wikimedia/mediawiki-extensions-LoginNotify
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/LoginNotify synced 2024-09-23 10:20:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
mediawiki-extensions-LoginN.../includes/Hooks.php

109 lines
2.9 KiB
PHP
Raw Permalink Normal View History

Initial version of extension to notify people on failed login attempts. Bug: T11838 Change-Id: Id96aff70f06879a7b754b19af8e65c0f641e84e0
2016-03-28 08:26:48 +00:00
<?php
/**
* @file
* @ingroup Extensions
*/
LoginNotify seen subnets table Add a table which stores a summary of each user's IP address subnet in each time bucket, defaulting to 15 days. On edit (and other changes causing a recentchanges row) and successful login update the table. On attempted login, check whether the subnet is in the table in any time bucket back to the expiry time. Add a job and a maintenance script for purging expired rows. Disabled by default for now. The idea is to enable it by default after we have some experience with using it in WMF production. If CheckUser integration is disabled (the future intended state), the cache and LoginNotifyChecks job are suppressed since they are unnecessary. Details: * Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and split off recordKnown() which does the same thing except without sending the cookie. We use recordKnown() to store the IP address without sending the cookie, on non-login changes. * Reorganise isKnownSystemFast() for clarity, and return emphatic USER_NOT_KNOWN if the user is not in the table, cache or cookie and CheckUser integration is disabled. * Replace time() calls with a mockable method. Bug: T345052 Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
2023-08-30 23:01:31 +00:00
// phpcs:disable MediaWiki.NamingConventions.LowerCamelFunctionsName
Cleanup: namespace this extension, move stuff into includes Change-Id: I7cf55685de955912c8637681c397179553d17152
2017-06-15 22:56:12 +00:00
namespace LoginNotify;
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
use MediaWiki\Auth\AuthenticationResponse;
Use HookHandlers for core hooks The use of "HookHandlers" attribute in extension.json makes it possible to inject services into hook handler classes in a future patch. Bug: T344297 Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
2023-08-15 15:45:07 +00:00
use MediaWiki\Auth\Hook\AuthManagerLoginAuthenticateAuditHook;
use MediaWiki\Auth\Hook\LocalUserCreatedHook;
LoginNotify seen subnets table Add a table which stores a summary of each user's IP address subnet in each time bucket, defaulting to 15 days. On edit (and other changes causing a recentchanges row) and successful login update the table. On attempted login, check whether the subnet is in the table in any time bucket back to the expiry time. Add a job and a maintenance script for purging expired rows. Disabled by default for now. The idea is to enable it by default after we have some experience with using it in WMF production. If CheckUser integration is disabled (the future intended state), the cache and LoginNotifyChecks job are suppressed since they are unnecessary. Details: * Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and split off recordKnown() which does the same thing except without sending the cookie. We use recordKnown() to store the IP address without sending the cookie, on non-login changes. * Reorganise isKnownSystemFast() for clarity, and return emphatic USER_NOT_KNOWN if the user is not in the table, cache or cookie and CheckUser integration is disabled. * Replace time() calls with a mockable method. Bug: T345052 Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
2023-08-30 23:01:31 +00:00
use MediaWiki\Hook\RecentChange_saveHook;
Use namespaced classes Changes to the use statements done automatically via script Addition of missing use statement done manually Change-Id: I8943e4e63fb41ca758c9ed25a4abb7664e13bb9f
2024-01-06 16:07:32 +00:00
use MediaWiki\User\User;
Fix deprecations and non-static providers Change-Id: Ia267a93a13191a2289aff70d47c31b2afcb1647b
2023-08-24 01:26:30 +00:00
use MediaWiki\User\UserFactory;
LoginNotify seen subnets table Add a table which stores a summary of each user's IP address subnet in each time bucket, defaulting to 15 days. On edit (and other changes causing a recentchanges row) and successful login update the table. On attempted login, check whether the subnet is in the table in any time bucket back to the expiry time. Add a job and a maintenance script for purging expired rows. Disabled by default for now. The idea is to enable it by default after we have some experience with using it in WMF production. If CheckUser integration is disabled (the future intended state), the cache and LoginNotifyChecks job are suppressed since they are unnecessary. Details: * Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and split off recordKnown() which does the same thing except without sending the cookie. We use recordKnown() to store the IP address without sending the cookie, on non-login changes. * Reorganise isKnownSystemFast() for clarity, and return emphatic USER_NOT_KNOWN if the user is not in the table, cache or cookie and CheckUser integration is disabled. * Replace time() calls with a mockable method. Bug: T345052 Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
2023-08-30 23:01:31 +00:00
use RecentChange;
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
Use HookHandlers for core hooks The use of "HookHandlers" attribute in extension.json makes it possible to inject services into hook handler classes in a future patch. Bug: T344297 Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
