Commit graph

72 commits

Author SHA1 Message Date
Tim Starling a247ba5c79 If the user is known in the slow path, don't forget to notify
If the IP address associated with a failed login is found in CheckUser
for the relevant user, the notification was previously omitted.
Notification of failure with a known IP was only possible when the IP
was in the cache or cookie. So, fix that.

Change-Id: I498e6b71d0fab9dd9af63c9c5f88fbcaf6a53fc3
2023-08-24 10:32:05 +10:00
Tim Starling c524ee65a4 Fix incorrect locator
Bug: T344785
Change-Id: I71f4433896b2758d1a5d8984192bf06fddc89468
2023-08-24 10:28:33 +10:00
gerritbot 9057082c99 Replace some moved Title class uses, now MediaWiki\Title\Title
Bug: T321681
Change-Id: I20b5e7eda88aacee80f0c82e4bd360ca4524ab8c
2023-08-19 04:17:24 +00:00
Umherirrender 4edd893fcc Use HookHandlers for Echo hook
Bug: T344297
Depends-On: Iffa2b409502b4269c9746e0304feb4aaee37a86e
Change-Id: I38fd96f2c4a5913b89d5dd760efb68273cb344a1
2023-08-16 00:59:03 +02:00
Umherirrender f02ff3ab36 Use HookHandlers for core hooks
The use of "HookHandlers" attribute in extension.json makes it possible
to inject services into hook handler classes in a future patch.

Bug: T344297
Change-Id: Icfa49dc56848c9b375f09d67ed839d0e10f57bfb
2023-08-16 00:34:21 +02:00
gerritbot eb79e7b8b8 Migrate ILB::getConnectionRef() calls to ILB::getMaintenanceConnectionRef()
Deprecated since 1.39 (I6e7544763bd)

Remove deprecated ILB::reuseConnection() calls as well

Bug: T343277
Change-Id: I477c216fe75bb393fc892ded13f3d117b6fda4aa
2023-08-03 22:27:44 +00:00
Umherirrender 222b7475fb Create HookRunner class
Only core hooks are run, but own HookRunner is recommended

Bug: T263353
Change-Id: I2506f4af21ef955a7feeb145d5173f46ca11b334
2023-06-05 22:47:00 +02:00
gerritbot 0ecf7ee302 Update moved class WikiMap
See T321882. Moved in I60cf4b9ef02b9d5

Bug: T321681
Change-Id: I1fdefa8f3eee67758a59d36a38209b1e418d9281
2023-04-25 09:54:12 +00:00
Alexander Vorwerk d5e7ca063a Update for CheckUser actor migration
Bug: T233004
Change-Id: I13a8d94f405cde255f9fd15aaf98d75819985786
2023-01-23 01:04:05 +01:00
Reedy bc6e531aa2 Hooks: Use better callable with EchoAttributeManager::ATTR_LOCATORS
Bug: T325950
Change-Id: Iaf7f51453802e4ca9ffae786129bb402994adc03
2022-12-27 01:16:08 +00:00
Ebrahim Byagowi f08f38032d i18n: Use native digits in login notify messages
Whenever a number should be put inside a message, `numParams` should
be used instead of `params` as the former considers number formatting
needed for locales having their own numerals.

Change-Id: I1d331040a6f872fbf12ebe142257e53c46f5a219
2022-11-17 21:49:23 +00:00
Umherirrender 1356d4847d phan: Fix use of IMaintainableDatabase::tableExists
Since core change dffca06 the tableExists function is only for
maintenance database connections.
DBConnRef implements that interface, use that

Follow-Up: I282cd08d47be1e16cd05903d92561da04889768f
Change-Id: I161c39ad0fce3c48b470a5595a2c58a26c2014a1
2022-08-17 22:53:49 +02:00
jenkins-bot c3127ad1fc Merge "Replace deprecated JobQueueGroup::singleton()" 2022-01-23 21:39:34 +00:00
Umherirrender c223b81e91 Replace deprecated JobQueueGroup::singleton()
Change-Id: I9f02c492921171ac7b78997c001bd415fc3975f5
2022-01-21 17:21:51 +00:00
Alexander Vorwerk 6be5c9599b Use namespaced CentralAuthUser
Bug: T298840
Change-Id: Ib2eef3aaec85d8b9397ece6d1c9ff583b54d39c3
2022-01-09 13:56:23 +01:00
Alexander Vorwerk 591a9b49b4 Replace usages of deprecated wfWikiID()
The global function wfWikiID() is deprecated since 1.35 and it's usages
should be replaced with WikiMap::getCurrentWikiId().

