[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth on officewiki - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/290278

Change subject: Enable Ex:OATHAuth on officewiki
..

Enable Ex:OATHAuth on officewiki

Enable Ex:OATHAuth, and make it available to all users, on officeiwki.

Bug: T135889
Change-Id: Ide6c38a1edc6efcc7e43141f6f7c271c6acf55a0
---
M wmf-config/CommonSettings.php
M wmf-config/InitialiseSettings.php
2 files changed, 11 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/78/290278/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 594868e..15ce98c 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -3169,8 +3169,11 @@
 
 if ( $wmgUseOATHAuth ) {
wfLoadExtension( 'OATHAuth' );
-   // Roll this feature out to specific groups initially
-   $wgGroupPermissions['*']['oathauth-enable'] = false;
+
+   if ( $wmgOATHAuthDisableRight ) {
+   $wgGroupPermissions['*']['oathauth-enable'] = false;
+   }
+
if ( $wmgUseCentralAuth ) {
$wgOATHAuthDatabase = 'centralauth';
}
diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index 6f2c536..e9c4bf6 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -16953,6 +16953,12 @@
'private' => false,
'fishbowl' => false,
'nonglobal' => false,
+   'officewiki' => true,
+],
+
+'wmgOATHAuthDisableRight' => [
+   'default' => true, // Roll out to specific groups
+   'officewiki' => false,
 ],
 
 ];

-- 
To view, visit https://gerrit.wikimedia.org/r/290278
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ide6c38a1edc6efcc7e43141f6f7c271c6acf55a0
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Enable Ex:OATH on CentralAuth wikis, limited rights - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/290271

Change subject: Enable Ex:OATH on CentralAuth wikis, limited rights
..

Enable Ex:OATH on CentralAuth wikis, limited rights

Enable Ex:OATH on all CentralAuth wikis, but don't give the user right
to enable OATH to any user groups. The right will be given to a small
pilot group for UX testing.

Bug: T107605
Change-Id: I4078f8045b3d05e4236f2320f4f12944c6eb9850
---
M wmf-config/InitialiseSettings.php
1 file changed, 4 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/71/290271/1

diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index 5eaa881..6f2c536 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -16949,9 +16949,10 @@
 ],
 
 'wmgUseOATHAuth' => [
-   'default' => false,
-   'testwiki' => true,
-   'test2wiki' => true,
+   'default' => true,
+   'private' => false,
+   'fishbowl' => false,
+   'nonglobal' => false,
 ],
 
 ];

-- 
To view, visit https://gerrit.wikimedia.org/r/290271
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4078f8045b3d05e4236f2320f4f12944c6eb9850
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Redo local password enforcement - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/289780

Change subject: Redo local password enforcement
..

Redo local password enforcement

Use https://gerrit.wikimedia.org/r/#/c/289778/ to move much of the
special handling logic for local groups into CentralAuth.

Also get rid of LoginAuthenticateAudit hook, since policies for those
groups are now enforced.

Bug: T119736
Change-Id: I534127f8a9d2934e91d8cd08cfda2d30567f0de9
---
M wmf-config/CommonSettings.php
1 file changed, 11 insertions(+), 51 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/80/289780/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 7aae128..f1d4b61 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -391,19 +391,6 @@
'PasswordCannotBePopular' => 1,
];
 
-   if ( array_intersect(
-   [ 'bureaucrat', 'sysop', 'checkuser', 'oversight', 
'interface-editor' ],
-   $central->getLocalGroups()
-   ) ) {
-   $effectivePolicy = UserPasswordPolicy::maxOfPolicies(
-   $effectivePolicy,
-   $privilegedPolicy
-   );
-   return true;
-   }
-
-   // Result should be cached by getLocalGroups() above
-   $attachInfo = $central->queryAttached();
$enforceWikiGroups = [
'centralnoticeadmin' => [ 'metawiki', 'testwiki' ],
'templateeditor' => [ 'fawiki', 'rowiki' ],
@@ -411,21 +398,19 @@
'translator' => [ 'incubatorwiki' ],
'technician' => [ 'trwiki' ],
'wikidata-staff' => [ 'wikidata' ],
+   'bureaucrat' => '*',
+   'sysop' => '*',
+   'checkuser' => '*',
+   'oversight' => '*',
+   'interface-editor' => '*',
];
 
-   foreach ( $enforceWikiGroups as $group => $wikis ) {
-   foreach ( $wikis as $wiki ) {
-   if ( isset( $attachInfo[$wiki]['groups'] )
-   && in_array( $group, 
$attachInfo[$wiki]['groups'] ) )
-   {
-   $effectivePolicy = 
UserPasswordPolicy::maxOfPolicies(
-   $effectivePolicy,
-   $privilegedPolicy
-   );
-   return true;
-   }
-   }
-   }
+   $effectivePolicy = 
CentralAuthUtils::enforcePasswordPolicyIfInLocalWikiGroup(
+   $central,
+   $enforceWikiGroups,
+   $privilegedPolicy,
+   $effectivePolicy
+   );
 
return true;
};
@@ -1452,31 +1437,6 @@
" - " . @$headers['X-Forwarded-For'] .
' - ' . @$headers['User-Agent']
);
-   }
-   return true;
-};
-
-// Estimate users affected if we increase the minimum
-// password length to 8 for privileged groups, i.e.
-// T104370, T104371, T104372, T104373
-$wgHooks['LoginAuthenticateAudit'][] = function( $user, $pass, $retval ) {
-   global $wmgUseCentralAuth;
-   if ( $retval == LoginForm::SUCCESS
-   && strlen( $pass ) < 8
-   ) {
-   if ( $wmgUseCentralAuth ) {
-   $central = CentralAuthUser::getInstance( $user );
-   if ( $central->exists() && array_intersect(
-   [ 'staff', 'sysadmin', 'steward', 'ombudsman', 
'checkuser' ],
-   array_merge(
-   $central->getLocalGroups(),
-   $central->getGlobalGroups()
-   )
-   ) ) {
-   $logger = LoggerFactory::getInstance( 'badpass' 
);
-   $logger->info( "Login by privileged user 
'{$user->getName()}' with too short password" );
-   }
-   }
}
return true;
 };

-- 
To view, visit https://gerrit.wikimedia.org/r/289780
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I534127f8a9d2934e91d8cd08cfda2d30567f0de9
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

[MediaWiki-commits] [Gerrit] Safely handle policies for local groups - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/289778

Change subject: Safely handle policies for local groups
..

Safely handle policies for local groups

Add helper functions in CentralAuth to apply password policies based on
the user's local group membership on particular wikis. Also account for
CentralAuthUser objects where the localuser table has an entry, but the
local account does not exist, causing CentralAuthUser::localUserData()
to throw an exception.

Bug: T119736
Change-Id: I6eb014af44364640de74c32ae4603c0571d42aff
---
M includes/CentralAuthHooks.php
M includes/CentralAuthUser.php
M includes/CentralAuthUtils.php
3 files changed, 85 insertions(+), 29 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/78/289778/1

diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php
index 76e3352..e506694 100644
--- a/includes/CentralAuthHooks.php
+++ b/includes/CentralAuthHooks.php
@@ -1508,40 +1508,22 @@
$central = CentralAuthUser::getInstance( $user );
 
if ( $central->exists() ) {
-   try {
-   $localPolicyGroups = array_intersect(
-   array_keys( 
$wgCentralAuthGlobalPasswordPolicies ),
-   $central->getLocalGroups()
-   );
-   } catch ( Exception $e ) {
-   // T104615 - race condition in attaching user 
and creating local
-   // wiki account can cause this Exception from
-   // CentralAuthUser::localUserData. Allow the 
password for now, and
-   // we'll catch them next login if their 
password isn't valid.
-   // And T119736 - if localuser table gets out of 
sync, don't
-   // deny logins
-   if ( substr( $e->getMessage(), 0 , 34 )
-   === 'Could not find local user data for'
-   ) {
-   wfDebugLog(
-   'CentralAuth',
-   sprintf( 'Bug T104615 hit for 
%s@%s',
-   $user->getName(),
-   wfWikiId()
-   )
-   );
-   return true;
-   }
-
-   throw $e;
-   }
-
$effectivePolicy = 
UserPasswordPolicy::getPoliciesForGroups(
$wgCentralAuthGlobalPasswordPolicies,
-   array_merge( $central->getGlobalGroups(), 
$localPolicyGroups ),
+   $central->getGlobalGroups(),
$effectivePolicy
);
+
+   foreach ( $wgCentralAuthGlobalPasswordPolicies as 
$group => $policy ) {
+   $effectivePolicy = 
CentralAuthUtils::enforcePasswordPolicyIfInLocalWikiGroup(
+   $central,
+   [ $group => '*' ],
+   $policy,
+   $effectivePolicy
+   );
+   }
}
+
return true;
}
 
diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php
index 1e8264a..68291c9 100644
--- a/includes/CentralAuthUser.php
+++ b/includes/CentralAuthUser.php
@@ -2215,6 +2215,38 @@
}
 
/**
+* Returns true if a user is a member of a particular group, on a 
particular set
+* of wikis.
+* @param array $wikiGroups list of groups (keys) and either an array 
of wiki
+*  names, or the string '*' for any wiki. E.g., if a user is a 
sysop on enwiki,
+*  and $wikiGroups=['sysop'=>'*'] or 
$wikiGroups=['sysop'=>['enwiki','dewiki']]
+*  then this function will return true.
+* @return array of group names where the user is a member on at least 
one wiki
+*/
+   public function inLocalWikiGroups( array $wikiGroups ) {
+   $allGroups = $this->getLocalGroups();
+   $attachInfo = $this->queryAttached();
+   foreach ( $wikiGroups as $group => $wikis ) {
+   if ( $wikis === '*' ) {
+   if ( in_array( $group, $allGroups ) ) {
+   return true;
+   }
+   

[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth on test wikis, disabled for all users - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/289486

Change subject: Enable Ex:OATHAuth on test wikis, disabled for all users
..

Enable Ex:OATHAuth on test wikis, disabled for all users

Bug: T107605
Change-Id: I7e453e1b73c53be1abed0a8677af1879a8681755
---
M wmf-config/CommonSettings.php
M wmf-config/InitialiseSettings.php
2 files changed, 14 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/86/289486/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 43eeb24..7aae128 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -3164,6 +3164,14 @@
wfLoadExtension( 'ParsoidBatchAPI' );
 }
 
+if ( $wmgUseOATHAuth ) {
+   wfLoadExtension( 'OATHAuth' );
+   // Roll this feature out to specific groups initially
+   $wgGroupPermissions['*']['oathauth-enable'] = false;
+   if ( $wmgUseCentralAuth ) {
+   $wgOATHAuthDatabase = 'centralauth';
+   }
+}
 
 ### End (roughly) of general extensions 
 
diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index 7692822..27e1684 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -16956,6 +16956,12 @@
'wikivoyage' => true,
 ],
 
+'wmgUseOATHAuth' => [
+   'default' => false,
+   'testwiki' => true,
+   'test2wiki' => true,
+],
+
 ];
 
 ### WMF Labs override #

-- 
To view, visit https://gerrit.wikimedia.org/r/289486
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7e453e1b73c53be1abed0a8677af1879a8681755
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth in beta, disabled for all users - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/283569

Change subject: Enable Ex:OATHAuth in beta, disabled for all users
..

Enable Ex:OATHAuth in beta, disabled for all users

Enable OATHAuth in beta, but disable it for all users. For testing,
we'll give the user right to the global Staff group.

Trying this again, with the DB table correctly created this time.

Bug: T131420
Change-Id: Id13a8b8aa11b91ccc770fafbdec28834c9cc2afc
---
M wmf-config/CommonSettings-labs.php
M wmf-config/InitialiseSettings-labs.php
M wmf-config/extension-list-labs
3 files changed, 12 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/69/283569/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index c1625fb..2cfec24 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -342,6 +342,13 @@
wfLoadExtension( 'Newsletter' );
 }
 
+if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) {
+   wfLoadExtension( 'OATHAuth' );
+   $wgOATHAuthDatabase = 'centralauth';
+   // Roll this feature out to specific groups initially
+   $wgGroupPermissions['*']['oathauth-enable'] = false;
+}
+
 // Experimental
 $wgGadgetsCaching = false;
 
diff --git a/wmf-config/InitialiseSettings-labs.php 
b/wmf-config/InitialiseSettings-labs.php
index 738730e..592b3de 100644
--- a/wmf-config/InitialiseSettings-labs.php
+++ b/wmf-config/InitialiseSettings-labs.php
@@ -643,5 +643,9 @@
'wmgUseNewsletter' => array(
'default' => true,  // T127297
),
+   // Test enabling OATH for 2FA
+   'wmgUseOATHAuth' => array(
+   'default' => true,
+   ),
);
 } # wmflLabsSettings()
diff --git a/wmf-config/extension-list-labs b/wmf-config/extension-list-labs
index f195f2e..9d93b1b 100644
--- a/wmf-config/extension-list-labs
+++ b/wmf-config/extension-list-labs
@@ -5,3 +5,4 @@
 $IP/extensions/Kartographer/extension.json
 $IP/extensions/ORES/extension.json
 $IP/extensions/Newsletter/extension.json
+$IP/extensions/OATHAuth/extension.json

-- 
To view, visit https://gerrit.wikimedia.org/r/283569
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id13a8b8aa11b91ccc770fafbdec28834c9cc2afc
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Revert "Enable Ex:OATHAuth in beta, disabled for all users" - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/282808

Change subject: Revert "Enable Ex:OATHAuth in beta, disabled for all users"
..

Revert "Enable Ex:OATHAuth in beta, disabled for all users"

This reverts commit 614c46853ac30bbb7a393fe5d4595b3a3446aa4e.

Change-Id: I304da0b1044eccc7c1a266eb207d452d99da2ca6
---
M wmf-config/CommonSettings-labs.php
M wmf-config/InitialiseSettings-labs.php
2 files changed, 0 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/08/282808/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index fa44c37..59de815 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -341,13 +341,6 @@
wfLoadExtension( 'Newsletter' );
 }
 
-if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) {
-   wfLoadExtension( 'OATHAuth' );
-   $wgOATHAuthDatabase = 'centralauth';
-   // Roll this feature out to specific groups initially
-   $wgGroupPermissions['*']['oathauth-enable'] = false;
-}
-
 // Experimental
 $wgGadgetsCaching = false;
 
diff --git a/wmf-config/InitialiseSettings-labs.php 
b/wmf-config/InitialiseSettings-labs.php
index a72ace8..f5be518 100644
--- a/wmf-config/InitialiseSettings-labs.php
+++ b/wmf-config/InitialiseSettings-labs.php
@@ -653,9 +653,5 @@
'wmgUseNewsletter' => array(
'default' => true,  // T127297
),
-   // Test enabling OATH for 2FA
-   'wmgUseOATHAuth' => array(
-   'default' => true,
-   ),
);
 } # wmflLabsSettings()

-- 
To view, visit https://gerrit.wikimedia.org/r/282808
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I304da0b1044eccc7c1a266eb207d452d99da2ca6
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth in beta, disabled for all users - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/282198

Change subject: Enable Ex:OATHAuth in beta, disabled for all users
..

Enable Ex:OATHAuth in beta, disabled for all users

Second try at this. Enable OATHAuth in beta, but disable it for all
users. For testing, we'll give the user right to the global Staff
group.

Change-Id: I08064e64ed5e34f7b2932aaec28130cf2f9a9f2d
---
M wmf-config/CommonSettings-labs.php
M wmf-config/InitialiseSettings-labs.php
2 files changed, 11 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/98/282198/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index 59de815..fa44c37 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -341,6 +341,13 @@
wfLoadExtension( 'Newsletter' );
 }
 
+if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) {
+   wfLoadExtension( 'OATHAuth' );
+   $wgOATHAuthDatabase = 'centralauth';
+   // Roll this feature out to specific groups initially
+   $wgGroupPermissions['*']['oathauth-enable'] = false;
+}
+
 // Experimental
 $wgGadgetsCaching = false;
 
diff --git a/wmf-config/InitialiseSettings-labs.php 
b/wmf-config/InitialiseSettings-labs.php
index f5be518..a72ace8 100644
--- a/wmf-config/InitialiseSettings-labs.php
+++ b/wmf-config/InitialiseSettings-labs.php
@@ -653,5 +653,9 @@
'wmgUseNewsletter' => array(
'default' => true,  // T127297
),
+   // Test enabling OATH for 2FA
+   'wmgUseOATHAuth' => array(
+   'default' => true,
+   ),
);
 } # wmflLabsSettings()

-- 
To view, visit https://gerrit.wikimedia.org/r/282198
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I08064e64ed5e34f7b2932aaec28130cf2f9a9f2d
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Revert "Revert "Enable Ex:OATHAuth in beta, disabled for all... - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/282193

Change subject: Revert "Revert "Enable Ex:OATHAuth in beta, disabled for all 
users""
..

Revert "Revert "Enable Ex:OATHAuth in beta, disabled for all users""

This reverts commit a68190100f7d6831b84a366f895f1dc800183e98.

Change-Id: Iac773171e98c76d3eef81729000146508fbf99d3
---
M wmf-config/CommonSettings-labs.php
M wmf-config/InitialiseSettings-labs.php
2 files changed, 11 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/93/282193/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index 8bf542b..a5ef67c 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -337,6 +337,13 @@
$wgOresBaseUrl = 'https://ores.wmflabs.org/';
 }
 
+if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) {
+   wfLoadExtension( 'OATHAuth' );
+   $wgOATHAuthDatabase = 'centralauth';
+   // Roll this feature out to specific groups initially
+   $wgGroupPermissions['*']['oathauth-enable'] = false;
+}
+
 // Experimental
 $wgGadgetsCaching = false;
 
diff --git a/wmf-config/InitialiseSettings-labs.php 
b/wmf-config/InitialiseSettings-labs.php
index 4f6240e..81d4b18 100644
--- a/wmf-config/InitialiseSettings-labs.php
+++ b/wmf-config/InitialiseSettings-labs.php
@@ -652,5 +652,9 @@
'wmgUseCollection' => array(
'zhwiki' => true, // T128425
),
+   // Test enabling OATH for 2FA
+   'wmgUseOATHAuth' => array(
+   'default' => true,
+   )
);
 } # wmflLabsSettings()

-- 
To view, visit https://gerrit.wikimedia.org/r/282193
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iac773171e98c76d3eef81729000146508fbf99d3
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Fixup DB/uid handling for SUL wikis - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/282192

Change subject: Fixup DB/uid handling for SUL wikis
..

Fixup DB/uid handling for SUL wikis

We need to pass the db name to getConnection, in addition to wfGetLB.
Also, use core's CentralIdLookup for mapping local user to CentralId
when using a central DB for OATH secret storage.

Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef
(cherry picked from commit 65543e1f6c01dc30bf8bff4151dd378d65f4c5c9)
---
M OATHAuth.hooks.php
M OATHAuthKey.php
M OATHUserRepository.php
3 files changed, 12 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/92/282192/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 1f02646..6b95649 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -79,14 +79,15 @@
 
$oathrepo = self::getOATHUserRepository();
$oathuser = $oathrepo->findByUser( $user );
+   $uid = CentralIdLookup::factory()->centralIdFromLocalUser( 
$user );
 
if ( $oathuser->getKey() !== null && !$request->getCheck( 
'token' ) ) {
$encData = OATHAuthUtils::encryptSessionData(
$request->getValues(),
-   $user->getId()
+   $uid
);
$request->setSessionData( 'oath_login', $encData );
-   $request->setSessionData( 'oath_uid', $user->getId() );
+   $request->setSessionData( 'oath_uid', $uid );
$output->redirect( SpecialPage::getTitleFor( 'OATH' 
)->getFullURL( '', false, PROTO_CURRENT ) );
return false;
} else {
diff --git a/OATHAuthKey.php b/OATHAuthKey.php
index c5ce239..fb67283 100644
--- a/OATHAuthKey.php
+++ b/OATHAuthKey.php
@@ -89,7 +89,8 @@
 
// Prevent replay attacks
$memc = ObjectCache::newAnything( array() );
-   $memcKey = wfMemcKey( 'oauthauth', 'usedtokens', 
$user->getUser()->getId() );
+   $uid = CentralIdLookup::factory()->centralIdFromLocalUser( 
$user->getUser() );
+   $memcKey = wfMemcKey( 'oauthauth', 'usedtokens', $uid );
$lastWindow = (int)$memc->get( $memcKey );
 
$retval = false;
diff --git a/OATHUserRepository.php b/OATHUserRepository.php
index 946578d..5699c7e 100644
--- a/OATHUserRepository.php
+++ b/OATHUserRepository.php
@@ -6,14 +6,16 @@
private $dbw;
 
public function __construct( LoadBalancer $lb ) {
-   $this->dbr = $lb->getConnection( DB_SLAVE );
-   $this->dbw = $lb->getConnection( DB_MASTER );
+   global $wgOATHAuthDatabase;
+   $this->dbr = $lb->getConnection( DB_SLAVE, array(), 
$wgOATHAuthDatabase );
+   $this->dbw = $lb->getConnection( DB_MASTER, array(), 
$wgOATHAuthDatabase );
}
 
public function findByUser( User $user ) {
$oathUser = new OATHUser( $user, null );
 
-   $res = $this->dbr->selectRow( 'oathauth_users', '*', array( 
'id' => $user->getId() ), __METHOD__ );
+   $uid = CentralIdLookup::factory()->centralIdFromLocalUser( 
$user );
+   $res = $this->dbr->selectRow( 'oathauth_users', '*', array( 
'id' => $uid ), __METHOD__ );
if ($res) {
$key = new OATHAuthKey( $res->secret, explode( ',', 
$res->scratch_tokens ) );
$oathUser->setKey( $key );
@@ -27,7 +29,7 @@
'oathauth_users',
array( 'id' ),
array(
-   'id' => $user->getUser()->getId(),
+   'id' => 
CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ),
'secret' => $user->getKey()->getSecret(),
'scratch_tokens' => implode( ',', 
$user->getKey()->getScratchTokens() ),
),
@@ -38,7 +40,7 @@
public function remove( OATHUser $user ) {
$this->dbw->delete(
'oathauth_users',
-   array( 'id' => $user->getUser()->getId() ),
+   array( 'id' => 
CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ) ),
__METHOD__
);
}

-- 
To view, visit https://gerrit.wikimedia.org/r/282192
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OATHAuth
Gerrit-Branch: wmf/1.27.0-wmf.20
Gerrit-Owner: CSteipp 

[MediaWiki-commits] [Gerrit] Delete users who didn't complete setup on upgrade - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/281956

Change subject: Delete users who didn't complete setup on upgrade
..

Delete users who didn't complete setup on upgrade

Users who started the "Enable two-factor" process, but never confirmed
their setup were stored in the database under the previous format.
After Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19, we no longer look at
the is_validated column to see if the user confirmed their 2fa setup,
and instead only store users in the table who have confirmed.

Delete these users from the table when updating the table format.

Bug: T130892
Change-Id: I54a706043b44db50344d138207b472c35d00724e
---
M OATHAuth.hooks.php
1 file changed, 9 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/56/281956/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 8bbc24d..aca7c1d 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -209,7 +209,12 @@
return true;
}
 
-   $res = $db->select( 'oathauth_users', array( 'id', 
'scratch_tokens' ), '', __METHOD__ );
+   $res = $db->select(
+   'oathauth_users',
+   array( 'id', 'scratch_tokens' ),
+   array( 'is_validated != 0' ),
+   __METHOD__
+   );
 
foreach ( $res as $row ) {
$scratchTokens = unserialize( base64_decode( 
$row->scratch_tokens ) );
@@ -223,6 +228,9 @@
}
}
 
+   // Remove rows from the table where user never completed the 
setup process
+   $db->delete( 'oathauth_users', array( 'is_validated' => 0 ), 
__METHOD__ );
+
return true;
}
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/281956
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I54a706043b44db50344d138207b472c35d00724e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OATHAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Fixup DB/uid handling for SUL wikis - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/281034

Change subject: Fixup DB/uid handling for SUL wikis
..

Fixup DB/uid handling for SUL wikis

We need to pass the db name to getConnection, in addition to wfGetLB.
Also, use core's CentralIdLookup for mapping local user to CentralId
when using a central DB for OATH secret storage.

Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef
---
M OATHUserRepository.php
1 file changed, 7 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/34/281034/1

diff --git a/OATHUserRepository.php b/OATHUserRepository.php
index 946578d..5699c7e 100644
--- a/OATHUserRepository.php
+++ b/OATHUserRepository.php
@@ -6,14 +6,16 @@
private $dbw;
 
public function __construct( LoadBalancer $lb ) {
-   $this->dbr = $lb->getConnection( DB_SLAVE );
-   $this->dbw = $lb->getConnection( DB_MASTER );
+   global $wgOATHAuthDatabase;
+   $this->dbr = $lb->getConnection( DB_SLAVE, array(), 
$wgOATHAuthDatabase );
+   $this->dbw = $lb->getConnection( DB_MASTER, array(), 
$wgOATHAuthDatabase );
}
 
public function findByUser( User $user ) {
$oathUser = new OATHUser( $user, null );
 
-   $res = $this->dbr->selectRow( 'oathauth_users', '*', array( 
'id' => $user->getId() ), __METHOD__ );
+   $uid = CentralIdLookup::factory()->centralIdFromLocalUser( 
$user );
+   $res = $this->dbr->selectRow( 'oathauth_users', '*', array( 
'id' => $uid ), __METHOD__ );
if ($res) {
$key = new OATHAuthKey( $res->secret, explode( ',', 
$res->scratch_tokens ) );
$oathUser->setKey( $key );
@@ -27,7 +29,7 @@
'oathauth_users',
array( 'id' ),
array(
-   'id' => $user->getUser()->getId(),
+   'id' => 
CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ),
'secret' => $user->getKey()->getSecret(),
'scratch_tokens' => implode( ',', 
$user->getKey()->getScratchTokens() ),
),
@@ -38,7 +40,7 @@
public function remove( OATHUser $user ) {
$this->dbw->delete(
'oathauth_users',
-   array( 'id' => $user->getUser()->getId() ),
+   array( 'id' => 
CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() ) ),
__METHOD__
);
}

-- 
To view, visit https://gerrit.wikimedia.org/r/281034
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OATHAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Revert "Enable Ex:OATHAuth in beta, disabled for all users" - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/280796

Change subject: Revert "Enable Ex:OATHAuth in beta, disabled for all users"
..

Revert "Enable Ex:OATHAuth in beta, disabled for all users"

This reverts commit 2b9a3cca4bdf16a96a730960a754e93f31f0fd35.

Change-Id: Icb5361e797cac15f8061747e5338164131550664
---
M wmf-config/CommonSettings-labs.php
M wmf-config/InitialiseSettings-labs.php
2 files changed, 0 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/96/280796/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index a5ef67c..8bf542b 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -337,13 +337,6 @@
$wgOresBaseUrl = 'https://ores.wmflabs.org/';
 }
 
-if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) {
-   wfLoadExtension( 'OATHAuth' );
-   $wgOATHAuthDatabase = 'centralauth';
-   // Roll this feature out to specific groups initially
-   $wgGroupPermissions['*']['oathauth-enable'] = false;
-}
-
 // Experimental
 $wgGadgetsCaching = false;
 
diff --git a/wmf-config/InitialiseSettings-labs.php 
b/wmf-config/InitialiseSettings-labs.php
index 81d4b18..4f6240e 100644
--- a/wmf-config/InitialiseSettings-labs.php
+++ b/wmf-config/InitialiseSettings-labs.php
@@ -652,9 +652,5 @@
'wmgUseCollection' => array(
'zhwiki' => true, // T128425
),
-   // Test enabling OATH for 2FA
-   'wmgUseOATHAuth' => array(
-   'default' => true,
-   )
);
 } # wmflLabsSettings()

-- 
To view, visit https://gerrit.wikimedia.org/r/280796
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Icb5361e797cac15f8061747e5338164131550664
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Encrypt password when stored in user session - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/280780

Change subject: Encrypt password when stored in user session
..

Encrypt password when stored in user session

During the two-step login, users with OATH enabled need to have their
login details saved into their session while we prompt them for their
OATH code. This encrypts that data, so we don't write their user's
password into our session storage.

Change-Id: I9969871205ac5c438706df41ef1519cb4cd7a964
---
M OATHAuth.hooks.php
A OATHAuthUtils.php
M extension.json
M special/SpecialOATH.php
M special/SpecialOATHLogin.php
5 files changed, 120 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/80/280780/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 4e78c0a..0fd551c 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -81,7 +81,12 @@
$oathuser = $oathrepo->findByUser( $user );
 
if ( $oathuser->getKey() !== null && !$request->getCheck( 
'token' ) ) {
-   $request->setSessionData( 'oath_login', 
$request->getValues() );
+   $encData = OATHAuthUtils::encryptSessionData(
+   $request->getValues(),
+   $user->getId()
+   );
+   $request->setSessionData( 'oath_login', $encData );
+   $request->setSessionData( 'oath_uid', $user->getId() );
$output->redirect( SpecialPage::getTitleFor( 'OATH' 
)->getFullURL( '', false, PROTO_CURRENT ) );
return false;
} else {
diff --git a/OATHAuthUtils.php b/OATHAuthUtils.php
new file mode 100644
index 000..9d8b401
--- /dev/null
+++ b/OATHAuthUtils.php
@@ -0,0 +1,105 @@
+ substr( $keymats, 0, 32 ),
+   'hmac' => substr( $keymats, 32, 32 ),
+   );
+   }
+
+   /**
+* Actually encrypt the data, using a new random IV, and prepend the 
hmac
+* of the encrypted data + IV, using a separate hmac key.
+* @return $hmac.$iv.$ciphertext, each component b64 encoded
+*/
+   private static function seal( $data, $encKey, $hmacKey ) {
+   $iv = MWCryptRand::generate( 16, true );
+   $ciphertext = openssl_encrypt(
+   $data,
+   'aes-256-ctr',
+   $encKey,
+   OPENSSL_RAW_DATA,
+   $iv
+   );
+   $sealed = base64_encode( $iv ) . '.' . base64_encode( 
$ciphertext );
+   $hmac = hash_hmac( 'sha256', $sealed, $hmacKey, true );
+   return base64_encode( $hmac ) . '.' . $sealed;
+   }
+
+   /**
+* Decrypt data sealed using seal(). First checks the hmac to prevent 
various
+* attacks.
+* @return plaintext
+*/
+   private static function unseal( $encrypted, $encKey, $hmacKey ) {
+   $pieces = explode( '.', $encrypted );
+   if ( count( $pieces ) !== 3 ) {
+   throw new InvalidArgumentException( 'Invalid 
sealed-secret format' );
+   }
+
+   list( $hmac, $iv, $ciphertext ) = $pieces;
+   $integCalc = hash_hmac( 'sha256', $iv . '.' . $ciphertext, 
$hmacKey, true );
+   if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) {
+   throw new Exception( 'Sealed secret has been tampered 
with, aborting.' );
+   }
+
+   return openssl_decrypt(
+   base64_decode( $ciphertext ),
+   'aes-256-ctr',
+   $encKey,
+   OPENSSL_RAW_DATA,
+   base64_decode( $iv )
+   );
+   }
+
+}
diff --git a/extension.json b/extension.json
index 29151b2..d028cff 100644
--- a/extension.json
+++ b/extension.json
@@ -8,6 +8,7 @@
"AutoloadClasses": {
"OATHAuthHooks": "OATHAuth.hooks.php",
"OATHAuthKey": "OATHAuthKey.php",
+   "OATHAuthUtils": "OATHAuthUtils.php",
"OATHUserRepository": "OATHUserRepository.php",
"HOTP": "lib/hotp.php",
"HOTPResult": "lib/hotp.php",
@@ -46,7 +47,8 @@
},
"config": {
"OATHAuthWindowRadius": 4,
-   "OATHAuthDatabase": false
+   "OATHAuthDatabase": false,
+   "OATHAuthSecret": false
},
"ResourceModules": {
"ext.oathauth": {
diff --git a/special/SpecialOATH.php b/special/SpecialOATH.php
index 7f8a580..ae99c39 100644
--- a/special/SpecialOATH.php
+++ b/special/SpecialOATH.php
@@ -20,8 +20,12 @@
$page = null;
if ( $this->getUser()->isAnon() && $loginInfo !== 

[MediaWiki-commits] [Gerrit] Fix i18n merge errors - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/280701

Change subject: Fix i18n merge errors
..

