Disable web notifications for login-success

Per Niharika's comment at T220762#5105917, "we don't want an attacker
to learn that we detected an unusual login and cause them to change
the account password or such".

This was already set in WMF's config for LoginNotify; this moves it into
the extension itself, where it belongs.

Bug: T220780
Change-Id: I5adc5a52f10f2f37ae64ff0400c8d77b35d36aa1
This commit is contained in:
Roan Kattouw 2019-04-12 12:54:20 -07:00
parent f20c63c3f5
commit fd827a88a0

View file

@ -27,7 +27,7 @@ class Hooks {
array &$notificationCategories,
array &$icons
) {
global $wgLoginNotifyEnableOnSuccess;
global $wgLoginNotifyEnableOnSuccess, $wgNotifyTypeAvailabilityByCategory;
$icons['LoginNotify-user-avatar'] = [
'path' => 'LoginNotify/UserAvatar.svg'
@ -77,6 +77,10 @@ class Hooks {
$notifications['login-success'] = [
'category' => 'login-success',
] + $loginBase;
$wgNotifyTypeAvailabilityByCategory['login-success'] = [
'web' => false,
'email' => true,
];
}
return true;