Commit graph

77 commits

Author SHA1 Message Date
jenkins-bot b3924fe2ba Merge "Rename 'authmanager' log channel to 'authevents'" 2016-08-10 17:18:17 +00:00
Gergő Tisza 842dd1ae1f Rename 'authmanager' log channel to 'authevents'
Change-Id: I86f54474714fee19e18dabe7c523ebe1901e51a5
2016-08-10 01:39:29 +00:00
Florian e566dcb966 Remove getForm() and replace by getFormInformation()
This commit removes SimpleCaptcha::getForm() and replaces it by its more informative
counterpart getFormInformation(), which returns an array, which provides some
more information about the form than only the html.

The information included in the array is:
 * html: The HTML of the CAPTCHA form (this is the same as what you expected from
   getForm() previously)
 * modules: ResourceLoader modules, if any, that should be added to the output of the
   page
 * modulestyles: ResourceLoader style modules, if any, that should be added to th
   output of the page
 * headitems: Head items that should be added to the output (see OutputPage::addHeadItems)

Mostly you shouldn't need to handle the response of getFormInformation() anymore, as there's
a new function, addFormToOutput(), which takes an instance of OutputPage as a first parameter
and handles the response of getFormInformation for you (adds all information to the given
OutputPage instance, if they're provided).

Bug: T141300
Depends-On: I433afd124b57526caa13a540cda48ba2b99a9bde
Change-Id: I25f344538052fc18993c43185fbd97804a7cfc81
2016-08-04 01:45:13 +00:00
Bartosz Dziewoński 5c9e5cfccd Remove backwards-compatibility code using APIEditBeforeSave hook
It was only needed for MediaWiki prior to 1.25
(09a5febb7b024c0b6585141bb05cba13a642f3eb).
We no longer support those versions after
1d08dd07b8.

Bug: T137832
Change-Id: I27f244631e9dcd160bffff70349e5034f2a537ea
2016-06-16 17:54:54 +02:00
Kunal Mehta 0ebe3f7a28 Fix file permissions
Change-Id: If4855e3a6d7d35dd94093108f4da3bd1362f6827
2016-06-09 16:19:58 -07:00
Gergő Tisza f97212acbf Expose equivalent functionality for passCaptcha
passCaptcha was made protected in I0da671a546700110d789b79a3089460abd9cce3b,
but some other extensions used it, provide passCaptchaFromRequest as a
replacement.

Bug: T135477
Change-Id: I47b2e2fbe3e063cd86e8a2d6bc17ca939472dbe1
2016-05-17 18:29:43 +00:00
Gergő Tisza 3e3b91b527 Add AuthManager support for ReCaptcha, ReCaptchaNoCaptcha
Also remove references to "two words" from ReCaptcha labels.
The captcha image doesn't always contain two words.

Bug: T110302
Change-Id: I544656289480056152a1db195babb6dadf29bc71
2016-05-16 09:51:11 +00:00
Gergő Tisza 31c59374a4 Add AuthManager support to SimpleCaptcha, QuestyCaptcha, FancyCaptcha, MathCaptcha
Also update MathCaptcha so that it works with recent versions of
Math (and breaks with old ones). Also fix MathCaptcha API output,
which used to send the question in plaintext.

Bug: T110302
Change-Id: I0da671a546700110d789b79a3089460abd9cce3b
Depends-On: I8b52ec8ddf494f23941807638f149f15b5e46b0c
2016-05-16 09:50:25 +00:00
Kunal Mehta 9ea898ba2a build: Updating mediawiki/mediawiki-codesniffer to 0.7.1
Also added "composer fix" command.

Change-Id: Ibda3fd002c577c7f7c41920d67ec44fedbd27cb8
2016-05-09 16:41:17 -07:00
Gergő Tisza 5cf1769f46 Fix PHP warning when using createaccount API
Change-Id: I5975c34be4fc11af8dcdd394c0c6605e72f13582
2016-04-26 22:22:55 +02:00
Glaisher d0adbc8f0f Allow IP whitelist to be modified on wiki
Local administrators can now use [[MediaWiki:Captcha-ip-whitelist]]
page to exempt specific IP addresses and IP ranges from captchas.
This is useful for modifying in a short notice such as editathons and
other events like this where captchas add unnecessary complexity for
new users.

The page is disabled by default and IPs should be added separated by
newlines. If any other character is found on a line, it will be ignored
but leading and trailing whitespace characters are allowed.

Bug: T103122
Change-Id: I54866b5bfca80debcf3d3fb7963932ed03b48548
2016-03-12 14:17:23 +05:00
Brian Wolff 01f565863f Show captcha if a specific user account has many failed login attempts
Use a default setting of > 20 logins in 10 minutes. In order to
achieve this many with core's default throttle's, you would have
to be attempting to login from at least 2 IP addresses.

