Commit graph

50 commits

Author SHA1 Message Date
Stephane Bisson 93818fe9d1 Make shouldCheck public again
Follow up Ie956fe86184535a376d0398483ac3c853fa9127c

Make SimpleCaptcha::shouldCheck public since it is
called by Flow/includes/SpamFilter/ConfirmEdit.php(35)
and is now failing in production.

Bug: T199811
Change-Id: I85a813aaa06b896266c320089e24ca2e5e81d0ee
2018-07-17 11:27:48 -04:00
Max Semenik 5b7a36a521 Clean up some phpcs problems
Change-Id: Ie956fe86184535a376d0398483ac3c853fa9127c
2018-07-12 23:13:58 +00:00
libraryupgrader d80dc20133 build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: I325d3664bb6087ed457031bf7ec5301d2fae823c
2018-05-26 01:41:30 +00:00
Eddie Greiner-Petter 2848a699db Move "can user skip captchas" check to own function
As a direct effect
- sending emails and creating accounts now respects $wgAllowConfirmedEmail
- log messages get a bit less verbose for mail sending and creating
  accounts (but should be clear from the context what action was
  performed)
- less code duplication \o/

Indirectly, this should make solving the attached bug easy(tm), because it
just needs to add a hook to the canSkipCaptcha function.

Bug: T176589
Change-Id: Id27b0eadbab7300b9e6969d406fa6f00ef0888bf
2018-05-19 13:27:04 +00:00
jenkins-bot 7aae3b655b Merge "Allow other extensions to setup triggers using attributes" 2017-10-24 17:49:56 +00:00
libraryupgrader c683a83c29 build: Updating mediawiki/mediawiki-codesniffer to 14.1.0
And moved phpcs.xml to .phpcs.xml (T177256).

Change-Id: I8c46c34b0282294e2f7c3669e4bb86fd9f47906e
2017-10-21 04:19:58 +00:00
Umherirrender 1254022153 Improve some parameter docs
Change-Id: Idce2db0b489c19ec9b936cfc4ced3792e6f9711d
2017-09-24 12:14:11 +00:00
libraryupgrader 8b439b582d build: Updating mediawiki/mediawiki-codesniffer to 13.0.0
Change-Id: I155f72352224f230e94950f149fba400f26cbe6c
2017-09-24 10:04:06 +00:00
Florian Schmidt 50bc57a200 Allow other extensions to setup triggers using attributes
Instead of misusing the config section of extension.json to declare
captcha triggers in the ConfirmEdits CaptchaTriggers config variable,
other extensions can now use the CaptchaTriggers attribute for the
exact same thing. E.g., to declare a new trigger, the following
addition to the own extension.json will register the trigger in
ConfirmEdit:

  "CaptchaTriggers": {
    "wikiforum": true
  }

This also removes the CaptchaClass config from the main extension.json
config section, and automatically sets the SimpleCaptcha module in the
getInstance() method of ConfirmEditHooks, which is a pre-requirement for
the mediawiki/core change Ieeb26011e42c741041d2c3252238ca0823b99eb4.

Bug: T152929
Change-Id: I4c5eaf87657f5dc07787480a2f1a56a1db8c714f
2017-09-02 17:45:26 +02:00
libraryupgrader 61e4e142eb build: Updating mediawiki/mediawiki-codesniffer to 0.12.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic
* MediaWiki.Commenting.FunctionComment.MissingParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.Commenting.FunctionComment.MissingReturnType
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
* MediaWiki.Commenting.FunctionComment.WrongStyle
* MediaWiki.Files.ClassMatchesFilename.NotMatch
* MediaWiki.Files.OneClassPerFile.MultipleFound

The following sniffs now pass and were enabled:
* MediaWiki.Commenting.FunctionComment

Change-Id: Id3af93f7485712b063b758cbd40752c1bfcb0b2e
2017-09-01 04:47:36 +00:00
Kunal Mehta cb2a80dab7 build: Update mediawiki/mediawiki-codesniffer to 0.11.1
Change-Id: Ie1307df0f85cf0ccb7ad24961df7b63005f9c745
2017-08-16 01:37:58 -07:00
Umherirrender 1d60bc25d2 build: Updating mediawiki/mediawiki-codesniffer to 0.10.0
Change-Id: I8d107ad6801fe1a5ce7b8feb8e1e730d504a2fb3
2017-07-08 16:04:35 +02:00
Timo Tijhof a480d98b3f Fixup use of $ceAllowConfirmedEmail
Follows-up 37f2dcf. confirmEditSetup() maps it to the new name so any use of it within
the extension can safely be replaced.

