Why:
* Because of schema changes being made in CheckUser, the cu_changes
table will soon only contain rows for edit-like actions. Log
events, including successful login attempts, will be stored to
the cu_log_event and cu_private_event tables.
* As the integration with CheckUser is being removed, it does not
make sense to add support to read data from these tables.
Furthermore, the schema changes should not break LoginNotify
which means that no changes are needed to prevent server errors.
* As such, making wikis use the loginnotify_seen_net table by
default should mean that only third-party wikis which understand
the deprecation would still continue to use the CheckUser
integration.
What:
* Set wgLoginNotifyUseSeenTable as true and
wgLoginNotifyUseCheckUser as false in extension.json
Bug: T362321
Change-Id: Ic1e81c547b6e7e3d012aa91c6bcd2e4b4d0913b5
Changes to the use statements done automatically via script
Addition of missing use statement done manually
Change-Id: I8943e4e63fb41ca758c9ed25a4abb7664e13bb9f
Since php8.0 hash_hmac throws exception and does not return false
Reported by phan running with php8.1
Change-Id: I2374daf5e0954bef91da65454d973ef3d1eb2183
Add a table which stores a summary of each user's IP address subnet in
each time bucket, defaulting to 15 days. On edit (and other changes
causing a recentchanges row) and successful login update the table.
On attempted login, check whether the subnet is in the table in any
time bucket back to the expiry time.
Add a job and a maintenance script for purging expired rows.
Disabled by default for now. The idea is to enable it by default after
we have some experience with using it in WMF production.
If CheckUser integration is disabled (the future intended state), the
cache and LoginNotifyChecks job are suppressed since they are
unnecessary.
Details:
* Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and
split off recordKnown() which does the same thing except without
sending the cookie. We use recordKnown() to store the IP address
without sending the cookie, on non-login changes.
* Reorganise isKnownSystemFast() for clarity, and return emphatic
USER_NOT_KNOWN if the user is not in the table, cache or cookie
and CheckUser integration is disabled.
* Replace time() calls with a mockable method.
Bug: T345052
Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
* Make LoginNotify into a service. Use a static getInstance() method
instead of a services container class, since there is only one
service.
* Removed references to $wgLoginNotifyEnableForPriv. The feature was
removed in I888c6009fffad1712.
Change-Id: I9120b470d27a0d09e508bd4e12eb2bde2f38d34d
* Remove notification attributes such as title-message, unused since the
initial commit since it used the new (2015) formatter system.
* isKnownSystemSlow() is always called with a third parameter, and it
doesn't seem to be nullable in callers.
* Yes, most of the things make sense.
* Add reason why CheckUser has no cuc_ip_hex index.
* Use foreach
* Too late to truncate the hash now
Change-Id: I310bc53ba881842845b9358309954f89c355f81c
If the IP address associated with a failed login is found in CheckUser
for the relevant user, the notification was previously omitted.
Notification of failure with a known IP was only possible when the IP
was in the cache or cookie. So, fix that.
Change-Id: I498e6b71d0fab9dd9af63c9c5f88fbcaf6a53fc3
