ /ul /div -h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: text textedit/aspan class=mw-editsection-bracket]/span/span/h2 +h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: text gt; textedit/aspan class=mw-editsection-bracket]/span/span/h2 psection 1 /p h2span class=mw-headline id=text_.3C_texttext lt; text/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: text lt; textedit/aspan class=mw-editsection-bracket]/span/span/h2 @@ -18472,7 +18472,7 @@ /div h2span class=mw-headline id=Hellosup class=in-h2Hello/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit section: Helloedit/aspan class=mw-editsection-bracket]/span/span/h2 -h2span class=mw-headline id=b.22.3EEvilbyesup bgt;Evilbye/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: bquot;Evilbyeedit/aspan class=mw-editsection-bracket]/span/span/h2 +h2span class=mw-headline id=b.22.3EEvilbyesup bgt;Evilbye/sup/spanspan class=mw-editsectionspan class=mw-editsection-bracket[/spana href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit section: bquot;gt;Evilbyeedit/aspan class=mw-editsection-bracket]/span/span/h2 !! end -- To view, visit https://gerrit.wikimedia.org/r/201016 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_24 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Always expand xml entities when checking SVG's - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201017 Change subject: SECURITY: Always expand xml entities when checking SVG's .. SECURITY: Always expand xml entities when checking SVG's XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml entities unexpanded, which can lead to false-negatives when the callback was used for filtering. Update XmlTypeCheck to use XMLReader instead, tell the library to fully expand entities, and rely on the library to error out if it encounters XML that is likely to cause a DoS if parsed. Bug: T88310 Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba --- M includes/libs/XmlTypeCheck.php M tests/phpunit/includes/XmlTypeCheckTest.php M tests/phpunit/includes/upload/UploadBaseTest.php 3 files changed, 206 insertions(+), 105 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/17/201017/1 diff --git a/includes/libs/XmlTypeCheck.php b/includes/libs/XmlTypeCheck.php index aca857e..31a4e28 100644 --- a/includes/libs/XmlTypeCheck.php +++ b/includes/libs/XmlTypeCheck.php @@ -2,6 +2,11 @@ /** * XML syntax and type checker. * + * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us + * more control over the expansion of XML entities. When passed to the + * callback, entities will be fully expanded, but may report the XML is + * invalid if expanding the entities are likely to cause a DoS. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -25,7 +30,7 @@ * Will be set to true or false to indicate whether the file is * well-formed XML. Note that this doesn't check schema validity. */ - public $wellFormed = false; + public $wellFormed = null; /** * Will be set to true if the optional element filter returned @@ -78,12 +83,7 @@ function __construct( $input, $filterCallback = null, $isFile = true, $options = array() ) { $this-filterCallback = $filterCallback; $this-parserOptions = array_merge( $this-parserOptions, $options ); - - if ( $isFile ) { - $this-validateFromFile( $input ); - } else { - $this-validateFromString( $input ); - } + $this-validateFromInput( $input, $isFile ); } /** @@ -125,140 +125,211 @@ return $this-rootElement; } - /** -* Get an XML parser with the root element handler. -* @see XmlTypeCheck::rootElementOpen() -* @return resource a resource handle for the XML parser -*/ - private function getParser() { - $parser = xml_parser_create_ns( 'UTF-8' ); - // case folding violates XML standard, turn it off - xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false ); - xml_set_element_handler( $parser, array( $this, 'rootElementOpen' ), false ); - if ( $this-parserOptions['processing_instruction_handler'] ) { - xml_set_processing_instruction_handler( - $parser, - array( $this, 'processingInstructionHandler' ) - ); - } - return $parser; - } /** * @param string $fname the filename */ - private function validateFromFile( $fname ) { - $parser = $this-getParser(); - - if ( file_exists( $fname ) ) { - $file = fopen( $fname, rb ); - if ( $file ) { - do { - $chunk = fread( $file, 32768 ); - $ret = xml_parse( $parser, $chunk, feof( $file ) ); - if ( $ret == 0 ) { - $this-wellFormed = false; - fclose( $file ); - xml_parser_free( $parser ); - return; - } - } while ( !feof( $file ) ); - - fclose( $file ); - } - } - $this-wellFormed = true; - - xml_parser_free( $parser ); - } - - /** -* -* @param string $string the XML-input-string to be checked. -*/ - private function validateFromString( $string ) { - $parser = $this-getParser(); - $ret = xml_parse( $parser, $string, true ); -