* Fix Catpcha.php.
* Update README.md.

Change-Id: I4b23954eba2d7d3e86e4f60d8189e263b864fbd3
2017-04-28 18:58:44 -07:00
Reedy 55949565bb Remove pre-AuthManager support
Bump version to match

Fixup some whitespace. Fixup some function level documentation

Change-Id: I72fa5e3f68c0c3de3f3ddae2fb16ba5fad6a67b2
2017-02-17 13:26:46 +00:00
Reedy ebadcd68bf Remove trailing . from log message
Change-Id: I57b55ab3f247ace4ba4ef47b71383af7e8cef802
2017-02-09 20:04:26 +00:00
Florian Schmidt 800f6cb1b8 Simplify function Captcha::loadText for readability
* Move globals definition to the top of the function
* no else needed, if the if part returns always returns something

I came across this while reading the code in I3a56e4252bbb810c1cf5c632ece9a8edf91c8424

Change-Id: I826a41457667e886b65a07d9d9edc5daec7d1013
2017-02-08 01:50:34 +00:00
Brad Jorsch 8bfc15c729 Replace use of &$this
Use of &$this doesn't work in PHP 7.1. For callbacks to methods like
array_map() it's completely unnecessary, while for hooks we still need
to pass a reference and so we need to copy $this into a local variable.

Bug: T153505
Change-Id: I065808a2c4dc9bcb80861a79b46cf4b446b70d65
2017-01-31 22:51:00 -05:00
Roan Kattouw 28b5e66162 Follow-up 54b4d1e345: fix fatal when $rev is null
Found by ETonkovidova on the Hebrew beta labs wiki.

Bug: T151973
Change-Id: I3a56e4252bbb810c1cf5c632ece9a8edf91c8424
2016-12-12 16:21:25 -08:00
rlot 54b4d1e345 Replaced "Revision::getText()" depracated in MediaWiki 1.21
"Revision::getText()" is deprecated in MediaWiki 1.21. Replaced usage

Bug: T151973
Change-Id: I91f93341ac642327657f888ebda7ff9d33f428bf
2016-12-12 20:50:03 +01:00
jenkins-bot 29fa1339ad Merge "Update for API error i18n" 2016-12-03 22:06:40 +00:00
Gergő Tisza bbc318fb51 Rename 'type' field of authevents channel to 'eventType'
'type' is problematic as it conflicts with a default field name
in logstash.

Bug: T145133
Change-Id: Idb73ba3e431ef2bd25b14c8562d1b3f212b4e072
Depends-On: Iab1eb47a6b6c98f3c84b4f8e2d16cbe2cdbf515b
2016-11-26 01:12:58 +00:00
Brad Jorsch 7a72dfdcf5 Update for API error i18n
See Iae0e2ce3.

Change-Id: I3cf889811f44a15935e454dd42f081164d4a098c
2016-11-14 12:48:24 -05:00
Brad Jorsch ac97e69999 Remove pre-1.25 API compatibility code
Since this extension uses extension.json, it already requires 1.25+ so
no need to keep the old code around.

Change-Id: I31b96b0939d5321be31889422cfc703c9c6c2baa
2016-09-20 15:32:05 -04:00
jenkins-bot b3924fe2ba Merge "Rename 'authmanager' log channel to 'authevents'" 2016-08-10 17:18:17 +00:00
Gergő Tisza 842dd1ae1f Rename 'authmanager' log channel to 'authevents'
Change-Id: I86f54474714fee19e18dabe7c523ebe1901e51a5
2016-08-10 01:39:29 +00:00
Florian e566dcb966 Remove getForm() and replace by getFormInformation()
This commit removes SimpleCaptcha::getForm() and replaces it by its more informative
counterpart getFormInformation(), which returns an array, which provides some
more information about the form than only the html.

The information included in the array is:
 * html: The HTML of the CAPTCHA form (this is the same as what you expected from
   getForm() previously)
 * modules: ResourceLoader modules, if any, that should be added to the output of the
   page
 * modulestyles: ResourceLoader style modules, if any, that should be added to th
   output of the page
 * headitems: Head items that should be added to the output (see OutputPage::addHeadItems)

Mostly you shouldn't need to handle the response of getFormInformation() anymore, as there's
a new function, addFormToOutput(), which takes an instance of OutputPage as a first parameter
and handles the response of getFormInformation for you (adds all information to the given
OutputPage instance, if they're provided).