Fix i18n merge errors

Address comments by Raimond Spekking on
I39859cc59f1811de42b72f6167d332ea48812f97

Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5
---
M i18n/en.json
1 file changed, 1 insertion(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/01/280701/1

diff --git a/i18n/en.json b/i18n/en.json
index da3e6cf..ea88e39 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -17,7 +17,7 @@
"oathauth-verify": "Verify two-factor token",
"openstackmanager-scratchtokens": "The following list is a list of 
one-time use scratch tokens. These tokens can only be used once, and are for 
emergency use. Please write these down and keep them in a secure location. If 
you lose your phone, these tokens are the only way to rescue your account. 
These tokens will never be shown again.",
"oathauth-reset": "Reset two-factor credentials",
-   "oathauth-donotdeleteoldsecret": "Please do not delete your old 
credentials until you have successfully validated your new credentials.",
+   "oathauth-donotdeleteoldsecret": "Please do not delete your old 
credentials until you have validated your new credentials.",
"oathauth-token": "Token",
"oathauth-currenttoken": "Current token",
"oathauth-newtoken": "New token",
@@ -36,7 +36,6 @@
"oathauth-notloggedin": "Login required",
"oathauth-mustbeloggedin": "You must be logged in to perform this 
action.",
"oathauth-prefs-label": "Two-factor authentication:",
-   "oathauth-abortlogin": "The two-factor authentication token provided 
was invalid.",
"oathauth-abortlogin": "The two-factor authentication token provided 
was invalid.",
"oathauth-step1": "Step 1: Download the app",
"oathauth-step1-test": "Download a mobile app for two-factor 
authentication (such as Google Authenticator) on to your phone.",

-- 
To view, visit https://gerrit.wikimedia.org/r/280701
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OATHAuth
Gerrit-Branch: wmf/1.27.0-wmf.19
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Enable Ex:OATHAuth in beta, disabled for all users - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/280676

Change subject: Enable Ex:OATHAuth in beta, disabled for all users
..

Enable Ex:OATHAuth in beta, disabled for all users

Enable OATHAuth in beta, but disable it for all users. For testing,
we'll give the user right to the global Staff group.

Change-Id: I29d054e60d6c81524037143fab2bc07db4a2d38e
---
M wmf-config/CommonSettings-labs.php
M wmf-config/InitialiseSettings-labs.php
2 files changed, 11 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/76/280676/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index 8bf542b..a5ef67c 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -337,6 +337,13 @@
$wgOresBaseUrl = 'https://ores.wmflabs.org/';
 }
 
+if ( $wmgUseOATHAuth && $wmgUseCentralAuth ) {
+   wfLoadExtension( 'OATHAuth' );
+   $wgOATHAuthDatabase = 'centralauth';
+   // Roll this feature out to specific groups initially
+   $wgGroupPermissions['*']['oathauth-enable'] = false;
+}
+
 // Experimental
 $wgGadgetsCaching = false;
 
diff --git a/wmf-config/InitialiseSettings-labs.php 
b/wmf-config/InitialiseSettings-labs.php
index 4f6240e..81d4b18 100644
--- a/wmf-config/InitialiseSettings-labs.php
+++ b/wmf-config/InitialiseSettings-labs.php
@@ -652,5 +652,9 @@
'wmgUseCollection' => array(
'zhwiki' => true, // T128425
),
+   // Test enabling OATH for 2FA
+   'wmgUseOATHAuth' => array(
+   'default' => true,
+   )
);
 } # wmflLabsSettings()

-- 
To view, visit https://gerrit.wikimedia.org/r/280676
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I29d054e60d6c81524037143fab2bc07db4a2d38e
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Move token login to separate page - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/280672

Change subject: Move token login to separate page
..

Move token login to separate page

Rather than have an extraneous form on the login page,
move the token input to a separate page. The actual
logic for logging in is identical, the only difference
is that the token is added to the form data on a second
page request.

Bug: 53195
Change-Id: I39859cc59f1811de42b72f6167d332ea48812f97
(cherry picked from commit 1a8006317dd2c52e4f70d10f585800e8efeb5b1a)
---
M OATHAuth.hooks.php
M extension.json
M i18n/en.json
M i18n/qqq.json
M special/SpecialOATH.php
M special/SpecialOATHDisable.php
M special/SpecialOATHEnable.php
A special/SpecialOATHLogin.php
8 files changed, 175 insertions(+), 79 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/72/280672/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index c65fdf6..4e78c0a 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -7,23 +7,6 @@
  */
 class OATHAuthHooks {
/**
-* @param $template UserloginTemplate
-* @return bool
-*/
-   static function ModifyUITemplate( &$template ) {
-   $input = ''
-   . wfMessage( 'oathauth-token' )->escaped()
-   . ''
-   . Html::input( 'wpOATHToken', null, 'text', array(
-   'class' => 'loginText', 'id' => 
'wpOATHToken', 'tabindex' => '3', 'size' => '20'
-   ) ) . '';
-
-   $template->set( 'extrafields', $template->get( 'extrafields', 
'' ) . $input );
-
-   return true;
-   }
-
-   /**
 * Get the singleton OATH user repository
 *
 * @return OATHUserRepository
@@ -59,7 +42,19 @@
 * @return bool
 */
static function AbortChangePassword( $user, $password, $newpassword, 
&$errorMsg ) {
-   $result = self::authenticate( $user );
+   global $wgRequest;
+
+   $token = $wgRequest->getText( 'wpOATHToken' );
+   $oathrepo = self::getOATHUserRepository();
+   $oathuser = $oathrepo->findByUser( $user );
+   # Though it's weird to default to true, we only want to deny
+   # users who have two-factor enabled and have validated their
+   # token.
+   $result = true;
+
+   if ( $oathuser->getKey() !== null ) {
+   $result = $oathuser->getKey()->verifyToken( $token, 
$oathuser );
+   }
 
if ( $result ) {
return true;
@@ -78,57 +73,18 @@
 * @return bool
 */
static function AbortLogin( $user, $password, &$abort, &$errorMsg ) {
-   $result = self::authenticate( $user );
-   if ( $result ) {
-   return true;
-   } else {
-   $abort = LoginForm::ABORTED;
-   $errorMsg = 'oathauth-abortlogin';
-   return false;
-   }
-   }
+   $context = RequestContext::getMain();
+   $request = $context->getRequest();
+   $output = $context->getOutput();
 
-   /**
-* @param $user User
-* @return bool
-*/
-   static function authenticate( $user ) {
-   global $wgRequest;
+   $oathrepo = self::getOATHUserRepository();
+   $oathuser = $oathrepo->findByUser( $user );
 
-   $token = $wgRequest->getText( 'wpOATHToken' );
-   $oathuser = self::getOATHUserRepository()->findByUser( $user );
-   # Though it's weird to default to true, we only want to deny
-   # users who have two-factor enabled and have validated their
-   # token.
-   $result = true;
-
-   if ( $oathuser->getKey() !== null ) {
-   $result = $oathuser->getKey()->verifyToken( $token, 
$oathuser );
-   }
-
-   return $result;
-   }
-
-   /**
-* Determine if two-factor authentication is enabled for $wgUser
-*
-* @param bool &$isEnabled Will be set to true if enabled, false 
otherwise
-*
-* @return bool False if enabled, true otherwise
-*/
-   static function TwoFactorIsEnabled( &$isEnabled ) {
-   global $wgUser;
-
-   $user = self::getOATHUserRepository()->findByUser( $wgUser );
-   if ( $user && $user->getKey() !== null ) {
-   $isEnabled = true;
-   # This two-factor extension is enabled by the user,
-   # we don't need to check others.
+   if ( $oathuser->getKey() !== null && !$request->getCheck( 
'token' ) ) {
+ 

[MediaWiki-commits] [Gerrit] Fix i18n merge errors - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/280671

Change subject: Fix i18n merge errors
..

Fix i18n merge errors

Address comments by Raimond Spekking on
I39859cc59f1811de42b72f6167d332ea48812f97

Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5
---
M i18n/en.json
1 file changed, 1 insertion(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/71/280671/1

diff --git a/i18n/en.json b/i18n/en.json
index da3e6cf..ea88e39 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -17,7 +17,7 @@
"oathauth-verify": "Verify two-factor token",
"openstackmanager-scratchtokens": "The following list is a list of 
one-time use scratch tokens. These tokens can only be used once, and are for 
emergency use. Please write these down and keep them in a secure location. If 
you lose your phone, these tokens are the only way to rescue your account. 
These tokens will never be shown again.",
"oathauth-reset": "Reset two-factor credentials",
-   "oathauth-donotdeleteoldsecret": "Please do not delete your old 
credentials until you have successfully validated your new credentials.",
+   "oathauth-donotdeleteoldsecret": "Please do not delete your old 
credentials until you have validated your new credentials.",
"oathauth-token": "Token",
"oathauth-currenttoken": "Current token",
"oathauth-newtoken": "New token",
@@ -36,7 +36,6 @@
"oathauth-notloggedin": "Login required",
"oathauth-mustbeloggedin": "You must be logged in to perform this 
action.",
"oathauth-prefs-label": "Two-factor authentication:",
-   "oathauth-abortlogin": "The two-factor authentication token provided 
was invalid.",
"oathauth-abortlogin": "The two-factor authentication token provided 
was invalid.",
"oathauth-step1": "Step 1: Download the app",
"oathauth-step1-test": "Download a mobile app for two-factor 
authentication (such as Google Authenticator) on to your phone.",

-- 
To view, visit https://gerrit.wikimedia.org/r/280671
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OATHAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Encrypt password when stored in user session - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/280614

Change subject: Encrypt password when stored in user session
..

Encrypt password when stored in user session

During the two-step login, users with OATH enabled need to have their
login details saved into their session while we prompt them for their
OATH code. This encrypts that data, so we don't write their user's
password into our session storage.

Change-Id: I9969871205ac5c438706df41ef1519cb4cd7a964
---
M OATHAuth.hooks.php
A OATHAuthUtils.php
M extension.json
M special/SpecialOATH.php
M special/SpecialOATHLogin.php
5 files changed, 120 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/14/280614/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 4e78c0a..0fd551c 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -81,7 +81,12 @@
$oathuser = $oathrepo->findByUser( $user );
 
if ( $oathuser->getKey() !== null && !$request->getCheck( 
'token' ) ) {
-   $request->setSessionData( 'oath_login', 
$request->getValues() );
+   $encData = OATHAuthUtils::encryptSessionData(
+   $request->getValues(),
+   $user->getId()
+   );
+   $request->setSessionData( 'oath_login', $encData );
+   $request->setSessionData( 'oath_uid', $user->getId() );
$output->redirect( SpecialPage::getTitleFor( 'OATH' 
)->getFullURL( '', false, PROTO_CURRENT ) );
return false;
} else {
diff --git a/OATHAuthUtils.php b/OATHAuthUtils.php
new file mode 100644
index 000..9d8b401
--- /dev/null
+++ b/OATHAuthUtils.php
@@ -0,0 +1,105 @@
+ substr( $keymats, 0, 32 ),
+   'hmac' => substr( $keymats, 32, 32 ),
+   );
+   }
+
+   /**
+* Actually encrypt the data, using a new random IV, and prepend the 
hmac
+* of the encrypted data + IV, using a separate hmac key.
+* @return $hmac.$iv.$ciphertext, each component b64 encoded
+*/
+   private static function seal( $data, $encKey, $hmacKey ) {
+   $iv = MWCryptRand::generate( 16, true );
+   $ciphertext = openssl_encrypt(
+   $data,
+   'aes-256-ctr',
+   $encKey,
+   OPENSSL_RAW_DATA,
+   $iv
+   );
+   $sealed = base64_encode( $iv ) . '.' . base64_encode( 
$ciphertext );
+   $hmac = hash_hmac( 'sha256', $sealed, $hmacKey, true );
+   return base64_encode( $hmac ) . '.' . $sealed;
+   }
+
+   /**
+* Decrypt data sealed using seal(). First checks the hmac to prevent 
various
+* attacks.
+* @return plaintext
+*/
+   private static function unseal( $encrypted, $encKey, $hmacKey ) {
+   $pieces = explode( '.', $encrypted );
+   if ( count( $pieces ) !== 3 ) {
+   throw new InvalidArgumentException( 'Invalid 
sealed-secret format' );
+   }
+
+   list( $hmac, $iv, $ciphertext ) = $pieces;
+   $integCalc = hash_hmac( 'sha256', $iv . '.' . $ciphertext, 
$hmacKey, true );
+   if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) {
+   throw new Exception( 'Sealed secret has been tampered 
with, aborting.' );
+   }
+
+   return openssl_decrypt(
+   base64_decode( $ciphertext ),
+   'aes-256-ctr',
+   $encKey,
+   OPENSSL_RAW_DATA,
+   base64_decode( $iv )
+   );
+   }
+
+}
diff --git a/extension.json b/extension.json
index 29151b2..d028cff 100644
--- a/extension.json
+++ b/extension.json
@@ -8,6 +8,7 @@
"AutoloadClasses": {
"OATHAuthHooks": "OATHAuth.hooks.php",
"OATHAuthKey": "OATHAuthKey.php",
+   "OATHAuthUtils": "OATHAuthUtils.php",
"OATHUserRepository": "OATHUserRepository.php",
"HOTP": "lib/hotp.php",
"HOTPResult": "lib/hotp.php",
@@ -46,7 +47,8 @@
},
"config": {
"OATHAuthWindowRadius": 4,
-   "OATHAuthDatabase": false
+   "OATHAuthDatabase": false,
+   "OATHAuthSecret": false
},
"ResourceModules": {
"ext.oathauth": {
diff --git a/special/SpecialOATH.php b/special/SpecialOATH.php
index 7f8a580..ae99c39 100644
--- a/special/SpecialOATH.php
+++ b/special/SpecialOATH.php
@@ -20,8 +20,12 @@
$page = null;
if ( $this->getUser()->isAnon() && $loginInfo !== 

[MediaWiki-commits] [Gerrit] [WIP] Encrypted secret storage in MediaWiki - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/279981

Change subject: [WIP] Encrypted secret storage in MediaWiki
..

[WIP] Encrypted secret storage in MediaWiki

* Put Pbkdf2 implmentation from Password hashing into its own class
* Add SecretStore which has and api that is hard for developers to
  user insecurely.
* Make SecretStoreAesCtrSha256 the default implementation

TODO:
* encode class in sealed envelope
** review password api pattern
* comments

Change-Id: I3a7b4830922a32aab3c9d9155ca11adf50f23064
---
M autoload.php
M includes/DefaultSettings.php
M includes/Setup.php
A includes/crypto/Pbkdf2.php
A includes/crypto/SecretStore.php
A includes/crypto/SecretStoreAesCtrSha256.php
M includes/password/Pbkdf2Password.php
A tests/phpunit/includes/crypto/Pbkdf2Test.php
A tests/phpunit/includes/crypto/SecretStoreAesCtrSha256Test.php
A tests/phpunit/includes/crypto/SecretStoreTest.php
10 files changed, 617 insertions(+), 33 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/81/279981/1

diff --git a/autoload.php b/autoload.php
index 673072b..9f197f2 100644
--- a/autoload.php
+++ b/autoload.php
@@ -577,6 +577,7 @@
'InstallerOverrides' => __DIR__ . '/mw-config/overrides.php',
'Interwiki' => __DIR__ . '/includes/interwiki/Interwiki.php',
'InvalidPassword' => __DIR__ . '/includes/password/InvalidPassword.php',
+   'ISecretStorer' => __DIR__ . '/includes/crypto/ISecretStorer.php',
'IteratorDecorator' => __DIR__ . 
'/includes/utils/iterators/IteratorDecorator.php',
'IuConverter' => __DIR__ . '/languages/classes/LanguageIu.php',
'JSCompilerContext' => __DIR__ . '/includes/libs/jsminplus.php',
@@ -913,6 +914,7 @@
'PathRouterPatternReplacer' => __DIR__ . '/includes/PathRouter.php',
'PatrolLog' => __DIR__ . '/includes/logging/PatrolLog.php',
'PatrolLogFormatter' => __DIR__ . 
'/includes/logging/PatrolLogFormatter.php',
+   'Pbkdf2' => __DIR__ . '/includes/crypto/Pbkdf2.php',
'Pbkdf2Password' => __DIR__ . '/includes/password/Pbkdf2Password.php',
'PermissionsError' => __DIR__ . 
'/includes/exception/PermissionsError.php',
'PhpHttpRequest' => __DIR__ . '/includes/HttpFunctions.php',
@@ -1102,6 +1104,8 @@
'SearchUpdate' => __DIR__ . '/includes/deferred/SearchUpdate.php',
'SectionProfileCallback' => __DIR__ . 
'/includes/profiler/SectionProfiler.php',
'SectionProfiler' => __DIR__ . '/includes/profiler/SectionProfiler.php',
+   'SecretStore' => __DIR__ . '/includes/crypto/SecretStore.php',
+   'SecretStoreAesCtrSha256' => __DIR__ . 
'/includes/crypto/SecretStoreAesCtrSha256.php',
'SevenZipStream' => __DIR__ . '/maintenance/7zip.inc',
'ShiConverter' => __DIR__ . '/languages/classes/LanguageShi.php',
'ShortPagesPage' => __DIR__ . 
'/includes/specials/SpecialShortpages.php',
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 9eff602..3a157a8 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4476,6 +4476,21 @@
 );
 
 /**
+ * Configuration for a generic secret encryption mechanism.
+ * 'classes' maps SecretStore classes to their abbreviated name.
+ * 'defaultClass' is the default SecretStore class used to seal new secrets.
+ * 'secrets' should be an array of secret keys used to seal stored secrets. An 
array
+ * is kept so that the secret can be easily rotated in production. If this 
array
+ * is empty, $wgSecretKey is added as element 0 in Setup.php.
+ * 'defaultSecret' the current secret to use when sealing.
+ */
+$wgSecretStoreConfig = array(
+   'defaultClass' => 'acs256',
+   'secrets' => array(),
+   'defaultSecret' => 0,
+);
+
+/**
  * Whether to allow password resets ("enter some identifying data, and we'll 
send an email
  * with a temporary password you can use to get back into the account") 
identified by
  * various bits of data.  Setting all of these to false (or the whole variable 
to false)
diff --git a/includes/Setup.php b/includes/Setup.php
index 67c99c9..cfc6e49 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -478,6 +478,11 @@
$wgPasswordPolicy['policies']['default']['MaximalPasswordLength'] = 
$wgMaximalPasswordLength;
 }
 
+// Setup default SecretStore
+if ( !$wgSecretStoreConfig['secrets'] ) {
+   $wgSecretStoreConfig['secrets'] = array( $wgSecretKey );
+}
+
 // Backwards compatibility with deprecated alias
 // Must be before call to wfSetupSession()
 if ( $wgSessionsInMemcached ) {
diff --git a/includes/crypto/Pbkdf2.php b/includes/crypto/Pbkdf2.php
new file mode 100644
index 000..c446715
--- /dev/null
+++ b/includes/crypto/Pbkdf2.php
@@ -0,0 +1,78 @@
+http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ */
+
+/**
+ * A PBKDF2-hash b/c wrapper
+ * @since 1.27
+ */
+
+class Pbkdf2 {
+
+   /**
+* 

[MediaWiki-commits] [Gerrit] Add user right for enabling two-factor auth - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/279575

Change subject: Add user right for enabling two-factor auth
..

Add user right for enabling two-factor auth

Make new right oathauth-enable that the user must have to enable two
factor authentication (disabling and logging in, of course, are still
allowed).

Bug: T100376
Change-Id: I18d43f8b2cf2c2ce9c2309a43961686498b5c999
---
M OATHAuth.hooks.php
M extension.json
M i18n/en.json
M i18n/qqq.json
M special/SpecialOATHEnable.php
5 files changed, 25 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/75/279575/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 4c3f68d..c65fdf6 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -142,6 +142,10 @@
 * @return bool
 */
public static function manageOATH( User $user, array &$preferences ) {
+   if ( !$user->isAllowed( 'oathauth-enable' ) ) {
+   return true;
+   }
+
$oathUser = self::getOATHUserRepository()->findByUser( $user );
 
$title = SpecialPage::getTitleFor( 'OATH' );
diff --git a/extension.json b/extension.json
index 09ef513..e367775 100644
--- a/extension.json
+++ b/extension.json
@@ -69,5 +69,13 @@
"SpecialPages": {
"OATH": "SpecialOATH"
},
+   "AvailableRights": [
+   "oathauth-enable"
+   ],
+   "GroupPermissions": {
+   "*": {
+   "oathauth-enable": true
+   }
+   },
"manifest_version": 1
 }
diff --git a/i18n/en.json b/i18n/en.json
index 66568c1..5413063 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -42,5 +42,7 @@
"oathauth-step2alt": "Or enter the secret manually:",
"oathauth-step3": "Step 3: Write down the scratch codes",
"oathauth-step4": "Step 4: Verification",
-   "oathauth-entertoken": "Enter a code from your mobile app to verify:"
+   "oathauth-entertoken": "Enter a code from your mobile app to verify:",
+   "right-oathauth-enable": "Enable two-factor authentication",
+   "action-oathauth-enable": "enable two-factor authentication"
 }
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 369a1e3..439c8c5 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -40,11 +40,13 @@
"oathauth-mustbeloggedin": "Plain text seen on Special:OATH when a user 
is not logged in.",
"oathauth-prefs-label": "Plain text label seen on 
Special:Preferences\n\nSee 
[https://en.wikipedia.org/wiki/Two_factor_authentication two factor 
authentication]",
"oathauth-abortlogin": "Error message shown on login and password 
change pages when authentication is aborted.\n\nSee 
[https://en.wikipedia.org/wiki/Two_factor_authentication two factor 
authentication]",
-"oathauth-step1": "Label for step 1 on Special:OATH form",
-"oathauth-step1-test": "Text for step 1 on Special:OATH form",
-"oathauth-step2": "Label for step 2, the QR code, on Special:OATH",
-"oathauth-step2alt": "Label for information on how to manually do step 2 
on Special:OATH",
-"oathauth-step3": "Label for step 3 information on Special:OATH",
-"oathauth-step4": "Label for step 4 information on Special:OATH",
-"oathauth-entertoken": "Label on input field on Special:OATH asking user 
to enter token"
+   "oathauth-step1": "Label for step 1 on Special:OATH form",
+   "oathauth-step1-test": "Text for step 1 on Special:OATH form",
+   "oathauth-step2": "Label for step 2, the QR code, on Special:OATH",
+   "oathauth-step2alt": "Label for information on how to manually do step 
2 on Special:OATH",
+   "oathauth-step3": "Label for step 3 information on Special:OATH",
+   "oathauth-step4": "Label for step 4 information on Special:OATH",
+   "oathauth-entertoken": "Label on input field on Special:OATH asking 
user to enter token",
+   "right-oathauth-enable": "{{doc-right|oathauth-enable}}",
+   "action-oathauth-enable": "{{doc-action|oathauth-enable}}"
 }
diff --git a/special/SpecialOATHEnable.php b/special/SpecialOATHEnable.php
index 1fb4bc4..4e331fd 100644
--- a/special/SpecialOATHEnable.php
+++ b/special/SpecialOATHEnable.php
@@ -20,7 +20,7 @@
 * @param OATHUser $user
 */
public function __construct( OATHUserRepository $repository, OATHUser 
$user ) {
-   parent::__construct( 'OATH', '', false );
+   parent::__construct( 'OATH', 'oathauth-enable', false );
 
$this->OATHRepository = $repository;
$this->OATHUser = $user;

-- 
To view, visit https://gerrit.wikimedia.org/r/279575
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I18d43f8b2cf2c2ce9c2309a43961686498b5c999
Gerrit-PatchSet: 1
Gerrit-Project: 

[MediaWiki-commits] [Gerrit] Allow for using separate database for OATH creds - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/279427

Change subject: Allow for using separate database for OATH creds
..

Allow for using separate database for OATH creds

Add configuration variable for specifying what database the OATH
credentials are stored in, that way wikis that use CentralAuth can
centralize their two-factor authentication data as well.

Bug: T100374
Change-Id: I285e2fe29fee43ddc6c5a6e51823911d43c596f6
(cherry picked from commit 67c7dd10e7dff43a3e2ae78995575775a21732af)
---
M OATHAuth.hooks.php
M OATHAuthKey.php
M extension.json
M special/SpecialOATH.php
4 files changed, 25 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/27/279427/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 2df0313..4c3f68d 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -24,6 +24,23 @@
}
 
/**
+* Get the singleton OATH user repository
+*
+* @return OATHUserRepository
+*/
+   public static function getOATHUserRepository() {
+   global $wgOATHAuthDatabase;
+
+   static $service = null;
+
+   if ( $service == null ) {
+   $service = new OATHUserRepository( wfGetLB( 
$wgOATHAuthDatabase ) );
+   }
+
+   return $service;
+   }
+
+   /**
 * @param $extraFields array
 * @return bool
 */
@@ -43,6 +60,7 @@
 */
static function AbortChangePassword( $user, $password, $newpassword, 
&$errorMsg ) {
$result = self::authenticate( $user );
+
if ( $result ) {
return true;
} else {
@@ -78,8 +96,7 @@
global $wgRequest;
 
$token = $wgRequest->getText( 'wpOATHToken' );
-   $oathrepo = new OATHUserRepository( wfGetLB() );
-   $oathuser = $oathrepo->findByUser( $user );
+   $oathuser = self::getOATHUserRepository()->findByUser( $user );
# Though it's weird to default to true, we only want to deny
# users who have two-factor enabled and have validated their
# token.
@@ -102,8 +119,7 @@
static function TwoFactorIsEnabled( &$isEnabled ) {
global $wgUser;
 
-   $oathrepo = new OATHUserRepository( wfGetLB() );
-   $user = $oathrepo->findByUser( $wgUser );
+   $user = self::getOATHUserRepository()->findByUser( $wgUser );
if ( $user && $user->getKey() !== null ) {
$isEnabled = true;
# This two-factor extension is enabled by the user,
@@ -126,8 +142,7 @@
 * @return bool
 */
public static function manageOATH( User $user, array &$preferences ) {
-   $oathrepo = new OATHUserRepository( wfGetLB() );
-   $oathUser = $oathrepo->findByUser( $user );
+   $oathUser = self::getOATHUserRepository()->findByUser( $user );
 
$title = SpecialPage::getTitleFor( 'OATH' );
$msg = $oathUser->getKey() !== null ? 'oathauth-disable' : 
'oathauth-enable';
diff --git a/OATHAuthKey.php b/OATHAuthKey.php
index ac4a26b..c5ce239 100644
--- a/OATHAuthKey.php
+++ b/OATHAuthKey.php
@@ -117,7 +117,7 @@
if ( $token === 
$this->scratchTokens[$i] ) {
// If there is a scratch token, 
remove it from the scratch token list
unset( $this->scratchTokens[$i] 
);
-   $oathrepo = new 
OATHUserRepository( wfGetLB() );
+   $oathrepo = 
OATHAuthHooks::getOATHUserRepository();
$user->setKey( $this );
$oathrepo->persist( $user );
// Only return true if we 
removed it from the database
diff --git a/extension.json b/extension.json
index 9a47fa4..09ef513 100644
--- a/extension.json
+++ b/extension.json
@@ -50,7 +50,8 @@
]
},
"config": {
-   "OATHAuthWindowRadius": 4
+   "OATHAuthWindowRadius": 4,
+   "OATHAuthDatabase": false
},
"ResourceModules": {
"ext.oathauth": {
diff --git a/special/SpecialOATH.php b/special/SpecialOATH.php
index 5ab08dd..96214cf 100644
--- a/special/SpecialOATH.php
+++ b/special/SpecialOATH.php
@@ -11,7 +11,7 @@
 * @return SpecialOATHDisable|SpecialOATHEnable|SpecialPage
 */
protected function getTargetPage() {
-   $repo = new OATHUserRepository( wfGetLB() );
+   $repo = 

[MediaWiki-commits] [Gerrit] Allow all users to enable OATH 2FA - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/279271

Change subject: Allow all users to enable OATH 2FA
..

Allow all users to enable OATH 2FA

After I18d43f8b2cf2c2ce9c2309a43961686498b5c999 is merged, an extra
user right is required to enable OATH 2FA.

All users on labswiki should be allowed to enable OATH.

Change-Id: If00ee6101822c73cdbf7345f5b89f16326d30f3c
---
M wmf-config/wikitech.php
1 file changed, 3 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/71/279271/1

diff --git a/wmf-config/wikitech.php b/wmf-config/wikitech.php
index 468cb22..a50f7df 100644
--- a/wmf-config/wikitech.php
+++ b/wmf-config/wikitech.php
@@ -180,4 +180,7 @@
 #$wgOpenIDConsumerDenyByDefault = true;
 
 require_once( "$IP/extensions/OATHAuth/OATHAuth.php" );
+// Allow all users to enable OATH 2FA on labswiki
+$wgGroupPermissions['*']['oathauth-enable'] = true;
+
 require_once( "$IP/extensions/DynamicSidebar/DynamicSidebar.php" );

-- 
To view, visit https://gerrit.wikimedia.org/r/279271
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If00ee6101822c73cdbf7345f5b89f16326d30f3c
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Refactored special pages into HTMLForm and proxy - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/279253

Change subject: Refactored special pages into HTMLForm and proxy
..

Refactored special pages into HTMLForm and proxy

Made new class ProxySpecialPage, which acts as a
proxy object to another SpecialPage object that is
determined based on context information other than
the title.

Then Special:OATH has been split into two separate
special page classes (both FormSpecialPages using
HTMLForm) that are routed to by a ProxySpecialPage
object.

In addition, the form for enabling two-factor auth
has been refactored into vform style, with some
better instructions on how to enable two-factor
authentication.

Change-Id: Ib9117cbc9d7f044de9607db81a157e1b472b5ec0
(cherry picked from commit 0c389f50255325338a03fed8739a923ad2aefc1e)
---
M OATHAuth.hooks.php
M OATHAuthKey.php
M OATHUser.php
M extension.json
M i18n/en.json
M i18n/qqq.json
A special/ProxySpecialPage.php
M special/SpecialOATH.php
A special/SpecialOATHDisable.php
A special/SpecialOATHEnable.php
10 files changed, 575 insertions(+), 279 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/53/279253/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 8bbc24d..2df0313 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -2,6 +2,8 @@
 
 /**
  * Hooks for Extension:OATHAuth
+ *
+ * @ingroup Extensions
  */
 class OATHAuthHooks {
/**
@@ -128,39 +130,20 @@
$oathUser = $oathrepo->findByUser( $user );
 
$title = SpecialPage::getTitleFor( 'OATH' );
-   if ( $oathUser->getKey() !== null ) {
-   $preferences['oath-disable'] = array(
-   'type' => 'info',
-   'raw' => 'true',
-   'default' => Linker::link(
-   $title,
-   wfMessage( 'oathauth-disable' 
)->escaped(),
-   array(),
-   array(
-   'action' => 'disable',
-   'returnto' => 
SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText()
-   )
-   ),
-   'label-message' => 'oathauth-prefs-label',
-   'section' => 'personal/info',
-   );
-   } else {
-   $preferences['oath-enable'] = array(
-   'type' => 'info',
-   'raw' => 'true',
-   'default' => Linker::link(
-   $title,
-   wfMessage( 'oathauth-enable' 
)->escaped(),
-   array(),
-   array(
-   'action' => 'enable',
-   'returnto' => 
SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText()
-   )
-   ),
-   'label-message' => 'oathauth-prefs-label',
-   'section' => 'personal/info',
-   );
-   }
+   $msg = $oathUser->getKey() !== null ? 'oathauth-disable' : 
'oathauth-enable';
+
+   $preferences[$msg] = array(
+   'type' => 'info',
+   'raw' => 'true',
+   'default' => Linker::link(
+   $title,
+   wfMessage( $msg )->escaped(),
+   array(),
+   array( 'returnto' => SpecialPage::getTitleFor( 
'Preferences' )->getPrefixedText() )
+   ),
+   'label-message' => 'oathauth-prefs-label',
+   'section' => 'personal/info',
+   );
 
return true;
}
diff --git a/OATHAuthKey.php b/OATHAuthKey.php
index e50826d..ac4a26b 100644
--- a/OATHAuthKey.php
+++ b/OATHAuthKey.php
@@ -4,8 +4,22 @@
  * Class representing a two-factor key
  *
  * Keys can be tied to OAUTHUsers
+ *
+ * @ingroup Extensions
  */
 class OATHAuthKey {
+   /**
+* Represents that a token corresponds to the main secret
+* @see verifyToken
+*/
+   const MAIN_TOKEN = 1;
+
+   /**
+* Represents that a token corresponds to a scratch token
+* @see verifyToken
+*/
+   const SCRATCH_TOKEN = -1;
+
/** @var string Two factor binary secret */
private $secret;
 
@@ -63,7 +77,8 @@
 * @param string $token Token to verify

[MediaWiki-commits] [Gerrit] Refactor extension key storage - change (mediawiki...OATHAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/279086

Change subject: Refactor extension key storage
..

