If the IP address associated with a failed login is found in CheckUser
for the relevant user, the notification was previously omitted.
Notification of failure with a known IP was only possible when the IP
was in the cache or cookie. So, fix that.
Change-Id: I498e6b71d0fab9dd9af63c9c5f88fbcaf6a53fc3
The use of "HookHandlers" attribute in extension.json makes it possible
to inject services into hook handler classes in a future patch.
Bug: T344297
Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
Deprecated since 1.39 (I6e7544763bd)
Remove deprecated ILB::reuseConnection() calls as well
Bug: T343277
Change-Id: I477c216fe75bb393fc892ded13f3d117b6fda4aa
Whenever a number should be put inside a message, `numParams` should
be used instead of `params` as the former considers number formatting
needed for locales having their own numerals.
Change-Id: I1d331040a6f872fbf12ebe142257e53c46f5a219
Since core change dffca06 the tableExists function is only for
maintenance database connections.
DBConnRef implements that interface, use that
Follow-Up: I282cd08d47be1e16cd05903d92561da04889768f
Change-Id: I161c39ad0fce3c48b470a5595a2c58a26c2014a1
The global function wfWikiID() is deprecated since 1.35 and it's usages
should be replaced with WikiMap::getCurrentWikiId().
Bug: T298059
Change-Id: I87140148f53266a2bc828a4fae75aa28aa098602
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
Additional changes:
* Also sorted "composer fix" command to run phpcbf last.
Change-Id: Ie0f3c44edd654994ca1aa3c55a40cbef22465c0b
gmdate would also return string, it also given a string from the caller
site (result from explode)
Change-Id: I1bf314f7ad976e590fdb021c0921dbf7de7504bd
Per Niharika's comment at T220762#5105917, "we don't want an attacker
to learn that we detected an unusual login and cause them to change
the account password or such".
This was already set in WMF's config for LoginNotify; this moves it into
the extension itself, where it belongs.
Bug: T220780
Change-Id: I5adc5a52f10f2f37ae64ff0400c8d77b35d36aa1
I did the blacklisting throttled instead of whitelisting
wrong password as i didn't want to accidentally miss other
statuses equivalent to wrong password that use different messages
Bug: T193762
Change-Id: I8d51cb5a9c9856f175d31967a7d143836b9d67ee
Not used and introduces serious compexity, likely causing
the bug with users receiving notifications they've opted out of.
Bug: T174220
Change-Id: I888c6009fffad17121765678387022ed7d454cb0
This seems like something that should be global so login
attempts are accumulated across all data centers
At first I thought this might be related to T173888,
but now I don't think so, as logins would be POSTs
so should all be in the master db anyways.
Change-Id: I8d64a8b1c6607cb5b32a25182ec3496477361fdd