Bug: T141300
Depends-On: I433afd124b57526caa13a540cda48ba2b99a9bde
Change-Id: I25f344538052fc18993c43185fbd97804a7cfc81
2016-08-04 01:45:13 +00:00
Bartosz Dziewoński 5c9e5cfccd Remove backwards-compatibility code using APIEditBeforeSave hook
It was only needed for MediaWiki prior to 1.25
(09a5febb7b024c0b6585141bb05cba13a642f3eb).
We no longer support those versions after
1d08dd07b8.

Bug: T137832
Change-Id: I27f244631e9dcd160bffff70349e5034f2a537ea
2016-06-16 17:54:54 +02:00
Kunal Mehta 0ebe3f7a28 Fix file permissions
Change-Id: If4855e3a6d7d35dd94093108f4da3bd1362f6827
2016-06-09 16:19:58 -07:00
Gergő Tisza f97212acbf Expose equivalent functionality for passCaptcha
passCaptcha was made protected in I0da671a546700110d789b79a3089460abd9cce3b,
but some other extensions used it, provide passCaptchaFromRequest as a
replacement.

Bug: T135477
Change-Id: I47b2e2fbe3e063cd86e8a2d6bc17ca939472dbe1
2016-05-17 18:29:43 +00:00
Gergő Tisza 3e3b91b527 Add AuthManager support for ReCaptcha, ReCaptchaNoCaptcha
Also remove references to "two words" from ReCaptcha labels.
The captcha image doesn't always contain two words.

Bug: T110302
Change-Id: I544656289480056152a1db195babb6dadf29bc71
2016-05-16 09:51:11 +00:00
Gergő Tisza 31c59374a4 Add AuthManager support to SimpleCaptcha, QuestyCaptcha, FancyCaptcha, MathCaptcha
Also update MathCaptcha so that it works with recent versions of
Math (and breaks with old ones). Also fix MathCaptcha API output,
which used to send the question in plaintext.

Bug: T110302
Change-Id: I0da671a546700110d789b79a3089460abd9cce3b
Depends-On: I8b52ec8ddf494f23941807638f149f15b5e46b0c
2016-05-16 09:50:25 +00:00
Kunal Mehta 9ea898ba2a build: Updating mediawiki/mediawiki-codesniffer to 0.7.1
Also added "composer fix" command.

Change-Id: Ibda3fd002c577c7f7c41920d67ec44fedbd27cb8
2016-05-09 16:41:17 -07:00
Gergő Tisza 5cf1769f46 Fix PHP warning when using createaccount API
Change-Id: I5975c34be4fc11af8dcdd394c0c6605e72f13582
2016-04-26 22:22:55 +02:00
Glaisher d0adbc8f0f Allow IP whitelist to be modified on wiki
Local administrators can now use [[MediaWiki:Captcha-ip-whitelist]]
page to exempt specific IP addresses and IP ranges from captchas.
This is useful for modifying in a short notice such as editathons and
other events like this where captchas add unnecessary complexity for
new users.

The page is disabled by default and IPs should be added separated by
newlines. If any other character is found on a line, it will be ignored
but leading and trailing whitespace characters are allowed.

Bug: T103122
Change-Id: I54866b5bfca80debcf3d3fb7963932ed03b48548
2016-03-12 14:17:23 +05:00
Brian Wolff 01f565863f Show captcha if a specific user account has many failed login attempts
Use a default setting of > 20 logins in 10 minutes. In order to
achieve this many with core's default throttle's, you would have
to be attempting to login from at least 2 IP addresses.