Refactor extension key storage

This takes out the actual key information from
OATHUser and puts it into an OATHKey class, which OATHUser
depends on. This allows easily swapping keys in/out from
a user.

Change-Id: Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19
(cherry picked from commit 89455cdfb2111b83506149f5ef0c39bbef8fc2cf)
---
M OATHAuth.hooks.php
A OATHAuthKey.php
M OATHUser.php
A OATHUserRepository.php
M extension.json
M lib/hotp.php
A maintenance/update_scratch_token_format.php
D oathauth.sql
M special/SpecialOATH.php
A sql/mysql/patch-remove_reset.sql
A sql/mysql/tables.sql
11 files changed, 379 insertions(+), 584 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/86/279086/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 4aa8a67..8bbc24d 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -76,14 +76,17 @@
global $wgRequest;
 
$token = $wgRequest->getText( 'wpOATHToken' );
-   $oathuser = OATHUser::newFromUser( $user );
+   $oathrepo = new OATHUserRepository( wfGetLB() );
+   $oathuser = $oathrepo->findByUser( $user );
# Though it's weird to default to true, we only want to deny
# users who have two-factor enabled and have validated their
# token.
$result = true;
-   if ( $oathuser && $oathuser->isEnabled() && 
$oathuser->isValidated() ) {
-   $result = $oathuser->verifyToken( $token );
+
+   if ( $oathuser->getKey() !== null ) {
+   $result = $oathuser->getKey()->verifyToken( $token, 
$oathuser );
}
+
return $result;
}
 
@@ -97,8 +100,9 @@
static function TwoFactorIsEnabled( &$isEnabled ) {
global $wgUser;
 
-   $user = OATHUser::newFromUser( $wgUser );
-   if ( $user && $user->isEnabled() && $user->isValidated() ) {
+   $oathrepo = new OATHUserRepository( wfGetLB() );
+   $user = $oathrepo->findByUser( $wgUser );
+   if ( $user && $user->getKey() !== null ) {
$isEnabled = true;
# This two-factor extension is enabled by the user,
# we don't need to check others.
@@ -120,10 +124,11 @@
 * @return bool
 */
public static function manageOATH( User $user, array &$preferences ) {
-   $oathUser = OATHUser::newFromUser( $user );
+   $oathrepo = new OATHUserRepository( wfGetLB() );
+   $oathUser = $oathrepo->findByUser( $user );
 
$title = SpecialPage::getTitleFor( 'OATH' );
-   if ( $oathUser->isEnabled() && $oathUser->isValidated() ) {
+   if ( $oathUser->getKey() !== null ) {
$preferences['oath-disable'] = array(
'type' => 'info',
'raw' => 'true',
@@ -137,20 +142,6 @@
)
),
'label-message' => 'oathauth-prefs-label',
-   'section' => 'personal/info',
-   );
-   $preferences['oath-reset'] = array(
-   'type' => 'info',
-   'raw' => 'true',
-   'default' => Linker::link(
-   $title,
-   wfMessage( 'oathauth-reset' 
)->escaped(),
-   array(),
-   array(
-   'action' => 'reset',
-   'returnto' => 
SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText()
-   )
-   ),
'section' => 'personal/info',
);
} else {
@@ -183,9 +174,55 @@
switch ( $updater->getDB()->getType() ) {
case 'mysql':
case 'sqlite':
-   $updater->addExtensionTable( 'oathauth_users', 
"$base/oathauth.sql" );
+   $updater->addExtensionTable( 'oathauth_users', 
"$base/sql/mysql/tables.sql" );
+   $updater->addExtensionUpdate( array( array( 
__CLASS__, 'schemaUpdateOldUsersFromInstaller' ) ) );
+   $updater->dropExtensionField( 'oathauth_users', 
'secret_reset',
+   

[MediaWiki-commits] [Gerrit] Enforce password policies on labs - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/276518

Change subject: Enforce password policies on labs
..

Enforce password policies on labs

In preparation for enfocing these policies in production, enforce
password policies in labs, as specified by the policy RFC on meta.

Bug: T119100
Change-Id: I9de88627715e4d5d63e363248bd0591c575f125d
---
M wmf-config/CommonSettings-labs.php
1 file changed, 54 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/18/276518/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index b952f90..bf98da9 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -355,6 +355,60 @@
 
 $wgMessageCacheType = CACHE_ACCEL;
 
+// Enforce password policy when users login on other wikis
+if ( $wmgUseCentralAuth ) {
+   $wgHooks['PasswordPoliciesForUser'][] = function( User $user, array 
&$effectivePolicy ) {
+   $central = CentralAuthUser::getInstance( $user );
+   if ( !$central->exists() ) {
+   return true;
+   }
+
+   $privilegedPolicy = array(
+   'MinimalPasswordLength' => 8,
+   'MinimumPasswordLengthToLogin' => 1,
+   'PasswordCannotBePopular' => 1,
+   );
+
+   if ( array_intersect(
+   array( 'bureaucrat', 'sysop', 'checkuser', 'oversight', 
'interface-editor' ),
+   $central->getLocalGroups()
+   ) ) {
+   $effectivePolicy = UserPasswordPolicy::maxOfPolicies(
+   $effectivePolicy,
+   $privilegedPolicy
+   );
+   return true;
+   }
+
+   // Result should be cached by getLocalGroups() above
+   $attachInfo = $central->queryAttached();
+   $enforceWikiGroups = array(
+   'centralnoticeadmin' => array( 'metawiki', 'testwiki' ),
+   'templateeditor' => array( 'fawiki', 'rowiki' ),
+   'botadmin' => array( 'frwiktionary', 'mlwiki', 
'mlwikisource', 'mlwiktionary' ),
+   'translator' => array( 'incubatorwiki' ),
+   'technician' => array( 'trwiki' ),
+   'wikidata-staff' => array( 'wikidata' ),
+   );
+
+   foreach ( $enforceWikiGroups as $group => $wikis ) {
+   foreach ( $wikis as $wiki ) {
+   if ( isset( $attachInfo[$wiki]['groups'] )
+   && in_array( $group, 
$attachInfo[$wiki]['groups'] ) )
+   {
+   $effectivePolicy = 
UserPasswordPolicy::maxOfPolicies(
+   $effectivePolicy,
+   $privilegedPolicy
+   );
+   return true;
+   }
+   }
+   }
+
+   return true;
+   };
+}
+
 // Test of new import source configuration on labs cluster
 $wgImportSources = false;
 include( "$wmfConfigDir/import.php" );

-- 
To view, visit https://gerrit.wikimedia.org/r/276518
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9de88627715e4d5d63e363248bd0591c575f125d
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Update default hash storage settings - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/275868

Change subject: Update default hash storage settings
..

Update default hash storage settings

Update the default hash settings to align output length and hash block
size.

Bug: T127445
Change-Id: I8419ec9db28eba5868d3a9ee9542d998bfde920b
---
M includes/DefaultSettings.php
1 file changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/68/275868/1

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index c04602c..4cf0c40 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4496,9 +4496,9 @@
],
'pbkdf2' => [
'class' => 'Pbkdf2Password',
-   'algo' => 'sha256',
-   'cost' => '1',
-   'length' => '128',
+   'algo' => 'sha512',
+   'cost' => '3',
+   'length' => '64',
],
 ];
 

-- 
To view, visit https://gerrit.wikimedia.org/r/275868
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8419ec9db28eba5868d3a9ee9542d998bfde920b
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Update pbkdf2 hash parameters - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/274795

Change subject: Update pbkdf2 hash parameters
..

Update pbkdf2 hash parameters

Follow-up to I5fb2f656b3a640beb796e5e613524e1f660b64d5. Make the
parameters apply to all wikis, not just beta.

Bug: T127445
Bug: T116030
Change-Id: I1facac4bce9d859d251dd326aab8d619df47d00b
---
M wmf-config/CommonSettings-labs.php
M wmf-config/CommonSettings.php
2 files changed, 6 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/95/274795/1

diff --git a/wmf-config/CommonSettings-labs.php 
b/wmf-config/CommonSettings-labs.php
index 104a63e..b952f90 100644
--- a/wmf-config/CommonSettings-labs.php
+++ b/wmf-config/CommonSettings-labs.php
@@ -355,13 +355,6 @@
 
 $wgMessageCacheType = CACHE_ACCEL;
 
-$wgPasswordConfig['pbkdf2'] = array(
-   'class' => 'Pbkdf2Password',
-   'algo' => 'sha512',
-   'cost' => '128000',
-   'length' => '64',
-);
-
 // Test of new import source configuration on labs cluster
 $wgImportSources = false;
 include( "$wmfConfigDir/import.php" );
diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 2fe3748..1421502 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -346,7 +346,12 @@
 // Use PBKDF2 for password hashing (T70766)
 $wgPasswordDefault = 'pbkdf2';
 // This needs to be increased as allowable by server performance
-$wgPasswordConfig['pbkdf2']['cost'] = '64000';
+$wgPasswordConfig['pbkdf2'] = array(
+   'class' => 'Pbkdf2Password',
+   'algo' => 'sha512',
+   'cost' => '128000',
+   'length' => '64',
+);
 
 if ( $wgDBname === 'labswiki' || $wgDBname === 'labtestwiki' ) {
$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;

-- 
To view, visit https://gerrit.wikimedia.org/r/274795
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1facac4bce9d859d251dd326aab8d619df47d00b
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Don't send Referer from private wikis - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/274414

Change subject: Don't send Referer from private wikis
..

Don't send Referer from private wikis

Change-Id: If904dece3828eb7d1123c2d313423735442bb219
---
M wmf-config/InitialiseSettings.php
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/14/274414/1

diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index d3ad521..ddc1e7d 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -11351,7 +11351,7 @@
 
 'wgReferrerPolicy' => array(
'default' => 'origin-when-cross-origin',
-   'private' => false,
+   'private' => 'no-referrer',
 ),
 
 'wgUserEmailUseReplyTo' => array(

-- 
To view, visit https://gerrit.wikimedia.org/r/274414
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If904dece3828eb7d1123c2d313423735442bb219
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Password policies for advanced permission groups - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/272660

Change subject: Password policies for advanced permission groups
..

Password policies for advanced permission groups

Begin implementing the results of 
https://meta.wikimedia.org/wiki/Requests_for_comment/Password_policy_for_users_with_certain_advanced_permissions

Bug: T119100
Change-Id: I9bf79e16d61b6e7aca89cd7bd05a8ce65685a8c2
---
M wmf-config/CommonSettings.php
1 file changed, 36 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/60/272660/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index b8e05bf..1fe0299 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -353,16 +353,18 @@
 if ( $wgDBname === 'labswiki' || $wgDBname === 'labtestwiki' ) {
$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;
 } else {
-   // Temporarily set the policy for these roles to the previous WMF 
setting until
-   // we communicate the change to affected communities.
-   $wgPasswordPolicy['policies']['bureaucrat']['MinimalPasswordLength'] = 
1;
-   $wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 1;
+   // See password policy RFC on meta
+   $wgPasswordPolicy['policies']['bureaucrat']['MinimalPasswordLength'] = 
8;
+   $wgPasswordPolicy['policies']['bureaucrat']['PasswordCannotBePopular'] 
= 1;
+   $wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 8;
+   $wgPasswordPolicy['policies']['sysop']['PasswordCannotBePopular'] = 
1;
+   $wgPasswordPolicy['policies']['checkuser']['MinimalPasswordLength'] = 8;
+   $wgPasswordPolicy['policies']['checkuser']['PasswordCannotBePopular'] = 
1;
+   $wgPasswordPolicy['policies']['suppress']['MinimalPasswordLength'] = 8;
+   $wgPasswordPolicy['policies']['suppress']['PasswordCannotBePopular'] = 
1;
+
$wgPasswordPolicy['policies']['bot']['MinimalPasswordLength'] = 1;
 }
-
-// Temporarily disable PasswordCannotBePopular policies until communicated.
-unset( $wgPasswordPolicy['policies']['bureaucrat']['PasswordCannotBePopular'] 
);
-unset( $wgPasswordPolicy['policies']['sysop']['PasswordCannotBePopular'] );
 
 // For global policies, see $wgCentralAuthGlobalPasswordPolicies below
 
@@ -1278,6 +1280,32 @@
'PasswordCannotMatchUsername' => true,
);
 
+   // See password policy RFC on meta
+   $wgCentralAuthGlobalPasswordPolicies['global-sysop'] = array(
+   'MinimalPasswordLength' => 8,
+   'PasswordCannotBePopular' => 1,
+   );
+   $wgCentralAuthGlobalPasswordPolicies['global-interface-editor'] = array(
+   'MinimalPasswordLength' => 8,
+   'PasswordCannotBePopular' => 1,
+   );
+   $wgCentralAuthGlobalPasswordPolicies['wmf-researcher'] = array(
+   'MinimalPasswordLength' => 8,
+   'PasswordCannotBePopular' => 1,
+   );
+   $wgCentralAuthGlobalPasswordPolicies['new-wikis-importer'] = array(
+   'MinimalPasswordLength' => 8,
+   'PasswordCannotBePopular' => 1,
+   );
+   $wgCentralAuthGlobalPasswordPolicies['ombudsman'] = array(
+   'MinimalPasswordLength' => 8,
+   'PasswordCannotBePopular' => 1,
+   );
+   $wgCentralAuthGlobalPasswordPolicies['founder'] = array(
+   'MinimalPasswordLength' => 8,
+   'PasswordCannotBePopular' => 1,
+   );
+
$wgCentralAuthUseSlaves = true;
 }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/272660
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9bf79e16d61b6e7aca89cd7bd05a8ce65685a8c2
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Add authmanager events to logstash - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/271028

Change subject: Add authmanager events to logstash
..

Add authmanager events to logstash

It would be helpful to track some of these while we're making changes
to password policies and throttles.

Change-Id: I3660fe10900328de2fbe0eb9d96e93f7d70fb319
---
M wmf-config/InitialiseSettings.php
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/28/271028/1

diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index e53b57b..74a1b95 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -4456,6 +4456,7 @@
'antispoof' => 'debug',
'api' => array( 'logstash' => false ),
'api-feature-usage' => 'debug',
+'authmanager' => array( 'udp2log' => false, 'logstash' => 
'info' ),
'badpass' => 'debug',
'BounceHandler' => 'debug',
'Bug58676' => 'debug', # Invalid message parameter

-- 
To view, visit https://gerrit.wikimedia.org/r/271028
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I3660fe10900328de2fbe0eb9d96e93f7d70fb319
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Revert "Limit ip-all/subnet-all ping limts per wiki" - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has submitted this change and it was merged.

Change subject: Revert "Limit ip-all/subnet-all ping limts per wiki"
..


Revert "Limit ip-all/subnet-all ping limts per wiki"

This reverts commit 461406e31864e75fcd1c2f5ac967cb7ba5e5a182.

My mistake, we've always used global keys for ip/subnet.

Change-Id: I8bc1bfdf61ae5c0988a913871a7292faed372141
---
M includes/user/User.php
1 file changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Legoktm: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/user/User.php b/includes/user/User.php
index 6638fb7..da63075 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -1789,14 +1789,14 @@
// ip-based limits
if ( isset( $limits['ip'] ) ) {
$ip = $this->getRequest()->getIP();
-   $keys[wfMemcKey( 'limiter', $action, 'ip', $ip 
)] = $limits['ip'];
+   $keys["mediawiki:limiter:$action:ip:$ip"] = 
$limits['ip'];
}
// subnet-based limits
if ( isset( $limits['subnet'] ) ) {
$ip = $this->getRequest()->getIP();
$subnet = IP::getSubnet( $ip );
if ( $subnet !== false ) {
-   $keys[wfMemcKey( 'limiter', $action, 
'subnet', $subnet )] = $limits['subnet'];
+   
$keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
}
}
}

-- 
To view, visit https://gerrit.wikimedia.org/r/269470
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I8bc1bfdf61ae5c0988a913871a7292faed372141
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp 
Gerrit-Reviewer: CSteipp 
Gerrit-Reviewer: Legoktm 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Revert "Limit ip-all/subnet-all ping limts per wiki" - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/269470

Change subject: Revert "Limit ip-all/subnet-all ping limts per wiki"
..

Revert "Limit ip-all/subnet-all ping limts per wiki"

This reverts commit 461406e31864e75fcd1c2f5ac967cb7ba5e5a182.

My mistake, we've always used global keys for ip/subnet.

Change-Id: I8bc1bfdf61ae5c0988a913871a7292faed372141
---
M includes/user/User.php
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/70/269470/1

diff --git a/includes/user/User.php b/includes/user/User.php
index 6638fb7..da63075 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -1789,14 +1789,14 @@
// ip-based limits
if ( isset( $limits['ip'] ) ) {
$ip = $this->getRequest()->getIP();
-   $keys[wfMemcKey( 'limiter', $action, 'ip', $ip 
)] = $limits['ip'];
+   $keys["mediawiki:limiter:$action:ip:$ip"] = 
$limits['ip'];
}
// subnet-based limits
if ( isset( $limits['subnet'] ) ) {
$ip = $this->getRequest()->getIP();
$subnet = IP::getSubnet( $ip );
if ( $subnet !== false ) {
-   $keys[wfMemcKey( 'limiter', $action, 
'subnet', $subnet )] = $limits['subnet'];
+   
$keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
}
}
}

-- 
To view, visit https://gerrit.wikimedia.org/r/269470
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8bc1bfdf61ae5c0988a913871a7292faed372141
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Limit ip-all/subnet-all ping limts per wiki - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/269366

Change subject: Limit ip-all/subnet-all ping limts per wiki
..

Limit ip-all/subnet-all ping limts per wiki

https://gerrit.wikimedia.org/r/#/c/266449 used a static string for
ip-all/subnet-all limits, instead of generating a key unique to each
wiki.

Change-Id: Ie8013dc959fdeba92ecd463550e3d98d83276004
---
M includes/user/User.php
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/66/269366/1

diff --git a/includes/user/User.php b/includes/user/User.php
index da63075..6638fb7 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -1789,14 +1789,14 @@
// ip-based limits
if ( isset( $limits['ip'] ) ) {
$ip = $this->getRequest()->getIP();
-   $keys["mediawiki:limiter:$action:ip:$ip"] = 
$limits['ip'];
+   $keys[wfMemcKey( 'limiter', $action, 'ip', $ip 
)] = $limits['ip'];
}
// subnet-based limits
if ( isset( $limits['subnet'] ) ) {
$ip = $this->getRequest()->getIP();
$subnet = IP::getSubnet( $ip );
if ( $subnet !== false ) {
-   
$keys["mediawiki:limiter:$action:subnet:$subnet"] = $limits['subnet'];
+   $keys[wfMemcKey( 'limiter', $action, 
'subnet', $subnet )] = $limits['subnet'];
}
}
}

-- 
To view, visit https://gerrit.wikimedia.org/r/269366
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie8013dc959fdeba92ecd463550e3d98d83276004
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Set password policy for global steward group - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/259439

Change subject: Set password policy for global steward group
..

Set password policy for global steward group

Discussed in person at WMF in Oct.

Bug: T104371
Change-Id: Idaff88d669d71a374460bb6358759fc1a2c72ec7
---
M wmf-config/CommonSettings.php
1 file changed, 7 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/39/259439/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index e6d9673..13754c5 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -1280,6 +1280,13 @@
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => PHP_INT_MAX,
);
+
+   // See T104371
+   $wgCentralAuthGlobalPasswordPolicies['steward'] = array(
+   'MinimalPasswordLength' => 8,
+   'MinimumPasswordLengthToLogin' => 1,
+   'PasswordCannotMatchUsername' => true,
+   );
 }
 
 // Config for GlobalCssJs

-- 
To view, visit https://gerrit.wikimedia.org/r/259439
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idaff88d669d71a374460bb6358759fc1a2c72ec7
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Set password policy for global sysadmin group - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/259436

Change subject: Set password policy for global sysadmin group
..

Set password policy for global sysadmin group

This group is mostly staff, and currently two volunteers. The group
was notified last summer that the policy would be updated soon.

Bug: T104370
Change-Id: Id9390456bce852e09b97d8998c54308879e066c6
---
M wmf-config/CommonSettings.php
1 file changed, 8 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/36/259436/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 062170a..e6d9673 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -1272,6 +1272,14 @@
'PasswordCannotMatchUsername' => true,
'PasswordCannotBePopular' => PHP_INT_MAX,
);
+
+   // WMF Staff and two volunteers
+   $wgCentralAuthGlobalPasswordPolicies['sysadmin'] = array(
+   'MinimalPasswordLength' => 8,
+   'MinimumPasswordLengthToLogin' => 1,
+   'PasswordCannotMatchUsername' => true,
+   'PasswordCannotBePopular' => PHP_INT_MAX,
+   );
 }
 
 // Config for GlobalCssJs

-- 
To view, visit https://gerrit.wikimedia.org/r/259436
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id9390456bce852e09b97d8998c54308879e066c6
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] [WIP] Show password policy on Special:ChangePassword - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/259029

Change subject: [WIP] Show password policy on Special:ChangePassword
..

[WIP] Show password policy on Special:ChangePassword

Show a text description of the password policy when the user is setting
their password.

TODO:
* I'm sure there's a bug for this somewhere
* need to handle PHP_INT_MAX for uncommon password requirement

Change-Id: Ia2ad93ecdcecc55694ce776dc29e0c87b8260ab1
---
M includes/specials/SpecialChangePassword.php
M languages/i18n/en.json
M languages/i18n/qqq.json
3 files changed, 52 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/29/259029/1

diff --git a/includes/specials/SpecialChangePassword.php 
b/includes/specials/SpecialChangePassword.php
index 91ac4e0..b699ef0 100644
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -92,6 +92,11 @@
'label-message' => 'username',
'default' => $request->getVal( 'wpName', 
$user->getName() ),
),
+   'Policy' => array(
+   'type' => 'info',
+   'label-message' => 'password-policy',
+   'default' => $this->getPolicyList( $user ),
+   ),
'Password' => array(
'type' => 'password',
'label-message' => $oldpassMsg,
@@ -340,4 +345,39 @@
protected function getDisplayFormat() {
return 'ooui';
}
+
+   protected function getPolicyList( User $user ) {
+   $list = array();
+   $policyConfig = $this->getConfig()->get( 'PasswordPolicy' );
+   $upp = new UserPasswordPolicy(
+   $policyConfig['policies'],
+   $policyConfig['checks']
+   );
+   $policy = $upp->getPoliciesForUser( $user );
+
+   // Only show minimal length requirement once
+   if ( isset( $policy['MinimalPasswordLength'] )
+   && isset( $policy['MinimumPasswordLengthToLogin'] )
+   ) {
+
+   $policy['MinimalPasswordLength'] = max(
+   $policy['MinimalPasswordLength'],
+   $policy['MinimumPasswordLengthToLogin']
+   );
+   unset( $policy['MinimumPasswordLengthToLogin'] );
+   } elseif ( isset( $policy['MinimumPasswordLengthToLogin'] ) ) {
+   $policy['MinimalPasswordLength'] = 
$policy['MinimumPasswordLengthToLogin'];
+   unset( $policy['MinimumPasswordLengthToLogin'] );
+   }
+   foreach ( $policy as $pol => $val ) {
+   // passwordpolicy-minimalpasswordlength
+   // passwordpolicy-passwordcannotmatchusername
+   // passwordpolicy-passwordcannotbepopular
+   // passwordpolicy-passwordcannotmatchblacklist
+   // passwordpolicy-maximalpasswordlength
+   $msg = 'passwordpolicy-' . strtolower( $pol );
+   $list[] = $this->msg( $msg, $val );
+   }
+   return $this->getLanguage()->listToText( $list );
+   }
 }
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index 70a2b80..1136083 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -557,6 +557,12 @@
"passwordreset-emailsent": "If this is a registered email address for 
your account, then a password reset email will be sent.",
"passwordreset-emailsent-capture": "A password reset email has been 
sent, which is shown below.",
"passwordreset-emailerror-capture": "A password reset email was 
generated, which is shown below, but sending it to the {{GENDER:$2|user}} 
failed: $1",
+   "password-policy": "Password policy:",
+   "passwordpolicy-minimalpasswordlength": "Password must be at least $1 
{{PLURAL:$1|byte|bytes}} long",
+   "passwordpolicy-passwordcannotmatchusername": "Password cannot be your 
username",
+   "passwordpolicy-passwordcannotbepopular": "Password cannot be in the $1 
most popular passwords",
+   "passwordpolicy-passwordcannotmatchblacklist": "Password cannot be 
blacklisted",
+   "passwordpolicy-maximalpasswordlength": "Password cannot be more than 
$1 bytes long",
"changeemail": "Change or remove email address",
"changeemail-summary": "",
"changeemail-header": "Complete this form to change your email address. 
If you would like to remove the association of any email address from your 
account, leave the new email address blank when submitting the 

[MediaWiki-commits] [Gerrit] Set initial Staff password policy - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/258385

Change subject: Set initial Staff password policy
..

Set initial Staff password policy

Increase minimum length to 8-bytes (for real this time).

Followup from Ifc12c74d5382f8adc1c261c8d6c12ef5892bf642.

Bug: T104370
Change-Id: Ie906bb646f8b8675e994432996b569f05ceff0be
---
M wmf-config/CommonSettings.php
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/85/258385/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 1263675..1bab1c5 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -333,7 +333,7 @@
 
 // Require 8-byte password for staff. Set MinimumPasswordLengthToLogin
 // to 8 also, once staff have time to update.
-$wgPasswordPolicy['policies']['staff'] = array(
+$wgCentralAuthGlobalPasswordPolicies['staff'] = array(
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,

-- 
To view, visit https://gerrit.wikimedia.org/r/258385
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie906bb646f8b8675e994432996b569f05ceff0be
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Set initial Staff password policy - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/258387

Change subject: Set initial Staff password policy
..

Set initial Staff password policy

Increase minimum length to 8-bytes (for really, real this time).

Followup from Ie906bb646f8b8675e994432996b569f05ceff0be.

Bug: T104370

Change-Id: Ief95dd1e40c0fd5b9631bd854a17f30a17f0684b
---
M wmf-config/CommonSettings.php
1 file changed, 11 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/87/258387/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 1bab1c5..1d02542 100644
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -331,14 +331,8 @@
 unset( $wgPasswordPolicy['policies']['bureaucrat']['PasswordCannotBePopular'] 
);
 unset( $wgPasswordPolicy['policies']['sysop']['PasswordCannotBePopular'] );
 
-// Require 8-byte password for staff. Set MinimumPasswordLengthToLogin
-// to 8 also, once staff have time to update.
-$wgCentralAuthGlobalPasswordPolicies['staff'] = array(
-   'MinimalPasswordLength' => 8,
-   'MinimumPasswordLengthToLogin' => 1,
-   'PasswordCannotMatchUsername' => true,
-   'PasswordCannotBePopular' => 25,
-);
+// For global policies, see $wgCentralAuthGlobalPasswordPolicies below
+
 
 if ( PHP_SAPI === 'cli' ) {
$wgShowExceptionDetails = true;
@@ -1258,6 +1252,15 @@
if ( $wmfRealm === 'production' ) {
$wgCentralAuthAutoCreateWikis[] = 'mediawikiwiki';
}
+
+   // Require 8-byte password for staff. Set MinimumPasswordLengthToLogin
+   // to 8 also, once staff have time to update.
+   $wgCentralAuthGlobalPasswordPolicies['staff'] = array(
+   'MinimalPasswordLength' => 8,
+   'MinimumPasswordLengthToLogin' => 1,
+   'PasswordCannotMatchUsername' => true,
+   'PasswordCannotBePopular' => 25,
+   );
 }
 
 // Config for GlobalCssJs

-- 
To view, visit https://gerrit.wikimedia.org/r/258387
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ief95dd1e40c0fd5b9631bd854a17f30a17f0684b
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Add warning comment on formatLinksInComment - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/256867

Change subject: Add warning comment on formatLinksInComment
..

Add warning comment on formatLinksInComment

Bug: T120324
Change-Id: If4423e14737a7e9d80661da27ad6f5463798a7d7
---
M includes/Linker.php
1 file changed, 4 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/67/256867/1

diff --git a/includes/Linker.php b/includes/Linker.php
index 842d276..5255b9a 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1393,7 +1393,10 @@
 * is ignored
 *
 * @todo FIXME: Doesn't handle sub-links as in image thumb texts like 
the main parser
-* @param string $comment Text to format links in
+* @param string $comment Text to format links in. WARNING! Since the 
output of this
+*  function is html, $comment must be sanitized for use as html. 
You probably want
+*  to pass $comment through Sanitizer::escapeHtmlAllowEntities() 
before calling
+*  this function.
 * @param Title|null $title An optional title object used to links to 
sections
 * @param bool $local Whether section links should refer to local page
 * @param string|null $wikiId Id of the wiki to link to (if not the 
local wiki),

-- 
To view, visit https://gerrit.wikimedia.org/r/256867
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If4423e14737a7e9d80661da27ad6f5463798a7d7
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Update cached user ID after user is added to the database - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/254480

Change subject: Update cached user ID after user is added to the database
..

Update cached user ID after user is added to the database

Bug: T119021
Change-Id: I5e0599d1d045b0389a7825fddc2b346e4cfd001d
(cherry picked from commit 780c368b5e4231daffd415ce8911c2c0fb56b70f)
---
M includes/User.php
1 file changed, 2 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/80/254480/1

diff --git a/includes/User.php b/includes/User.php
index b09e4e4..611f603 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2423,7 +2423,7 @@
 *  through the web interface.
 */
private function setPasswordInternal( $str ) {
-   $id = self::idFromName( $this->getName() );
+   $id = self::idFromName( $this->getName(), self::READ_LATEST );
if ( $id == 0 ) {
throw new LogicException( 'Cannot set a password for a 
user that is not in the database.' );
}
@@ -3898,6 +3898,7 @@
return Status::newFatal( 'userexists' );
}
$this->mId = $dbw->insertId();
+   self::$idCacheByName[$this->mName] = $this->mId;
 
// Clear instance cache other than user table data, which is 
already accurate
$this->clearInstanceCache();

-- 
To view, visit https://gerrit.wikimedia.org/r/254480
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5e0599d1d045b0389a7825fddc2b346e4cfd001d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.27.0-wmf.7
Gerrit-Owner: CSteipp 
Gerrit-Reviewer: Gergő Tisza 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Use User::getId instead of trying to fix the ID in BlockTest - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/254483

Change subject: Use User::getId instead of trying to fix the ID in BlockTest
..

Use User::getId instead of trying to fix the ID in BlockTest

User::setId() has no effect on User::addToDatabase whatsoever,
and directly messing with the database is fragile due to
internal ID caching. Just use the insert ID instead.

