Commit graph

17 commits

Author SHA1 Message Date
Glaisher d0adbc8f0f Allow IP whitelist to be modified on wiki
Local administrators can now use [[MediaWiki:Captcha-ip-whitelist]]
page to exempt specific IP addresses and IP ranges from captchas.
This is useful for modifying in a short notice such as editathons and
other events like this where captchas add unnecessary complexity for
new users.

The page is disabled by default and IPs should be added separated by
newlines. If any other character is found on a line, it will be ignored
but leading and trailing whitespace characters are allowed.

Bug: T103122
Change-Id: I54866b5bfca80debcf3d3fb7963932ed03b48548
2016-03-12 14:17:23 +05:00
Brian Wolff 01f565863f Show captcha if a specific user account has many failed login attempts
Use a default setting of > 20 logins in 10 minutes. In order to
achieve this many with core's default throttle's, you would have
to be attempting to login from at least 2 IP addresses.

Bug: T122164
Change-Id: Id3ea766cfb7d50444082275a628b8b2aa10e6050
2016-03-03 12:44:15 -05:00
Brian Wolff 49fdcce0b1 Use global cache keys bad login rate limitting captcha trigger
If you are running multiple wikis, you probably want the rate limit
on one wiki to apply to all wikis

Bug: T126685
Change-Id: If5533f222eae9dc540b7c79606d7e7ce613f4e13
2016-02-14 21:29:00 -05:00
Brad Jorsch 01d11b7b73 Add i18n for injected API parameters
Change-Id: I4a0a6c47afdd62e1c9d0b29f066d2a6d1791b52d
2015-12-18 12:53:44 -05:00
Alex Monk 92c5d846da Copy context request changes to wgRequest global
Bug: T118052
Change-Id: I2246e6970b843a4418bf979e9e8b0909f221f1bb
2015-11-07 00:42:01 +00:00
Paladox 30490fba52 Add php code sniffer
Change-Id: I298b8b936a2b86deea75c302d88a7391cdb221c9
2015-10-28 21:46:29 +00:00
Florianschmidtwelzow 0d2a6b7e44 Add error message for edit captcha trigger
If the user has not resolved the "edit"-triggered  CAPTCHA correctly,
show an error message, so the user knows, why their edit isn't saved.

Change-Id: Iecbf280e76e450d111f548fda29220688c65fc3a
2015-10-28 10:39:11 +00:00
Florianschmidtwelzow 443bfac8a8 Add a way to use different tab indexes for CAPTCHA input form
And use it for UsercreateTemplate.

Bug: T113432
Change-Id: I56a618f2132fbcf3fea1a3ce6a409ce90709e849
2015-09-27 01:29:18 +02:00
jenkins-bot 393b2d43f8 Merge "Throw an exception, if wgCaptchaRegexes isn't an array" 2015-09-14 00:24:31 +00:00
Florian 3c1e77b631 Throw an exception, if wgCaptchaRegexes isn't an array
The config needs to be an array to work, if any other type given it
will throw a warning, but doesn't show, that it will not work. Instead
of pass the edit as "not need to be checked", throw an exception to
indicate that something went wrong.

Change-Id: I4a2374ab2c5f8cf9ce5ea5f36f707a770a46a07d
2015-09-13 17:17:48 -07:00
Florian 71388bfdb3 Don't check for edits that will not be saved
Check, if an edit is being saved or not, before checking for captcha
triggers, that potentially could query the database or/and do other
expensive things.

Bug: T93961
Change-Id: Iab3e94e642c965becd23d31c6c1baa4c0cddacde
2015-08-13 14:11:19 +02:00
Gergő Tisza f8362450bb Log event on captcha display/success/failure.
Logs a 'captcha.display' event when a captcha is displayed,
either via web or in an API response, and 'captcha.submit' when
a captcha response is evaluated.

Bug: T91701
Change-Id: I376fdd6740aca4f11776e1326ff2e7e6e5af6a75
2015-07-28 22:32:21 +00:00
csteipp abb9c02d8c Send rate limits to main captcha log
Log exceeding the badcaptcha rate limit to the main captcha log (e.g.,
captcha.log on the WMF cluster).

So that we can measure the impact of things like
https://gerrit.wikimedia.org/r/#/c/195886/

Change-Id: I2af26d23b9343e90db2f01f099c1292914bd7ac3
2015-07-27 13:25:44 -07:00
Timo Tijhof 2f4326a8be Fix missing getForm( OutputPage ) argument in showEditFormFields()
Follows-up 36abbc6.

Bug: T104477
Change-Id: I7fd99b495b07801aa299ea032c325d4ca4368ec5
2015-07-01 20:16:59 +01:00
Florianschmidtwelzow 36abbc6288 Implement support for Google reCAPTCHA 2.0 ("No captcha")
This change adds a new Captcha type (ReCaptchaNoCaptcha) that uses
Google reCAPTCHA 2.0.

See more:
- https://www.google.com/recaptcha/intro/
- https://developers.google.com/recaptcha/docs/display
- https://developers.google.com/recaptcha/docs/faq
- http://googleonlinesecurity.blogspot.com/2014/12/are-you-robot-introducing-no-captcha.html

Bug: T84918
Change-Id: I5908fd2716786237adb01a403d5bd1e22d95c563
2015-06-27 03:00:11 +02:00
Aaron Schulz e13d31e2ab Moved up shouldCheck() short-circuit logic a bit
Change-Id: Idbae820131eba8427075c9a59292ecf243490543
2015-06-22 12:24:21 -07:00
Florian 806c8862df Clean up ConfirmEdit.php entry point and move common files to common places
2. step to use ExtensionRegistration

Bug: T88047
Change-Id: Ifcac2ad0d792a05c391ca1776824e05ab703d5cf
2015-05-21 17:49:13 +02:00