[MediaWiki-commits] [Gerrit] SECURITY: Fix animate blacklist - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201025 Change subject: SECURITY: Fix animate blacklist .. SECURITY: Fix animate blacklist The blacklist should prevent animating any element's xlink:href to a javascript url. Bug: T86711 Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a --- M includes/upload/UploadBase.php M tests/phpunit/includes/upload/UploadBaseTest.php 2 files changed, 15 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/25/201025/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index cf3e67d..eb33220 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1327,11 +1327,10 @@ } } - # Change href with animate from (http://html5sec.org/#137). This doesn't seem - # possible without embedding the svg, but filter here in case. - if ( $stripped == 'from' + # Change href with animate from (http://html5sec.org/#137). + if ( $stripped === 'attributename' $strippedElement === 'animate' -!preg_match( '!^https?://!im', $value ) +$this-stripXmlNamespace( $value ) == 'href' ) { wfDebug( __METHOD__ . : Found animate that might be changing href using from . \$strippedElement '$attrib'='$value'...\ in uploaded file.\n ); diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index ac8cc43..a40dd50 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -284,6 +284,18 @@ true, 'SVG with animate from (http://html5sec.org/#137)' ), + array( + 'svg xmlns=http://www.w3.org/2000/svg; xmlns:xlink=http://www.w3.org/1999/xlink; atext y=1emClick me/text animate attributeName=xlink:href values=javascript:alert(\'Bang!\') begin=0s dur=0.1s fill=freeze / /a/svg', + true, + true, + 'SVG with animate xlink:href (http://html5sec.org/#137)' + ), + array( + 'svg xmlns=http://www.w3.org/2000/svg; xmlns:y=http://www.w3.org/1999/xlink; a y:href=# text y=1emClick me/text animate attributeName=y:href values=javascript:alert(\'Bang!\') begin=0s dur=0.1s fill=freeze / /a /svg', + true, + true, + 'SVG with animate y:href (http://html5sec.org/#137)' + ), // Other hostile SVG's array( -- To view, visit https://gerrit.wikimedia.org/r/201025 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_23 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Make SVG @import checking case insensitive - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201023 Change subject: SECURITY: Make SVG @import checking case insensitive .. SECURITY: Make SVG @import checking case insensitive @import in embedded CSS is case-insensitive, meaning an attacker can put @iMpOrT and it should still work. This uses stripos instead of strpos to make the check case insensitive. Bug: T85349 Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1 --- M includes/upload/UploadBase.php M tests/phpunit/includes/upload/UploadBaseTest.php 2 files changed, 7 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/23/201023/1 diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php index 5c62e0f..3db2653 100644 --- a/includes/upload/UploadBase.php +++ b/includes/upload/UploadBase.php @@ -1404,7 +1404,7 @@ private static function checkCssFragment( $value ) { # Forbid external stylesheets, for both reliability and to protect viewer's privacy - if ( strpos( $value, '@import' ) !== false ) { + if ( stripos( $value, '@import' ) !== false ) { return true; } diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php index 41d8dee..475513e 100644 --- a/tests/phpunit/includes/upload/UploadBaseTest.php +++ b/tests/phpunit/includes/upload/UploadBaseTest.php @@ -311,6 +311,12 @@ 'SVG with @import in style element and child element (bug 69008#c11)' ), array( + 'svg xmlns=http://www.w3.org/2000/svg; viewBox=6 3 177 153 xmlns:xlink=http://www.w3.org/1999/xlink; style@imporT https://fonts.googleapis.com/css?family=Bitter:700amp;text=WebPlatform.org;;/style g transform=translate(-.5,-.5) text fill=#474747 x=95 y=150 text-anchor=middle font-family=Bitter font-size=20 font-weight=boldWebPlatform.org/text /g /svg', + true, + true, + 'SVG with case-insensitive @import in style element (bug T85349)' + ), + array( 'svg xmlns=http://www.w3.org/2000/svg; rect width=100 height=100 style=background-image:url(https://www.google.com/images/srpr/logo11w.png)/ /svg', true, true, -- To view, visit https://gerrit.wikimedia.org/r/201023 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_23 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Parent5446 tylerro...@gmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow entities in XMP - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201019 Change subject: SECURITY: Don't allow entities in XMP .. SECURITY: Don't allow entities in XMP Test for, and refuse to parse, XMP chunks with a doctype declaration when parsing XMP. Bug: T85848 Change-Id: Iea4feb077ee85a35509a920153daaa9321ee69f3 --- M includes/media/BitmapMetadataHandler.php M includes/media/JpegMetadataExtractor.php M includes/media/XMP.php A tests/phpunit/data/xmp/doctype-included.result.php A tests/phpunit/data/xmp/doctype-included.xmp A tests/phpunit/data/xmp/doctype-not-included.xmp M tests/phpunit/includes/media/XMPTest.php 7 files changed, 176 insertions(+), 4 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/19/201019/1 diff --git a/includes/media/BitmapMetadataHandler.php b/includes/media/BitmapMetadataHandler.php index dd41c38..1d79015 100644 --- a/includes/media/BitmapMetadataHandler.php +++ b/includes/media/BitmapMetadataHandler.php @@ -154,7 +154,7 @@ * @throws MWException On invalid file. */ static function Jpeg( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $meta = new self(); $seg = JpegMetadataExtractor::segmentSplitter( $filename ); @@ -196,7 +196,7 @@ * @return array Array for storage in img_metadata. */ public static function PNG( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $meta = new self(); $array = PNGMetadataExtractor::getMetadata( $filename ); @@ -236,7 +236,7 @@ $meta-addMetadata( array( 'GIFFileComment' = $baseArray['comment'] ), 'native' ); } - if ( $baseArray['xmp'] !== '' function_exists( 'xml_parser_create_ns' ) ) { + if ( $baseArray['xmp'] !== '' XMPReader::isSupported() ) { $xmp = new XMPReader(); $xmp-parse( $baseArray['xmp'] ); $xmpRes = $xmp-getResults(); diff --git a/includes/media/JpegMetadataExtractor.php b/includes/media/JpegMetadataExtractor.php index 8c5b46b..aaa9930 100644 --- a/includes/media/JpegMetadataExtractor.php +++ b/includes/media/JpegMetadataExtractor.php @@ -48,7 +48,7 @@ * @throws MWException If given invalid file. */ static function segmentSplitter( $filename ) { - $showXMP = function_exists( 'xml_parser_create_ns' ); + $showXMP = XMPReader::isSupported(); $segmentCount = 0; diff --git a/includes/media/XMP.php b/includes/media/XMP.php index cdbd5ab..a3f45e6 100644 --- a/includes/media/XMP.php +++ b/includes/media/XMP.php @@ -80,6 +80,12 @@ /** @var int */ private $extendedXMPOffset = 0; + /** @var int Flag determining if the XMP is safe to parse **/ + private $parsable = 0; + + /** @var string Buffer of XML to parse **/ + private $xmlParsableBuffer = ''; + /** * These are various mode constants. * they are used to figure out what to do @@ -107,6 +113,12 @@ const NS_RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#'; const NS_XML = 'http://www.w3.org/XML/1998/namespace'; + + // States used while determining if XML is safe to parse + const PARSABLE_UNKNOWN = 0; + const PARSABLE_OK = 1; + const PARSABLE_BUFFERING = 2; + const PARSABLE_NO = 3; /** * Constructor. @@ -145,6 +157,9 @@ array( $this, 'endElement' ) ); xml_set_character_data_handler( $this-xmlParser, array( $this, 'char' ) ); + + $this-parsable = self::PARSABLE_UNKNOWN; + $this-xmlParsableBuffer = ''; } /** Destroy the xml parser @@ -154,6 +169,13 @@ function __destruct() { // not sure if this is needed. xml_parser_free( $this-xmlParser ); + } + + /** +* Check if this instance supports using this class +*/ + public static function isSupported() { + return function_exists( 'xml_parser_create_ns' ) class_exists( 'XMLReader' ); } /** Get the result array. Do some post-processing before returning @@ -305,6 +327,27 @@ wfRestoreWarnings(); } + // Ensure the XMP block does not have an xml doctype declaration, which + // could declare entities unsafe to parse with xml_parse (T85848/T71210). + if ( $this-parsable !== self::PARSABLE_OK ) { + if ( $this-parsable === self::PARSABLE_NO ) { +