Change-Id: Ib92f2b6d73deacaec90dc06634d8b3ad195d53e3
(cherry picked from commit 4b72ec94d1db804aceb5fd25c5e808f5524f5d18)
---
M tests/phpunit/includes/BlockTest.php
1 file changed, 7 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/83/254483/1

diff --git a/tests/phpunit/includes/BlockTest.php 
b/tests/phpunit/includes/BlockTest.php
index e69fa20..2a2b603 100644
--- a/tests/phpunit/includes/BlockTest.php
+++ b/tests/phpunit/includes/BlockTest.php
@@ -136,8 +136,9 @@
public function testBlockedUserCanNotCreateAccount() {
$username = 'BlockedUserToCreateAccountWith';
$u = User::newFromName( $username );
-   $u->setId( 14146 );
$u->addToDatabase();
+   $userId = $u->getId();
+   $this->assertNotEquals( 0, $userId, 'sanity' );
TestUser::setPasswordForUser( $u, 'NotRandomPass' );
unset( $u );
 
@@ -157,7 +158,7 @@
// Foreign perspective (blockee not on current wiki)...
$blockOptions = array(
'address' => $username,
-   'user' => 14146,
+   'user' => $userId,
'reason' => 'crosswiki block...',
'timestamp' => wfTimestampNow(),
'expiry' => $this->db->getInfinity(),
@@ -205,13 +206,13 @@
// Local perspective (blockee on current wiki)...
$user = User::newFromName( 'UserOnForeignWiki' );
$user->addToDatabase();
-   // Set user ID to match the test value
-   $this->db->update( 'user', array( 'user_id' => 14146 ), array( 
'user_id' => $user->getId() ) );
+   $userId = $user->getId();
+   $this->assertNotEquals( 0, $userId, 'sanity' );
 
// Foreign perspective (blockee not on current wiki)...
$blockOptions = array(
'address' => 'UserOnForeignWiki',
-   'user' => 14146,
+   'user' => $user->getId(),
'reason' => 'crosswiki block...',
'timestamp' => wfTimestampNow(),
'expiry' => $this->db->getInfinity(),
@@ -234,7 +235,7 @@
$block->getTarget()->getName(),
'Correct blockee name'
);
-   $this->assertEquals( '14146', $block->getTarget()->getId(), 
'Correct blockee id' );
+   $this->assertEquals( $userId, $block->getTarget()->getId(), 
'Correct blockee id' );
$this->assertEquals( 'MetaWikiUser', $block->getBlocker(), 
'Correct blocker name' );
$this->assertEquals( 'MetaWikiUser', $block->getByName(), 
'Correct blocker name' );
$this->assertEquals( 0, $block->getBy(), 'Correct blocker id' );

-- 
To view, visit https://gerrit.wikimedia.org/r/254483
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib92f2b6d73deacaec90dc06634d8b3ad195d53e3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.27.0-wmf.7
Gerrit-Owner: CSteipp 
Gerrit-Reviewer: Gergő Tisza 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] [WIP]Set password policy for enwiki sysops - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/251678

Change subject: [WIP]Set password policy for enwiki sysops
..

[WIP]Set password policy for enwiki sysops

Consensus seems to be forming that at minimum, sysops should have a
6-8 character password.

* Might include Functionary group
* Might include a check against most-popular passwords

https://en.wikipedia.org/wiki/Wikipedia:Security_review_RfC

Change-Id: I16b96c1b6c893bdacd7aded4b972585b692258b8
---
M wmf-config/CommonSettings.php
M wmf-config/InitialiseSettings.php
2 files changed, 16 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/78/251678/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 5587324..0655f9e 100755
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -319,9 +319,11 @@
 // Temporarily set the policy for these roles to the previous WMF setting until
 // we communicate the change to affected communities.
 $wgPasswordPolicy['policies']['bureaucrat']['MinimalPasswordLength'] = 1;
-$wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 1;
 $wgPasswordPolicy['policies']['bot']['MinimalPasswordLength'] = 1;
 
+// Set password policy at the request of the affected groups
+$wgPasswordPolicy['policies']['sysop'] = $wmgLocalSysopPasswordPolicy;
+
 if ( PHP_SAPI === 'cli' ) {
$wgShowExceptionDetails = true;
 }
diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index 301b51b..ffb7c58 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -4197,6 +4197,19 @@
'plwiki' => array( 'editor', 'sysop' ), // T50374
 ),
 
+'wmgLocalSysopPasswordPolicy' => array(
+   'default' => array(
+   'MinimalPasswordLength' => 1,
+   'MinimumPasswordLengthToLogin' => 1,
+   'PasswordCannotMatchUsername' => true,
+   ),
+   'enwiki' => array(
+'MinimalPasswordLength' => 8,
+'MinimumPasswordLengthToLogin' => 1,
+'PasswordCannotMatchUsername' => true,
+),
+),
+
 'wgSiteNotice' => array(
'default' => '',
 ),

-- 
To view, visit https://gerrit.wikimedia.org/r/251678
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I16b96c1b6c893bdacd7aded4b972585b692258b8
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Document $wgCentralAuthGlobalPasswordPolicies - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/251008

Change subject: Document $wgCentralAuthGlobalPasswordPolicies
..

Document $wgCentralAuthGlobalPasswordPolicies

Add more documentation for setting global policies

Change-Id: I754371ffe88ca3f9d30b32bfc762d7eaef2af93d
---
M CentralAuth.php
1 file changed, 4 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/08/251008/1

diff --git a/CentralAuth.php b/CentralAuth.php
index 4f51cba..48260e6 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -269,8 +269,11 @@
 
 /**
  * Global Password Policies. These are applied like local password policies,
- * the strongest policy applicable to a user is used.
+ * the strongest policy applicable to a user is used. Policies can apply to
+ * either a local group (if the user is a member of that group on any wiki,
+ * the policy will apply to that user) or global group.
  * @var array
+ * @see $wgPasswordPolicy
  */
 $wgCentralAuthGlobalPasswordPolicies = array();
 

-- 
To view, visit https://gerrit.wikimedia.org/r/251008
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I754371ffe88ca3f9d30b32bfc762d7eaef2af93d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Re-add global password policies - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/251009

Change subject: Re-add global password policies
..

Re-add global password policies

Allow enforcing password policies for global user groups. Account for
weird race condition in CentralAuth. The race condition may be fixed by
https://gerrit.wikimedia.org/r/224201 but will be obvious in the logs
if that is not the case.

Depends on Iad8e49ffcffed38df6293db0ef31a227d3962003 in core.

Bug: T94774
Bug: T104615
Change-Id: I82108834e7844499e15e505c09164224663237e0
(cherry picked from commit 09646c0f31138f374f3bd5daeb0c98476fe4797f)
---
M CentralAuth.php
M includes/CentralAuthHooks.php
M includes/CentralAuthUser.php
M tests/phpunit/CentralAuthUserTest.php
4 files changed, 151 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/09/251009/1

diff --git a/CentralAuth.php b/CentralAuth.php
index 420be69..4f51cba 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -268,6 +268,13 @@
 $wgCentralAuthCheckSULMigration = false;
 
 /**
+ * Global Password Policies. These are applied like local password policies,
+ * the strongest policy applicable to a user is used.
+ * @var array
+ */
+$wgCentralAuthGlobalPasswordPolicies = array();
+
+/**
  * Initialization of the autoloaders, and special extension pages.
  */
 $caBase = __DIR__;
@@ -391,6 +398,7 @@
 $wgHooks['SpecialPage_initList'][] = 
'CentralAuthHooks::onSpecialPage_initList';
 $wgHooks['ResourceLoaderForeignApiModules'][] = 
'CentralAuthHooks::onResourceLoaderForeignApiModules';
 $wgHooks['ResourceLoaderTestModules'][] = 
'CentralAuthHooks::onResourceLoaderTestModules';
+$wgHooks['PasswordPoliciesForUser'][] = 
'CentralAuthHooks::onPasswordPoliciesForUser';
 
 // For interaction with the Special:Renameuser extension
 $wgHooks['RenameUserWarning'][] = 'CentralAuthHooks::onRenameUserWarning';
diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php
index 5b2aaa1..d2d7687 100644
--- a/includes/CentralAuthHooks.php
+++ b/includes/CentralAuthHooks.php
@@ -2195,4 +2195,50 @@
);
return true;
}
+
+   /**
+* Apply global password policies when calculating the effective policy 
for
+* a user.
+* @param User $user
+* @param array $effectivePolicy
+*/
+   public static function onPasswordPoliciesForUser( User $user, array 
&$effectivePolicy ) {
+   global $wgCentralAuthGlobalPasswordPolicies;
+   $central = CentralAuthUser::getInstance( $user );
+
+   if ( $central->exists() ) {
+   try {
+   $localPolicyGroups = array_intersect(
+   array_keys( 
$wgCentralAuthGlobalPasswordPolicies ),
+   $central->getLocalGroups()
+   );
+   } catch ( Exception $e ) {
+   // T104615 - race condition in attaching user 
and creating local
+   // wiki account can cause this Exception from
+   // CentralAuthUser::localUserData. Allow the 
password for now, and
+   // we'll catch them next login if their 
password isn't valid.
+   if ( $user->idForName() === 0
+   && substr( $e->getMessage(), 0 , 34 ) 
=== 'Could not find local user data for'
+   ) {
+   wfDebugLog(
+   'CentralAuth',
+   sprintf( 'Bug T104615 hit for 
%s@%s',
+   $user->getName(),
+   wfWikiId()
+   )
+   );
+   return true;
+   }
+
+   throw $e;
+   }
+
+   $effectivePolicy = 
UserPasswordPolicy::getPoliciesForGroups(
+   $wgCentralAuthGlobalPasswordPolicies,
+   array_merge( $central->getGlobalGroups(), 
$localPolicyGroups ),
+   $effectivePolicy
+   );
+   }
+   return true;
+   }
 }
diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php
index f51d431..f9159fd 100644
--- a/includes/CentralAuthUser.php
+++ b/includes/CentralAuthUser.php
@@ -2021,6 +2021,24 @@
}
 
/**
+* Returns a list of all groups where the user is a member of the group 
on at
+* least one wiki where their account is 

[MediaWiki-commits] [Gerrit] Add extra escaping in template - change (mediawiki...PageTriage)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/250830

Change subject: Add extra escaping in template
..

Add extra escaping in template

Add the followup patch from Grunny on T111029.

Bug: T111029
Change-Id: I8345f9bfeabefe48a1cd363e0f7afa20c359894a
---
M modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/PageTriage 
refs/changes/30/250830/1

diff --git 
a/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html 
b/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html
index 9a57fd4..091cecb 100644
--- a/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html
+++ b/modules/ext.pageTriage.views.toolbar/ext.pageTriage.articleInfo.html
@@ -52,7 +52,7 @@
<%= mw.msg( 'pagetriage-info-history-header' ) %>

<%= mw.msg( 'pagetriage-edits', rev_count ) %> 
-   <%= mw.msg( 
'pagetriage-info-history-show-full' ) %>
+   <%= mw.message( 
'pagetriage-info-history-show-full' ).escaped() %>

 
 

-- 
To view, visit https://gerrit.wikimedia.org/r/250830
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8345f9bfeabefe48a1cd363e0f7afa20c359894a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/PageTriage
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Script to wrap legacy passwords with pbkdf2 - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/240275

Change subject: Script to wrap legacy passwords with pbkdf2
..

Script to wrap legacy passwords with pbkdf2

Strengthen legacy passwords with pbkdf2. This is the CentralAuth
version of wrapOldPasswords.php in core, with a few optimizations.

Bug: T112359
Change-Id: I165d030d01fd651c3e9799ab977cd9af552479e2
---
A maintenance/wrapPasswordHash.php
1 file changed, 156 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/75/240275/1

diff --git a/maintenance/wrapPasswordHash.php b/maintenance/wrapPasswordHash.php
new file mode 100644
index 000..2837251
--- /dev/null
+++ b/maintenance/wrapPasswordHash.php
@@ -0,0 +1,156 @@
+mDescription = "Wrap all passwords of a certain type in 
a new layered type";
+   $this->addOption( 'type',
+   'Password type to wrap passwords in (must inherit 
LayeredParameterizedPassword)', true, true );
+   $this->addOption( 'verbose', 'Enables verbose output', false, 
false, 'v' );
+   $this->addOption( 'start', 'Start wrapping passwords at gu_id', 
false, true );
+   $this->addOption( 'end', 'Wnd wrapping passwords at gu_id', 
false, true );
+   $this->addOption( 'backup',
+   'Backup unwrapped hashes to a local file. Once you have 
successfully ' .
+   'migrated passwords, you should delete this backup.', 
false, true );
+   $this->setBatchSize( 100 );
+   }
+
+   public function execute() {
+   global $wgAuth;
+
+   if ( !$wgAuth->allowSetLocalPassword() ) {
+   $this->error( '$wgAuth does not allow local passwords. 
Aborting.', 1 );
+   }
+
+   $passwordFactory = new PasswordFactory();
+   $passwordFactory->init( RequestContext::getMain()->getConfig() 
);
+
+   $typeInfo = $passwordFactory->getTypes();
+   $layeredType = $this->getOption( 'type' );
+
+   // Check that type exists and is a layered type
+   if ( !isset( $typeInfo[$layeredType] ) ) {
+   $this->error( 'Undefined password type', 1 );
+   }
+
+   $passObj = $passwordFactory->newFromType( $layeredType );
+   if ( !$passObj instanceof LayeredParameterizedPassword ) {
+   $this->error( 'Layered parameterized password type must 
be used.', 1 );
+   }
+
+   // Extract the first layer type
+   $typeConfig = $typeInfo[$layeredType];
+   $firstType = $typeConfig['types'][0];
+
+   // Get a list of password types that are applicable
+   $dbw = CentralAuthUser::getCentralDB();
+   $typeCond = 'gu_password' . $dbw->buildLike( ":$firstType:", 
$dbw->anyString() );
+
+   // Old-style passwords are either :A:: or 
+   if ( $layeredType === 'pbkdf2-legacyA' ) {
+   $typeCond = $dbw->makeList(
+   array( $typeCond, 'LENGTH( gu_password ) = 32' 
),
+   LIST_OR
+   );
+   }
+
+   // Setup backup file
+   $backupFileName = $this->getOption( 'backup', false );
+   $backupFile = false;
+   if ( $backupFileName ) {
+   umask( 077 );
+   $backupFile = fopen( $backupFileName, 'w' );
+   if ( !$backupFile ) {
+   $this->error( 'Could not open backup, 
aborting', 1 );
+   }
+   if ( substr( sprintf( '%o', fileperms( $backupFileName 
) ), -4 ) !== '0600'
+   && !chmod( $backupFileName, 0600 )
+   ) {
+   $this->error( 'Could not chmod backup file, 
aborting', 1 );
+   }
+   }
+
+   $startUserId = (int) $this->getOption( 'start', 0 );
+   $endUserId = (int) $this->getOption( 'end', null );
+
+   if ( $endUserId === null ) {
+   $endUserId = $dbw->selectField( 'globaluser', 'MAX( 
gu_id ) as max' );
+   }
+
+   do {
+   $selectEnd = min( $startUserId + $this->mBatchSize, 
$endUserId );
+   $dbw->begin();
+   $res = $dbw->select( 'globaluser',
+   array( 'gu_id', 'gu_name', 'gu_salt', 
'gu_password' ),
+   array(
+   'gu_id >= ' . $dbw->addQuotes( 
$startUserId ),
+   'gu_id <= ' . $dbw->addQuotes( 
$selectEnd ),
+   

[MediaWiki-commits] [Gerrit] Enable captchas on testwiki - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/238357

Change subject: Enable captchas on testwiki
..

Enable captchas on testwiki

Bug: T86460
Change-Id: I791182190e4717e87f7b983a362d076405d03898
---
M wmf-config/InitialiseSettings.php
1 file changed, 0 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/57/238357/1

diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index c28dd37..0409907 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -10137,9 +10137,6 @@
'fishbowl' => false,
'closed' => false,
 
-   // testing
-   'testwiki' => false,
-
// 'global-multiwrite' backend isn't available, so disable for now
'labswiki' => false,
 ),

-- 
To view, visit https://gerrit.wikimedia.org/r/238357
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I791182190e4717e87f7b983a362d076405d03898
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Set mobile flag for autologin js - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/233091

Change subject: Set mobile flag for autologin js
..

Set mobile flag for autologin js

Set mobile=1 when doing autologin from a mobile domain with
javascript.

Bug: T100413
Change-Id: Ib88ac635747db823fee7b38d92599ba7d50747bd
---
M CentralAuth.php
M includes/CentralAuthHooks.php
M modules/ext.centralauth.centralautologin.js
A modules/ext.centralauth.centralautologin.mobile.js
A modules/ext.centralauth.utils.js
5 files changed, 84 insertions(+), 48 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/91/233091/1

diff --git a/CentralAuth.php b/CentralAuth.php
index 693d5de..516c7d0 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -519,9 +519,8 @@
),
 ) + $commonModuleInfo;
 
-$wgResourceModules['ext.centralauth.centralautologin'] = array(
-   'scripts' = 'ext.centralauth.centralautologin.js',
-   'styles' = 'ext.centralauth.centralautologin.css',
+$wgResourceModules['ext.centralauth.utils'] = array(
+   'scripts' = 'ext.centralauth.utils.js',
'position' = 'top',
'targets' = array( 'mobile', 'desktop' ),
'dependencies' = array(
@@ -529,6 +528,25 @@
'mediawiki.jqueryMsg',
),
 ) + $commonModuleInfo;
+$wgResourceModules['ext.centralauth.centralautologin'] = array(
+   'scripts' = 'ext.centralauth.centralautologin.js',
+   'styles' = 'ext.centralauth.centralautologin.css',
+   'position' = 'top',
+   'targets' = array( 'mobile', 'desktop' ),
+   'dependencies' = array(
+   'ext.centralauth.utils',
+   ),
+) + $commonModuleInfo;
+$wgResourceModules['ext.centralauth.centralautologin.mobile'] = array(
+   'scripts' = 'ext.centralauth.centralautologin.mobile.js',
+   'styles' = 'ext.centralauth.centralautologin.css',
+   'position' = 'top',
+   'targets' = array( 'mobile', 'desktop' ),
+   'dependencies' = array(
+   'ext.centralauth.utils',
+   ),
+) + $commonModuleInfo;
+
 $wgResourceModules['ext.centralauth.centralautologin.clearcookie'] = array(
'scripts' = 'ext.centralauth.centralautologin.clearcookie.js',
'position' = 'top',
diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php
index f67f5f9..8361f9d 100644
--- a/includes/CentralAuthHooks.php
+++ b/includes/CentralAuthHooks.php
@@ -1491,8 +1491,11 @@
global $wgCentralAuthLoginWiki, $wgCentralAuthUseEventLogging;
if ( $out-getUser()-isAnon() ) {
if ( $wgCentralAuthLoginWiki  wfWikiID() !== 
$wgCentralAuthLoginWiki ) {
-   $out-addModules( 
'ext.centralauth.centralautologin' );
-
+   if ( self::isMobileDomain() ) {
+   $out-addModules( 
'ext.centralauth.centralautologin.mobile' );
+   } else {
+   $out-addModules( 
'ext.centralauth.centralautologin' );
+   }
// For non-JS clients. Use WikiMap to avoid 
localization of the
// 'Special' namespace, see bug 54195.
$wiki = WikiMap::getWiki( wfWikiID() );
diff --git a/modules/ext.centralauth.centralautologin.js 
b/modules/ext.centralauth.centralautologin.js
index 7fc71c6..f72dfcb 100644
--- a/modules/ext.centralauth.centralautologin.js
+++ b/modules/ext.centralauth.centralautologin.js
@@ -1,45 +1,3 @@
 ( function ( mw ) {
-   // Are we already logged in?
-   if ( mw.config.get( 'wgUserName' ) !== null ) {
-   return;
-   }
-
-   // Do we already know we're logged out centrally?
-   if ( mw.config.get( 'wgCanonicalSpecialPageName' ) !== 'Userlogin' ) {
-   try {
-   if ( +localStorage.getItem( 'CentralAuthAnon' )  new 
Date().getTime() ) {
-   return;
-   }
-   } catch ( e ) {}
-
-   // Can't use $.cookie(), because we want to check this at the 
top of
-   // the page and that isn't loaded until the bottom.
-   if ( /(^|; )CentralAuthAnon=1/.test( document.cookie ) ) {
-   return;
-   }
-   }
-
-   // Ok, perform the acutal logged-in check via a script tag. The
-   // referenced URL will 302 a few times and then return appropriate
-   // JavaScript to complete the process.
-   var url, params, len, param, i;
-
-   url = mw.config.get( 'wgCentralAuthCheckLoggedInURL' );
-   if ( url ) {
-   url += 'proto=' + encodeURIComponent( 
location.protocol.replace( ':', '' ) );
-   if ( mw.config.get( 'wgCanonicalSpecialPageName' ) === 
'Userlogin' ) {
-   

[MediaWiki-commits] [Gerrit] Revert Enable users to watch category membership changes - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/232764

Change subject: Revert Enable users to watch category membership changes
..

Revert Enable users to watch category membership changes

This reverts commit f6879ea16edf008eb012bd4dbe133e2ba4b9338f.

Change-Id: I770d8d33a4cff3829bdea9a4df24de209cbe691b
---
M autoload.php
M includes/DefaultSettings.php
M includes/Defines.php
M includes/Preferences.php
M includes/api/ApiFeedRecentChanges.php
M includes/api/ApiQueryRecentChanges.php
M includes/api/ApiQueryWatchlist.php
M includes/api/i18n/en.json
M includes/api/i18n/qqq.json
D includes/changes/CategoryMembershipChange.php
M includes/changes/ChangesList.php
M includes/changes/EnhancedChangesList.php
M includes/changes/OldChangesList.php
M includes/changes/RCCacheEntryFactory.php
M includes/changes/RecentChange.php
M includes/deferred/LinksUpdate.php
M includes/jobqueue/jobs/RefreshLinksJob.php
M includes/page/WikiPage.php
M includes/specialpage/ChangesListSpecialPage.php
M includes/specials/SpecialRecentchanges.php
M includes/specials/SpecialWatchlist.php
M languages/i18n/en.json
M languages/i18n/qqq.json
M tests/phpunit/includes/changes/EnhancedChangesListTest.php
M tests/phpunit/includes/changes/TestRecentChangesHelper.php
M tests/phpunit/includes/deferred/LinksUpdateTest.php
26 files changed, 57 insertions(+), 614 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/64/232764/1

diff --git a/autoload.php b/autoload.php
index acb272f..6444e3e 100644
--- a/autoload.php
+++ b/autoload.php
@@ -197,7 +197,6 @@
'CapsCleanup' = __DIR__ . '/maintenance/cleanupCaps.php',
'Category' = __DIR__ . '/includes/Category.php',
'CategoryFinder' = __DIR__ . '/includes/CategoryFinder.php',
-   'CategoryMembershipChange' = __DIR__ . 
'/includes/changes/CategoryMembershipChange.php',
'CategoryPage' = __DIR__ . '/includes/page/CategoryPage.php',
'CategoryPager' = __DIR__ . '/includes/specials/SpecialCategories.php',
'CategoryViewer' = __DIR__ . '/includes/CategoryViewer.php',
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 12aa938..6050ba7 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4503,7 +4503,6 @@
'gender' = 'unknown',
'hideminor' = 0,
'hidepatrolled' = 0,
-   'hidecategorization' = 0,
'imagesize' = 2,
'math' = 1,
'minordefault' = 0,
@@ -4535,7 +4534,6 @@
'watchlisthideminor' = 0,
'watchlisthideown' = 0,
'watchlisthidepatrolled' = 0,
-   'watchlisthidecategorization' = 0,
'watchmoves' = 0,
'watchrollback' = 0,
'wllimit' = 250,
diff --git a/includes/Defines.php b/includes/Defines.php
index 38f2d42..d55bbcf 100644
--- a/includes/Defines.php
+++ b/includes/Defines.php
@@ -170,7 +170,6 @@
 define( 'RC_NEW', 1 );
 define( 'RC_LOG', 3 );
 define( 'RC_EXTERNAL', 5 );
-define( 'RC_CATEGORIZE', 6 );
 /**@}*/
 
 /**@{
diff --git a/includes/Preferences.php b/includes/Preferences.php
index deea757..9497ee7 100644
--- a/includes/Preferences.php
+++ b/includes/Preferences.php
@@ -888,12 +888,6 @@
'section' = 'rc/advancedrc',
);
 
-   $defaultPreferences['hidecategorization'] = array(
-   'type' = 'toggle',
-   'label-message' = 'tog-hidecategorization',
-   'section' = 'rc/advancedrc',
-   );
-
if ( $user-useRCPatrol() ) {
$defaultPreferences['hidepatrolled'] = array(
'type' = 'toggle',
@@ -999,12 +993,6 @@
'type' = 'toggle',
'section' = 'watchlist/advancedwatchlist',
'label-message' = 'tog-watchlisthideliu',
-   );
-
-   $defaultPreferences['watchlisthidecategorization'] = array(
-   'type' = 'toggle',
-   'section' = 'watchlist/advancedwatchlist',
-   'label-message' = 'tog-watchlisthidecategorization',
);
 
if ( $user-useRCPatrol() ) {
diff --git a/includes/api/ApiFeedRecentChanges.php 
b/includes/api/ApiFeedRecentChanges.php
index 5adde87..d24112c 100644
--- a/includes/api/ApiFeedRecentChanges.php
+++ b/includes/api/ApiFeedRecentChanges.php
@@ -155,7 +155,6 @@
'hideliu' = false,
'hidepatrolled' = false,
'hidemyself' = false,
-   'hidecategorization' = false,
 
'tagfilter' = array(
ApiBase::PARAM_TYPE = 'string',
diff --git a/includes/api/ApiQueryRecentChanges.php 
b/includes/api/ApiQueryRecentChanges.php
index b6d2c40..74bccc2 100644
--- 

[MediaWiki-commits] [Gerrit] Send rate limits to main captcha log - change (mediawiki...ConfirmEdit)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/227331

Change subject: Send rate limits to main captcha log
..

Send rate limits to main captcha log

Log exceeding the badcaptcha rate limit to the main captcha log (e.g.,
captcha.log on the WMF cluster).

So that we can measure the impact of things like
https://gerrit.wikimedia.org/r/#/c/195886/

Change-Id: I2af26d23b9343e90db2f01f099c1292914bd7ac3
---
M SimpleCaptcha/Captcha.php
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/ConfirmEdit 
refs/changes/31/227331/1

diff --git a/SimpleCaptcha/Captcha.php b/SimpleCaptcha/Captcha.php
index 4f61605..5847c98 100755
--- a/SimpleCaptcha/Captcha.php
+++ b/SimpleCaptcha/Captcha.php
@@ -766,7 +766,7 @@
// don't increase pingLimiter here, just check, if CAPTCHA 
limit exceeded
if ( $wgUser-pingLimiter( 'badcaptcha', 0 ) ) {
// for debugging add an proper error message, the user 
just see an false captcha error message
-   wfDebug( 'ConfirmEdit: User reached RateLimit, 
preventing action.' );
+   $this-log( 'User reached RateLimit, preventing 
action.' );
return false;
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/227331
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2af26d23b9343e90db2f01f099c1292914bd7ac3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/ConfirmEdit
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Add purpose to password validity check - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/224658

Change subject: Add purpose to password validity check
..

Add purpose to password validity check

Allow callers to specify why they are checking a passwords validity, so
some checks can be modified. Only check the default policy on creation,
since the account doesn't exist it's not a member of any groups.

Bug: T104615
Change-Id: I56b66002562aaa1493d94a90309bc8e4ae3841c8
---
M docs/hooks.txt
M includes/User.php
M includes/installer/WebInstallerPage.php
M includes/password/UserPasswordPolicy.php
M includes/specials/SpecialUserlogin.php
5 files changed, 26 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/58/224658/1

diff --git a/docs/hooks.txt b/docs/hooks.txt
index 23df983..2fd815e6 100644
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -2313,6 +2313,8 @@
 'PasswordPoliciesForUser': Alter the effective password policy for a user.
 $user: User object whose policy you are modifying
 $effectivePolicy: Array of policy statements that apply to this user
+$purpose: string indicating purpose of the check, one of 'login', 'create',
+  or 'reset'
 
 'PerformRetroactiveAutoblock': Called before a retroactive autoblock is applied
 to a user.
diff --git a/includes/User.php b/includes/User.php
index 772330b..b70eee3 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -838,10 +838,11 @@
 * able to set their password to this.
 *
 * @param string $password Desired password
+* @param string $purpose one of 'login', 'create', 'reset'
 * @return Status
 * @since 1.23
 */
-   public function checkPasswordValidity( $password ) {
+   public function checkPasswordValidity( $password, $purpose = 'login' ) {
global $wgPasswordPolicy;
 
$upp = new UserPasswordPolicy(
@@ -858,7 +859,7 @@
}
 
if ( $result === false ) {
-   $status-merge( $upp-checkUserPassword( $this, 
$password ) );
+   $status-merge( $upp-checkUserPassword( $this, 
$password, $purpose ) );
return $status;
} elseif ( $result === true ) {
return $status;
diff --git a/includes/installer/WebInstallerPage.php 
b/includes/installer/WebInstallerPage.php
index 9aa6960..f7910ba 100644
--- a/includes/installer/WebInstallerPage.php
+++ b/includes/installer/WebInstallerPage.php
@@ -911,16 +911,8 @@
$pwd = $this-getVar( '_AdminPassword' );
$user = User::newFromName( $cname );
if ( $user ) {
-   $upp = new UserPasswordPolicy(
-   $wgPasswordPolicy['policies'],
-   $wgPasswordPolicy['checks']
-   );
-   $status = $upp-checkUserPasswordForGroups(
-   $user,
-   $pwd,
-   array( 'sysop', 'bureaucrat' )
-   );
-   $valid = $status-isGood();
+   $status = $user-checkPasswordValidity( $pwd, 'create' 
);
+   $valid = $status-isGood() ? true : 
$status-getMessage()-escaped();
} else {
$valid = 'config-admin-name-invalid';
}
diff --git a/includes/password/UserPasswordPolicy.php 
b/includes/password/UserPasswordPolicy.php
index 70757ac..80dc669 100644
--- a/includes/password/UserPasswordPolicy.php
+++ b/includes/password/UserPasswordPolicy.php
@@ -67,11 +67,12 @@
 * Check if a passwords meets the effective password policy for a User.
 * @param User $user who's policy we are checking
 * @param string $password the password to check
+* @param string $purpose one of 'login', 'create', 'reset'
 * @return Status error to indicate the password didn't meet the 
policy, or fatal to
 *  indicate the user shouldn't be allowed to login.
 */
-   public function checkUserPassword( User $user, $password ) {
-   $effectivePolicy = $this-getPoliciesForUser( $user );
+   public function checkUserPassword( User $user, $password, $purpose = 
'login' ) {
+   $effectivePolicy = $this-getPoliciesForUser( $user, $purpose );
return $this-checkPolicies(
$user,
$password,
@@ -126,16 +127,20 @@
 * Get the policy for a user, based on their group membership. Public so
 * UI elements can access and inform the user.
 * @param User $user
+* @param string $purpose one of 'login', 'create', 'reset'
 * @return array the effective policy for $user
 */
-   public function getPoliciesForUser( User $user 

[MediaWiki-commits] [Gerrit] Add global password policies - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/223702

Change subject: Add global password policies
..

Add global password policies

Allow enforcing password policies for global user groups. Account for
weird race condition in CentralAuth.

Depends on Iad8e49ffcffed38df6293db0ef31a227d3962003 in core.