Bug: T298059
Change-Id: I87140148f53266a2bc828a4fae75aa28aa098602
2021-12-21 01:58:01 +00:00
Umherirrender b34445b90a Use static closures where safe to use
Created by I25a17fb22b6b669e817317a0f45051ae9c608208

Change-Id: Iadeca93606fdce46f50dc587774673b6d5ed8315
2021-05-04 19:34:58 +02:00
Aaron Schulz 012f47bf32 Switch checkAndIncKey() to using BagOStuff::incrWithInit()
Change-Id: Id75ee8bcf9e01effd2185be0b01d6eaebd635a86
2021-04-01 15:45:33 -07:00
James D. Forrester 7500b622a4 Use User->isRegistered(), not deprecated isLoggedIn()
Bug: T270450
Change-Id: If61bd037b4f82d1f792035ca6f5139ba7d95b417
2020-12-17 18:27:21 -08:00
Umherirrender 674c24f807 Add missing @var and improve documentation
Change-Id: Iee58d1ac85939290c341568ebb10dc757e664425
2020-12-17 20:55:01 +01:00
Umherirrender 3b7b61fd71 Pass function name to IDatabase::tableExists
Useful for logging

Change-Id: I7644d1c84463c53576b35d679445e7093cccd2be
2020-06-07 01:40:03 +02:00
DannyS712 a5d764e44f Fix PSR12.Properties.ConstantVisibility.NotFound
Bug: T253169
Change-Id: Ie5a9ba0e65eeda936e63ea2345515a9b59a1ff11
2020-05-19 23:23:47 +00:00
Umherirrender 159b6b3b38 Improve param docs
Change-Id: I4b91b39757bb1a2717550f7c771537ee28ce0761
2020-02-29 21:28:35 +01:00
Reedy 3a68770d61 Don't use 'type' as a log parameter as it is a reserved word
Bug: T245280
Change-Id: I75de123ed7a17a24b41805a56cab16f0a93180dd
2020-02-14 17:47:16 +00:00
Ammar Abdulhamid f79c19acca Replace deprecated IP class with IPUtils
* Bump required MW version to 1.35.0

Bug: T242556
Change-Id: Ia25b7b6f8bc49e4b3d77f9f755b796f09a9aebaf
2020-02-09 07:36:57 +01:00
DannyS712 65757d7025 Use Special:MyLanguage/... for notification link
Bug: T243653
Change-Id: Ia6c71ec042cfbe34117fde1141c9d3ec89af8007
2020-01-25 04:01:01 +00:00
libraryupgrader 3103915e78 build: Updating mediawiki/mediawiki-codesniffer to 29.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch

Additional changes:
* Also sorted "composer fix" command to run phpcbf last.

Change-Id: Ie0f3c44edd654994ca1aa3c55a40cbef22465c0b
2020-01-14 07:37:43 +00:00
libraryupgrader 19ef39f143 build: Updating mediawiki/mediawiki-phan-config to 0.9.0
Change-Id: I3d27bc41baf88e12c3874d6acc064abd5c847192
2019-12-28 20:12:51 +00:00
Umherirrender 99ed58f71b Fix doc of LoginNotify::generateUserCookieRecord
gmdate would also return string, it also given a string from the caller
site (result from explode)

Change-Id: I1bf314f7ad976e590fdb021c0921dbf7de7504bd
2019-12-13 17:16:23 +01:00
Max Semenik 4a89319c81 Don't use deprecated function IDatabase::getWikiId()
Change-Id: I1d18cff5326d13e3606d13299c84d42c7084125a
2019-06-13 19:41:40 -07:00
Roan Kattouw fd827a88a0 Disable web notifications for login-success
Per Niharika's comment at T220762#5105917, "we don't want an attacker
to learn that we detected an unusual login and cause them to change
the account password or such".

This was already set in WMF's config for LoginNotify; this moves it into
the extension itself, where it belongs.