[MediaWiki-commits] [Gerrit] SECURITY: Set maximal password length for DoS - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201014 Change subject: SECURITY: Set maximal password length for DoS .. SECURITY: Set maximal password length for DoS Prevent DoS attacks caused by the amount of time it takes to hash long passwords by setting a limit on password length. Slightly restructures the behavior of User::checkPasswordValidity in order to accommodate for the difference between passwords the user should be able to log in with and passwords they should not. Bug: T64685 Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e --- M includes/DefaultSettings.php M includes/User.php M includes/specials/SpecialUserlogin.php M languages/i18n/en.json M languages/i18n/qqq.json M tests/phpunit/includes/UserTest.php 6 files changed, 58 insertions(+), 23 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/14/201014/1 diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 7126893..96d0648 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4146,6 +4146,18 @@ $wgMinimalPasswordLength = 1; /** + * Specifies the maximal length of a user password (T64685). + * + * It is not recommended to make this greater than the default, as it can + * allow DoS attacks by users setting really long passwords. In addition, + * this should not be lowered too much, as it enforces weak passwords. + * + * @warning Unlike other password settings, user with passwords greater than + * the maximum will not be able to log in. + */ +$wgMaximalPasswordLength = 4096; + +/** * Specifies if users should be sent to a password-reset form on login, if their * password doesn't meet the requirements of User::isValidPassword(). * @since 1.23 diff --git a/includes/User.php b/includes/User.php index 5e5d3ee..a925a3c 100644 --- a/includes/User.php +++ b/includes/User.php @@ -773,15 +773,24 @@ } /** -* Check if this is a valid password for this user. Status will be good if -* the password is valid, or have an array of error messages if not. +* Check if this is a valid password for this user +* +* Create a Status object based on the password's validity. +* The Status should be set to fatal if the user should not +* be allowed to log in, and should have any errors that +* would block changing the password. +* +* If the return value of this is not OK, the password +* should not be checked. If the return value is not Good, +* the password can be checked, but the user should not be +* able to set their password to this. * * @param string $password Desired password * @return Status * @since 1.23 */ public function checkPasswordValidity( $password ) { - global $wgMinimalPasswordLength, $wgContLang; + global $wgMinimalPasswordLength, $wgMaximalPasswordLength, $wgContLang; static $blockedLogins = array( 'Useruser' = 'Passpass', 'Useruser1' = 'Passpass1', # r75589 @@ -800,6 +809,10 @@ if ( $result === false ) { if ( strlen( $password ) $wgMinimalPasswordLength ) { $status-error( 'passwordtooshort', $wgMinimalPasswordLength ); + return $status; + } elseif ( strlen( $password ) $wgMaximalPasswordLength ) { + // T64685: Password too long, might cause DoS attack + $status-fatal( 'passwordtoolong', $wgMaximalPasswordLength ); return $status; } elseif ( $wgContLang-lc( $password ) == $wgContLang-lc( $this-mName ) ) { $status-error( 'password-name-match' ); @@ -2300,17 +2313,9 @@ throw new PasswordError( wfMessage( 'password-change-forbidden' )-text() ); } - if ( !$this-isValidPassword( $str ) ) { - global $wgMinimalPasswordLength; - $valid = $this-getPasswordValidity( $str ); - if ( is_array( $valid ) ) { - $message = array_shift( $valid ); - $params = $valid; - } else { - $message = $valid; - $params = array( $wgMinimalPasswordLength ); - } - throw new PasswordError( wfMessage( $message, $params )-text() ); + $status = $this-checkPasswordValidity( $str ); + if ( !$status-isGood() ) {