Bug: T122164
Change-Id: Id3ea766cfb7d50444082275a628b8b2aa10e6050
2016-03-03 12:44:15 -05:00
Brian Wolff 49fdcce0b1 Use global cache keys bad login rate limitting captcha trigger
If you are running multiple wikis, you probably want the rate limit
on one wiki to apply to all wikis

Bug: T126685
Change-Id: If5533f222eae9dc540b7c79606d7e7ce613f4e13
2016-02-14 21:29:00 -05:00
Brad Jorsch 01d11b7b73 Add i18n for injected API parameters
Change-Id: I4a0a6c47afdd62e1c9d0b29f066d2a6d1791b52d
2015-12-18 12:53:44 -05:00
Alex Monk 92c5d846da Copy context request changes to wgRequest global
Bug: T118052
Change-Id: I2246e6970b843a4418bf979e9e8b0909f221f1bb
2015-11-07 00:42:01 +00:00
Paladox 30490fba52 Add php code sniffer
Change-Id: I298b8b936a2b86deea75c302d88a7391cdb221c9
2015-10-28 21:46:29 +00:00
Florianschmidtwelzow 0d2a6b7e44 Add error message for edit captcha trigger
If the user has not resolved the "edit"-triggered  CAPTCHA correctly,
show an error message, so the user knows, why their edit isn't saved.

Change-Id: Iecbf280e76e450d111f548fda29220688c65fc3a
2015-10-28 10:39:11 +00:00
Florianschmidtwelzow 443bfac8a8 Add a way to use different tab indexes for CAPTCHA input form
And use it for UsercreateTemplate.

Bug: T113432
Change-Id: I56a618f2132fbcf3fea1a3ce6a409ce90709e849
2015-09-27 01:29:18 +02:00
jenkins-bot 393b2d43f8 Merge "Throw an exception, if wgCaptchaRegexes isn't an array" 2015-09-14 00:24:31 +00:00
Florian 3c1e77b631 Throw an exception, if wgCaptchaRegexes isn't an array
The config needs to be an array to work, if any other type given it
will throw a warning, but doesn't show, that it will not work. Instead
of pass the edit as "not need to be checked", throw an exception to
indicate that something went wrong.

Change-Id: I4a2374ab2c5f8cf9ce5ea5f36f707a770a46a07d
2015-09-13 17:17:48 -07:00
Florian 71388bfdb3 Don't check for edits that will not be saved
Check, if an edit is being saved or not, before checking for captcha
triggers, that potentially could query the database or/and do other
expensive things.

Bug: T93961
Change-Id: Iab3e94e642c965becd23d31c6c1baa4c0cddacde
2015-08-13 14:11:19 +02:00
Gergő Tisza f8362450bb Log event on captcha display/success/failure.
Logs a 'captcha.display' event when a captcha is displayed,
either via web or in an API response, and 'captcha.submit' when
a captcha response is evaluated.

Bug: T91701
Change-Id: I376fdd6740aca4f11776e1326ff2e7e6e5af6a75
2015-07-28 22:32:21 +00:00
csteipp abb9c02d8c Send rate limits to main captcha log
Log exceeding the badcaptcha rate limit to the main captcha log (e.g.,
captcha.log on the WMF cluster).

So that we can measure the impact of things like
https://gerrit.wikimedia.org/r/#/c/195886/

Change-Id: I2af26d23b9343e90db2f01f099c1292914bd7ac3
2015-07-27 13:25:44 -07:00
Timo Tijhof 2f4326a8be Fix missing getForm( OutputPage ) argument in showEditFormFields()
Follows-up 36abbc6.

Bug: T104477
Change-Id: I7fd99b495b07801aa299ea032c325d4ca4368ec5
2015-07-01 20:16:59 +01:00
Florianschmidtwelzow 36abbc6288 Implement support for Google reCAPTCHA 2.0 ("No captcha")
This change adds a new Captcha type (ReCaptchaNoCaptcha) that uses
Google reCAPTCHA 2.0.

See more:
- https://www.google.com/recaptcha/intro/
- https://developers.google.com/recaptcha/docs/display
- https://developers.google.com/recaptcha/docs/faq
- http://googleonlinesecurity.blogspot.com/2014/12/are-you-robot-introducing-no-captcha.html

Bug: T84918
Change-Id: I5908fd2716786237adb01a403d5bd1e22d95c563
2015-06-27 03:00:11 +02:00
Aaron Schulz e13d31e2ab Moved up shouldCheck() short-circuit logic a bit
Change-Id: Idbae820131eba8427075c9a59292ecf243490543
2015-06-22 12:24:21 -07:00
Florian 806c8862df Clean up ConfirmEdit.php entry point and move common files to common places
2. step to use ExtensionRegistration

Bug: T88047
Change-Id: Ifcac2ad0d792a05c391ca1776824e05ab703d5cf
2015-05-21 17:49:13 +02:00