From: csteipp Date: Mon, 29 Jun 2015 23:43:56 +0000 (-0700) Subject: Check install user's password as sysop/bureaucrat X-Git-Tag: 1.31.0-rc.0~10826^2 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/?a=commitdiff_plain;h=66147c798aaf9a1469805488c2b7c9a668364eb3;p=lhc%2Fweb%2Fwiklou.git Check install user's password as sysop/bureaucrat Refactor password checking a little to allow skipping the normal flow in a special situation like this. Bug: T104092 Change-Id: Ib4a4e1f34b6963a6414c6f88893884b0ec369ca5 --- diff --git a/includes/installer/WebInstallerPage.php b/includes/installer/WebInstallerPage.php index f40de7107f..9aa6960cc8 100644 --- a/includes/installer/WebInstallerPage.php +++ b/includes/installer/WebInstallerPage.php @@ -833,6 +833,8 @@ class WebInstallerName extends WebInstallerPage { * @return bool */ public function submit() { + global $wgPasswordPolicy; + $retVal = true; $this->parent->setVarsFromRequest( array( 'wgSitename', '_NamespaceType', '_AdminName', '_AdminPassword', '_AdminPasswordConfirm', '_AdminEmail', @@ -909,7 +911,16 @@ class WebInstallerName extends WebInstallerPage { $pwd = $this->getVar( '_AdminPassword' ); $user = User::newFromName( $cname ); if ( $user ) { - $valid = $user->getPasswordValidity( $pwd ); + $upp = new UserPasswordPolicy( + $wgPasswordPolicy['policies'], + $wgPasswordPolicy['checks'] + ); + $status = $upp->checkUserPasswordForGroups( + $user, + $pwd, + array( 'sysop', 'bureaucrat' ) + ); + $valid = $status->isGood(); } else { $valid = 'config-admin-name-invalid'; } diff --git a/includes/password/UserPasswordPolicy.php b/includes/password/UserPasswordPolicy.php index cdad9ba511..70757acb79 100644 --- a/includes/password/UserPasswordPolicy.php +++ b/includes/password/UserPasswordPolicy.php @@ -72,22 +72,53 @@ class UserPasswordPolicy { */ public function checkUserPassword( User $user, $password ) { $effectivePolicy = $this->getPoliciesForUser( $user ); - $status = Status::newGood(); + return $this->checkPolicies( + $user, + $password, + $effectivePolicy, + $this->policyCheckFunctions + ); + } + + /** + * Check if a passwords meets the effective password policy for a User, using a set + * of groups they may or may not belong to. This function does not use the DB, so can + * be used in the installer. + * @param User $user who's policy we are checking + * @param string $password the password to check + * @param array $groups list of groups to which we assume the user belongs + * @return Status error to indicate the password didn't meet the policy, or fatal to + * indicate the user shouldn't be allowed to login. + */ + public function checkUserPasswordForGroups( User $user, $password, array $groups ) { + $effectivePolicy = self::getPoliciesForGroups( + $this->policies, + $groups, + $this->policies['default'] + ); + return $this->checkPolicies( + $user, + $password, + $effectivePolicy, + $this->policyCheckFunctions + ); + } - foreach ( $effectivePolicy as $policy => $value ) { - if ( !isset( $this->policyCheckFunctions[$policy] ) ) { + private function checkPolicies( User $user, $password, $policies, $policyCheckFunctions ) { + $status = Status::newGood(); + foreach ( $policies as $policy => $value ) { + if ( !isset( $policyCheckFunctions[$policy] ) ) { throw new DomainException( 'Invalid password policy config' ); } $status->merge( call_user_func( - $this->policyCheckFunctions[$policy], + $policyCheckFunctions[$policy], $value, $user, $password ) ); } - return $status; }