Bug: T122164
Change-Id: Id3ea766cfb7d50444082275a628b8b2aa10e6050
2016-03-03 12:44:15 -05:00
Brian Wolff 49fdcce0b1 Use global cache keys bad login rate limitting captcha trigger
If you are running multiple wikis, you probably want the rate limit
on one wiki to apply to all wikis

Bug: T126685
Change-Id: If5533f222eae9dc540b7c79606d7e7ce613f4e13
2016-02-14 21:29:00 -05:00
Brad Jorsch 01d11b7b73 Add i18n for injected API parameters
Change-Id: I4a0a6c47afdd62e1c9d0b29f066d2a6d1791b52d
2015-12-18 12:53:44 -05:00
Alex Monk 92c5d846da Copy context request changes to wgRequest global
Bug: T118052
Change-Id: I2246e6970b843a4418bf979e9e8b0909f221f1bb
2015-11-07 00:42:01 +00:00
Paladox 30490fba52 Add php code sniffer
Change-Id: I298b8b936a2b86deea75c302d88a7391cdb221c9
2015-10-28 21:46:29 +00:00
Florianschmidtwelzow 0d2a6b7e44 Add error message for edit captcha trigger
If the user has not resolved the "edit"-triggered  CAPTCHA correctly,
show an error message, so the user knows, why their edit isn't saved.

Change-Id: Iecbf280e76e450d111f548fda29220688c65fc3a
2015-10-28 10:39:11 +00:00
Florianschmidtwelzow 443bfac8a8 Add a way to use different tab indexes for CAPTCHA input form
And use it for UsercreateTemplate.

Bug: T113432
Change-Id: I56a618f2132fbcf3fea1a3ce6a409ce90709e849
2015-09-27 01:29:18 +02:00
jenkins-bot 393b2d43f8 Merge "Throw an exception, if wgCaptchaRegexes isn't an array" 2015-09-14 00:24:31 +00:00
Florian 3c1e77b631 Throw an exception, if wgCaptchaRegexes isn't an array
The config needs to be an array to work, if any other type given it
will throw a warning, but doesn't show, that it will not work. Instead
of pass the edit as "not need to be checked", throw an exception to
indicate that something went wrong.

Change-Id: I4a2374ab2c5f8cf9ce5ea5f36f707a770a46a07d
2015-09-13 17:17:48 -07:00
Florian 71388bfdb3 Don't check for edits that will not be saved
Check, if an edit is being saved or not, before checking for captcha
triggers, that potentially could query the database or/and do other
expensive things.

Bug: T93961
Change-Id: Iab3e94e642c965becd23d31c6c1baa4c0cddacde
2015-08-13 14:11:19 +02:00
Gergő Tisza f8362450bb Log event on captcha display/success/failure.
Logs a 'captcha.display' event when a captcha is displayed,
either via web or in an API response, and 'captcha.submit' when
a captcha response is evaluated.

Bug: T91701
Change-Id: I376fdd6740aca4f11776e1326ff2e7e6e5af6a75
2015-07-28 22:32:21 +00:00
csteipp abb9c02d8c Send rate limits to main captcha log
Log exceeding the badcaptcha rate limit to the main captcha log (e.g.,
captcha.log on the WMF cluster).

So that we can measure the impact of things like
https://gerrit.wikimedia.org/r/#/c/195886/

Change-Id: I2af26d23b9343e90db2f01f099c1292914bd7ac3
2015-07-27 13:25:44 -07:00
Timo Tijhof 2f4326a8be Fix missing getForm( OutputPage ) argument in showEditFormFields()
Follows-up 36abbc6.

Bug: T104477
Change-Id: I7fd99b495b07801aa299ea032c325d4ca4368ec5
2015-07-01 20:16:59 +01:00
Florianschmidtwelzow 36abbc6288 Implement support for Google reCAPTCHA 2.0 ("No captcha")
This change adds a new Captcha type (ReCaptchaNoCaptcha) that uses
Google reCAPTCHA 2.0.

See more:
- https://www.google.com/recaptcha/intro/
- https://developers.google.com/recaptcha/docs/display
- https://developers.google.com/recaptcha/docs/faq
- http://googleonlinesecurity.blogspot.com/2014/12/are-you-robot-introducing-no-captcha.html

Bug: T84918
Change-Id: I5908fd2716786237adb01a403d5bd1e22d95c563
2015-06-27 03:00:11 +02:00
Aaron Schulz e13d31e2ab Moved up shouldCheck() short-circuit logic a bit
Change-Id: Idbae820131eba8427075c9a59292ecf243490543
2015-06-22 12:24:21 -07:00
Florian 806c8862df Clean up ConfirmEdit.php entry point and move common files to common places
2. step to use ExtensionRegistration

Bug: T88047
Change-Id: Ifcac2ad0d792a05c391ca1776824e05ab703d5cf
2015-05-21 17:49:13 +02:00