2023-08-15 15:45:07 +00:00
class Hooks implements
AuthManagerLoginAuthenticateAuditHook,
LoginNotify seen subnets table Add a table which stores a summary of each user's IP address subnet in each time bucket, defaulting to 15 days. On edit (and other changes causing a recentchanges row) and successful login update the table. On attempted login, check whether the subnet is in the table in any time bucket back to the expiry time. Add a job and a maintenance script for purging expired rows. Disabled by default for now. The idea is to enable it by default after we have some experience with using it in WMF production. If CheckUser integration is disabled (the future intended state), the cache and LoginNotifyChecks job are suppressed since they are unnecessary. Details: * Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and split off recordKnown() which does the same thing except without sending the cookie. We use recordKnown() to store the IP address without sending the cookie, on non-login changes. * Reorganise isKnownSystemFast() for clarity, and return emphatic USER_NOT_KNOWN if the user is not in the table, cache or cookie and CheckUser integration is disabled. * Replace time() calls with a mockable method. Bug: T345052 Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
2023-08-30 23:01:31 +00:00
LocalUserCreatedHook,
RecentChange_saveHook
Use HookHandlers for core hooks The use of "HookHandlers" attribute in extension.json makes it possible to inject services into hook handler classes in a future patch. Bug: T344297 Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
2023-08-15 15:45:07 +00:00
{
Use real type hints for class properties holding injected services Provided services are already type-hinted on the construtor and it is safe to use the same type on the class property Change-Id: I15b5346353100e2e55d68b0a52fe3398778d60a5
2024-08-16 20:47:19 +00:00
private UserFactory $userFactory;
Fix deprecations and non-static providers Change-Id: Ia267a93a13191a2289aff70d47c31b2afcb1647b
2023-08-24 01:26:30 +00:00
public function __construct( UserFactory $userFactory ) {
$this->userFactory = $userFactory;
}
Initial version of extension to notify people on failed login attempts. Bug: T11838 Change-Id: Id96aff70f06879a7b754b19af8e65c0f641e84e0
2016-03-28 08:26:48 +00:00
/**
Remove compatibility with pre-1.27 MediaWiki Change-Id: I3f7fd7b11d5f710ae4e940bdddd7001aa6948cf3
2017-10-07 01:40:02 +00:00
* Hook for login auditing
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
*
Fix various docblock formatting This fixes some errors in docblock formatting to bring things into line with MediaWiki coding standards (not all of which are yet caught by phpcs). Change-Id: I06b7fc3a9fe09e412b3200b597ce01ef7e7d5ae3
2017-03-23 03:28:30 +00:00
* @param AuthenticationResponse $ret Is login successful?
* @param User|null $user User object on successful auth
Hooks: Do not attempt user creation when there's no username Bug: T345373 Change-Id: I9b7d8dbb67eb9277e121e52a6140773302d74734
2023-08-31 17:54:29 +00:00
* @param string|null $username Username for failed attempts.
Use HookHandlers for core hooks The use of "HookHandlers" attribute in extension.json makes it possible to inject services into hook handler classes in a future patch. Bug: T344297 Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
2023-08-15 15:45:07 +00:00
* @param string[] $extraData
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
*/
Use HookHandlers for core hooks The use of "HookHandlers" attribute in extension.json makes it possible to inject services into hook handler classes in a future patch. Bug: T344297 Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
2023-08-15 15:45:07 +00:00
public function onAuthManagerLoginAuthenticateAudit(
$ret, $user, $username, $extraData
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
) {
Hooks: Do not attempt user creation when there's no username Bug: T345373 Change-Id: I9b7d8dbb67eb9277e121e52a6140773302d74734
2023-08-31 17:54:29 +00:00
if ( !$user && $username !== null ) {
$user = $this->userFactory->newFromName( $username, UserFactory::RIGOR_USABLE );
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
}
Hooks: Do not attempt user creation when there's no username Bug: T345373 Change-Id: I9b7d8dbb67eb9277e121e52a6140773302d74734
2023-08-31 17:54:29 +00:00
if ( !$user ) {
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
return;
}
if ( $ret->status === AuthenticationResponse::PASS ) {
Hooks: Do not attempt user creation when there's no username Bug: T345373 Change-Id: I9b7d8dbb67eb9277e121e52a6140773302d74734
2023-08-31 17:54:29 +00:00
self::doSuccessfulLogin( $user );
Do not send email notice for throttled login attempts I did the blacklisting throttled instead of whitelisting wrong password as i didn't want to accidentally miss other statuses equivalent to wrong password that use different messages Bug: T193762 Change-Id: I8d51cb5a9c9856f175d31967a7d143836b9d67ee
2018-05-07 16:32:37 +00:00
} elseif (
$ret->status === AuthenticationResponse::FAIL
&& $ret->message->getKey() !== 'login-throttled'
) {
Hooks: Do not attempt user creation when there's no username Bug: T345373 Change-Id: I9b7d8dbb67eb9277e121e52a6140773302d74734
2023-08-31 17:54:29 +00:00
self::doFailedLogin( $user );
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
}
// Other statuses include Abstain, Redirect, or UI. We ignore such
// statuses.
