Also update MathCaptcha so that it works with recent versions of
Math (and breaks with old ones). Also fix MathCaptcha API output,
which used to send the question in plaintext.
Bug: T110302
Change-Id: I0da671a546700110d789b79a3089460abd9cce3b
Depends-On: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Local administrators can now use [[MediaWiki:Captcha-ip-whitelist]]
page to exempt specific IP addresses and IP ranges from captchas.
This is useful for modifying in a short notice such as editathons and
other events like this where captchas add unnecessary complexity for
new users.
The page is disabled by default and IPs should be added separated by
newlines. If any other character is found on a line, it will be ignored
but leading and trailing whitespace characters are allowed.
Bug: T103122
Change-Id: I54866b5bfca80debcf3d3fb7963932ed03b48548
Use a default setting of > 20 logins in 10 minutes. In order to
achieve this many with core's default throttle's, you would have
to be attempting to login from at least 2 IP addresses.
Bug: T122164
Change-Id: Id3ea766cfb7d50444082275a628b8b2aa10e6050
If you are running multiple wikis, you probably want the rate limit
on one wiki to apply to all wikis
Bug: T126685
Change-Id: If5533f222eae9dc540b7c79606d7e7ce613f4e13
If the user has not resolved the "edit"-triggered CAPTCHA correctly,
show an error message, so the user knows, why their edit isn't saved.
Change-Id: Iecbf280e76e450d111f548fda29220688c65fc3a
The config needs to be an array to work, if any other type given it
will throw a warning, but doesn't show, that it will not work. Instead
of pass the edit as "not need to be checked", throw an exception to
indicate that something went wrong.
Change-Id: I4a2374ab2c5f8cf9ce5ea5f36f707a770a46a07d
Check, if an edit is being saved or not, before checking for captcha
triggers, that potentially could query the database or/and do other
expensive things.
Bug: T93961
Change-Id: Iab3e94e642c965becd23d31c6c1baa4c0cddacde
Logs a 'captcha.display' event when a captcha is displayed,
either via web or in an API response, and 'captcha.submit' when
a captcha response is evaluated.
Bug: T91701
Change-Id: I376fdd6740aca4f11776e1326ff2e7e6e5af6a75
Log exceeding the badcaptcha rate limit to the main captcha log (e.g.,
captcha.log on the WMF cluster).
So that we can measure the impact of things like
https://gerrit.wikimedia.org/r/#/c/195886/
Change-Id: I2af26d23b9343e90db2f01f099c1292914bd7ac3