Bug: T94774
Bug: T104615
Change-Id: I82108834e7844499e15e505c09164224663237e0
---
M CentralAuth.php
M includes/CentralAuthHooks.php
M includes/CentralAuthUser.php
M tests/phpunit/CentralAuthUserTest.php
4 files changed, 151 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/02/223702/1

diff --git a/CentralAuth.php b/CentralAuth.php
index 141885d..921a2c9 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -268,6 +268,13 @@
 $wgCentralAuthCheckSULMigration = false;
 
 /**
+ * Global Password Policies. These are applied like local password policies,
+ * the strongest policy applicable to a user is used.
+ * @var array
+ */
+$wgCentralAuthGlobalPasswordPolicies = array();
+
+/**
  * Initialization of the autoloaders, and special extension pages.
  */
 $caBase = __DIR__;
@@ -388,6 +395,7 @@
 $wgHooks['UnitTestsList'][] = 'CentralAuthHooks::onUnitTestsList';
 $wgHooks['SpecialContributionsBeforeMainOutput'][] = 
'CentralAuthHooks::onSpecialContributionsBeforeMainOutput';
 $wgHooks['SpecialPage_initList'][] = 
'CentralAuthHooks::onSpecialPage_initList';
+$wgHooks['PasswordPoliciesForUser'][] = 
'CentralAuthHooks::onPasswordPoliciesForUser';
 
 // For interaction with the Special:Renameuser extension
 $wgHooks['RenameUserWarning'][] = 'CentralAuthHooks::onRenameUserWarning';
diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php
index 0ff63e8..c7d2154 100644
--- a/includes/CentralAuthHooks.php
+++ b/includes/CentralAuthHooks.php
@@ -2061,4 +2061,50 @@
);
}
}
+
+   /**
+* Apply global password policies when calculating the effective policy 
for
+* a user.
+* @param User $user
+* @param array $effectivePolicy
+*/
+   public static function onPasswordPoliciesForUser( User $user, array 
$effectivePolicy ) {
+   global $wgCentralAuthGlobalPasswordPolicies;
+   $central = CentralAuthUser::getInstance( $user );
+
+   if ( $central-exists() ) {
+   try {
+   $localPolicyGroups = array_intersect(
+   array_keys( 
$wgCentralAuthGlobalPasswordPolicies ),
+   $central-getLocalGroups()
+   );
+   } catch ( Exception $e ) {
+   // T104615 - race condition in attaching user 
and creating local
+   // wiki account can cause this Exception from
+   // CentralAuthUser::localUserData. Allow the 
password for now, and
+   // we'll catch them next login if their 
password isn't valid.
+   if ( $user-idForName() === 0
+substr( $e-getMessage(), 0 , 34 ) 
=== 'Could not find local user data for'
+   ) {
+   wfDebugLog(
+   'CentralAuth',
+   sprintf( 'Bug T104615 hit for 
%s@%s',
+   $user-getName(),
+   wfWikiId()
+   )
+   );
+   return true;
+   }
+
+   throw $e;
+   }
+
+   $effectivePolicy = 
UserPasswordPolicy::getPoliciesForGroups(
+   $wgCentralAuthGlobalPasswordPolicies,
+   array_merge( $central-getGlobalGroups(), 
$localPolicyGroups ),
+   $effectivePolicy
+   );
+   }
+   return true;
+   }
 }
diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php
index 5dd3c64..91b3954 100644
--- a/includes/CentralAuthUser.php
+++ b/includes/CentralAuthUser.php
@@ -2014,6 +2014,24 @@
}
 
/**
+* Returns a list of all groups where the user is a member of the group 
on at
+* least one wiki where their account is attached.
+* @return array of group names where the user is a member on at least 
one wiki
+*/
+   public function getLocalGroups() {
+   $localgroups = array();
+   array_map(
+  

[MediaWiki-commits] [Gerrit] Revert Add global password policies - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/222521

Change subject: Revert Add global password policies
..

Revert Add global password policies

This reverts commit 35add6da8f14b758762ef69ed99979a75f7c24f1.

Bug: T104615
Change-Id: I06dd171382cb7652eb0388158ab74ccb1e7f97cc
---
M CentralAuth.php
M includes/CentralAuthHooks.php
M includes/CentralAuthUser.php
D tests/CentralAuthHooksTest.php
M tests/phpunit/CentralAuthUserTest.php
5 files changed, 0 insertions(+), 221 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/21/222521/1

diff --git a/CentralAuth.php b/CentralAuth.php
index 921a2c9..141885d 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -268,13 +268,6 @@
 $wgCentralAuthCheckSULMigration = false;
 
 /**
- * Global Password Policies. These are applied like local password policies,
- * the strongest policy applicable to a user is used.
- * @var array
- */
-$wgCentralAuthGlobalPasswordPolicies = array();
-
-/**
  * Initialization of the autoloaders, and special extension pages.
  */
 $caBase = __DIR__;
@@ -395,7 +388,6 @@
 $wgHooks['UnitTestsList'][] = 'CentralAuthHooks::onUnitTestsList';
 $wgHooks['SpecialContributionsBeforeMainOutput'][] = 
'CentralAuthHooks::onSpecialContributionsBeforeMainOutput';
 $wgHooks['SpecialPage_initList'][] = 
'CentralAuthHooks::onSpecialPage_initList';
-$wgHooks['PasswordPoliciesForUser'][] = 
'CentralAuthHooks::onPasswordPoliciesForUser';
 
 // For interaction with the Special:Renameuser extension
 $wgHooks['RenameUserWarning'][] = 'CentralAuthHooks::onRenameUserWarning';
diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php
index 8f5d307..0ff63e8 100644
--- a/includes/CentralAuthHooks.php
+++ b/includes/CentralAuthHooks.php
@@ -2061,28 +2061,4 @@
);
}
}
-
-   /**
-* Apply global password policies when calculating the effective policy 
for
-* a user.
-* @param User $user
-* @param array $effectivePolicy
-*/
-   public static function onPasswordPoliciesForUser( User $user, array 
$effectivePolicy ) {
-   global $wgCentralAuthGlobalPasswordPolicies;
-   $central = CentralAuthUser::getInstance( $user );
-   if ( $central-exists() ) {
-   $localPolicyGroups = array_intersect(
-   array_keys( 
$wgCentralAuthGlobalPasswordPolicies ),
-   $central-getLocalGroups()
-   );
-
-   $effectivePolicy = 
UserPasswordPolicy::getPoliciesForGroups(
-   $wgCentralAuthGlobalPasswordPolicies,
-   array_merge( $central-getGlobalGroups(), 
$localPolicyGroups ),
-   $effectivePolicy
-   );
-   }
-   return true;
-   }
 }
diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php
index 91b3954..5dd3c64 100644
--- a/includes/CentralAuthUser.php
+++ b/includes/CentralAuthUser.php
@@ -2014,24 +2014,6 @@
}
 
/**
-* Returns a list of all groups where the user is a member of the group 
on at
-* least one wiki where their account is attached.
-* @return array of group names where the user is a member on at least 
one wiki
-*/
-   public function getLocalGroups() {
-   $localgroups = array();
-   array_map(
-   function ( $local ) use ( $localgroups ) {
-   $localgroups = array_unique( array_merge(
-   $localgroups, $local['groups']
-   ) );
-   },
-   $this-queryAttached()
-   );
-   return $localgroups;
-   }
-
-   /**
 * Get information about each local user attached to this account
 *
 * @return array Map of database name to property table with members:
diff --git a/tests/CentralAuthHooksTest.php b/tests/CentralAuthHooksTest.php
deleted file mode 100644
index 3b666e8..000
--- a/tests/CentralAuthHooksTest.php
+++ /dev/null
@@ -1,92 +0,0 @@
-?php
-/**
- * Tests for CentralAuthHooks. Only tests that do not
- * require the database to be set up.
- *
- * @group CentralAuth
- */
-class CentralAuthHooksTest extends MediaWikiTestCase {
-
-   /**
-* @covers CentralAuthHooks::onPasswordPoliciesForUser
-* @dataProvider provideOnPasswordPoliciesForUser
-*/
-   public function testOnPasswordPoliciesForUser( $localgroups, 
$globalgroups, $expected ) {
-   $this-setMwGlobals( array(
-   'wgCentralAuthGlobalPasswordPolicies' = array(
-   'bureaucrat' = array(
-  

[MediaWiki-commits] [Gerrit] Revert Add global password policies - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/222520

Change subject: Revert Add global password policies
..

Revert Add global password policies

This reverts commit 35add6da8f14b758762ef69ed99979a75f7c24f1.

Change-Id: I06dd171382cb7652eb0388158ab74ccb1e7f97cc
---
M CentralAuth.php
M includes/CentralAuthHooks.php
M includes/CentralAuthUser.php
D tests/CentralAuthHooksTest.php
M tests/phpunit/CentralAuthUserTest.php
5 files changed, 0 insertions(+), 221 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/20/222520/1

diff --git a/CentralAuth.php b/CentralAuth.php
index bbe92e2..0fb0e7e 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -258,13 +258,6 @@
 $wgCentralAuthCheckSULMigration = false;
 
 /**
- * Global Password Policies. These are applied like local password policies,
- * the strongest policy applicable to a user is used.
- * @var array
- */
-$wgCentralAuthGlobalPasswordPolicies = array();
-
-/**
  * Initialization of the autoloaders, and special extension pages.
  */
 $caBase = __DIR__;
@@ -383,7 +376,6 @@
 $wgHooks['UnitTestsList'][] = 'CentralAuthHooks::onUnitTestsList';
 $wgHooks['SpecialContributionsBeforeMainOutput'][] = 
'CentralAuthHooks::onSpecialContributionsBeforeMainOutput';
 $wgHooks['SpecialPage_initList'][] = 
'CentralAuthHooks::onSpecialPage_initList';
-$wgHooks['PasswordPoliciesForUser'][] = 
'CentralAuthHooks::onPasswordPoliciesForUser';
 
 // For interaction with the Special:Renameuser extension
 $wgHooks['RenameUserWarning'][] = 'CentralAuthHooks::onRenameUserWarning';
diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php
index c4871db..14c3f29 100644
--- a/includes/CentralAuthHooks.php
+++ b/includes/CentralAuthHooks.php
@@ -2060,28 +2060,4 @@
);
}
}
-
-   /**
-* Apply global password policies when calculating the effective policy 
for
-* a user.
-* @param User $user
-* @param array $effectivePolicy
-*/
-   public static function onPasswordPoliciesForUser( User $user, array 
$effectivePolicy ) {
-   global $wgCentralAuthGlobalPasswordPolicies;
-   $central = CentralAuthUser::getInstance( $user );
-   if ( $central-exists() ) {
-   $localPolicyGroups = array_intersect(
-   array_keys( 
$wgCentralAuthGlobalPasswordPolicies ),
-   $central-getLocalGroups()
-   );
-
-   $effectivePolicy = 
UserPasswordPolicy::getPoliciesForGroups(
-   $wgCentralAuthGlobalPasswordPolicies,
-   array_merge( $central-getGlobalGroups(), 
$localPolicyGroups ),
-   $effectivePolicy
-   );
-   }
-   return true;
-   }
 }
diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php
index 91b3954..5dd3c64 100644
--- a/includes/CentralAuthUser.php
+++ b/includes/CentralAuthUser.php
@@ -2014,24 +2014,6 @@
}
 
/**
-* Returns a list of all groups where the user is a member of the group 
on at
-* least one wiki where their account is attached.
-* @return array of group names where the user is a member on at least 
one wiki
-*/
-   public function getLocalGroups() {
-   $localgroups = array();
-   array_map(
-   function ( $local ) use ( $localgroups ) {
-   $localgroups = array_unique( array_merge(
-   $localgroups, $local['groups']
-   ) );
-   },
-   $this-queryAttached()
-   );
-   return $localgroups;
-   }
-
-   /**
 * Get information about each local user attached to this account
 *
 * @return array Map of database name to property table with members:
diff --git a/tests/CentralAuthHooksTest.php b/tests/CentralAuthHooksTest.php
deleted file mode 100644
index 3b666e8..000
--- a/tests/CentralAuthHooksTest.php
+++ /dev/null
@@ -1,92 +0,0 @@
-?php
-/**
- * Tests for CentralAuthHooks. Only tests that do not
- * require the database to be set up.
- *
- * @group CentralAuth
- */
-class CentralAuthHooksTest extends MediaWikiTestCase {
-
-   /**
-* @covers CentralAuthHooks::onPasswordPoliciesForUser
-* @dataProvider provideOnPasswordPoliciesForUser
-*/
-   public function testOnPasswordPoliciesForUser( $localgroups, 
$globalgroups, $expected ) {
-   $this-setMwGlobals( array(
-   'wgCentralAuthGlobalPasswordPolicies' = array(
-   'bureaucrat' = array(
-   

[MediaWiki-commits] [Gerrit] Set initial Staff password policy - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/222057

Change subject: Set initial Staff password policy
..

Set initial Staff password policy

Increase minimum length to 8-bytes.

Bug: T104370
Change-Id: Ifc12c74d5382f8adc1c261c8d6c12ef5892bf642
---
M wmf-config/CommonSettings.php
1 file changed, 8 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/57/222057/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 0d6fa89..2f83253 100755
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -325,6 +325,14 @@
 $wgPasswordPolicy['policies']['sysop']['MinimalPasswordLength'] = 1;
 $wgPasswordPolicy['policies']['bot']['MinimalPasswordLength'] = 1;
 
+// Require 8-byte password for staff. Set MinimumPasswordLengthToLogin
+// to 8 also, once staff have time to update.
+$wgPasswordPolicy['policies']['staff'] = array(
+   'MinimalPasswordLength' = 8,
+   'MinimumPasswordLengthToLogin' = 1,
+   'PasswordCannotMatchUsername' = true,
+);
+
 # Not CLI, see http://bugs.php.net/bug.php?id=47540
 if ( PHP_SAPI != 'cli' ) {
ignore_user_abort( true );

-- 
To view, visit https://gerrit.wikimedia.org/r/222057
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifc12c74d5382f8adc1c261c8d6c12ef5892bf642
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Log privileged users with short passwords - change (operations/mediawiki-config)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/222025

Change subject: Log privileged users with short passwords
..

Log privileged users with short passwords

To estimate the impact of requiring an 8-byte minimum password length
for privileged accounts, log users who would be affected.

Bug: T94774
Change-Id: Idc3c1fde32c249d7192877e8e1afd722a0fa744b
---
M wmf-config/CommonSettings.php
1 file changed, 28 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/25/222025/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 04cda5a..b456790 100755
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -1341,6 +1341,34 @@
return true;
 };
 
+// Estimate users effected if we increase the minimum
+// password length to 8 for privileged groups.
+$wgHooks['LoginAuthenticateAudit'][] = function( $user, $pass, $retval ) {
+   if ( $retval == LoginForm::SUCCESS
+strlen( $pass )  8
+   ) {
+   $central = CentralAuthUser::getInstance( $user );
+   if ( $central-exists()  array_intersect(
+   array( 'staff', 'steward', 'ombudsman', 'checkuser', 
'sysop' ),
+   array_merge( $central-getGlobalGroups(), 
$central-getGlobalGroups() )
+   ) ) {
+   if ( strlen( $pass ) = 4 ) {
+   $bucket = '4-7';
+   } else {
+   $bucket = ' 4';
+   }
+   $groups = implode( ', ', array_intersect(
+   array( 'staff', 'steward', 'ombudsman', 
'checkuser', 'sysop' ),
+   array_merge( $central-getGlobalGroups(), 
$central-getGlobalGroups() )
+   ) );
+
+   $logger = LoggerFactory::getInstance( 'badpass' );
+   $logger-info( Login by user in $groups with password 
length: $bucket );
+   }
+   }
+   return true;
+};
+
 $wgHooks['PrefsEmailAudit'][] = function( $user, $old, $new ) {
if ( $user-isAllowed( 'delete' ) ) {
global $wgRequest;

-- 
To view, visit https://gerrit.wikimedia.org/r/222025
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idc3c1fde32c249d7192877e8e1afd722a0fa744b
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Check install user's password as sysop/bureaucrat - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/221797

Change subject: Check install user's password as sysop/bureaucrat
..

Check install user's password as sysop/bureaucrat

Refactor password checking a little to allow skipping the normal flow
in a special situation like this.

Bug: T104092
Change-Id: Ib4a4e1f34b6963a6414c6f88893884b0ec369ca5
---
M includes/installer/WebInstallerPage.php
M includes/password/UserPasswordPolicy.php
2 files changed, 48 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/97/221797/1

diff --git a/includes/installer/WebInstallerPage.php 
b/includes/installer/WebInstallerPage.php
index f40de71..9aa6960 100644
--- a/includes/installer/WebInstallerPage.php
+++ b/includes/installer/WebInstallerPage.php
@@ -833,6 +833,8 @@
 * @return bool
 */
public function submit() {
+   global $wgPasswordPolicy;
+
$retVal = true;
$this-parent-setVarsFromRequest( array( 'wgSitename', 
'_NamespaceType',
'_AdminName', '_AdminPassword', 
'_AdminPasswordConfirm', '_AdminEmail',
@@ -909,7 +911,16 @@
$pwd = $this-getVar( '_AdminPassword' );
$user = User::newFromName( $cname );
if ( $user ) {
-   $valid = $user-getPasswordValidity( $pwd );
+   $upp = new UserPasswordPolicy(
+   $wgPasswordPolicy['policies'],
+   $wgPasswordPolicy['checks']
+   );
+   $status = $upp-checkUserPasswordForGroups(
+   $user,
+   $pwd,
+   array( 'sysop', 'bureaucrat' )
+   );
+   $valid = $status-isGood();
} else {
$valid = 'config-admin-name-invalid';
}
diff --git a/includes/password/UserPasswordPolicy.php 
b/includes/password/UserPasswordPolicy.php
index cdad9ba..70757ac 100644
--- a/includes/password/UserPasswordPolicy.php
+++ b/includes/password/UserPasswordPolicy.php
@@ -72,22 +72,53 @@
 */
public function checkUserPassword( User $user, $password ) {
$effectivePolicy = $this-getPoliciesForUser( $user );
-   $status = Status::newGood();
+   return $this-checkPolicies(
+   $user,
+   $password,
+   $effectivePolicy,
+   $this-policyCheckFunctions
+   );
+   }
 
-   foreach ( $effectivePolicy as $policy = $value ) {
-   if ( !isset( $this-policyCheckFunctions[$policy] ) ) {
+   /**
+* Check if a passwords meets the effective password policy for a User, 
using a set
+* of groups they may or may not belong to. This function does not use 
the DB, so can
+* be used in the installer.
+* @param User $user who's policy we are checking
+* @param string $password the password to check
+* @param array $groups list of groups to which we assume the user 
belongs
+* @return Status error to indicate the password didn't meet the 
policy, or fatal to
+*  indicate the user shouldn't be allowed to login.
+*/
+   public function checkUserPasswordForGroups( User $user, $password, 
array $groups ) {
+   $effectivePolicy = self::getPoliciesForGroups(
+   $this-policies,
+   $groups,
+   $this-policies['default']
+   );
+   return $this-checkPolicies(
+   $user,
+   $password,
+   $effectivePolicy,
+   $this-policyCheckFunctions
+   );
+   }
+
+   private function checkPolicies( User $user, $password, $policies, 
$policyCheckFunctions ) {
+   $status = Status::newGood();
+   foreach ( $policies as $policy = $value ) {
+   if ( !isset( $policyCheckFunctions[$policy] ) ) {
throw new DomainException( 'Invalid password 
policy config' );
}
$status-merge(
call_user_func(
-   $this-policyCheckFunctions[$policy],
+   $policyCheckFunctions[$policy],
$value,
$user,
$password
)
);
}
-
return $status;
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/221797
To 

[MediaWiki-commits] [Gerrit] Don't allow control characters in redirects - change (operations/puppet)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/220337

Change subject: Don't allow control characters in redirects
..

Don't allow control characters in redirects

Bug: T101739
Change-Id: I3707922149a7ff608656eb69c799648ce06a8db8
---
M modules/mediawiki/files/apache/sites/redirects.conf
M modules/mediawiki/files/apache/sites/redirects/refreshDomainRedirects
2 files changed, 265 insertions(+), 265 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/37/220337/1

diff --git a/modules/mediawiki/files/apache/sites/redirects.conf 
b/modules/mediawiki/files/apache/sites/redirects.conf
index 4d84893..4945438 100644
--- a/modules/mediawiki/files/apache/sites/redirects.conf
+++ b/modules/mediawiki/files/apache/sites/redirects.conf
@@ -535,154 +535,154 @@
RewriteRule . %{ENV:RW_PROTO}://store.wikimedia.org/ [R=301,L,NE]
# rewrite   donate.mediawiki.orghttps://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.mediawiki.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wikibooks.orghttps://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wikibooks.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wikimediafoundation.org  
https://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wikimediafoundation.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wikinews.org https://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wikinews.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wikipedia.comhttps://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wikipedia.com
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wikiquote.orghttps://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wikiquote.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wikisource.org   https://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wikisource.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wikispecies.org  https://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wikispecies.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wikiversity.org  https://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wikiversity.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# rewrite   donate.wiktionary.org   https://donate.wikimedia.org
RewriteCond %{HTTP_HOST} =donate.wiktionary.org
-   RewriteRule .* https://donate.wikimedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* https://donate.wikimedia.org$0 [R=301,L,NE]
# funnelsep11.wikipedia.org 
http://wayback.archive.org/web/2003031500*/http://sep11.wikipedia.org/wiki/In_Memoriam
RewriteCond %{HTTP_HOST} =sep11.wikipedia.org
RewriteRule . 
http://wayback.archive.org/web/2003031500*/http://sep11.wikipedia.org/wiki/In_Memoriam
 [R=301,L,NE]
# rewrite   be-x-old.wikisource.org //be.wikisource.org # T43755
RewriteCond %{HTTP_HOST} =be-x-old.wikisource.org
-   RewriteRule .* %{ENV:RW_PROTO}://be.wikisource.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* %{ENV:RW_PROTO}://be.wikisource.org$0 
[R=301,L,NE]
# rewrite   de-beta.wikipedia.org   //de.wikipedia.org
RewriteCond %{HTTP_HOST} =de-beta.wikipedia.org
-   RewriteRule .* %{ENV:RW_PROTO}://de.wikipedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* %{ENV:RW_PROTO}://de.wikipedia.org$0 
[R=301,L,NE]
# rewrite   cz.wikipedia.org//cs.wikipedia.org
RewriteCond %{HTTP_HOST} =cz.wikipedia.org
-   RewriteRule .* %{ENV:RW_PROTO}://cs.wikipedia.org$0 [R=301,L,NE]
+   RewriteRule ^[^\x00-\x1F]* %{ENV:RW_PROTO}://cs.wikipedia.org$0 
[R=301,L,NE]
# rewrite   cz.wikipedia.com

[MediaWiki-commits] [Gerrit] Add detection for mobile domain request - change (mediawiki...MobileFrontend)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/219272

Change subject: Add detection for mobile domain request
..

Add detection for mobile domain request

CentralAuth needs to know if a request came in via mobile domain, so it
can redirect back to the correct domain.

Bug: T100413
Change-Id: Ia90a587b0579ff2a65c9477f083692aab3945577
---
M includes/MobileContext.php
1 file changed, 13 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend 
refs/changes/72/219272/1

diff --git a/includes/MobileContext.php b/includes/MobileContext.php
index b69c04d..a471f80 100644
--- a/includes/MobileContext.php
+++ b/includes/MobileContext.php
@@ -756,6 +756,19 @@
}
 
/**
+* Detect if a mobile domain was used for this request
+* @return bool
+*/
+   public function isMobileDomainRequest() {
+   $bits = $bitsMobile = wfParseUrl( 
$this-getRequest()-detectServer() );
+   if ( !$bits ) {
+   return false;
+   }
+   $this-updateMobileUrlHost( $bitsMobile );
+   return ( $bits['host'] === $bitsMobile['host'] );
+   }
+
+   /**
 * Take a URL and return a copy that removes any mobile tokens
 * @param string $url
 * @return string

-- 
To view, visit https://gerrit.wikimedia.org/r/219272
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia90a587b0579ff2a65c9477f083692aab3945577
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Autologin for m. domains - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/219275

Change subject: Autologin for m. domains
..

Autologin for m. domains

Have the central login wiki redirect to the mobile version of a wiki,
if the original autologin started on a mobile domain.

Depends on Ia90a587b0579ff2a65c9477f083692aab3945577

Bug: 100413
Change-Id: Ie1c373a1f039fb1ab9866543288bcfaf87c51ab4
---
M includes/CentralAuthHooks.php
M includes/specials/SpecialCentralAutoLogin.php
2 files changed, 40 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/75/219275/1

diff --git a/includes/CentralAuthHooks.php b/includes/CentralAuthHooks.php
index 692dd8c..950660b 100644
--- a/includes/CentralAuthHooks.php
+++ b/includes/CentralAuthHooks.php
@@ -596,10 +596,19 @@
foreach ( $wgCentralAuthAutoLoginWikis as $alt = 
$wikiID ) {
$wiki = WikiMap::getWiki( $wikiID );
// Use WikiReference::getFullUrl(), returns a 
protocol-relative URL if needed
-   $url = wfAppendQuery( $wiki-getFullUrl( 
'Special:CentralAutoLogin/start' ), array(
+   $params = array(
'type' = 'icon',
'from' = wfWikiID(),
-   ) );
+   );
+   if ( class_exists( 'MobileContext' )
+
MobileContext::singleton()-isMobileDomainRequest()
+   ) {
+   $params['mobile'] = 1;
+   }
+   $url = wfAppendQuery(
+   $wiki-getFullUrl( 
'Special:CentralAutoLogin/start' ),
+   $params
+   );
$inject_html .= Xml::element( 'img',
array(
'src' = $url,
@@ -1315,10 +1324,16 @@
$wgCentralAuthLoginWiki, 
'Special:CentralAutoLogin/checkLoggedIn'
);
if ( $url !== false ) {
-   $vars['wgCentralAuthCheckLoggedInURL'] = 
wfAppendQuery( $url, array(
+   $params = array(
'type' = 'script',
'wikiid' = wfWikiID(),
-   ) );
+   );
+   if ( class_exists( 'MobileContext' )
+
MobileContext::singleton()-isMobileDomainRequest()
+   ) {
+   $params['mobile'] = 1;
+   }
+   $vars['wgCentralAuthCheckLoggedInURL'] = 
wfAppendQuery( $url, $params );
}
}
}
@@ -1423,9 +1438,18 @@
// For non-JS clients. Use WikiMap to avoid 
localization of the
// 'Special' namespace, see bug 54195.
$wiki = WikiMap::getWiki( wfWikiID() );
-   $url = wfAppendQuery( $wiki-getFullUrl( 
'Special:CentralAutoLogin/start' ), array(
+   $params = array(
'type' = '1x1',
-   ) );
+   );
+   if ( class_exists( 'MobileContext' )
+
MobileContext::singleton()-isMobileDomainRequest()
+   ) {
+   $params['mobile'] = 1;
+   }
+   $url = wfAppendQuery(
+   $wiki-getFullUrl( 
'Special:CentralAutoLogin/start' ),
+   $params
+   );
$out-addHTML( 'noscript' . Xml::element( 
'img',
array(
'src' = $url,
diff --git a/includes/specials/SpecialCentralAutoLogin.php 
b/includes/specials/SpecialCentralAutoLogin.php
index 3d25bc5..99aefcd 100644
--- a/includes/specials/SpecialCentralAutoLogin.php
+++ b/includes/specials/SpecialCentralAutoLogin.php
@@ -79,9 +79,9 @@
'return',
'returnto',
'returntoquery',
-   'proto'
+   'proto',
+   'mobile'
);
-
  

[MediaWiki-commits] [Gerrit] Allow setting local email/realname from remote wiki - change (mediawiki...OAuthAuthentication)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/214092

Change subject: Allow setting local email/realname from remote wiki
..

Allow setting local email/realname from remote wiki

Change-Id: I9b34be7b49b5d12919f7c7b59b0e70bdca9bd079
---
M handlers/AuthenticationHandler.php
M i18n/en.json
M i18n/qqq.json
M specials/SpecialOAuthLogin.php
M utils/Hooks.php
M utils/OAuthExternalUser.php
6 files changed, 70 insertions(+), 9 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuthAuthentication 
refs/changes/92/214092/1

diff --git a/handlers/AuthenticationHandler.php 
b/handlers/AuthenticationHandler.php
index c701d47..d23a913 100644
--- a/handlers/AuthenticationHandler.php
+++ b/handlers/AuthenticationHandler.php
@@ -12,6 +12,12 @@
wfGetDB( DB_MASTER )  #TODO: don't do this
);
$exUser-setAccessToken( $accessToken );
+   if ( isset( $identity-realname ) ) {
+   $exUser-setRealname( $identity-realname );
+   }
+   if ( isset( $identity-email ) ) {
+   $exUser-setEmail( $identity-email );
+   }
$exUser-setIdentifyTS( new \MWTimestamp() );
 
if ( $exUser-attached() ) {
@@ -57,9 +63,9 @@
return $status;
}
 
-   /* TODO: Set email, realname, and language, once we can 
get them via /identify
$u-setEmail( $exUser-getEmail() );
-   $u-setRealName( $exUser-getRealName() );
+   $u-setRealName( $exUser-getRealname() );
+   /*
$u-setOption( 'language', $exUser-getLanguage() );
*/
 
@@ -100,9 +106,23 @@
__METHOD__ . : Associated user is Anon. 
Aborting. );
return \Status::newFatal( 
'oauthauth-login-usernotexists' );
}
-wfDebugLog( OAA, __METHOD__ .  updating exuser:  . print_r( $exUser, true 
) );
$exUser-updateInDatabase( wfGetDB( DB_MASTER ) );
 
+   // update private data if needed
+   if ( $u-getEmail() !== $exUser-getEmail() ) {
+   if ( $exUser-getEmail() ) {
+   $u-setEmail( $exUser-getEmail() );
+   $u-confirmEmail();
+   } else {
+   $u-invalidateEmail();
+   }
+   $u-saveSettings();
+   }
+   if ( $u-getRealName() !== $exUser-getRealname() ) {
+   $u-setRealName( $exUser-getRealname() );
+   $u-saveSettings();
+   }
+
$u-invalidateCache();
 
if ( !$wgSecureLogin ) {
diff --git a/i18n/en.json b/i18n/en.json
index 460f488..2c8e8b3 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -16,5 +16,7 @@
oauthauth-login-usernotexists: The OAuth user listed as connected, 
but the user doesn't exist on this wiki,
oauthauth-nologin-policy: This wiki's policy will not let you 
login.,
oauthauth-localuser-not-allowed: The site administrator has disabled 
local account creation. You should $1 to create an account with OAuth.,
-   oauthauth-loggout-policy: You have been logged out because the site 
policy no longer allows you to be logged in.
+   oauthauth-loggout-policy: You have been logged out because the site 
policy no longer allows you to be logged in.,
+   oauthauth-set-email: Your attached account did not have an email the 
last time you logged in. Set an email on $1 to set your email here.,
+   oauthauth-email-set: $1. Update your email on $2 to change it.
 }
diff --git a/i18n/qqq.json b/i18n/qqq.json
index d4c8872..1feb1e9 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -16,5 +16,7 @@
oauthauth-login-usernotexists: Error when the user logs in with an 
account that was attached on this wiki, but no longer exists.,
oauthauth-nologin-policy: Error the user sees hwne the local wiki's 
administrator has prevented their login with a policy.,
oauthauth-localuser-not-allowed: Error when the user attempts to 
create an account, but the wiki isn't configured to allow it, and instructing 
the user to login via OAuth.\n\nParameters:\n* $1 - link text {{msg-mw|login}}. 
A link to login.,
-   oauthauth-loggout-policy: Error message when a user is logged out 
because their user no longer complies with the requirements set by the site 
administrator
+   oauthauth-loggout-policy: Error message when a user is logged out 
because their user no longer complies with the requirements set by the site 
administrator,
+   oauthauth-set-email: Instructions in the user's preferences telling 

[MediaWiki-commits] [Gerrit] Update todo, fix tests - change (mediawiki...OAuthAuthentication)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/214091

Change subject: Update todo, fix tests
..

Update todo, fix tests

Change-Id: Ica53c5b98e1550739f9012b3e0bd1dbf3e40283f
---
M TODO.txt
M store/oauthauth.sql
2 files changed, 2 insertions(+), 2 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuthAuthentication 
refs/changes/91/214091/1

diff --git a/TODO.txt b/TODO.txt
index b6dbd9b..b36b93c 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -21,4 +21,4 @@
 
 * Reorg directories?
 
-* Change returnto url when clicking login on Special:UserLogout
+* Change returnto url when clicking login on Special:UserLogout {{done}}
diff --git a/store/oauthauth.sql b/store/oauthauth.sql
index 56fc6f5..dc927b4 100644
--- a/store/oauthauth.sql
+++ b/store/oauthauth.sql
@@ -4,7 +4,7 @@
   `oaau_username` varchar(255) binary not null,
   `oaau_access_token` varchar(127) binary not null default '',
   `oaau_access_secret` varchar(127) binary not null default '',
-  `oaau_identify_timestamp` binary(14) not null default '',
+  `oaau_identify_timestamp` binary(14) not null default ''
 ) /*$wgDBTableOptions*/;
 
 CREATE UNIQUE INDEX /*i*/idx_rid ON /*_*/oauthauth_user (`oaau_rid`);

-- 
To view, visit https://gerrit.wikimedia.org/r/214091
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ica53c5b98e1550739f9012b3e0bd1dbf3e40283f
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuthAuthentication
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Remove $status causing warning - change (mediawiki...OAuthAuthentication)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/214090

Change subject: Remove $status causing warning
..