}
Fix various docblock formatting This fixes some errors in docblock formatting to bring things into line with MediaWiki coding standards (not all of which are yet caught by phpcs). Change-Id: I06b7fc3a9fe09e412b3200b597ce01ef7e7d5ae3
2017-03-23 03:28:30 +00:00
/**
* Handle a successful login (clear the attempt counter, send a notice, and record the
* current IP address as known).
*
* @param User $user The user who logged in.
*/
Maintenance script to generate fake login attemps from any IP Depends on: Ifb28222cf75ad23859bbdceff332cf1e526afe9c Bug: T183722 Change-Id: I01221923387a9e94499efdda39b2e40ee207e27c
2018-01-01 22:22:04 +00:00
public static function doSuccessfulLogin( User $user ) {
ServiceWiring, dependency injection * Make LoginNotify into a service. Use a static getInstance() method instead of a services container class, since there is only one service. * Removed references to $wgLoginNotifyEnableForPriv. The feature was removed in I888c6009fffad1712. Change-Id: I9120b470d27a0d09e508bd4e12eb2bde2f38d34d
2023-08-24 06:56:04 +00:00
$loginNotify = LoginNotify::getInstance();
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
$loginNotify->clearCounters( $user );
$loginNotify->sendSuccessNotice( $user );
LoginNotify seen subnets table Add a table which stores a summary of each user's IP address subnet in each time bucket, defaulting to 15 days. On edit (and other changes causing a recentchanges row) and successful login update the table. On attempted login, check whether the subnet is in the table in any time bucket back to the expiry time. Add a job and a maintenance script for purging expired rows. Disabled by default for now. The idea is to enable it by default after we have some experience with using it in WMF production. If CheckUser integration is disabled (the future intended state), the cache and LoginNotifyChecks job are suppressed since they are unnecessary. Details: * Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and split off recordKnown() which does the same thing except without sending the cookie. We use recordKnown() to store the IP address without sending the cookie, on non-login changes. * Reorganise isKnownSystemFast() for clarity, and return emphatic USER_NOT_KNOWN if the user is not in the table, cache or cookie and CheckUser integration is disabled. * Replace time() calls with a mockable method. Bug: T345052 Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
2023-08-30 23:01:31 +00:00
$loginNotify->recordKnownWithCookie( $user );
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
}
Fix various docblock formatting This fixes some errors in docblock formatting to bring things into line with MediaWiki coding standards (not all of which are yet caught by phpcs). Change-Id: I06b7fc3a9fe09e412b3200b597ce01ef7e7d5ae3
2017-03-23 03:28:30 +00:00
/**
* Handle a failed login (record the failure).
*
* @param User $user The user that failed to log in.
*/
Maintenance script to generate fake login attemps from any IP Depends on: Ifb28222cf75ad23859bbdceff332cf1e526afe9c Bug: T183722 Change-Id: I01221923387a9e94499efdda39b2e40ee207e27c
2018-01-01 22:22:04 +00:00
public static function doFailedLogin( User $user ) {
ServiceWiring, dependency injection * Make LoginNotify into a service. Use a static getInstance() method instead of a services container class, since there is only one service. * Removed references to $wgLoginNotifyEnableForPriv. The feature was removed in I888c6009fffad1712. Change-Id: I9120b470d27a0d09e508bd4e12eb2bde2f38d34d
2023-08-24 06:56:04 +00:00
$loginNotify = LoginNotify::getInstance();
Update LoginNotify for AuthManager. I left the old hook in place for back-compatibility Bug: T135270 Change-Id: I5800c7de902718958cd4a8edb33cbffd93dd827d
2016-07-06 22:06:27 +00:00
$loginNotify->recordFailure( $user );
Initial version of extension to notify people on failed login attempts. Bug: T11838 Change-Id: Id96aff70f06879a7b754b19af8e65c0f641e84e0
2016-03-28 08:26:48 +00:00
}
/**
Remove compatibility with pre-1.27 MediaWiki Change-Id: I3f7fd7b11d5f710ae4e940bdddd7001aa6948cf3
2017-10-07 01:40:02 +00:00
* Hook handler for new account creation.
