Add a table which stores a summary of each user's IP address subnet in
each time bucket, defaulting to 15 days. On edit (and other changes
causing a recentchanges row) and successful login update the table.
On attempted login, check whether the subnet is in the table in any
time bucket back to the expiry time.
Add a job and a maintenance script for purging expired rows.
Disabled by default for now. The idea is to enable it by default after
we have some experience with using it in WMF production.
If CheckUser integration is disabled (the future intended state), the
cache and LoginNotifyChecks job are suppressed since they are
unnecessary.
Details:
* Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and
split off recordKnown() which does the same thing except without
sending the cookie. We use recordKnown() to store the IP address
without sending the cookie, on non-login changes.
* Reorganise isKnownSystemFast() for clarity, and return emphatic
USER_NOT_KNOWN if the user is not in the table, cache or cookie
and CheckUser integration is disabled.
* Replace time() calls with a mockable method.
Bug: T345052
Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
* Make LoginNotify into a service. Use a static getInstance() method
instead of a services container class, since there is only one
service.
* Removed references to $wgLoginNotifyEnableForPriv. The feature was
removed in I888c6009fffad1712.
Change-Id: I9120b470d27a0d09e508bd4e12eb2bde2f38d34d
* Remove notification attributes such as title-message, unused since the
initial commit since it used the new (2015) formatter system.
* isKnownSystemSlow() is always called with a third parameter, and it
doesn't seem to be nullable in callers.
* Yes, most of the things make sense.
* Add reason why CheckUser has no cuc_ip_hex index.
* Use foreach
* Too late to truncate the hash now
Change-Id: I310bc53ba881842845b9358309954f89c355f81c
The use of "HookHandlers" attribute in extension.json makes it possible
to inject services into hook handler classes in a future patch.
Bug: T344297
Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
Per Niharika's comment at T220762#5105917, "we don't want an attacker
to learn that we detected an unusual login and cause them to change
the account password or such".
This was already set in WMF's config for LoginNotify; this moves it into
the extension itself, where it belongs.
Bug: T220780
Change-Id: I5adc5a52f10f2f37ae64ff0400c8d77b35d36aa1
I did the blacklisting throttled instead of whitelisting
wrong password as i didn't want to accidentally miss other
statuses equivalent to wrong password that use different messages
Bug: T193762
Change-Id: I8d51cb5a9c9856f175d31967a7d143836b9d67ee
Not used and introduces serious compexity, likely causing
the bug with users receiving notifications they've opted out of.
Bug: T174220
Change-Id: I888c6009fffad17121765678387022ed7d454cb0
