Check install user's password as sysop/bureaucrat

author csteipp <csteipp@wikimedia.org>

Mon, 29 Jun 2015 23:43:56 +0000 (16:43 -0700)

committer csteipp <csteipp@wikimedia.org>

Mon, 29 Jun 2015 23:46:55 +0000 (16:46 -0700)
author csteipp <csteipp@wikimedia.org>
Mon, 29 Jun 2015 23:43:56 +0000 (16:43 -0700)
committer csteipp <csteipp@wikimedia.org>
Mon, 29 Jun 2015 23:46:55 +0000 (16:46 -0700)
diff --git a/includes/installer/WebInstallerPage.php b/includes/installer/WebInstallerPage.php

index f40de71..9aa6960 100644 (file)
--- a/includes/installer/WebInstallerPage.php
+++ b/includes/installer/WebInstallerPage.php
@@ -833,6 +833,8 @@ class WebInstallerName extends WebInstallerPage {
          * @return bool
          */
         public function submit() {
+               global $wgPasswordPolicy;
+
                 $retVal = true;
                 $this->parent->setVarsFromRequest( array( 'wgSitename', '_NamespaceType',
                         '_AdminName', '_AdminPassword', '_AdminPasswordConfirm', '_AdminEmail',
@@ -909,7 +911,16 @@ class WebInstallerName extends WebInstallerPage {
                 $pwd = $this->getVar( '_AdminPassword' );
                 $user = User::newFromName( $cname );
                 if ( $user ) {
-                       $valid = $user->getPasswordValidity( $pwd );
+                       $upp = new UserPasswordPolicy(
+                               $wgPasswordPolicy['policies'],
+                               $wgPasswordPolicy['checks']
+                       );
+                       $status = $upp->checkUserPasswordForGroups(
+                               $user,
+                               $pwd,
+                               array( 'sysop', 'bureaucrat' )
+                       );
+                       $valid = $status->isGood();
                 } else {
                         $valid = 'config-admin-name-invalid';
                 }
diff --git a/includes/password/UserPasswordPolicy.php b/includes/password/UserPasswordPolicy.php

index cdad9ba..70757ac 100644 (file)
--- a/includes/password/UserPasswordPolicy.php
+++ b/includes/password/UserPasswordPolicy.php
@@ -72,22 +72,53 @@ class UserPasswordPolicy {
          */
         public function checkUserPassword( User $user, $password ) {
                 $effectivePolicy = $this->getPoliciesForUser( $user );
-               $status = Status::newGood();
+               return $this->checkPolicies(
+                       $user,
+                       $password,
+                       $effectivePolicy,
+                       $this->policyCheckFunctions
+               );
+       }
+
+       /**
+        * Check if a passwords meets the effective password policy for a User, using a set
+        * of groups they may or may not belong to. This function does not use the DB, so can
+        * be used in the installer.
+        * @param User $user who's policy we are checking
+        * @param string $password the password to check
+        * @param array $groups list of groups to which we assume the user belongs
+        * @return Status error to indicate the password didn't meet the policy, or fatal to
+        *      indicate the user shouldn't be allowed to login.
+        */
+       public function checkUserPasswordForGroups( User $user, $password, array $groups ) {
+               $effectivePolicy = self::getPoliciesForGroups(
+                       $this->policies,
+                       $groups,
+                       $this->policies['default']
+               );
+               return $this->checkPolicies(
+                       $user,
+                       $password,
+                       $effectivePolicy,
+                       $this->policyCheckFunctions
+               );
+       }
  
-               foreach ( $effectivePolicy as $policy => $value ) {
-                       if ( !isset( $this->policyCheckFunctions[$policy] ) ) {
+       private function checkPolicies( User $user, $password, $policies, $policyCheckFunctions ) {
+               $status = Status::newGood();
+               foreach ( $policies as $policy => $value ) {
+                       if ( !isset( $policyCheckFunctions[$policy] ) ) {
                                 throw new DomainException( 'Invalid password policy config' );
                         }
                         $status->merge(
                                 call_user_func(
-                                       $this->policyCheckFunctions[$policy],
+                                       $policyCheckFunctions[$policy],
                                         $value,
                                         $user,
                                         $password
                                 )
                         );
                 }
-
                 return $status;
         }
author	csteipp <csteipp@wikimedia.org>
	Mon, 29 Jun 2015 23:43:56 +0000 (16:43 -0700)
committer	csteipp <csteipp@wikimedia.org>
	Mon, 29 Jun 2015 23:46:55 +0000 (16:46 -0700)
includes/installer/WebInstallerPage.php		patch \| blob \| history
includes/password/UserPasswordPolicy.php		patch \| blob \| history