Update AddNewAccount->LocalUserCreated hook for LoginNotify Bug: T135270 Change-Id: I0efbacac13807d802e5cc6e4d226d75050f01d2d
2017-01-23 06:37:08 +00:00
*
* Called immediately after a local user has been created and saved to the database
*
* @todo This still sets cookies if user creates account well logged in as someone else.
* @param User $user User created
Improve some parameter docs Change-Id: I47e04c7e2b773d52289f459f59a46aeb9c4ad12e
2017-08-09 20:20:03 +00:00
* @param bool $autocreated Whether this was an auto-created account
Update AddNewAccount->LocalUserCreated hook for LoginNotify Bug: T135270 Change-Id: I0efbacac13807d802e5cc6e4d226d75050f01d2d
2017-01-23 06:37:08 +00:00
*/
Use HookHandlers for core hooks The use of "HookHandlers" attribute in extension.json makes it possible to inject services into hook handler classes in a future patch. Bug: T344297 Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
2023-08-15 15:45:07 +00:00
public function onLocalUserCreated( $user, $autocreated ) {
Update AddNewAccount->LocalUserCreated hook for LoginNotify Bug: T135270 Change-Id: I0efbacac13807d802e5cc6e4d226d75050f01d2d
2017-01-23 06:37:08 +00:00
if ( !$autocreated ) {
ServiceWiring, dependency injection * Make LoginNotify into a service. Use a static getInstance() method instead of a services container class, since there is only one service. * Removed references to $wgLoginNotifyEnableForPriv. The feature was removed in I888c6009fffad1712. Change-Id: I9120b470d27a0d09e508bd4e12eb2bde2f38d34d
2023-08-24 06:56:04 +00:00
$loginNotify = LoginNotify::getInstance();
LoginNotify seen subnets table Add a table which stores a summary of each user's IP address subnet in each time bucket, defaulting to 15 days. On edit (and other changes causing a recentchanges row) and successful login update the table. On attempted login, check whether the subnet is in the table in any time bucket back to the expiry time. Add a job and a maintenance script for purging expired rows. Disabled by default for now. The idea is to enable it by default after we have some experience with using it in WMF production. If CheckUser integration is disabled (the future intended state), the cache and LoginNotifyChecks job are suppressed since they are unnecessary. Details: * Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and split off recordKnown() which does the same thing except without sending the cookie. We use recordKnown() to store the IP address without sending the cookie, on non-login changes. * Reorganise isKnownSystemFast() for clarity, and return emphatic USER_NOT_KNOWN if the user is not in the table, cache or cookie and CheckUser integration is disabled. * Replace time() calls with a mockable method. Bug: T345052 Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
2023-08-30 23:01:31 +00:00
$loginNotify->recordKnownWithCookie( $user );
Initial version of extension to notify people on failed login attempts. Bug: T11838 Change-Id: Id96aff70f06879a7b754b19af8e65c0f641e84e0
2016-03-28 08:26:48 +00:00
}
}
LoginNotify seen subnets table Add a table which stores a summary of each user's IP address subnet in each time bucket, defaulting to 15 days. On edit (and other changes causing a recentchanges row) and successful login update the table. On attempted login, check whether the subnet is in the table in any time bucket back to the expiry time. Add a job and a maintenance script for purging expired rows. Disabled by default for now. The idea is to enable it by default after we have some experience with using it in WMF production. If CheckUser integration is disabled (the future intended state), the cache and LoginNotifyChecks job are suppressed since they are unnecessary. Details: * Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and split off recordKnown() which does the same thing except without sending the cookie. We use recordKnown() to store the IP address without sending the cookie, on non-login changes. * Reorganise isKnownSystemFast() for clarity, and return emphatic USER_NOT_KNOWN if the user is not in the table, cache or cookie and CheckUser integration is disabled. * Replace time() calls with a mockable method. Bug: T345052 Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
2023-08-30 23:01:31 +00:00
/**
* @param RecentChange $recentChange
*/
public function onRecentChange_save( $recentChange ) {
$loginNotify = LoginNotify::getInstance();
$user = $this->userFactory->newFromUserIdentity( $recentChange->getPerformerIdentity() );
$loginNotify->recordKnown( $user );
}
Initial version of extension to notify people on failed login attempts. Bug: T11838 Change-Id: Id96aff70f06879a7b754b19af8e65c0f641e84e0
2016-03-28 08:26:48 +00:00
}
Reference in a new issue Copy permalink