Remove $status causing warning

Bug: T
Change-Id: I5b307cfdfd6cdf37696fdb9323b15af1edaac978
---
M specials/SpecialOAuthLogin.php
1 file changed, 0 insertions(+), 3 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuthAuthentication 
refs/changes/90/214090/1

diff --git a/specials/SpecialOAuthLogin.php b/specials/SpecialOAuthLogin.php
index c427e7a..010ce0b 100644
--- a/specials/SpecialOAuthLogin.php
+++ b/specials/SpecialOAuthLogin.php
@@ -50,9 +50,6 @@
} catch ( Exception $e ) {
throw new \ErrorPageError( 
'oauthauth-error', $e-getMessage() );
}
-   if ( !$status-isGood() ) {
-   throw new \ErrorPageError( 
'oauthauth-error', $status-getMessage() );
-   }
 
break;
case 'finish':

-- 
To view, visit https://gerrit.wikimedia.org/r/214090
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5b307cfdfd6cdf37696fdb9323b15af1edaac978
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuthAuthentication
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SULF is done - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/209540

Change subject: SULF is done
..

SULF is done

Change-Id: I0b78900493ba3e1a2d1c384415e31337aeb03016
---
D evil-plans.txt
1 file changed, 0 insertions(+), 248 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/40/209540/1

diff --git a/evil-plans.txt b/evil-plans.txt
deleted file mode 100644
index 8c473ee..000
--- a/evil-plans.txt
+++ /dev/null
@@ -1,248 +0,0 @@
-Implementation notes...

-
-== Goals ==
-
-As a reminder, some things we are and aren't trying to accomplish here:
-
-=== Are trying to achieve: ===
-
-* All new accounts will be valid on all Wikimedia wikis, using a consistent
-  username and password everywhere.
-
-* Once migrated, all old accounts will be valid on all Wikimedia wikis,
-  using a consistent username and password everywhere.
-
-* Accounts will only have to set and confirm e-mail in one place.
-
-=== Are not trying to achieve at this time: ===
-
-* Automatic passing of login data between sites
-* Integration with non-Wikimedia authentication systems (OpenID etc)
-* Total integration of user options, etc across wikis
-
-=== Are not trying to achieve ever: ===
-
-* Different usernames on each wiki
-
-
-== Migration strategies ==
-
-The system consists of 'local' accounts (the user table entries on each wiki)
-and 'global' accounts (the accounts on the central auth server).
-
-A local account may be in one of two states:
- - unattached: old account awaiting migration
- - attached: migrated, or newly created under the new system
-
-An attempt to login with a given name on a given wiki will encounter one of
-these possible states:
- - no global account: 'no such user' error
- - no local account: an attached local account will be transparently created
- - attached: login continues
- - unattached: login-time migration will be triggered
-
-
-=== First-stage migration ===
-
-This is an automated process which will run when the system is put into
-place:
-
-For each name in use on the various wikis at initial migration time, a
-global account is created.
-
-One account for each name is selected as the 'winner', usually the most
-prolific. The winner's password and email address are assigned to the
-global account.
-
-Some accounts can be fully migrated automatically:
- - Name occurred only on one wiki
- - Multiple instances, but all with the same e-mail address
- - Potentially, unused accounts could be subsumed automatically
-
-Note that passwords cannot be checked at this time due to the hashing
-method used in our user table. Matching e-mail addresses can be considered
-'password-equivalent' here as whoever owns that address is able to set
-the password.
-
-If there are accounts which do not match the winning e-mail address, the
-account will be left in a transitional state:
- - Matching local accounts are attached, and can be used to log in.
- - Non-matching local accounts are left unattached, for later migration.
-
-
-=== Login-time migration ===
-
-When a user attempts to login to an unattached account, this triggers
-login-time migration.
-
-The account can now be automatically attached if:
- - The given password matches both the local and global account
- - The local account's email address matches the global account's
-   confirmed e-mail address
-
-(We check e-mail again as the global account's email may have been changed
-since original migration time.)
-
-
-=== Login-time renaming ===
-
-Some portion of name conflicts really are different people, so they won't
-be able to confirm themselves as the global account owner.
-
-If the login-time migration checks fail, the user is offered the option to
-rename the account, either merging it to an existing global account or making
-a brand new one.
-
-* FIXME: We may need to clean up some rename operations to make this safe.
-
-
-=== Cleanup and long-term ===
-
-The presence of a third-party unattached local account on a given wiki means
-that the owner of the global account can't use his/her global account to log
-in on that wiki.
-
-Practically speaking, not all conflicting accounts will be resolved by their
-owners in a timely fashion. Some will never return; some will be malicious;
-some will just forget.
-
-We'll require a way for unclaimed unattached accounts to be renamed forcefully.
-Possibly this can require a bureaucrat's intervention; possibly this can be
-done by the conflicting global account's owner after some timeout period.
-
-
-=== Notifications ===
-
-Conflicting accounts should be notified by e-mail where possible.
-
-
-== Implementation: parts! ==
-
-* Core: central database o' fun
-* Edge: Wikis
-
-=== Communication requirements ===
-
-* Full edge-core connectivity in cases:
- - pmtpa: same database cluster
- - pmtpa.enwiki: alternate database master
-
-* Open login sessions should 

[MediaWiki-commits] [Gerrit] Password validity by policy per group - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/206156

Change subject: Password validity by policy per group
..

Password validity by policy per group

Make password policies defined in a configurable policy, which is
defined by group. A user's password policy will be the maximum of
each group policy that the user belongs to.

Bug: T94774
Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
---
M autoload.php
M includes/DefaultSettings.php
M includes/User.php
A includes/password/UserPasswordPolicy.php
M tests/phpunit/includes/UserTest.php
A tests/phpunit/includes/password/UserPasswordPolicyTest.php
6 files changed, 541 insertions(+), 30 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/56/206156/1

diff --git a/autoload.php b/autoload.php
index b480096..5f0c68d 100644
--- a/autoload.php
+++ b/autoload.php
@@ -1284,6 +1284,7 @@
'UserMailer' = __DIR__ . '/includes/mail/UserMailer.php',
'UserNotLoggedIn' = __DIR__ . 
'/includes/exception/UserNotLoggedIn.php',
'UserOptions' = __DIR__ . '/maintenance/userOptions.inc',
+   'UserPasswordPolicy' = __DIR__ . 
'/includes/password/UserPasswordPolicy.php',
'UserRightsProxy' = __DIR__ . '/includes/UserRightsProxy.php',
'UsercreateTemplate' = __DIR__ . '/includes/templates/Usercreate.php',
'UserloginTemplate' = __DIR__ . '/includes/templates/Userlogin.php',
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index dc16ae3..800c244 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4172,6 +4172,27 @@
  * @{
  */
 
+$wgPasswordPolicy = array(
+   'checkuser' = array(
+   'MinimalPasswordLength' = 10,
+   'MinimumPasswordLengthToLogin' = 6,
+   'PasswordCannotMatchUsername' = 1,
+   ),
+   'sysop' = array(
+   'MinimalPasswordLength' = 8,
+   'MinimumPasswordLengthToLogin' = 1,
+   'PasswordCannotMatchUsername' = 1,
+   ),
+   'default' = array(
+   'MinimalPasswordLength' = 1,
+   'PasswordCannotMatchUsername' = 1,  // true
+   'PasswordCannotMatchBlacklist' = 1, // true
+   'MaximalPasswordLength' = 4096, // prevent DoS with pbkdf2
+
+   ),
+);
+
+
 /**
  * For compatibility with old installations set to false
  * @deprecated since 1.24 will be removed in future
diff --git a/includes/User.php b/includes/User.php
index f526fe0..3613c75 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -843,15 +843,11 @@
 * @since 1.23
 */
public function checkPasswordValidity( $password ) {
-   global $wgMinimalPasswordLength, $wgMaximalPasswordLength, 
$wgContLang;
+   global $wgPasswordPolicy;
 
-   static $blockedLogins = array(
-   'Useruser' = 'Passpass', 'Useruser1' = 'Passpass1', # 
r75589
-   'Apitestsysop' = 'testpass', 'Apitestuser' = 
'testpass' # r75605
-   );
+   $upp = new UserPasswordPolicy( $wgPasswordPolicy );
 
$status = Status::newGood();
-
$result = false; //init $result to false for the internal checks
 
if ( !Hooks::run( 'isValidPassword', array( $password, 
$result, $this ) ) ) {
@@ -860,28 +856,8 @@
}
 
if ( $result === false ) {
-   if ( strlen( $password )  $wgMinimalPasswordLength ) {
-   $status-error( 'passwordtooshort', 
$wgMinimalPasswordLength );
-   return $status;
-   } elseif ( strlen( $password )  
$wgMaximalPasswordLength ) {
-   // T64685: Password too long, might cause DoS 
attack
-   $status-fatal( 'passwordtoolong', 
$wgMaximalPasswordLength );
-   return $status;
-   } elseif ( $wgContLang-lc( $password ) == 
$wgContLang-lc( $this-mName ) ) {
-   $status-error( 'password-name-match' );
-   return $status;
-   } elseif ( isset( $blockedLogins[$this-getName()] )
-$password == $blockedLogins[$this-getName()]
-   ) {
-   $status-error( 'password-login-forbidden' );
-   return $status;
-   } else {
-   //it seems weird returning a Good status here, 
but this is because of the
-   //initialization of $result to false above. If 
the hook is never run or it
-   //doesn't modify $result, then we will likely 
get down into this if with
-   //a valid password.
-

[MediaWiki-commits] [Gerrit] Mark centralautologin for mobile - change (mediawiki...CentralAuth)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/205771

Change subject: Mark centralautologin for mobile
..

Mark centralautologin for mobile

Bug: T88860
Change-Id: I824ea40f9d226166992cada581ee6a625750b181
---
M CentralAuth.php
1 file changed, 2 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth 
refs/changes/71/205771/1

diff --git a/CentralAuth.php b/CentralAuth.php
index 53763f4..599be9d 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -521,6 +521,7 @@
'scripts' = 'ext.centralauth.centralautologin.js',
'styles' = 'ext.centralauth.centralautologin.css',
'position' = 'top',
+   'targets' = array( 'mobile', 'desktop' ),
'dependencies' = array(
'mediawiki.notify',
'mediawiki.jqueryMsg',
@@ -529,6 +530,7 @@
 $wgResourceModules['ext.centralauth.centralautologin.clearcookie'] = array(
'scripts' = 'ext.centralauth.centralautologin.clearcookie.js',
'position' = 'top',
+   'targets' = array( 'mobile', 'desktop' ),
 ) + $commonModuleInfo;
 
 $wgResourceModules['ext.centralauth.noflash'] = array(

-- 
To view, visit https://gerrit.wikimedia.org/r/205771
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I824ea40f9d226166992cada581ee6a625750b181
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Add an edit token to Special:CheckUser - change (mediawiki...CheckUser)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201228

Change subject: SECURITY: Add an edit token to Special:CheckUser
..

SECURITY: Add an edit token to Special:CheckUser

Bug: T85858
Change-Id: I8b86ae48058ab85975b48a40008e91027387f5f8
---
M i18n/en.json
M i18n/qqq.json
M specials/SpecialCheckUser.php
3 files changed, 7 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CheckUser 
refs/changes/28/201228/1

diff --git a/i18n/en.json b/i18n/en.json
index 922245c..778dd05 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -78,6 +78,7 @@
checkuser-email-action: sent an email to user \$1\,
checkuser-reset-action: reset password for user \$1\,
checkuser-toollinks: span 
class=\plainlinks\[[http://whois.domaintools.com/$1 RDNS] 
·\n[http://www.robtex.com/rbls/$1.html RBLs] 
·\n[http://www.dnsstuff.com/tools/tracert.ch?ip=$1 Traceroute] 
·\n[http://www.ip2location.com/$1 Geolocate] 
·\n[http://toolserver.org/~overlordq/scripts/checktor.fcgi?ip=$1 Tor check] 
·\n[http://whois.arin.net/rest/ip/$1 WHOIS]]/span,
+   checkuser-token-fail: Session failure. Please try again.,
group-checkuser.css: /* CSS placed here will affect checkuser only 
*/,
group-checkuser.js: /* JS placed here will affect checkuser only */,
apihelp-query+checkuser-description: Check which IP addresses are 
used by a given username or which usernames are used by a given IP.,
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 33af0ed..33bf928 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -95,6 +95,7 @@
checkuser-email-action: Logged text when a user sends an e-mail. 
Probably preceded by the name of the checkuser.\n\nParameters:\n* $1 - a salted 
MD5 hash for the user an email was sent to,
checkuser-reset-action: Logged text when a user resets a password. 
Parameters:\n* $1 - the username for which the password was reset. Can be used 
for GENDER.,
checkuser-toollinks: {{notranslate}}\nParameters:\n* $1 - IP 
address,
+   checkuser-token-fail: Error message shown when the CSRF token does 
not match the current session.,
group-checkuser.css: {{doc-group|checkuser|css}},
group-checkuser.js: {{doc-group|checkuser|js}},
apihelp-query+checkuser-description: 
{{doc-apihelp-description|query+checkuser}},
diff --git a/specials/SpecialCheckUser.php b/specials/SpecialCheckUser.php
index 24fbb55..eaa3eb5 100644
--- a/specials/SpecialCheckUser.php
+++ b/specials/SpecialCheckUser.php
@@ -48,7 +48,9 @@
 
# Perform one of the various submit operations...
if ( $request-wasPosted() ) {
-   if ( $request-getVal( 'action' ) === 'block' ) {
+   if ( !$this-getUser()-matchEditToken( 
$request-getVal( 'wpEditToken' ) ) ) {
+   $this-getOutput()-wrapWikiMsg( 'div 
class=error$1/div', 'checkuser-token-fail' );
+   } elseif ( $request-getVal( 'action' ) === 'block' ) {
$this-doMassUserBlock( $users, $blockreason, 
$tag, $talkTag );
} elseif ( !$this-checkReason( $reason ) ) {
$this-getOutput()-addWikiMsg( 
'checkuser-noreason' );
@@ -168,6 +170,7 @@
$form .= '/tr';
$form .= Xml::closeElement( 'table' );
$form .= '/fieldset';
+   $form .= Html::hidden( 'wpEditToken', 
$this-getUser()-getEditToken() );
$form .= Xml::closeElement( 'form' );
# Output form
$this-getOutput()-addHTML( $form );
@@ -1078,6 +1081,7 @@
array( 'id' = 'checkuserblocksubmit', 
'name' = 'checkuserblock' ) ) . /p\n;
$s .= /fieldset\n;
}
+   $s .= Html::hidden( 'wpEditToken', 
$this-getUser()-getEditToken() );
$s .= '/form';
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/201228
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8b86ae48058ab85975b48a40008e91027387f5f8
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CheckUser
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Legoktm legoktm.wikipe...@gmail.com

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Sanitize the content of Lua backtraces - change (mediawiki...Scribunto)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201226

Change subject: SECURITY: Sanitize the content of Lua backtraces
..

SECURITY: Sanitize the content of Lua backtraces

Bug: T85113
Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
---
M engines/LuaCommon/LuaCommon.php
1 file changed, 10 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Scribunto 
refs/changes/26/201226/1

diff --git a/engines/LuaCommon/LuaCommon.php b/engines/LuaCommon/LuaCommon.php
index f8a6e2e..9f77234 100644
--- a/engines/LuaCommon/LuaCommon.php
+++ b/engines/LuaCommon/LuaCommon.php
@@ -936,25 +936,27 @@
}
 
if ( strval( $info['namewhat'] ) !== '' ) {
-   $function = wfMessage( 
'scribunto-lua-in-function', $info['name'] );
+   $function = wfMessage( 
'scribunto-lua-in-function', wfEscapeWikiText( $info['name'] ) );
in_array( 'content', $msgOptions ) ?
-   $function = 
$function-inContentLanguage()-text() :
-   $function = $function-text();
+   $function = 
$function-inContentLanguage()-plain() :
+   $function = $function-plain();
} elseif ( $info['what'] == 'main' ) {
$function = wfMessage( 'scribunto-lua-in-main' 
);
in_array( 'content', $msgOptions ) ?
-   $function = 
$function-inContentLanguage()-text() :
-   $function = $function-text();
+   $function = 
$function-inContentLanguage()-plain() :
+   $function = $function-plain();
} else {
// C function, tail call, or a Lua function 
where Lua can't
// guess the name
$function = '?';
}
 
-   $backtraceLine = wfMessage( 
'scribunto-lua-backtrace-line', strong$src/strong, $function );
+   $backtraceLine = wfMessage( 
'scribunto-lua-backtrace-line' )
+   -rawParams( strong$src/strong )
+   -params( $function );
in_array( 'content', $msgOptions ) ?
-   $backtraceLine = 
$backtraceLine-inContentLanguage()-text() :
-   $backtraceLine = $backtraceLine-text();
+   $backtraceLine = 
$backtraceLine-inContentLanguage()-parse() :
+   $backtraceLine = $backtraceLine-parse();
 
$s .= li\n\t . $backtraceLine  . \n/li\n;
}

-- 
To view, visit https://gerrit.wikimedia.org/r/201226
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iede661a34f4ec2f384bd0407e2fb8f271ff54a77
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Scribunto
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Jackmcbarn jackmcb...@gmail.com

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Always expand xml entities when checking SVG's - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201223

Change subject: SECURITY: Always expand xml entities when checking SVG's
..

SECURITY: Always expand xml entities when checking SVG's

XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml
entities unexpanded, which can lead to false-negatives when the
callback was used for filtering. Update XmlTypeCheck to use XMLReader
instead, tell the library to fully expand entities, and rely on the
library to error out if it encounters XML that is likely to cause a DoS
if parsed.

Bug: T88310
Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba
---
M includes/libs/XmlTypeCheck.php
M tests/phpunit/includes/libs/XmlTypeCheckTest.php
M tests/phpunit/includes/upload/UploadBaseTest.php
3 files changed, 206 insertions(+), 105 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/23/201223/1

diff --git a/includes/libs/XmlTypeCheck.php b/includes/libs/XmlTypeCheck.php
index 0d6c3a6..6d01986 100644
--- a/includes/libs/XmlTypeCheck.php
+++ b/includes/libs/XmlTypeCheck.php
@@ -2,6 +2,11 @@
 /**
  * XML syntax and type checker.
  *
+ * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us
+ * more control over the expansion of XML entities. When passed to the
+ * callback, entities will be fully expanded, but may report the XML is
+ * invalid if expanding the entities are likely to cause a DoS.
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
@@ -25,7 +30,7 @@
 * Will be set to true or false to indicate whether the file is
 * well-formed XML. Note that this doesn't check schema validity.
 */
-   public $wellFormed = false;
+   public $wellFormed = null;
 
/**
 * Will be set to true if the optional element filter returned
@@ -78,12 +83,7 @@
function __construct( $input, $filterCallback = null, $isFile = true, 
$options = array() ) {
$this-filterCallback = $filterCallback;
$this-parserOptions = array_merge( $this-parserOptions, 
$options );
-
-   if ( $isFile ) {
-   $this-validateFromFile( $input );
-   } else {
-   $this-validateFromString( $input );
-   }
+   $this-validateFromInput( $input, $isFile );
}
 
/**
@@ -125,140 +125,211 @@
return $this-rootElement;
}
 
-   /**
-* Get an XML parser with the root element handler.
-* @see XmlTypeCheck::rootElementOpen()
-* @return resource a resource handle for the XML parser
-*/
-   private function getParser() {
-   $parser = xml_parser_create_ns( 'UTF-8' );
-   // case folding violates XML standard, turn it off
-   xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false 
);
-   xml_set_element_handler( $parser, array( $this, 
'rootElementOpen' ), false );
-   if ( $this-parserOptions['processing_instruction_handler'] ) {
-   xml_set_processing_instruction_handler(
-   $parser,
-   array( $this, 'processingInstructionHandler' )
-   );
-   }
-   return $parser;
-   }
 
/**
 * @param string $fname the filename
 */
-   private function validateFromFile( $fname ) {
-   $parser = $this-getParser();
-
-   if ( file_exists( $fname ) ) {
-   $file = fopen( $fname, rb );
-   if ( $file ) {
-   do {
-   $chunk = fread( $file, 32768 );
-   $ret = xml_parse( $parser, $chunk, 
feof( $file ) );
-   if ( $ret == 0 ) {
-   $this-wellFormed = false;
-   fclose( $file );
-   xml_parser_free( $parser );
-   return;
-   }
-   } while ( !feof( $file ) );
-
-   fclose( $file );
-   }
-   }
-   $this-wellFormed = true;
-
-   xml_parser_free( $parser );
-   }
-
-   /**
-*
-* @param string $string the XML-input-string to be checked.
-*/
-   private function validateFromString( $string ) {
-   $parser = $this-getParser();
-   $ret = xml_parse( $parser, $string, true );
-   

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow embedded application/xml in SVG's - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201218

Change subject: SECURITY: Don't allow embedded application/xml in SVG's
..

SECURITY: Don't allow embedded application/xml in SVG's

Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got
around our blacklist on embedded href targets. Use a whitelist instead.

Bug: T85850
Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28
---
M includes/upload/UploadBase.php
M tests/phpunit/includes/upload/UploadBaseTest.php
2 files changed, 23 insertions(+), 14 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/18/201218/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index a001fea..8c3f174 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1412,20 +1412,16 @@
}
}
 
-   # href with embedded svg as target
-   if ( $stripped == 'href'  preg_match( 
'!data:[^,]*image/svg[^,]*,!sim', $value ) ) {
-   wfDebug( __METHOD__ . : Found href to embedded 
svg 
-   . \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
-
-   return true;
-   }
-
-   # href with embedded (text/xml) svg as target
-   if ( $stripped == 'href'  preg_match( 
'!data:[^,]*text/xml[^,]*,!sim', $value ) ) {
-   wfDebug( __METHOD__ . : Found href to embedded 
svg 
-   . \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
-
-   return true;
+   # only allow data: targets that should be safe. This 
prevents vectors like,
+   # image/svg, text/xml, application/xml, and text/html, 
which can contain scripts
+   if ( $stripped == 'href'  strncasecmp( 'data:', 
$value, 5 ) === 0 ) {
+   // rfc2397 parameters. This is only slightly 
slower than (;[\w;]+)*.
+   $parameters = 
'(?;[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+=(?[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+|(?[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|[\0-\x7f])*))*(?:;base64)?';
+   if ( !preg_match( 
!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i, $value ) ) {
+   wfDebug( __METHOD__ . : Found href to 
unwhitelisted data: uri 
+   . \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
+   return true;
+   }
}
 
# Change href with animate from 
(http://html5sec.org/#137). This doesn't seem
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php 
b/tests/phpunit/includes/upload/UploadBaseTest.php
index dd43af9..8c5c923 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -163,6 +163,12 @@
'SVG with javascript xlink 
(http://html5sec.org/#87)'
),
array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:xlink=http://www.w3.org/1999/xlink;use 
xlink:href=data:application/xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjUwIiBjeD0iMTAwIiBjeT0iMTAwIiBzdHlsZT0iZmlsbDogI0YwMCI+CjxzZXQgYXR0cmlidXRlTmFtZT0iZmlsbCIgYXR0cmlidXRlVHlwZT0iQ1NTIiBvbmJlZ2luPSdhbGVydChkb2N1bWVudC5jb29raWUpJwpvbmVuZD0nYWxlcnQoIm9uZW5kIiknIHRvPSIjMDBGIiBiZWdpbj0iMXMiIGR1cj0iNXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test/
 /svg',
+   true,
+   true,
+   'SVG with Opera image xlink 
(http://html5sec.org/#88 - c)'
+   ),
+   array(
'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:xlink=http://www.w3.org/1999/xlink;  animation 
xlink:href=javascript:alert(1)/ /svg',
true,
true,
@@ -337,6 +343,13 @@
true,
'SVG with remote background image using image() 
(bug 69008)'
),
+   array(
+   // As reported by Cure53
+   'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:xlink=http://www.w3.org/1999/xlink; a 
xlink:href=data:text/html;charset=utf-8;base64, 
PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ%2BDQo%3D circle 

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow entities in XMP with HHVM - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201225

Change subject: SECURITY: Don't allow entities in XMP with HHVM
..

SECURITY: Don't allow entities in XMP with HHVM

Test for, and refuse to parse, XMP chunks with a doctype declaration
when parsing XMP under HHVM.

Bug: T85848
Change-Id: Iea4feb077ee85a35509a920153daaa9321ee69f3
---
M includes/media/BitmapMetadataHandler.php
M includes/media/JpegMetadataExtractor.php
M includes/media/XMP.php
A tests/phpunit/data/xmp/doctype-included.result.php
A tests/phpunit/data/xmp/doctype-included.xmp
A tests/phpunit/data/xmp/doctype-not-included.xmp
M tests/phpunit/includes/media/XMPTest.php
7 files changed, 179 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/25/201225/1

diff --git a/includes/media/BitmapMetadataHandler.php 
b/includes/media/BitmapMetadataHandler.php
index bb7a1e8..c8d37bb 100644
--- a/includes/media/BitmapMetadataHandler.php
+++ b/includes/media/BitmapMetadataHandler.php
@@ -154,7 +154,7 @@
 * @throws MWException On invalid file.
 */
static function Jpeg( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
$meta = new self();
 
$seg = JpegMetadataExtractor::segmentSplitter( $filename );
@@ -196,7 +196,7 @@
 * @return array Array for storage in img_metadata.
 */
public static function PNG( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
 
$meta = new self();
$array = PNGMetadataExtractor::getMetadata( $filename );
@@ -236,7 +236,7 @@
$meta-addMetadata( array( 'GIFFileComment' = 
$baseArray['comment'] ), 'native' );
}
 
-   if ( $baseArray['xmp'] !== ''  function_exists( 
'xml_parser_create_ns' ) ) {
+   if ( $baseArray['xmp'] !== ''  XMPReader::isSupported() ) {
$xmp = new XMPReader();
$xmp-parse( $baseArray['xmp'] );
$xmpRes = $xmp-getResults();
diff --git a/includes/media/JpegMetadataExtractor.php 
b/includes/media/JpegMetadataExtractor.php
index 0d8013d..ae4af8d 100644
--- a/includes/media/JpegMetadataExtractor.php
+++ b/includes/media/JpegMetadataExtractor.php
@@ -48,7 +48,7 @@
 * @throws MWException If given invalid file.
 */
static function segmentSplitter( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
 
$segmentCount = 0;
 
diff --git a/includes/media/XMP.php b/includes/media/XMP.php
index 0d341aa..50f04ae 100644
--- a/includes/media/XMP.php
+++ b/includes/media/XMP.php
@@ -80,6 +80,12 @@
/** @var int */
private $extendedXMPOffset = 0;
 
+   /** @var int Flag determining if the XMP is safe to parse **/
+   private $parsable = 0;
+
+   /** @var string Buffer of XML to parse **/
+   private $xmlParsableBuffer = '';
+
/**
 * These are various mode constants.
 * they are used to figure out what to do
@@ -107,6 +113,12 @@
 
const NS_RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#';
const NS_XML = 'http://www.w3.org/XML/1998/namespace';
+
+   // States used while determining if XML is safe to parse
+   const PARSABLE_UNKNOWN = 0;
+   const PARSABLE_OK = 1;
+   const PARSABLE_BUFFERING = 2;
+   const PARSABLE_NO = 3;
 
/**
 * Constructor.
@@ -145,6 +157,9 @@
array( $this, 'endElement' ) );
 
xml_set_character_data_handler( $this-xmlParser, array( $this, 
'char' ) );
+
+   $this-parsable = self::PARSABLE_UNKNOWN;
+   $this-xmlParsableBuffer = '';
}
 
/** Destroy the xml parser
@@ -154,6 +169,13 @@
function __destruct() {
// not sure if this is needed.
xml_parser_free( $this-xmlParser );
+   }
+
+   /**
+* Check if this instance supports using this class
+*/
+   public static function isSupported() {
+   return function_exists( 'xml_parser_create_ns' )  
class_exists( 'XMLReader' );
}
 
/** Get the result array. Do some post-processing before returning
@@ -305,6 +327,27 @@
wfRestoreWarnings();
}
 
+   // Ensure the XMP block does not have an xml doctype 
declaration, which
+   // could declare entities unsafe to parse with 
xml_parse (T85848/T71210).
+   if ( $this-parsable !== self::PARSABLE_OK ) {
+   if ( $this-parsable === 

[MediaWiki-commits] [Gerrit] SECURITY: Make SVG @import checking case insensitive - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201217

Change subject: SECURITY: Make SVG @import checking case insensitive
..

SECURITY: Make SVG @import checking case insensitive

@import in embedded CSS is case-insensitive, meaning
an attacker can put @iMpOrT and it should still
work.

This uses stripos instead of strpos to make the check
case insensitive.

Bug: T85349
Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
---
M includes/upload/UploadBase.php
M tests/phpunit/includes/upload/UploadBaseTest.php
2 files changed, 7 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/17/201217/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index a79526e..a001fea 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1524,7 +1524,7 @@
private static function checkCssFragment( $value ) {
 
# Forbid external stylesheets, for both reliability and to 
protect viewer's privacy
-   if ( strpos( $value, '@import' ) !== false ) {
+   if ( stripos( $value, '@import' ) !== false ) {
return true;
}
 
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php 
b/tests/phpunit/includes/upload/UploadBaseTest.php
index 63ad8c0..dd43af9 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -306,6 +306,12 @@
'SVG with @import in style element and child 
element (bug 69008#c11)'
),
array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
viewBox=6 3 177 153 xmlns:xlink=http://www.w3.org/1999/xlink; 
style@imporT 
https://fonts.googleapis.com/css?family=Bitter:700amp;text=WebPlatform.org;;/style
 g transform=translate(-.5,-.5) text fill=#474747 x=95 y=150 
text-anchor=middle font-family=Bitter font-size=20 
font-weight=boldWebPlatform.org/text /g /svg',
+   true,
+   true,
+   'SVG with case-insensitive @import in style 
element (bug T85349)'
+   ),
+   array(
'svg xmlns=http://www.w3.org/2000/svg; rect 
width=100 height=100 
style=background-image:url(https://www.google.com/images/srpr/logo11w.png)/ 
/svg',
true,
true,

-- 
To view, visit https://gerrit.wikimedia.org/r/201217
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Parent5446 tylerro...@gmail.com

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Set maximal password length for DoS - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201220

Change subject: SECURITY: Set maximal password length for DoS
..

SECURITY: Set maximal password length for DoS

Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.

Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.

Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
---
M includes/DefaultSettings.php
M includes/User.php
M includes/specials/SpecialUserlogin.php
M languages/i18n/en.json
M languages/i18n/qqq.json
M tests/phpunit/includes/UserTest.php
6 files changed, 58 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/20/201220/1

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 5ab557e..84dc3aa 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4227,6 +4227,18 @@
 $wgMinimalPasswordLength = 1;
 
 /**
+ * Specifies the maximal length of a user password (T64685).
+ *
+ * It is not recommended to make this greater than the default, as it can
+ * allow DoS attacks by users setting really long passwords. In addition,
+ * this should not be lowered too much, as it enforces weak passwords.
+ *
+ * @warning Unlike other password settings, user with passwords greater than
+ *  the maximum will not be able to log in.
+ */
+$wgMaximalPasswordLength = 4096;
+
+/**
  * Specifies if users should be sent to a password-reset form on login, if 
their
  * password doesn't meet the requirements of User::isValidPassword().
  * @since 1.23
diff --git a/includes/User.php b/includes/User.php
index 89ff299..2e88978 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -826,15 +826,24 @@
}
 
/**
-* Check if this is a valid password for this user. Status will be good 
if
-* the password is valid, or have an array of error messages if not.
+* Check if this is a valid password for this user
+*
+* Create a Status object based on the password's validity.
+* The Status should be set to fatal if the user should not
+* be allowed to log in, and should have any errors that
+* would block changing the password.
+*
+* If the return value of this is not OK, the password
+* should not be checked. If the return value is not Good,
+* the password can be checked, but the user should not be
+* able to set their password to this.
 *
 * @param string $password Desired password
 * @return Status
 * @since 1.23
 */
public function checkPasswordValidity( $password ) {
-   global $wgMinimalPasswordLength, $wgContLang;
+   global $wgMinimalPasswordLength, $wgMaximalPasswordLength, 
$wgContLang;
 
static $blockedLogins = array(
'Useruser' = 'Passpass', 'Useruser1' = 'Passpass1', # 
r75589
@@ -853,6 +862,10 @@
if ( $result === false ) {
if ( strlen( $password )  $wgMinimalPasswordLength ) {
$status-error( 'passwordtooshort', 
$wgMinimalPasswordLength );
+   return $status;
+   } elseif ( strlen( $password )  
$wgMaximalPasswordLength ) {
+   // T64685: Password too long, might cause DoS 
attack
+   $status-fatal( 'passwordtoolong', 
$wgMaximalPasswordLength );
return $status;
} elseif ( $wgContLang-lc( $password ) == 
$wgContLang-lc( $this-mName ) ) {
$status-error( 'password-name-match' );
@@ -2382,17 +2395,9 @@
throw new PasswordError( wfMessage( 
'password-change-forbidden' )-text() );
}
 
-   if ( !$this-isValidPassword( $str ) ) {
-   global $wgMinimalPasswordLength;
-   $valid = $this-getPasswordValidity( $str );
-   if ( is_array( $valid ) ) {
-   $message = array_shift( $valid );
-   $params = $valid;
-   } else {
-   $message = $valid;
-   $params = array( 
$wgMinimalPasswordLength );
-   }
-   throw new PasswordError( wfMessage( $message, 
$params )-text() );
+   $status = $this-checkPasswordValidity( $str );
+   if ( !$status-isGood() ) {

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow directly calling Xml::isWellFormed - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201224

Change subject: SECURITY: Don't allow directly calling Xml::isWellFormed
..