[MediaWiki-commits] [Gerrit] SECURITY: Don't allow directly calling Xml::isWellFormed - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201029 Change subject: SECURITY: Don't allow directly calling Xml::isWellFormed .. SECURITY: Don't allow directly calling Xml::isWellFormed Changing Xml::isWellFormed to private. In WMF hosted repos, there are no callers to isWellFormed directly. Bug: T85848 Change-Id: I104427989b89c386de571b8e60642095331a1132 --- M includes/Xml.php 1 file changed, 3 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/29/201029/1 diff --git a/includes/Xml.php b/includes/Xml.php index 3b82c64..5e00e04 100644 --- a/includes/Xml.php +++ b/includes/Xml.php @@ -679,13 +679,15 @@ /** * Check if a string is well-formed XML. * Must include the surrounding tag. +* This function is a DoS vector if an attacker can define +* entities in $text. * * @param string $text string to test. * @return bool * * @todo Error position reporting return */ - public static function isWellFormed( $text ) { + private static function isWellFormed( $text ) { $parser = xml_parser_create( UTF-8 ); # case folding violates XML standard, turn it off -- To view, visit https://gerrit.wikimedia.org/r/201029 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I104427989b89c386de571b8e60642095331a1132 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_23 Gerrit-Owner: CSteipp cste...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] SECURITY: Always expand xml entities when checking SVG's - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/201028 Change subject: SECURITY: Always expand xml entities when checking SVG's .. SECURITY: Always expand xml entities when checking SVG's XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml entities unexpanded, which can lead to false-negatives when the callback was used for filtering. Update XmlTypeCheck to use XMLReader instead, tell the library to fully expand entities, and rely on the library to error out if it encounters XML that is likely to cause a DoS if parsed. Bug: T88310 Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba --- M includes/libs/XmlTypeCheck.php M tests/phpunit/includes/XmlTypeCheckTest.php M tests/phpunit/includes/upload/UploadBaseTest.php 3 files changed, 206 insertions(+), 105 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/28/201028/1 diff --git a/includes/libs/XmlTypeCheck.php b/includes/libs/XmlTypeCheck.php index aca857e..31a4e28 100644 --- a/includes/libs/XmlTypeCheck.php +++ b/includes/libs/XmlTypeCheck.php @@ -2,6 +2,11 @@ /** * XML syntax and type checker. * + * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us + * more control over the expansion of XML entities. When passed to the + * callback, entities will be fully expanded, but may report the XML is + * invalid if expanding the entities are likely to cause a DoS. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -25,7 +30,7 @@ * Will be set to true or false to indicate whether the file is * well-formed XML. Note that this doesn't check schema validity. */ - public $wellFormed = false; + public $wellFormed = null; /** * Will be set to true if the optional element filter returned @@ -78,12 +83,7 @@ function __construct( $input, $filterCallback = null, $isFile = true, $options = array() ) { $this-filterCallback = $filterCallback; $this-parserOptions = array_merge( $this-parserOptions, $options ); - - if ( $isFile ) { - $this-validateFromFile( $input ); - } else { - $this-validateFromString( $input ); - } + $this-validateFromInput( $input, $isFile ); } /** @@ -125,140 +125,211 @@ return $this-rootElement; } - /** -* Get an XML parser with the root element handler. -* @see XmlTypeCheck::rootElementOpen() -* @return resource a resource handle for the XML parser -*/ - private function getParser() { - $parser = xml_parser_create_ns( 'UTF-8' ); - // case folding violates XML standard, turn it off - xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false ); - xml_set_element_handler( $parser, array( $this, 'rootElementOpen' ), false ); - if ( $this-parserOptions['processing_instruction_handler'] ) { - xml_set_processing_instruction_handler( - $parser, - array( $this, 'processingInstructionHandler' ) - ); - } - return $parser; - } /** * @param string $fname the filename */ - private function validateFromFile( $fname ) { - $parser = $this-getParser(); - - if ( file_exists( $fname ) ) { - $file = fopen( $fname, rb ); - if ( $file ) { - do { - $chunk = fread( $file, 32768 ); - $ret = xml_parse( $parser, $chunk, feof( $file ) ); - if ( $ret == 0 ) { - $this-wellFormed = false; - fclose( $file ); - xml_parser_free( $parser ); - return; - } - } while ( !feof( $file ) ); - - fclose( $file ); - } - } - $this-wellFormed = true; - - xml_parser_free( $parser ); - } - - /** -* -* @param string $string the XML-input-string to be checked. -*/ - private function validateFromString( $string ) { - $parser = $this-getParser(); - $ret = xml_parse( $parser, $string, true ); -