wikimedia/mediawiki-extensions-LoginNotify
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/LoginNotify synced 2024-11-23 22:45:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Mirror of https://gerrit.wikimedia.org/g/mediawiki/extensions/LoginNotify
616 commits 275 branches 0 tags 7.6 MiB
PHP 99.4%
JavaScript 0.6%
Go to file
Tim Starling 534e3ce4b3 LoginNotify seen subnets table 
Add a table which stores a summary of each user's IP address subnet in
each time bucket, defaulting to 15 days. On edit (and other changes
causing a recentchanges row) and successful login update the table.

On attempted login, check whether the subnet is in the table in any
time bucket back to the expiry time.

Add a job and a maintenance script for purging expired rows.

Disabled by default for now. The idea is to enable it by default after
we have some experience with using it in WMF production.

If CheckUser integration is disabled (the future intended state), the
cache and LoginNotifyChecks job are suppressed since they are
unnecessary.

Details:

* Rename setCurrentAddressAsKnown() to recordKnownWithCookie() and
  split off recordKnown() which does the same thing except without
  sending the cookie. We use recordKnown() to store the IP address
  without sending the cookie, on non-login changes.
* Reorganise isKnownSystemFast() for clarity, and return emphatic
  USER_NOT_KNOWN if the user is not in the table, cache or cookie
  and CheckUser integration is disabled.
* Replace time() calls with a mockable method.

Bug: T345052
Change-Id: Iea716e660353f16c47f873fe42edc2aeec1b4346
2023-09-04 15:04:36 +10:00
.phan phan: Remove suppression for PhanParamTooMany 2019-10-04 11:42:42 +02:00
i18n Localisation updates from https://translatewiki.net. 2023-08-28 09:30:22 +02:00
includes LoginNotify seen subnets table 2023-09-04 15:04:36 +10:00
maintenance LoginNotify seen subnets table 2023-09-04 15:04:36 +10:00
sql LoginNotify seen subnets table 2023-09-04 15:04:36 +10:00
tests/phpunit LoginNotify seen subnets table 2023-09-04 15:04:36 +10:00
.eslintrc.json build: Updating eslint-config-wikimedia to 0.19.0 2021-03-14 00:53:19 +00:00
.gitignore build: Updating mkdirp to 0.5.3 2020-03-21 02:54:24 +00:00
.gitreview Whoops, track not trace 2016-10-24 17:02:52 -07:00
.phpcs.xml build: Updating dependencies 2021-01-30 03:54:05 +00:00
CODE_OF_CONDUCT.md build: Updating mediawiki/phan-taint-check-plugin to 1.3.0 2018-08-19 14:12:15 +00:00
composer.json build: Updating dependencies 2023-04-29 06:45:20 +00:00
COPYING Initial version of extension to notify people on failed login attempts. 2016-03-28 04:29:04 -04:00
extension.json LoginNotify seen subnets table 2023-09-04 15:04:36 +10:00
Gruntfile.js build: Updating dependencies 2021-01-30 03:54:05 +00:00
package-lock.json build: Updating grunt-banana-checker to 0.11.0 2023-06-01 19:26:20 +00:00
package.json build: Updating grunt-banana-checker to 0.11.0 2023-06-01 19:26:20 +00:00
README.md ServiceWiring, dependency injection 2023-09-04 15:04:36 +10:00
UserAvatar.svg Update 'UserAvatar' to latest WikimediaUI icon 2018-11-27 10:26:09 -08:00

README.md

The LoginNotify extension notifies you when someone logs into your account. It can be configured to give warnings after a certain number of failed login attempts (The number is configurable, and can be different between unknown IPs/devices and known IP/devices). It can also give echo/email notices for successful logins from IPs you don't normally use. It can optionally integrate into the CheckUser extension in order to determine if the login is from an IP address you don't normally use. It can also set a cookie to try and determine if the login is from a device you normally use.

Installation

  • This extension requires the Echo extension to be installed. This extension can optionally integrate with the CheckUser extension if it is installed, but does not require it.
  • Download and place the file(s) in a directory called LoginNotify in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php: wfLoadExtension( 'LoginNotify' );
  • Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration parameters

"@doc": "The number of failed login attempts to permit from a known IP before a notification is triggered.",
"LoginNotifyAttemptsKnownIP": 10
"@doc": "The time-to-live of the count of failed login attempts from a known IP (from the time of the first failed attempt).",
"LoginNotifyExpiryKnownIP": 604800,
"@doc": "The number of failed login attempts to permit from a new IP before a notification is triggered.",
"LoginNotifyAttemptsNewIP": 3,
"@doc": "The time-to-live of the count of failed login attempts from a new IP (from the time of the first failed attempt).",
"LoginNotifyExpiryNewIP": 1209600,
"@doc": "Whether to trigger a notification after failed logins from known IPs.",
"LoginNotifyCheckKnownIPs": true,
"@doc": "Whether to trigger a notification after successful logins from unknown IPs.",
"LoginNotifyEnableOnSuccess": true,
"@doc": "Override this to use a different secret than $wgSecretKey",
"LoginNotifySecretKey": null,
"@doc": "Expiry in seconds. Default is 180 days",
"LoginNotifyCookieExpire": 15552000,
"@doc": "Override to allow sharing login cookies between sites on different subdomains",
"LoginNotifyCookieDomain": null,
"@doc": "Maximum number of users (records) to track as having successfully logged in on a particular device.",
"LoginNotifyMaxCookieRecords": 6,
"@doc": "Set to false to disable caching IPs in memcache. Set to 0 to cache forever. Default 60 days.",
"LoginNotifyCacheLoginIPExpiry": 5184000