SECURITY: Don't allow directly calling Xml::isWellFormed

Changing Xml::isWellFormed to private. In WMF hosted repos, there are
no callers to isWellFormed directly.

Bug: T85848
Change-Id: I104427989b89c386de571b8e60642095331a1132
---
M includes/Xml.php
1 file changed, 3 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/24/201224/1

diff --git a/includes/Xml.php b/includes/Xml.php
index 78b8715..f0bd70b 100644
--- a/includes/Xml.php
+++ b/includes/Xml.php
@@ -703,13 +703,15 @@
/**
 * Check if a string is well-formed XML.
 * Must include the surrounding tag.
+* This function is a DoS vector if an attacker can define
+* entities in $text.
 *
 * @param string $text String to test.
 * @return bool
 *
 * @todo Error position reporting return
 */
-   public static function isWellFormed( $text ) {
+   private static function isWellFormed( $text ) {
$parser = xml_parser_create( UTF-8 );
 
# case folding violates XML standard, turn it off

-- 
To view, visit https://gerrit.wikimedia.org/r/201224
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I104427989b89c386de571b8e60642095331a1132
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Escape in Html::expandAttributes - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201222

Change subject: SECURITY: Escape  in Html::expandAttributes
..

SECURITY: Escape  in Html::expandAttributes

Escape  characters in attributes, so we don't confuse post-processing,
like LanguageConverter.

Bug: T73394
Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
---
M includes/Html.php
M tests/parser/parserTests.txt
2 files changed, 7 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/22/201222/1

diff --git a/includes/Html.php b/includes/Html.php
index 4b69885..effc488 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -600,17 +600,20 @@
} else {
// Apparently we need to entity-encode \n, \r, 
\t, although the
// spec doesn't mention that.  Since we're 
doing strtr() anyway,
-   // and we don't need  escaped here, we may as 
well not call
-   // htmlspecialchars().
+   // we may as well not call htmlspecialchars().
// @todo FIXME: Verify that we actually need to
// escape \n\r\t here, and explain why, exactly.
#
// We could call Sanitizer::encodeAttribute() 
for this, but we
// don't because we're stubborn and like our 
marginal savings on
// byte size from not having to encode 
unnecessary quotes.
+   // The only difference between this transform 
and the one by
+   // Sanitizer::encodeAttribute() is '' is only 
encoded here if
+   // $wgWellFormedXml is set, and ' is not 
encoded.
$map = array(
'' = 'amp;',
'' = 'quot;',
+   '' = 'gt;',
\n = '#10;',
\r = '#13;',
\t = '#9;'
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index 2b7f4cd..f660678 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -13901,7 +13901,7 @@
 /ul
 /div
 
-h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: text  textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
+h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: text gt; textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
 psection 1
 /p
 h2span class=mw-headline id=text_.3C_texttext lt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: text lt; textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
@@ -19608,7 +19608,7 @@
 /div
 
 h2span class=mw-headline id=Hellosup 
class=in-h2Hello/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: Helloedit/aspan 
class=mw-editsection-bracket]/span/span/h2
-h2span class=mw-headline id=b.22.3EEvilbyesup 
bgt;Evilbye/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: bquot;Evilbyeedit/aspan 
class=mw-editsection-bracket]/span/span/h2
+h2span class=mw-headline id=b.22.3EEvilbyesup 
bgt;Evilbye/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: bquot;gt;Evilbyeedit/aspan 
class=mw-editsection-bracket]/span/span/h2
 
 !! end
 

-- 
To view, visit https://gerrit.wikimedia.org/r/201222
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Don't execute another user's CSS or JS on preview - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201221

Change subject: SECURITY: Don't execute another user's CSS or JS on preview
..

SECURITY: Don't execute another user's CSS or JS on preview

Someone could theoretically try to hide malicious code in their user
common.js and then trick an admin into previewing it by asking for help.

Bug: T85855
Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a
---
M includes/EditPage.php
M includes/OutputPage.php
2 files changed, 18 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/21/201221/1

diff --git a/includes/EditPage.php b/includes/EditPage.php
index a5994e7..e113426 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -2670,19 +2670,21 @@
array( 'userinvalidcssjstitle', 
$this-mTitle-getSkinFromCssJsSubpage() )
);
}
-   if ( $this-formtype !== 'preview' ) {
-   if ( $this-isCssSubpage  
$wgAllowUserCss ) {
-   $wgOut-wrapWikiMsg(
-   div 
id='mw-usercssyoucanpreview'\n$1\n/div,
-   array( 
'usercssyoucanpreview' )
-   );
-   }
+   if ( $this-getTitle()-isSubpageOf( 
$wgUser-getUserPage() ) ) {
+   if ( $this-formtype !== 'preview' ) {
+   if ( $this-isCssSubpage  
$wgAllowUserCss ) {
+   $wgOut-wrapWikiMsg(
+   div 
id='mw-usercssyoucanpreview'\n$1\n/div,
+   array( 
'usercssyoucanpreview' )
+   );
+   }
 
-   if ( $this-isJsSubpage  
$wgAllowUserJs ) {
-   $wgOut-wrapWikiMsg(
-   div 
id='mw-userjsyoucanpreview'\n$1\n/div,
-   array( 
'userjsyoucanpreview' )
-   );
+   if ( $this-isJsSubpage  
$wgAllowUserJs ) {
+   $wgOut-wrapWikiMsg(
+   div 
id='mw-userjsyoucanpreview'\n$1\n/div,
+   array( 
'userjsyoucanpreview' )
+   );
+   }
}
}
}
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index edeae0d..73d0cba 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -3288,6 +3288,10 @@
if ( !$this-getTitle()-isJsSubpage()  
!$this-getTitle()-isCssSubpage() ) {
return false;
}
+   if ( !$this-getTitle()-isSubpageOf( 
$this-getUser()-getUserPage() ) ) {
+   // Don't execute another user's CSS or JS on preview 
(T85855)
+   return false;
+   }
 
return !count( $this-getTitle()-getUserPermissionsErrors( 
'edit', $this-getUser() ) );
}

-- 
To view, visit https://gerrit.wikimedia.org/r/201221
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Anomie bjor...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Fix animate blacklist - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201219

Change subject: SECURITY: Fix animate blacklist
..

SECURITY: Fix animate blacklist

The blacklist should prevent animating any element's xlink:href to a
javascript url.

Bug: T86711
Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a
---
M includes/upload/UploadBase.php
M tests/phpunit/includes/upload/UploadBaseTest.php
2 files changed, 15 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/19/201219/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 8c3f174..6da8250 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1424,11 +1424,10 @@
}
}
 
-   # Change href with animate from 
(http://html5sec.org/#137). This doesn't seem
-   # possible without embedding the svg, but filter here 
in case.
-   if ( $stripped == 'from'
+   # Change href with animate from 
(http://html5sec.org/#137).
+   if ( $stripped === 'attributename'
 $strippedElement === 'animate'
-!preg_match( '!^https?://!im', $value )
+$this-stripXmlNamespace( $value ) == 'href'
) {
wfDebug( __METHOD__ . : Found animate that 
might be changing href using from 
. \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php 
b/tests/phpunit/includes/upload/UploadBaseTest.php
index 8c5c923..c027af6 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -279,6 +279,18 @@
true,
'SVG with animate from 
(http://html5sec.org/#137)'
),
+   array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:xlink=http://www.w3.org/1999/xlink; atext y=1emClick me/text 
animate attributeName=xlink:href values=javascript:alert(\'Bang!\') 
begin=0s dur=0.1s fill=freeze / /a/svg',
+   true,
+   true,
+   'SVG with animate xlink:href 
(http://html5sec.org/#137)'
+   ),
+   array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:y=http://www.w3.org/1999/xlink; a y:href=# text y=1emClick 
me/text animate attributeName=y:href values=javascript:alert(\'Bang!\') 
begin=0s dur=0.1s fill=freeze / /a /svg',
+   true,
+   true,
+   'SVG with animate y:href 
(http://html5sec.org/#137)'
+   ),
 
// Other hostile SVG's
array(

-- 
To view, visit https://gerrit.wikimedia.org/r/201219
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] [TEST] Ignore this - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201007

Change subject: [TEST] Ignore this
..

[TEST] Ignore this

Test commit from caesium

Change-Id: Ibe8f3119be1ae616606f008cf1a4e182fb3b4230
---
M README
1 file changed, 2 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/07/201007/1

diff --git a/README b/README
index 29577bc..200acfe 100644
--- a/README
+++ b/README
@@ -1,5 +1,7 @@
 == MediaWiki ==
 
+TEST!
+
 MediaWiki is a free and open-source wiki software package written in PHP. It
 serves as the platform for Wikipedia and the other projects of the Wikimedia
 Foundation, which deliver content in over 280 languages to more than half a

-- 
To view, visit https://gerrit.wikimedia.org/r/201007
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibe8f3119be1ae616606f008cf1a4e182fb3b4230
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Escape in Html::expandAttributes - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201027

Change subject: SECURITY: Escape  in Html::expandAttributes
..

SECURITY: Escape  in Html::expandAttributes

Escape  characters in attributes, so we don't confuse post-processing,
like LanguageConverter.

Bug: T73394
Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
---
M includes/Html.php
M tests/parser/parserTests.txt
2 files changed, 7 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/27/201027/1

diff --git a/includes/Html.php b/includes/Html.php
index b1d4f00..ca0c76e 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -531,17 +531,20 @@
} else {
// Apparently we need to entity-encode \n, \r, 
\t, although the
// spec doesn't mention that.  Since we're 
doing strtr() anyway,
-   // and we don't need  escaped here, we may as 
well not call
-   // htmlspecialchars().
+   // we may as well not call htmlspecialchars().
// @todo FIXME: Verify that we actually need to
// escape \n\r\t here, and explain why, exactly.
#
// We could call Sanitizer::encodeAttribute() 
for this, but we
// don't because we're stubborn and like our 
marginal savings on
// byte size from not having to encode 
unnecessary quotes.
+   // The only difference between this transform 
and the one by
+   // Sanitizer::encodeAttribute() is '' is only 
encoded here if
+   // $wgWellFormedXml is set, and ' is not 
encoded.
$map = array(
'' = 'amp;',
'' = 'quot;',
+   '' = 'gt;',
\n = '#10;',
\r = '#13;',
\t = '#9;'
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index e8e71b8..c3e972e 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -11642,7 +11642,7 @@
 /ul
 /div
 
-h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: text  textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
+h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: text gt; textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
 psection 1
 /p
 h2span class=mw-headline id=text_.3C_texttext lt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: text lt; textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
@@ -16905,7 +16905,7 @@
 /div
 
 h2span class=mw-headline id=Hellosup 
class=in-h2Hello/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: Helloedit/aspan 
class=mw-editsection-bracket]/span/span/h2
-h2span class=mw-headline id=b.22.3EEvilbyesup 
bgt;Evilbye/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: bquot;Evilbyeedit/aspan 
class=mw-editsection-bracket]/span/span/h2
+h2span class=mw-headline id=b.22.3EEvilbyesup 
bgt;Evilbye/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: bquot;gt;Evilbyeedit/aspan 
class=mw-editsection-bracket]/span/span/h2
 
 !! end
 

-- 
To view, visit https://gerrit.wikimedia.org/r/201027
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_23
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow embedded application/xml in SVG's - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201012

Change subject: SECURITY: Don't allow embedded application/xml in SVG's
..

SECURITY: Don't allow embedded application/xml in SVG's

Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got
around our blacklist on embedded href targets. Use a whitelist instead.

Bug: T85850
Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28
---
M includes/upload/UploadBase.php
M tests/phpunit/includes/upload/UploadBaseTest.php
2 files changed, 23 insertions(+), 14 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/12/201012/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index df86091..5781627 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1416,20 +1416,16 @@
}
}
 
-   # href with embedded svg as target
-   if ( $stripped == 'href'  preg_match( 
'!data:[^,]*image/svg[^,]*,!sim', $value ) ) {
-   wfDebug( __METHOD__ . : Found href to embedded 
svg 
-   . \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
-
-   return true;
-   }
-
-   # href with embedded (text/xml) svg as target
-   if ( $stripped == 'href'  preg_match( 
'!data:[^,]*text/xml[^,]*,!sim', $value ) ) {
-   wfDebug( __METHOD__ . : Found href to embedded 
svg 
-   . \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
-
-   return true;
+   # only allow data: targets that should be safe. This 
prevents vectors like,
+   # image/svg, text/xml, application/xml, and text/html, 
which can contain scripts
+   if ( $stripped == 'href'  strncasecmp( 'data:', 
$value, 5 ) === 0 ) {
+   // rfc2397 parameters. This is only slightly 
slower than (;[\w;]+)*.
+   $parameters = 
'(?;[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+=(?[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+|(?[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|[\0-\x7f])*))*(?:;base64)?';
+   if ( !preg_match( 
!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i, $value ) ) {
+   wfDebug( __METHOD__ . : Found href to 
unwhitelisted data: uri 
+   . \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
+   return true;
+   }
}
 
# Change href with animate from 
(http://html5sec.org/#137). This doesn't seem
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php 
b/tests/phpunit/includes/upload/UploadBaseTest.php
index 475513e..ac8cc43 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -168,6 +168,12 @@
'SVG with javascript xlink 
(http://html5sec.org/#87)'
),
array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:xlink=http://www.w3.org/1999/xlink;use 
xlink:href=data:application/xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KPGRlZnM+CjxjaXJjbGUgaWQ9InRlc3QiIHI9IjUwIiBjeD0iMTAwIiBjeT0iMTAwIiBzdHlsZT0iZmlsbDogI0YwMCI+CjxzZXQgYXR0cmlidXRlTmFtZT0iZmlsbCIgYXR0cmlidXRlVHlwZT0iQ1NTIiBvbmJlZ2luPSdhbGVydChkb2N1bWVudC5jb29raWUpJwpvbmVuZD0nYWxlcnQoIm9uZW5kIiknIHRvPSIjMDBGIiBiZWdpbj0iMXMiIGR1cj0iNXMiIC8+CjwvY2lyY2xlPgo8L2RlZnM+Cjx1c2UgeGxpbms6aHJlZj0iI3Rlc3QiLz4KPC9zdmc+#test/
 /svg',
+   true,
+   true,
+   'SVG with Opera image xlink 
(http://html5sec.org/#88 - c)'
+   ),
+   array(
'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:xlink=http://www.w3.org/1999/xlink;  animation 
xlink:href=javascript:alert(1)/ /svg',
true,
true,
@@ -342,6 +348,13 @@
true,
'SVG with remote background image using image() 
(bug 69008)'
),
+   array(
+   // As reported by Cure53
+   'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:xlink=http://www.w3.org/1999/xlink; a 
xlink:href=data:text/html;charset=utf-8;base64, 
PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ%2BDQo%3D circle 

[MediaWiki-commits] [Gerrit] SECURITY: Fix animate blacklist - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201035

Change subject: SECURITY: Fix animate blacklist
..

SECURITY: Fix animate blacklist

The blacklist should prevent animating any element's xlink:href to a
javascript url.

Bug: T86711
Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a
---
M includes/upload/UploadBase.php
1 file changed, 3 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/35/201035/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index db96ca3..06375f8 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1222,11 +1222,10 @@
}
}
 
-   # Change href with animate from 
(http://html5sec.org/#137). This doesn't seem
-   # possible without embedding the svg, but filter here 
in case.
-   if ( $stripped == 'from'
+   # Change href with animate from 
(http://html5sec.org/#137).
+   if ( $stripped === 'attributename'
 $strippedElement === 'animate'
-!preg_match( '!^https?://!im', $value )
+$this-stripXmlNamespace( $value ) == 'href'
) {
wfDebug( __METHOD__ . : Found animate that 
might be changing href using from 
. \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );

-- 
To view, visit https://gerrit.wikimedia.org/r/201035
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow entities in XMP - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201039

Change subject: SECURITY: Don't allow entities in XMP
..

SECURITY: Don't allow entities in XMP

Test for, and refuse to parse, XMP chunks with a doctype declaration
when parsing XMP.

Bug: T85848
Change-Id: Iea4feb077ee85a35509a920153daaa9321ee69f3
---
M includes/media/BitmapMetadataHandler.php
M includes/media/JpegMetadataExtractor.php
M includes/media/XMP.php
A tests/phpunit/data/xmp/doctype-included.result.php
A tests/phpunit/data/xmp/doctype-included.xmp
A tests/phpunit/data/xmp/doctype-not-included.xmp
M tests/phpunit/includes/media/XMPTest.php
7 files changed, 175 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/39/201039/1

diff --git a/includes/media/BitmapMetadataHandler.php 
b/includes/media/BitmapMetadataHandler.php
index 746..566018c 100644
--- a/includes/media/BitmapMetadataHandler.php
+++ b/includes/media/BitmapMetadataHandler.php
@@ -126,7 +126,7 @@
 * @throws MWException on invalid file.
 */
static function Jpeg ( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
$meta = new self();
 
$seg = JpegMetadataExtractor::segmentSplitter( $filename );
@@ -168,7 +168,7 @@
 * @return Array Array for storage in img_metadata.
 */
static public function PNG ( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
 
$meta = new self();
$array = PNGMetadataExtractor::getMetadata( $filename );
@@ -205,7 +205,7 @@
$meta-addMetadata( array( 'GIFFileComment' = 
$baseArray['comment'] ), 'native' );
}
 
-   if ( $baseArray['xmp'] !== ''  function_exists( 
'xml_parser_create_ns' ) ) {
+   if ( $baseArray['xmp'] !== ''  XMPReader::isSupported() ) {
$xmp = new XMPReader();
$xmp-parse( $baseArray['xmp'] );
$xmpRes = $xmp-getResults();
diff --git a/includes/media/JpegMetadataExtractor.php 
b/includes/media/JpegMetadataExtractor.php
index 224b4a2..7cbd2e9 100644
--- a/includes/media/JpegMetadataExtractor.php
+++ b/includes/media/JpegMetadataExtractor.php
@@ -24,7 +24,7 @@
* @throws MWException if given invalid file.
*/
static function segmentSplitter ( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
 
$segmentCount = 0;
 
diff --git a/includes/media/XMP.php b/includes/media/XMP.php
index 0dbf563..3a4a915 100644
--- a/includes/media/XMP.php
+++ b/includes/media/XMP.php
@@ -40,6 +40,12 @@
 
protected $items;
 
+   /** @var int Flag determining if the XMP is safe to parse **/
+   private $parsable = 0;
+
+   /** @var string Buffer of XML to parse **/
+   private $xmlParsableBuffer = '';
+
/**
* These are various mode constants.
* they are used to figure out what to do
@@ -68,6 +74,12 @@
const NS_RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#';
const NS_XML = 'http://www.w3.org/XML/1998/namespace';
 
+
+   // States used while determining if XML is safe to parse
+   const PARSABLE_UNKNOWN = 0;
+   const PARSABLE_OK = 1;
+   const PARSABLE_BUFFERING = 2;
+   const PARSABLE_NO = 3;
 
/**
* Constructor.
@@ -106,6 +118,9 @@
array( $this, 'endElement' ) );
 
xml_set_character_data_handler( $this-xmlParser, array( $this, 
'char' ) );
+
+   $this-parsable = self::PARSABLE_UNKNOWN;
+   $this-xmlParsableBuffer = '';
}
 
/** Destroy the xml parser
@@ -115,6 +130,13 @@
function __destruct() {
// not sure if this is needed.
xml_parser_free( $this-xmlParser );
+   }
+
+   /**
+* Check if this instance supports using this class
+*/
+   public static function isSupported() {
+   return function_exists( 'xml_parser_create_ns' )  
class_exists( 'XMLReader' );
}
 
/** Get the result array. Do some post-processing before returning
@@ -263,6 +285,27 @@
wfRestoreWarnings();
}
 
+   // Ensure the XMP block does not have an xml doctype 
declaration, which
+   // could declare entities unsafe to parse with 
xml_parse (T85848/T71210).
+   if ( $this-parsable !== self::PARSABLE_OK ) {
+   if ( $this-parsable === self::PARSABLE_NO ) {
+   throw 

[MediaWiki-commits] [Gerrit] SECURITY: Always expand xml entities when checking SVG's - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201038

Change subject: SECURITY: Always expand xml entities when checking SVG's
..

SECURITY: Always expand xml entities when checking SVG's

XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml
entities unexpanded, which can lead to false-negatives when the
callback was used for filtering. Update XmlTypeCheck to use XMLReader
instead, tell the library to fully expand entities, and rely on the
library to error out if it encounters XML that is likely to cause a DoS
if parsed.

Bug: T88310
Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba
---
M includes/XmlTypeCheck.php
1 file changed, 201 insertions(+), 84 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/38/201038/1

diff --git a/includes/XmlTypeCheck.php b/includes/XmlTypeCheck.php
index 2062101..693580d 100644
--- a/includes/XmlTypeCheck.php
+++ b/includes/XmlTypeCheck.php
@@ -1,11 +1,36 @@
 ?php
+/**
+ * XML syntax and type checker.
+ *
+ * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us
+ * more control over the expansion of XML entities. When passed to the
+ * callback, entities will be fully expanded, but may report the XML is
+ * invalid if expanding the entities are likely to cause a DoS.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ */
 
 class XmlTypeCheck {
/**
 * Will be set to true or false to indicate whether the file is
 * well-formed XML. Note that this doesn't check schema validity.
 */
-   public $wellFormed = false;
+   public $wellFormed = null;
 
/**
 * Will be set to true if the optional element filter returned
@@ -19,7 +44,7 @@
 */
public $rootElement = '';
 
-   /**
+   /**
 * A stack of strings containing the data of each xml element as it's 
processed. Append
 * data to the top string of the stack, then pop off the string and 
process it when the
 * element is closed.
@@ -44,19 +69,19 @@
);
 
/**
-* @param $file string filename
-* @param $filterCallback callable (optional)
+* @param string $input a filename
+* @param callable $filterCallback (optional)
 *Function to call to do additional custom validity checks from 
the
 *SAX element handler event. This gives you access to the 
element
 *namespace, name, attributes, and text contents.
 *Filter should return 'true' to toggle on $this-filterMatch
 * @param array $options list of additional parsing options:
-*  processing_instruction_handler: Callback for 
xml_set_processing_instruction_handler
+*processing_instruction_handler: Callback for 
xml_set_processing_instruction_handler
 */
-   function __construct( $file, $filterCallback=null, $options=array() ) {
+   function __construct( $input, $filterCallback = null, $options = 
array() ) {
$this-filterCallback = $filterCallback;
$this-parserOptions = array_merge( $this-parserOptions, 
$options );
-   $this-run( $file );
+   $this-validateFromInput( $input, true );
}
 
/**
@@ -68,119 +93,211 @@
return $this-rootElement;
}
 
-   /**
-* @param $fname
-*/
-   private function run( $fname ) {
-   $parser = xml_parser_create_ns( 'UTF-8' );
-
-   // case folding violates XML standard, turn it off
-   xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false 
);
-
-   xml_set_element_handler( $parser, array( $this, 
'rootElementOpen' ), false );
-
-   if ( $this-parserOptions['processing_instruction_handler'] ) {
-   xml_set_processing_instruction_handler(
-   $parser,
-   array( $this, 'processingInstructionHandler' )
-   );
-   }
-
-   if ( file_exists( $fname ) ) {
-   $file = fopen( $fname, rb );
-

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow embedded application/xml in SVG's - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201034

Change subject: SECURITY: Don't allow embedded application/xml in SVG's
..

SECURITY: Don't allow embedded application/xml in SVG's

Fix for iSEC-WMF1214-11 and issue reported by Cure 53, which got
around our blacklist on embedded href targets. Use a whitelist instead.

Bug: T85850
Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28
---
M includes/upload/UploadBase.php
1 file changed, 10 insertions(+), 10 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/34/201034/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 1f893c5..db96ca3 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1210,16 +1210,16 @@
}
}
 
-   # href with embeded svg as target
-   if( $stripped == 'href'  preg_match( 
'!data:[^,]*image/svg[^,]*,!sim', $value ) ) {
-   wfDebug( __METHOD__ . : Found href to embedded 
svg \$strippedElement '$attrib'='$value'...\ in uploaded file.\n );
-   return true;
-   }
-
-   # href with embeded (text/xml) svg as target
-   if( $stripped == 'href'  preg_match( 
'!data:[^,]*text/xml[^,]*,!sim', $value ) ) {
-   wfDebug( __METHOD__ . : Found href to embedded 
svg \$strippedElement '$attrib'='$value'...\ in uploaded file.\n );
-   return true;
+   # only allow data: targets that should be safe. This 
prevents vectors like,
+   # image/svg, text/xml, application/xml, and text/html, 
which can contain scripts
+   if ( $stripped == 'href'  strncasecmp( 'data:', 
$value, 5 ) === 0 ) {
+   // rfc2397 parameters. This is only slightly 
slower than (;[\w;]+)*.
+   $parameters = 
'(?;[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+=(?[a-zA-Z0-9\!#$\'*+.^_`{|}~-]+|(?[\0-\x0c\x0e-\x21\x23-\x5b\x5d-\x7f]+|[\0-\x7f])*))*(?:;base64)?';
+   if ( !preg_match( 
!^data:\s*image/(gif|jpeg|jpg|png)$parameters,!i, $value ) ) {
+   wfDebug( __METHOD__ . : Found href to 
unwhitelisted data: uri 
+   . \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
+   return true;
+   }
}
 
# Change href with animate from 
(http://html5sec.org/#137). This doesn't seem

-- 
To view, visit https://gerrit.wikimedia.org/r/201034
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I17b7ed65935b818695a83fd901fcaf90fffecf28
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Escape in Html::expandAttributes - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201037

Change subject: SECURITY: Escape  in Html::expandAttributes
..

SECURITY: Escape  in Html::expandAttributes

Escape  characters in attributes, so we don't confuse post-processing,
like LanguageConverter.

Bug: T73394
Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
---
M includes/Html.php
M tests/parser/parserTests.txt
2 files changed, 7 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/37/201037/1

diff --git a/includes/Html.php b/includes/Html.php
index 2187b5b..7fa901f 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -525,17 +525,20 @@
} else {
# Apparently we need to entity-encode \n, \r, 
\t, although the
# spec doesn't mention that.  Since we're doing 
strtr() anyway,
-   # and we don't need  escaped here, we may as 
well not call
-   # htmlspecialchars().
+   # we may as well not call htmlspecialchars().
# @todo FIXME: Verify that we actually need to
# escape \n\r\t here, and explain why, exactly.
#
# We could call Sanitizer::encodeAttribute() 
for this, but we
# don't because we're stubborn and like our 
marginal savings on
# byte size from not having to encode 
unnecessary quotes.
+   # The only difference between this transform 
and the one by
+   # Sanitizer::encodeAttribute() is '' is only 
encoded here if
+   # $wgWellFormedXml is set, and ' is not encoded.
$map = array(
'' = 'amp;',
'' = 'quot;',
+   '' = 'gt;',
\n = '#10;',
\r = '#13;',
\t = '#9;'
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index c833ef0..22fe118 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -4506,7 +4506,7 @@
 li class=toclevel-1 tocsection-5a href=#text_.22_textspan 
class=tocnumber5/span span class=toctexttext  text/span/a/li
 /ul
 /td/tr/table
-h2span class=editsection[a 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: text  textedit/a]/span span class=mw-headline 
id=text_.3E_text text gt; text /span/h2
+h2span class=editsection[a 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: text gt; textedit/a]/span span class=mw-headline 
id=text_.3E_text text gt; text /span/h2
 psection 1
 /p
 h2span class=editsection[a 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: text lt; textedit/a]/span span class=mw-headline 
id=text_.3C_text text lt; text /span/h2
@@ -9165,7 +9165,7 @@
 /ul
 /td/tr/table
 h2span class=editsection[a 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: Helloedit/a]/span span class=mw-headline id=Hello sup 
class=in-h2Hello/sup /span/h2
-h2span class=editsection[a 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: bquot;Evilbyeedit/a]/span span class=mw-headline 
id=b.22.3EEvilbye sup bgt;Evilbye/sup /span/h2
+h2span class=editsection[a 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: bquot;gt;Evilbyeedit/a]/span span class=mw-headline 
id=b.22.3EEvilbye sup bgt;Evilbye/sup /span/h2
 
 !! end
 

-- 
To view, visit https://gerrit.wikimedia.org/r/201037
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Updated release notes and version number for MediaWiki 1.19.24 - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201040

Change subject: Updated release notes and version number for MediaWiki 1.19.24
..

Updated release notes and version number for MediaWiki 1.19.24

Change-Id: Ibd34c5b48222088dc7cec2abb0bf38d6cc442182
---
M RELEASE-NOTES-1.19
M includes/DefaultSettings.php
2 files changed, 15 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/40/201040/1

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index 8306b57..3e22c86 100644
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -3,6 +3,20 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.19.24 ==
+
+This is a security and maintenance release of the MediaWiki 1.19 branch.
+
+== Changes since 1.19.23 ==
+
+* (T85848, T71210) SECURITY: Don't parse XMP blocks that contain XML entities,
+  to prevent various DoS attacks.
+* (T88310) SECURITY: Always expand xml entities when checking SVG's.
+* (T73394) SECURITY: Escape  in Html::expandAttributes to prevent XSS.
+* (T85855) SECURITY: Don't execute another user's CSS or JS on preview.
+* (T85349, T85850, T86711) SECURITY: Multiple issues fixed in SVG filtering to
+  prevent XSS and protect viewer's privacy.
+
 == MediaWiki 1.19.23 ==
 
 This is a security and maintenance release of the MediaWiki 1.19 branch.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index ff8301e..3aa86a3 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@
 /** @endcond */
 
 /** MediaWiki version number */
-$wgVersion = '1.19.23';
+$wgVersion = '1.19.24';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename = 'MediaWiki';

-- 
To view, visit https://gerrit.wikimedia.org/r/201040
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibd34c5b48222088dc7cec2abb0bf38d6cc442182
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Make SVG @import checking case insensitive - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201033

Change subject: SECURITY: Make SVG @import checking case insensitive
..

SECURITY: Make SVG @import checking case insensitive

@import in embedded CSS is case-insensitive, meaning
an attacker can put @iMpOrT and it should still
work.

This uses stripos instead of strpos to make the check
case insensitive.

Bug: T85349
Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
---
M includes/upload/UploadBase.php
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/33/201033/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 11e70e7..1f893c5 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1300,7 +1300,7 @@
private static function checkCssFragment( $value ) {
 
# Forbid external stylesheets, for both reliability and to 
protect viewer's privacy
-   if ( strpos( $value, '@import' ) !== false ) {
+   if ( stripos( $value, '@import' ) !== false ) {
return true;
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/201033
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Parent5446 tylerro...@gmail.com

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Don't execute another user's CSS or JS on preview - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201036

Change subject: SECURITY: Don't execute another user's CSS or JS on preview
..

SECURITY: Don't execute another user's CSS or JS on preview

Someone could theoretically try to hide malicious code in their user
common.js and then trick an admin into previewing it by asking for help.

