Since php8.0 hash_hmac throws exception and does not return false
Reported by phan running with php8.1
Change-Id: I2374daf5e0954bef91da65454d973ef3d1eb2183
Add a table which stores a summary of each user's IP address subnet in
each time bucket, defaulting to 15 days. On edit (and other changes
causing a recentchanges row) and successful login update the table.
On attempted login, check whether the subnet is in the table in any
time bucket back to the expiry time.
Add a job and a maintenance script for purging expired rows.
Disabled by default for now. The idea is to enable it by default after
we have some experience with using it in WMF production.
If CheckUser integration is disabled (the future intended state), the
cache and LoginNotifyChecks job are suppressed since they are
unnecessary.
Details:
* Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and
split off recordKnown() which does the same thing except without
sending the cookie. We use recordKnown() to store the IP address
without sending the cookie, on non-login changes.
* Reorganise isKnownSystemFast() for clarity, and return emphatic
USER_NOT_KNOWN if the user is not in the table, cache or cookie
and CheckUser integration is disabled.
* Replace time() calls with a mockable method.
Bug: T345052
Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
* Make LoginNotify into a service. Use a static getInstance() method
instead of a services container class, since there is only one
service.
* Removed references to $wgLoginNotifyEnableForPriv. The feature was
removed in I888c6009fffad1712.
Change-Id: I9120b470d27a0d09e508bd4e12eb2bde2f38d34d
* Remove notification attributes such as title-message, unused since the
initial commit since it used the new (2015) formatter system.
* isKnownSystemSlow() is always called with a third parameter, and it
doesn't seem to be nullable in callers.
* Yes, most of the things make sense.
* Add reason why CheckUser has no cuc_ip_hex index.
* Use foreach
* Too late to truncate the hash now
Change-Id: I310bc53ba881842845b9358309954f89c355f81c
If the IP address associated with a failed login is found in CheckUser
for the relevant user, the notification was previously omitted.
Notification of failure with a known IP was only possible when the IP
was in the cache or cookie. So, fix that.
Change-Id: I498e6b71d0fab9dd9af63c9c5f88fbcaf6a53fc3
The use of "HookHandlers" attribute in extension.json makes it possible
to inject services into hook handler classes in a future patch.
Bug: T344297
Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
Deprecated since 1.39 (I6e7544763bd)
Remove deprecated ILB::reuseConnection() calls as well
Bug: T343277
Change-Id: I477c216fe75bb393fc892ded13f3d117b6fda4aa