Bug: T220780
Change-Id: I5adc5a52f10f2f37ae64ff0400c8d77b35d36aa1
2019-04-12 12:54:20 -07:00
Aaron Schulz 93b9ab17aa Use IDatabase for type hints rather than Database
Change-Id: Iafd392f7b33a4cec6013633a520059ba3858a2fe
2019-04-07 19:44:40 +00:00
Aaron Schulz 75773a929b Clean up $params argument to Job subclasses to type hint an array
Change-Id: I4bb19720aa9ea8e1d3da1a3e4e6a89cfe1611a07
2019-03-29 11:46:22 -07:00
Kunal Mehta c5d999a10d Upgrade to newer phan
Bug: T216926
Change-Id: Iadebf5698e8c15db0d0009bd66f55c3b534a192f
2019-03-17 16:17:46 -07:00
Umherirrender 112a8678f6 Use ExtensionRegistry rather than class_exists
Change-Id: If1fb84ccb09ddfc357fae6ca6095b741ac81c0e8
2019-03-03 02:02:00 +01:00
Roan Kattouw fb3db4779b Notifications: Set canNotifyAgent per event type, rather than per event
Depends-On: I4f558654ec23757dd4ecd6986eb3e9a5593f5386
Change-Id: I40cb66596a7285ae9b961f9d85dd940d759b0abd
2018-10-26 17:37:33 -07:00
Gergő Tisza 97bbd18bde
Use accurate count when budling multiple login failure warnings
Bug: T194385
Change-Id: I188e08b31b88d99740231554b9239310c57287ab
2018-08-05 20:50:26 +02:00
Brian Wolff 4a88e8375b Do not send email notice for throttled login attempts
I did the blacklisting throttled instead of whitelisting
wrong password as i didn't want to accidentally miss other
statuses equivalent to wrong password that use different messages

Bug: T193762
Change-Id: I8d51cb5a9c9856f175d31967a7d143836b9d67ee
2018-05-07 16:36:25 +00:00
Huji Lee 0cd8f9e926 Maintenance script to generate fake login attemps from any IP
Depends on: Ifb28222cf75ad23859bbdceff332cf1e526afe9c

Bug: T183722
Change-Id: I01221923387a9e94499efdda39b2e40ee207e27c
2018-02-01 20:10:48 -05:00
Umherirrender 313d2e4af1 Use extension registry to check for CheckUser to be installed
Class was renamed in I39c60b2d059d1cb2c1c0d3a4206232d961536697

Change-Id: I8ca79302b9bbd8999e49a134240420d5cd6117c1
2017-12-15 19:23:06 +01:00
Max Semenik ee5ae41740 Remove compatibility with pre-1.27 MediaWiki
Change-Id: I3f7fd7b11d5f710ae4e940bdddd7001aa6948cf3
2017-10-25 18:26:57 -07:00
Max Semenik e13be59e42 Remove support for per-group preference defaults
Not used and introduces serious compexity, likely causing
the bug with users receiving notifications they've opted out of.

Bug: T174220
Change-Id: I888c6009fffad17121765678387022ed7d454cb0
2017-10-13 17:12:20 -07:00
jenkins-bot d6b547044c Merge "Lazy initialize salt" 2017-08-30 04:49:02 +00:00
Max Semenik 517342ae84 DB_SLAVE -> DB_REPLICA
Change-Id: Id47c23acf22af03964a6899e00a46ebf2088ab8a
2017-08-29 19:58:08 -07:00
Max Semenik 9bc4403bbf Lazy initialize salt
No need to get into cryptography when the salt is needed at most in 50% of
cases.

Change-Id: I3efd7332970005fdd32e47c6177e2e62e2f94a5c
2017-08-25 13:33:40 -07:00
Max Semenik a2b67b38b4 Remove unused import
Change-Id: I791728d08032c03ebbaa84f4c621c9ccd164c3c0
2017-08-25 11:39:49 -07:00
Max Semenik 8acdeae44d Fix check
Bug: T173888
Change-Id: I2643f7cbcdf6c9ad8dff8b6369a5ba6e402684b3
2017-08-24 14:43:10 -07:00
Max Semenik 228a2f3ee3 Even more logging
Bug: T173888
Change-Id: I7f9f3cf0657af100c6ae3a8b2bfb5206b86514eb
2017-08-24 13:56:35 -07:00
jenkins-bot ee7595d2ae Merge "Minor fix for phan 0.8.5" 2017-08-23 22:51:27 +00:00
Brian Wolff 1d81d4a4d5 Use global stash instance instead of local cluster instance
This seems like something that should be global so login
attempts are accumulated across all data centers

At first I thought this might be related to T173888,
but now I don't think so, as logins would be POSTs
so should all be in the master db anyways.

Change-Id: I8d64a8b1c6607cb5b32a25182ec3496477361fdd
2017-08-23 15:26:28 -07:00