From: Chad Horohoe Date: Sat, 27 Jun 2009 16:53:27 +0000 (+0000) Subject: (bug 19157) createAndPromote error on bad password X-Git-Tag: 1.31.0-rc.0~41187 X-Git-Url: http://git.cyclocoop.org/url?a=commitdiff_plain;h=8f11162800f85e1e9a94b171877c928d2a40f095;p=lhc%2Fweb%2Fwiklou.git (bug 19157) createAndPromote error on bad password * Tweak User::isValidPassword() and hook. Return a STRING msg key on failure, not false. Updated all callers to handle this * Split too-short/match username errors for clarity * Update docs, messages. * Merge fix for bug from maintenance-work branch --- diff --git a/config/index.php b/config/index.php index 1367b5267c..b6d944b20d 100644 --- a/config/index.php +++ b/config/index.php @@ -702,7 +702,7 @@ if( $conf->SysopName ) { # Various password checks if( $conf->SysopPass != '' ) { if( $conf->SysopPass == $conf->SysopPass2 ) { - if( !$u->isValidPassword( $conf->SysopPass ) ) { + if( $u->isValidPassword( $conf->SysopPass ) !== true ) { $errs['SysopPass'] = "Bad password"; } } else { diff --git a/docs/hooks.txt b/docs/hooks.txt index 3981f110b8..8b82fd1f8e 100644 --- a/docs/hooks.txt +++ b/docs/hooks.txt @@ -830,7 +830,7 @@ $addr: The e-mail address entered by the user 'isValidPassword': Override the result of User::isValidPassword() $password: The password entered by the user -&$result: Set this and return false to override the internal checks +&$result: Set this to either true (passes) or the key for a message error $user: User the password is being validated for 'LanguageGetMagic': Use this to define synonyms of magic words depending diff --git a/includes/User.php b/includes/User.php index 689c580263..d3341f8167 100644 --- a/includes/User.php +++ b/includes/User.php @@ -616,21 +616,23 @@ class User { /** * Is the input a valid password for this user? * - * @param $password \string Desired password - * @return \bool True or false + * @param $password String Desired password + * @return mixed: true on success, string of error message on failure */ function isValidPassword( $password ) { global $wgMinimalPasswordLength, $wgContLang; - $result = null; if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) ) return $result; - if( $result === false ) - return false; - // Password needs to be long enough, and can't be the same as the username - return strlen( $password ) >= $wgMinimalPasswordLength - && $wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName ); + // Password needs to be long enough + if( strlen( $password ) < $wgMinimalPasswordLength ) { + return 'passwordtooshort'; + } elseif( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) { + return 'password-name-match'; + } else { + return true; + } } /** @@ -1714,9 +1716,10 @@ class User { throw new PasswordError( wfMsg( 'password-change-forbidden' ) ); } - if( !$this->isValidPassword( $str ) ) { + $valid = $this->isValidPassword( $str ); + if( $valid !== true ) { global $wgMinimalPasswordLength; - throw new PasswordError( wfMsgExt( 'passwordtooshort', array( 'parsemag' ), + throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ), $wgMinimalPasswordLength ) ); } } @@ -2725,7 +2728,7 @@ class User { // to. Certain authentication plugins do NOT want to save // domain passwords in a mysql database, so we should // check this (incase $wgAuth->strict() is false). - if( !$this->isValidPassword( $password ) ) { + if( $this->isValidPassword( $password ) !== true ) { return false; } diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index 9a3ab39467..fa1bfdbcf1 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -277,9 +277,10 @@ class LoginForm { } # check for minimal password length - if ( !$u->isValidPassword( $this->mPassword ) ) { + $valid = $u->isValidPassword( $this->mPassword ); + if ( $valid !== true ) { if ( !$this->mCreateaccountMail ) { - $this->mainLoginForm( wfMsgExt( 'passwordtooshort', array( 'parsemag' ), $wgMinimalPasswordLength ) ); + $this->mainLoginForm( wfMsgExt( $valid, array( 'parsemag' ), $wgMinimalPasswordLength ) ); return false; } else { # do not force a password for account creation by email diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 5bd422334c..18ec506259 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -956,8 +956,9 @@ Check your spelling.', Please try again.', 'wrongpasswordempty' => 'Password entered was blank. Please try again.', -'passwordtooshort' => 'Your password is invalid or too short. -It must have at least {{PLURAL:$1|1 character|$1 characters}} and be different from your username.', +'passwordtooshort' => 'Your password is too short. +It must have at least {{PLURAL:$1|1 character|$1 characters}}.', +'password-name-match' => 'Your password must be different from your username.', 'mailmypassword' => 'E-mail new password', 'passwordremindertitle' => 'New temporary password for {{SITENAME}}', 'passwordremindertext' => 'Someone (probably you, from IP address $1) requested a new diff --git a/maintenance/createAndPromote.php b/maintenance/createAndPromote.php index a5a8f88d34..b55d9208f4 100644 --- a/maintenance/createAndPromote.php +++ b/maintenance/createAndPromote.php @@ -36,9 +36,14 @@ if( !is_object( $user ) ) { die( 1 ); } +try { + $user->setPassword( $password ); +} catch( PasswordError $pwe ) { + $this->error( $pwe->getText(), true ); +} + # Insert the account into the database $user->addToDatabase(); -$user->setPassword( $password ); $user->saveSettings(); # Promote user diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index e8d7d53a8d..9b20328625 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -422,6 +422,7 @@ $wgMessageStructure = array( 'wrongpassword', 'wrongpasswordempty', 'passwordtooshort', + 'password-name-match', 'mailmypassword', 'passwordremindertitle', 'passwordremindertext',