From: Reedy <reedy@wikimedia.org>
Date: Tue, 4 Dec 2018 08:31:11 +0000 (+0000)
Subject: Prevent all users from having a password in the blacklist
X-Git-Tag: 1.34.0-rc.0~364
X-Git-Url: http://git.cyclocoop.org/%7B%24admin_url%7Dcompta/comptes/journal.php?a=commitdiff_plain;h=29c8d84c47aeffe491887155a5b825659709986a;p=lhc%2Fweb%2Fwiklou.git

Prevent all users from having a password in the blacklist

Bug: T151425
Change-Id: I8d8f738176a47ccc5bd0a9eeac3a3385c3809088
---

diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34
index 03ced764fd..828d0fb807 100644
--- a/RELEASE-NOTES-1.34
+++ b/RELEASE-NOTES-1.34
@@ -26,6 +26,13 @@ For notes on 1.33.x and older releases, see HISTORY.
 
 === Configuration changes for system administrators in 1.34 ===
 
+In an effort to enforce best practices for passwords, MediaWiki will now warn
+users, and suggest that they change their password, if it is in the list of
+100,000 commonly used passwords that are considered bad passwords. If you want
+to disable this for your users, please add the following to your local settings:
+
+$wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
+
 ==== New configuration ====
 * $wgAllowExternalReqID (T201409) - This configuration setting controls whether
   Mediawiki accepts the request ID set by the incoming request via the
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 48943de1d1..5d3fba740f 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4463,7 +4463,7 @@ $wgCentralIdLookupProvider = 'local';
  *		Deprecated since 1.33. Use PasswordNotInLargeBlacklist instead.
  *	- PasswordNotInLargeBlacklist - Password not in best practices list of
  *		100,000 commonly used passwords. Due to the size of the list this
- *      is a probabilistic test.
+ *		is a probabilistic test.
  *
  * If you add custom checks, for Special:PasswordPolicies to display them correctly,
  * every check should have a corresponding passwordpolicies-policy-<check> message,
@@ -4481,28 +4481,25 @@ $wgPasswordPolicy = [
 		'bureaucrat' => [
 			'MinimalPasswordLength' => 10,
 			'MinimumPasswordLengthToLogin' => 1,
-			'PasswordNotInLargeBlacklist' => true,
 		],
 		'sysop' => [
 			'MinimalPasswordLength' => 10,
 			'MinimumPasswordLengthToLogin' => 1,
-			'PasswordNotInLargeBlacklist' => true,
 		],
 		'interface-admin' => [
 			'MinimalPasswordLength' => 10,
 			'MinimumPasswordLengthToLogin' => 1,
-			'PasswordNotInLargeBlacklist' => true,
 		],
 		'bot' => [
 			'MinimalPasswordLength' => 10,
 			'MinimumPasswordLengthToLogin' => 1,
-			'PasswordNotInLargeBlacklist' => true,
 		],
 		'default' => [
 			'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ],
 			'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
 			'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
 			'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
+			'PasswordNotInLargeBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
 		],
 	],
 	'checks' => [