Bug: T85855
Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a
---
M includes/EditPage.php
M includes/OutputPage.php
2 files changed, 14 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/36/201036/1

diff --git a/includes/EditPage.php b/includes/EditPage.php
index d00d911..07a5a07 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1988,11 +1988,16 @@
if ( $this-isWrongCaseCssJsPage ) {
$wgOut-wrapWikiMsg( div 
class='error' id='mw-userinvalidcssjstitle'\n$1\n/div, array( 
'userinvalidcssjstitle', $this-mTitle-getSkinFromCssJsSubpage() ) );
}
-   if ( $this-formtype !== 'preview' ) {
-   if ( $this-isCssSubpage )
-   $wgOut-wrapWikiMsg( div 
id='mw-usercssyoucanpreview'\n$1\n/div, array( 'usercssyoucanpreview' ) );
-   if ( $this-isJsSubpage )
-   $wgOut-wrapWikiMsg( div 
id='mw-userjsyoucanpreview'\n$1\n/div, array( 'userjsyoucanpreview' ) );
+   if ( $this-getTitle()-isSubpageOf( 
$wgUser-getUserPage() ) ) {
+   if ( $this-formtype !== 'preview' ) {
+   if ( $this-isCssSubpage ) {
+   $wgOut-wrapWikiMsg( 
div id='mw-usercssyoucanpreview'\n$1\n/div, array( 'usercssyoucanpreview' 
) );
+   }
+
+   if ( $this-isJsSubpage ) {
+   $wgOut-wrapWikiMsg( 
div id='mw-userjsyoucanpreview'\n$1\n/div, array( 'userjsyoucanpreview' ) 
);
+   }
+   }
}
}
}
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index e658c0e..20520bc 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -2975,6 +2975,10 @@
if ( !$this-getTitle()-isJsSubpage()  
!$this-getTitle()-isCssSubpage() ) {
return false;
}
+   if ( !$this-getTitle()-isSubpageOf( 
$this-getUser()-getUserPage() ) ) {
+   // Don't execute another user's CSS or JS on preview 
(T85855)
+   return false;
+   }
 
return !count( $this-getTitle()-getUserPermissionsErrors( 
'edit', $this-getUser() ) );
}

-- 
To view, visit https://gerrit.wikimedia.org/r/201036
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5a7a75306695859df5d848f6105b81bea0098f0a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow directly calling Xml::isWellFormed - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201018

Change subject: SECURITY: Don't allow directly calling Xml::isWellFormed
..

SECURITY: Don't allow directly calling Xml::isWellFormed

Changing Xml::isWellFormed to private. In WMF hosted repos, there are
no callers to isWellFormed directly.

Bug: T85848
Change-Id: I104427989b89c386de571b8e60642095331a1132
---
M includes/Xml.php
1 file changed, 3 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/18/201018/1

diff --git a/includes/Xml.php b/includes/Xml.php
index 159f711..c6c0286 100644
--- a/includes/Xml.php
+++ b/includes/Xml.php
@@ -707,13 +707,15 @@
/**
 * Check if a string is well-formed XML.
 * Must include the surrounding tag.
+* This function is a DoS vector if an attacker can define
+* entities in $text.
 *
 * @param string $text String to test.
 * @return bool
 *
 * @todo Error position reporting return
 */
-   public static function isWellFormed( $text ) {
+   private static function isWellFormed( $text ) {
$parser = xml_parser_create( UTF-8 );
 
# case folding violates XML standard, turn it off

-- 
To view, visit https://gerrit.wikimedia.org/r/201018
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I104427989b89c386de571b8e60642095331a1132
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_24
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Make SVG @import checking case insensitive - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201011

Change subject: SECURITY: Make SVG @import checking case insensitive
..

SECURITY: Make SVG @import checking case insensitive

@import in embedded CSS is case-insensitive, meaning
an attacker can put @iMpOrT and it should still
work.

This uses stripos instead of strpos to make the check
case insensitive.

Bug: T85349
Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
---
M includes/upload/UploadBase.php
M tests/phpunit/includes/upload/UploadBaseTest.php
2 files changed, 7 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/11/201011/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 89ce2b3..df86091 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1528,7 +1528,7 @@
private static function checkCssFragment( $value ) {
 
# Forbid external stylesheets, for both reliability and to 
protect viewer's privacy
-   if ( strpos( $value, '@import' ) !== false ) {
+   if ( stripos( $value, '@import' ) !== false ) {
return true;
}
 
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php 
b/tests/phpunit/includes/upload/UploadBaseTest.php
index 41d8dee..475513e 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -311,6 +311,12 @@
'SVG with @import in style element and child 
element (bug 69008#c11)'
),
array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
viewBox=6 3 177 153 xmlns:xlink=http://www.w3.org/1999/xlink; 
style@imporT 
https://fonts.googleapis.com/css?family=Bitter:700amp;text=WebPlatform.org;;/style
 g transform=translate(-.5,-.5) text fill=#474747 x=95 y=150 
text-anchor=middle font-family=Bitter font-size=20 
font-weight=boldWebPlatform.org/text /g /svg',
+   true,
+   true,
+   'SVG with case-insensitive @import in style 
element (bug T85349)'
+   ),
+   array(
'svg xmlns=http://www.w3.org/2000/svg; rect 
width=100 height=100 
style=background-image:url(https://www.google.com/images/srpr/logo11w.png)/ 
/svg',
true,
true,

-- 
To view, visit https://gerrit.wikimedia.org/r/201011
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_24
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Parent5446 tylerro...@gmail.com

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Fix reflected XSS in API with wddx output under HHVM - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201020

Change subject: SECURITY: Fix reflected XSS in API with wddx output under HHVM
..

SECURITY: Fix reflected XSS in API with wddx output under HHVM

Bug: T85851
Change-Id: I9cdf896e7070ed51e42625d61609ad9ef91cd567
(cherry-picked from commit 39703e93187bc0aa8059fbfa666b3605424b90f3)
---
M includes/api/ApiFormatWddx.php
1 file changed, 39 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/20/201020/1

diff --git a/includes/api/ApiFormatWddx.php b/includes/api/ApiFormatWddx.php
index ba90c26..ec3dc2d 100644
--- a/includes/api/ApiFormatWddx.php
+++ b/includes/api/ApiFormatWddx.php
@@ -38,15 +38,7 @@
public function execute() {
$this-markDeprecated();
 
-   // Some versions of PHP have a broken wddx_serialize_value, see
-   // PHP bug 45314. Test encoding an affected character (U+00A0)
-   // to avoid this.
-   $expected =
-   wddxPacket 
version='1.0'header/datastring\xc2\xa0/string/data/wddxPacket;
-   if ( function_exists( 'wddx_serialize_value' )
-!$this-getIsHtml()
-wddx_serialize_value( \xc2\xa0 ) == $expected
-   ) {
+   if ( !$this-getIsHtml()  !static::useSlowPrinter() ) {
$this-printText( wddx_serialize_value( 
$this-getResultData() ) );
} else {
// Don't do newlines and indentation if we weren't asked
@@ -63,6 +55,44 @@
}
}
 
+   public static function useSlowPrinter() {
+   if ( !function_exists( 'wddx_serialize_value' ) ) {
+   return true;
+   }
+
+   // Some versions of PHP have a broken wddx_serialize_value, see
+   // PHP bug 45314. Test encoding an affected character (U+00A0)
+   // to avoid this.
+   $expected =
+   wddxPacket 
version='1.0'header/datastring\xc2\xa0/string/data/wddxPacket;
+   if ( wddx_serialize_value( \xc2\xa0 ) !== $expected ) {
+   return true;
+   }
+
+   // Some versions of HHVM don't correctly encode ampersands.
+   $expected =
+   wddxPacket 
version='1.0'header/datastringamp;/string/data/wddxPacket;
+   if ( wddx_serialize_value( '' ) !== $expected ) {
+   return true;
+   }
+
+   // Some versions of HHVM don't correctly encode empty arrays as 
subvalues.
+   $expected =
+   wddxPacket version='1.0'header/dataarray 
length='1'array length='0'/array/array/data/wddxPacket;
+   if ( wddx_serialize_value( array( array() ) ) !== $expected ) {
+   return true;
+   }
+
+   // Some versions of HHVM don't correctly encode associative 
arrays with numeric keys.
+   $expected =
+   wddxPacket version='1.0'header/datastructvar 
name='2'number1/number/var/struct/data/wddxPacket;
+   if ( wddx_serialize_value( array( 2 = 1 ) ) !== $expected ) {
+   return true;
+   }
+
+   return false;
+   }
+
/**
 * Recursively go through the object and output its data in WDDX format.
 * @param mixed $elemValue

-- 
To view, visit https://gerrit.wikimedia.org/r/201020
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9cdf896e7070ed51e42625d61609ad9ef91cd567
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_24
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Anomie bjor...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Escape in Html::expandAttributes - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201016

Change subject: SECURITY: Escape  in Html::expandAttributes
..

SECURITY: Escape  in Html::expandAttributes

Escape  characters in attributes, so we don't confuse post-processing,
like LanguageConverter.

Bug: T73394
Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
---
M includes/Html.php
M tests/parser/parserTests.txt
2 files changed, 7 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/16/201016/1

diff --git a/includes/Html.php b/includes/Html.php
index 1e16e39..2e14814 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -546,17 +546,20 @@
} else {
// Apparently we need to entity-encode \n, \r, 
\t, although the
// spec doesn't mention that.  Since we're 
doing strtr() anyway,
-   // and we don't need  escaped here, we may as 
well not call
-   // htmlspecialchars().
+   // we may as well not call htmlspecialchars().
// @todo FIXME: Verify that we actually need to
// escape \n\r\t here, and explain why, exactly.
#
// We could call Sanitizer::encodeAttribute() 
for this, but we
// don't because we're stubborn and like our 
marginal savings on
// byte size from not having to encode 
unnecessary quotes.
+   // The only difference between this transform 
and the one by
+   // Sanitizer::encodeAttribute() is '' is only 
encoded here if
+   // $wgWellFormedXml is set, and ' is not 
encoded.
$map = array(
'' = 'amp;',
'' = 'quot;',
+   '' = 'gt;',
\n = '#10;',
\r = '#13;',
\t = '#9;'
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index c90c4f6..f915922 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -12944,7 +12944,7 @@
 /ul
 /div
 
-h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: text  textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
+h2span class=mw-headline id=text_.3E_texttext gt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: text gt; textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
 psection 1
 /p
 h2span class=mw-headline id=text_.3C_texttext lt; text/spanspan 
class=mw-editsectionspan class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: text lt; textedit/aspan 
class=mw-editsection-bracket]/span/span/h2
@@ -18472,7 +18472,7 @@
 /div
 
 h2span class=mw-headline id=Hellosup 
class=in-h2Hello/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=1 title=Edit 
section: Helloedit/aspan 
class=mw-editsection-bracket]/span/span/h2
-h2span class=mw-headline id=b.22.3EEvilbyesup 
bgt;Evilbye/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: bquot;Evilbyeedit/aspan 
class=mw-editsection-bracket]/span/span/h2
+h2span class=mw-headline id=b.22.3EEvilbyesup 
bgt;Evilbye/sup/spanspan class=mw-editsectionspan 
class=mw-editsection-bracket[/spana 
href=/index.php?title=Parser_testamp;action=editamp;section=2 title=Edit 
section: bquot;gt;Evilbyeedit/aspan 
class=mw-editsection-bracket]/span/span/h2
 
 !! end
 

-- 
To view, visit https://gerrit.wikimedia.org/r/201016
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I768e2a12c7b6ba635e6c8571676b8c776b16bf72
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_24
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Always expand xml entities when checking SVG's - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201017

Change subject: SECURITY: Always expand xml entities when checking SVG's
..

SECURITY: Always expand xml entities when checking SVG's

XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml
entities unexpanded, which can lead to false-negatives when the
callback was used for filtering. Update XmlTypeCheck to use XMLReader
instead, tell the library to fully expand entities, and rely on the
library to error out if it encounters XML that is likely to cause a DoS
if parsed.

Bug: T88310
Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba
---
M includes/libs/XmlTypeCheck.php
M tests/phpunit/includes/XmlTypeCheckTest.php
M tests/phpunit/includes/upload/UploadBaseTest.php
3 files changed, 206 insertions(+), 105 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/17/201017/1

diff --git a/includes/libs/XmlTypeCheck.php b/includes/libs/XmlTypeCheck.php
index aca857e..31a4e28 100644
--- a/includes/libs/XmlTypeCheck.php
+++ b/includes/libs/XmlTypeCheck.php
@@ -2,6 +2,11 @@
 /**
  * XML syntax and type checker.
  *
+ * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us
+ * more control over the expansion of XML entities. When passed to the
+ * callback, entities will be fully expanded, but may report the XML is
+ * invalid if expanding the entities are likely to cause a DoS.
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
@@ -25,7 +30,7 @@
 * Will be set to true or false to indicate whether the file is
 * well-formed XML. Note that this doesn't check schema validity.
 */
-   public $wellFormed = false;
+   public $wellFormed = null;
 
/**
 * Will be set to true if the optional element filter returned
@@ -78,12 +83,7 @@
function __construct( $input, $filterCallback = null, $isFile = true, 
$options = array() ) {
$this-filterCallback = $filterCallback;
$this-parserOptions = array_merge( $this-parserOptions, 
$options );
-
-   if ( $isFile ) {
-   $this-validateFromFile( $input );
-   } else {
-   $this-validateFromString( $input );
-   }
+   $this-validateFromInput( $input, $isFile );
}
 
/**
@@ -125,140 +125,211 @@
return $this-rootElement;
}
 
-   /**
-* Get an XML parser with the root element handler.
-* @see XmlTypeCheck::rootElementOpen()
-* @return resource a resource handle for the XML parser
-*/
-   private function getParser() {
-   $parser = xml_parser_create_ns( 'UTF-8' );
-   // case folding violates XML standard, turn it off
-   xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false 
);
-   xml_set_element_handler( $parser, array( $this, 
'rootElementOpen' ), false );
-   if ( $this-parserOptions['processing_instruction_handler'] ) {
-   xml_set_processing_instruction_handler(
-   $parser,
-   array( $this, 'processingInstructionHandler' )
-   );
-   }
-   return $parser;
-   }
 
/**
 * @param string $fname the filename
 */
-   private function validateFromFile( $fname ) {
-   $parser = $this-getParser();
-
-   if ( file_exists( $fname ) ) {
-   $file = fopen( $fname, rb );
-   if ( $file ) {
-   do {
-   $chunk = fread( $file, 32768 );
-   $ret = xml_parse( $parser, $chunk, 
feof( $file ) );
-   if ( $ret == 0 ) {
-   $this-wellFormed = false;
-   fclose( $file );
-   xml_parser_free( $parser );
-   return;
-   }
-   } while ( !feof( $file ) );
-
-   fclose( $file );
-   }
-   }
-   $this-wellFormed = true;
-
-   xml_parser_free( $parser );
-   }
-
-   /**
-*
-* @param string $string the XML-input-string to be checked.
-*/
-   private function validateFromString( $string ) {
-   $parser = $this-getParser();
-   $ret = xml_parse( $parser, $string, true );
-   

[MediaWiki-commits] [Gerrit] SECURITY: Fix animate blacklist - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201025

Change subject: SECURITY: Fix animate blacklist
..

SECURITY: Fix animate blacklist

The blacklist should prevent animating any element's xlink:href to a
javascript url.

Bug: T86711
Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a
---
M includes/upload/UploadBase.php
M tests/phpunit/includes/upload/UploadBaseTest.php
2 files changed, 15 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/25/201025/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index cf3e67d..eb33220 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1327,11 +1327,10 @@
}
}
 
-   # Change href with animate from 
(http://html5sec.org/#137). This doesn't seem
-   # possible without embedding the svg, but filter here 
in case.
-   if ( $stripped == 'from'
+   # Change href with animate from 
(http://html5sec.org/#137).
+   if ( $stripped === 'attributename'
 $strippedElement === 'animate'
-!preg_match( '!^https?://!im', $value )
+$this-stripXmlNamespace( $value ) == 'href'
) {
wfDebug( __METHOD__ . : Found animate that 
might be changing href using from 
. \$strippedElement 
'$attrib'='$value'...\ in uploaded file.\n );
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php 
b/tests/phpunit/includes/upload/UploadBaseTest.php
index ac8cc43..a40dd50 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -284,6 +284,18 @@
true,
'SVG with animate from 
(http://html5sec.org/#137)'
),
+   array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:xlink=http://www.w3.org/1999/xlink; atext y=1emClick me/text 
animate attributeName=xlink:href values=javascript:alert(\'Bang!\') 
begin=0s dur=0.1s fill=freeze / /a/svg',
+   true,
+   true,
+   'SVG with animate xlink:href 
(http://html5sec.org/#137)'
+   ),
+   array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
xmlns:y=http://www.w3.org/1999/xlink; a y:href=# text y=1emClick 
me/text animate attributeName=y:href values=javascript:alert(\'Bang!\') 
begin=0s dur=0.1s fill=freeze / /a /svg',
+   true,
+   true,
+   'SVG with animate y:href 
(http://html5sec.org/#137)'
+   ),
 
// Other hostile SVG's
array(

-- 
To view, visit https://gerrit.wikimedia.org/r/201025
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia9e9192165fdfe1701f22605eee0b0e5c9137d5a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_23
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Make SVG @import checking case insensitive - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201023

Change subject: SECURITY: Make SVG @import checking case insensitive
..

SECURITY: Make SVG @import checking case insensitive

@import in embedded CSS is case-insensitive, meaning
an attacker can put @iMpOrT and it should still
work.

This uses stripos instead of strpos to make the check
case insensitive.

Bug: T85349
Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
---
M includes/upload/UploadBase.php
M tests/phpunit/includes/upload/UploadBaseTest.php
2 files changed, 7 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/23/201023/1

diff --git a/includes/upload/UploadBase.php b/includes/upload/UploadBase.php
index 5c62e0f..3db2653 100644
--- a/includes/upload/UploadBase.php
+++ b/includes/upload/UploadBase.php
@@ -1404,7 +1404,7 @@
private static function checkCssFragment( $value ) {
 
# Forbid external stylesheets, for both reliability and to 
protect viewer's privacy
-   if ( strpos( $value, '@import' ) !== false ) {
+   if ( stripos( $value, '@import' ) !== false ) {
return true;
}
 
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php 
b/tests/phpunit/includes/upload/UploadBaseTest.php
index 41d8dee..475513e 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -311,6 +311,12 @@
'SVG with @import in style element and child 
element (bug 69008#c11)'
),
array(
+   'svg xmlns=http://www.w3.org/2000/svg; 
viewBox=6 3 177 153 xmlns:xlink=http://www.w3.org/1999/xlink; 
style@imporT 
https://fonts.googleapis.com/css?family=Bitter:700amp;text=WebPlatform.org;;/style
 g transform=translate(-.5,-.5) text fill=#474747 x=95 y=150 
text-anchor=middle font-family=Bitter font-size=20 
font-weight=boldWebPlatform.org/text /g /svg',
+   true,
+   true,
+   'SVG with case-insensitive @import in style 
element (bug T85349)'
+   ),
+   array(
'svg xmlns=http://www.w3.org/2000/svg; rect 
width=100 height=100 
style=background-image:url(https://www.google.com/images/srpr/logo11w.png)/ 
/svg',
true,
true,

-- 
To view, visit https://gerrit.wikimedia.org/r/201023
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I31db9d81f46460af2d8d3f161ba46c2ab7a170d1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_23
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Parent5446 tylerro...@gmail.com

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow entities in XMP - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201019

Change subject: SECURITY: Don't allow entities in XMP
..

SECURITY: Don't allow entities in XMP

Test for, and refuse to parse, XMP chunks with a doctype declaration
when parsing XMP.

Bug: T85848
Change-Id: Iea4feb077ee85a35509a920153daaa9321ee69f3
---
M includes/media/BitmapMetadataHandler.php
M includes/media/JpegMetadataExtractor.php
M includes/media/XMP.php
A tests/phpunit/data/xmp/doctype-included.result.php
A tests/phpunit/data/xmp/doctype-included.xmp
A tests/phpunit/data/xmp/doctype-not-included.xmp
M tests/phpunit/includes/media/XMPTest.php
7 files changed, 176 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/19/201019/1

diff --git a/includes/media/BitmapMetadataHandler.php 
b/includes/media/BitmapMetadataHandler.php
index dd41c38..1d79015 100644
--- a/includes/media/BitmapMetadataHandler.php
+++ b/includes/media/BitmapMetadataHandler.php
@@ -154,7 +154,7 @@
 * @throws MWException On invalid file.
 */
static function Jpeg( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
$meta = new self();
 
$seg = JpegMetadataExtractor::segmentSplitter( $filename );
@@ -196,7 +196,7 @@
 * @return array Array for storage in img_metadata.
 */
public static function PNG( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
 
$meta = new self();
$array = PNGMetadataExtractor::getMetadata( $filename );
@@ -236,7 +236,7 @@
$meta-addMetadata( array( 'GIFFileComment' = 
$baseArray['comment'] ), 'native' );
}
 
-   if ( $baseArray['xmp'] !== ''  function_exists( 
'xml_parser_create_ns' ) ) {
+   if ( $baseArray['xmp'] !== ''  XMPReader::isSupported() ) {
$xmp = new XMPReader();
$xmp-parse( $baseArray['xmp'] );
$xmpRes = $xmp-getResults();
diff --git a/includes/media/JpegMetadataExtractor.php 
b/includes/media/JpegMetadataExtractor.php
index 8c5b46b..aaa9930 100644
--- a/includes/media/JpegMetadataExtractor.php
+++ b/includes/media/JpegMetadataExtractor.php
@@ -48,7 +48,7 @@
 * @throws MWException If given invalid file.
 */
static function segmentSplitter( $filename ) {
-   $showXMP = function_exists( 'xml_parser_create_ns' );
+   $showXMP = XMPReader::isSupported();
 
$segmentCount = 0;
 
diff --git a/includes/media/XMP.php b/includes/media/XMP.php
index cdbd5ab..a3f45e6 100644
--- a/includes/media/XMP.php
+++ b/includes/media/XMP.php
@@ -80,6 +80,12 @@
/** @var int */
private $extendedXMPOffset = 0;
 
+   /** @var int Flag determining if the XMP is safe to parse **/
+   private $parsable = 0;
+
+   /** @var string Buffer of XML to parse **/
+   private $xmlParsableBuffer = '';
+
/**
 * These are various mode constants.
 * they are used to figure out what to do
@@ -107,6 +113,12 @@
 
const NS_RDF = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#';
const NS_XML = 'http://www.w3.org/XML/1998/namespace';
+
+   // States used while determining if XML is safe to parse
+   const PARSABLE_UNKNOWN = 0;
+   const PARSABLE_OK = 1;
+   const PARSABLE_BUFFERING = 2;
+   const PARSABLE_NO = 3;
 
/**
 * Constructor.
@@ -145,6 +157,9 @@
array( $this, 'endElement' ) );
 
xml_set_character_data_handler( $this-xmlParser, array( $this, 
'char' ) );
+
+   $this-parsable = self::PARSABLE_UNKNOWN;
+   $this-xmlParsableBuffer = '';
}
 
/** Destroy the xml parser
@@ -154,6 +169,13 @@
function __destruct() {
// not sure if this is needed.
xml_parser_free( $this-xmlParser );
+   }
+
+   /**
+* Check if this instance supports using this class
+*/
+   public static function isSupported() {
+   return function_exists( 'xml_parser_create_ns' )  
class_exists( 'XMLReader' );
}
 
/** Get the result array. Do some post-processing before returning
@@ -305,6 +327,27 @@
wfRestoreWarnings();
}
 
+   // Ensure the XMP block does not have an xml doctype 
declaration, which
+   // could declare entities unsafe to parse with 
xml_parse (T85848/T71210).
+   if ( $this-parsable !== self::PARSABLE_OK ) {
+   if ( $this-parsable === self::PARSABLE_NO ) {
+

[MediaWiki-commits] [Gerrit] SECURITY: Set maximal password length for DoS - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201014

Change subject: SECURITY: Set maximal password length for DoS
..

SECURITY: Set maximal password length for DoS

Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.

Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.

Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
---
M includes/DefaultSettings.php
M includes/User.php
M includes/specials/SpecialUserlogin.php
M languages/i18n/en.json
M languages/i18n/qqq.json
M tests/phpunit/includes/UserTest.php
6 files changed, 58 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/14/201014/1

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 7126893..96d0648 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4146,6 +4146,18 @@
 $wgMinimalPasswordLength = 1;
 
 /**
+ * Specifies the maximal length of a user password (T64685).
+ *
+ * It is not recommended to make this greater than the default, as it can
+ * allow DoS attacks by users setting really long passwords. In addition,
+ * this should not be lowered too much, as it enforces weak passwords.
+ *
+ * @warning Unlike other password settings, user with passwords greater than
+ *  the maximum will not be able to log in.
+ */
+$wgMaximalPasswordLength = 4096;
+
+/**
  * Specifies if users should be sent to a password-reset form on login, if 
their
  * password doesn't meet the requirements of User::isValidPassword().
  * @since 1.23
diff --git a/includes/User.php b/includes/User.php
index 5e5d3ee..a925a3c 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -773,15 +773,24 @@
}
 
/**
-* Check if this is a valid password for this user. Status will be good 
if
-* the password is valid, or have an array of error messages if not.
+* Check if this is a valid password for this user
+*
+* Create a Status object based on the password's validity.
+* The Status should be set to fatal if the user should not
+* be allowed to log in, and should have any errors that
+* would block changing the password.
+*
+* If the return value of this is not OK, the password
+* should not be checked. If the return value is not Good,
+* the password can be checked, but the user should not be
+* able to set their password to this.
 *
 * @param string $password Desired password
 * @return Status
 * @since 1.23
 */
public function checkPasswordValidity( $password ) {
-   global $wgMinimalPasswordLength, $wgContLang;
+   global $wgMinimalPasswordLength, $wgMaximalPasswordLength, 
$wgContLang;
 
static $blockedLogins = array(
'Useruser' = 'Passpass', 'Useruser1' = 'Passpass1', # 
r75589
@@ -800,6 +809,10 @@
if ( $result === false ) {
if ( strlen( $password )  $wgMinimalPasswordLength ) {
$status-error( 'passwordtooshort', 
$wgMinimalPasswordLength );
+   return $status;
+   } elseif ( strlen( $password )  
$wgMaximalPasswordLength ) {
+   // T64685: Password too long, might cause DoS 
attack
+   $status-fatal( 'passwordtoolong', 
$wgMaximalPasswordLength );
return $status;
} elseif ( $wgContLang-lc( $password ) == 
$wgContLang-lc( $this-mName ) ) {
$status-error( 'password-name-match' );
@@ -2300,17 +2313,9 @@
throw new PasswordError( wfMessage( 
'password-change-forbidden' )-text() );
}
 
-   if ( !$this-isValidPassword( $str ) ) {
-   global $wgMinimalPasswordLength;
-   $valid = $this-getPasswordValidity( $str );
-   if ( is_array( $valid ) ) {
-   $message = array_shift( $valid );
-   $params = $valid;
-   } else {
-   $message = $valid;
-   $params = array( 
$wgMinimalPasswordLength );
-   }
-   throw new PasswordError( wfMessage( $message, 
$params )-text() );
+   $status = $this-checkPasswordValidity( $str );
+   if ( !$status-isGood() ) {

[MediaWiki-commits] [Gerrit] SECURITY: Don't allow directly calling Xml::isWellFormed - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201029

Change subject: SECURITY: Don't allow directly calling Xml::isWellFormed
..

SECURITY: Don't allow directly calling Xml::isWellFormed

Changing Xml::isWellFormed to private. In WMF hosted repos, there are
no callers to isWellFormed directly.

Bug: T85848
Change-Id: I104427989b89c386de571b8e60642095331a1132
---
M includes/Xml.php
1 file changed, 3 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/29/201029/1

diff --git a/includes/Xml.php b/includes/Xml.php
index 3b82c64..5e00e04 100644
--- a/includes/Xml.php
+++ b/includes/Xml.php
@@ -679,13 +679,15 @@
/**
 * Check if a string is well-formed XML.
 * Must include the surrounding tag.
+* This function is a DoS vector if an attacker can define
+* entities in $text.
 *
 * @param string $text string to test.
 * @return bool
 *
 * @todo Error position reporting return
 */
-   public static function isWellFormed( $text ) {
+   private static function isWellFormed( $text ) {
$parser = xml_parser_create( UTF-8 );
 
# case folding violates XML standard, turn it off

-- 
To view, visit https://gerrit.wikimedia.org/r/201029
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I104427989b89c386de571b8e60642095331a1132
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_23
Gerrit-Owner: CSteipp cste...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] SECURITY: Always expand xml entities when checking SVG's - change (mediawiki/core)

[CSteipp (Code Review)]

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/201028

Change subject: SECURITY: Always expand xml entities when checking SVG's
..

SECURITY: Always expand xml entities when checking SVG's

XmlTypeCheck's use of xml_parse for filtering SVG's sometimes left xml
entities unexpanded, which can lead to false-negatives when the
callback was used for filtering. Update XmlTypeCheck to use XMLReader
instead, tell the library to fully expand entities, and rely on the
library to error out if it encounters XML that is likely to cause a DoS
if parsed.

Bug: T88310
Change-Id: I77c77a2d6d22f549e7ef969811f7edd77a45dbba
---
M includes/libs/XmlTypeCheck.php
M tests/phpunit/includes/XmlTypeCheckTest.php
M tests/phpunit/includes/upload/UploadBaseTest.php
3 files changed, 206 insertions(+), 105 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/28/201028/1

diff --git a/includes/libs/XmlTypeCheck.php b/includes/libs/XmlTypeCheck.php
index aca857e..31a4e28 100644
--- a/includes/libs/XmlTypeCheck.php
+++ b/includes/libs/XmlTypeCheck.php
@@ -2,6 +2,11 @@
 /**
  * XML syntax and type checker.
  *
+ * Since 1.24.2, it uses XMLReader instead of xml_parse, which gives us
+ * more control over the expansion of XML entities. When passed to the
+ * callback, entities will be fully expanded, but may report the XML is
+ * invalid if expanding the entities are likely to cause a DoS.
+ *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
@@ -25,7 +30,7 @@
 * Will be set to true or false to indicate whether the file is
 * well-formed XML. Note that this doesn't check schema validity.
 */
-   public $wellFormed = false;
+   public $wellFormed = null;
 
/**
 * Will be set to true if the optional element filter returned
@@ -78,12 +83,7 @@
function __construct( $input, $filterCallback = null, $isFile = true, 
$options = array() ) {
$this-filterCallback = $filterCallback;
$this-parserOptions = array_merge( $this-parserOptions, 
$options );
-
-   if ( $isFile ) {
-   $this-validateFromFile( $input );
-   } else {
-   $this-validateFromString( $input );
-   }
+   $this-validateFromInput( $input, $isFile );
}
 
/**
@@ -125,140 +125,211 @@
return $this-rootElement;
}
 
-   /**
-* Get an XML parser with the root element handler.
-* @see XmlTypeCheck::rootElementOpen()
-* @return resource a resource handle for the XML parser
-*/
-   private function getParser() {
-   $parser = xml_parser_create_ns( 'UTF-8' );
-   // case folding violates XML standard, turn it off
-   xml_parser_set_option( $parser, XML_OPTION_CASE_FOLDING, false 
);
-   xml_set_element_handler( $parser, array( $this, 
'rootElementOpen' ), false );
-   if ( $this-parserOptions['processing_instruction_handler'] ) {
-   xml_set_processing_instruction_handler(
-   $parser,
-   array( $this, 'processingInstructionHandler' )
-   );
-   }
-   return $parser;
-   }
 
/**
 * @param string $fname the filename
 */
-   private function validateFromFile( $fname ) {
-   $parser = $this-getParser();
-
-   if ( file_exists( $fname ) ) {
-   $file = fopen( $fname, rb );
-   if ( $file ) {
-   do {
-   $chunk = fread( $file, 32768 );
-   $ret = xml_parse( $parser, $chunk, 
feof( $file ) );
-   if ( $ret == 0 ) {
-   $this-wellFormed = false;
-   fclose( $file );
-   xml_parser_free( $parser );
-   return;
-   }
-   } while ( !feof( $file ) );
-
-   fclose( $file );
-   }
-   }
-   $this-wellFormed = true;
-
-   xml_parser_free( $parser );
-   }
-
-   /**
-*
-* @param string $string the XML-input-string to be checked.
-*/
-   private function validateFromString( $string ) {
-   $parser = $this-getParser();
-   $ret = xml_parse( $parser, $string, true );
-