From: Antoine Musso <hashar@users.mediawiki.org>
Date: Wed, 27 Oct 2010 21:17:03 +0000 (+0000)
Subject: Optional feature to login through HTTPS and come back to HTTP.
X-Git-Tag: 1.31.0-rc.0~34250
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/modifier.php?a=commitdiff_plain;h=1315bd496e01addde8e37f6a460f198ad3208080;p=lhc%2Fweb%2Fwiklou.git

Optional feature to login through HTTPS and come back to HTTP.

Based on an idea by George Herbert <george dot herbert at gmail dot com>
http://lists.wikimedia.org/pipermail/wikitech-l/2010-October/050065.html
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index f34b290090..eee3c50ac0 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -79,6 +79,7 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   to move LocalSettings.php
 * The FailFunction "error handling" method has now been removed
 * $wgAdditionalMailParams added to allow setting extra options to mail() calls.
+* $wgSecureLogin & $wgSecureLoginStickHTTPS to optionaly login using HTTPS
 
 === New features in 1.17 ===
 * (bug 10183) Users can now add personal styles and scripts to all skins via
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index d62957c2b1..1414d83bed 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -2954,6 +2954,19 @@ $wgAutocreatePolicy = 'login';
  */
 $wgAllowPrefChange = array();
 
+/**
+ * This is to let user authenticate using https when they come from http.
+ * Based on an idea by George Herbert on wikitech-l:
+ * http://lists.wikimedia.org/pipermail/wikitech-l/2010-October/050065.html
+ * @since 1.17
+ */
+$wgSecureLogin        = false;
+/**
+ * Default for 'use secure login' checkbox
+ * @since 1.17
+ */
+$wgSecureLoginStickHTTPS = false;
+
 /** @} */ # end user accounts }
 
 /************************************************************************//**
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index 8425333158..b2cfd0cd1b 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -586,6 +586,21 @@ class SkinTemplate extends Skin {
 			$loginlink = $wgUser->isAllowed( 'createaccount' )
 				? 'nav-login-createaccount'
 				: 'login';
+
+			# anonlogin & login are the same
+			$login_url = array(
+				'text' => wfMsg( $loginlink ),
+				'href' => self::makeSpecialUrl( 'Userlogin', $returnto ),
+				'active' => $title->isSpecial( 'Userlogin' )
+			);
+			global $wgProto, $wgSecureLogin;
+			if( $wgProto === 'http' && $wgSecureLogin ) {
+				$title = SpecialPage::getTitleFor( 'Userlogin' );
+				$https_url = preg_replace( '/^http:/', 'https:', $title->getFullURL() );
+				$login_url['href']  = $https_url;
+				$login_url['class'] = 'link-https';  # FIXME class depends on skin
+			}
+
 			if( $this->showIPinHeader() ) {
 				$href = &$this->userpageUrlDetails['href'];
 				$personal_urls['anonuserpage'] = array(
@@ -602,17 +617,9 @@ class SkinTemplate extends Skin {
 					'class' => $usertalkUrlDetails['exists'] ? false : 'new',
 					'active' => ( $pageurl == $href )
 				);
-				$personal_urls['anonlogin'] = array(
-					'text' => wfMsg( $loginlink ),
-					'href' => self::makeSpecialUrl( 'Userlogin', $returnto ),
-					'active' => $title->isSpecial( 'Userlogin' )
-				);
+				$personal_urls['anonlogin'] = $login_url;
 			} else {
-				$personal_urls['login'] = array(
-					'text' => wfMsg( $loginlink ),
-					'href' => self::makeSpecialUrl( 'Userlogin', $returnto ),
-					'active' => $title->isSpecial( 'Userlogin' )
-				);
+				$personal_urls['login'] = $login_url;
 			}
 		}
 
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 333cddf50b..7561ee2e3a 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -59,7 +59,7 @@ class LoginForm {
 	var $mName, $mPassword, $mRetype, $mReturnTo, $mCookieCheck, $mPosted;
 	var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword;
 	var $mLoginattempt, $mRemember, $mEmail, $mDomain, $mLanguage;
-	var $mSkipCookieCheck, $mReturnToQuery, $mToken;
+	var $mSkipCookieCheck, $mReturnToQuery, $mToken, $mStickHTTPS;
 
 	private $mExtUser = null;
 
@@ -89,6 +89,7 @@ class LoginForm {
 		$this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
 		$this->mAction = $request->getVal( 'action' );
 		$this->mRemember = $request->getCheck( 'wpRemember' );
+		$this->mStickHTTPS = $request->getCheck( 'wpStickHTTPS' );
 		$this->mLanguage = $request->getText( 'uselang' );
 		$this->mSkipCookieCheck = $request->getCheck( 'wpSkipCookieCheck' );
 		$this->mToken = ( $this->mType == 'signup' ) ? $request->getVal( 'wpCreateaccountToken' ) : $request->getVal( 'wpLoginToken' );
@@ -853,7 +854,12 @@ class LoginForm {
 			if ( !$titleObj instanceof Title ) {
 				$titleObj = Title::newMainPage();
 			}
-			$wgOut->redirect( $titleObj->getFullURL( $this->mReturnToQuery ) );
+			$redirectUrl = $titleObj->getFullURL( $this->mReturnToQuery );
+			global $wgSecureLogin;
+			if( $wgSecureLogin && !$this->mStickHTTPS ) {
+				$redirectUrl = preg_replace( '/^https:/', 'http:', $redirectUrl );
+			}
+			$wgOut->redirect( $redirectUrl );
 		}
 	}
 
@@ -941,6 +947,7 @@ class LoginForm {
 		global $wgUser, $wgOut, $wgHiddenPrefs, $wgEnableEmail;
 		global $wgRequest, $wgLoginLanguageSelector;
 		global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
+		global $wgSecureLogin, $wgSecureLoginStickHTTPS;
 
 		$titleObj = SpecialPage::getTitleFor( 'Userlogin' );
 
@@ -1030,6 +1037,8 @@ class LoginForm {
 		$template->set( 'canremember', ( $wgCookieExpiration > 0 ) );
 		$template->set( 'usereason', $wgUser->isLoggedIn() );
 		$template->set( 'remember', $wgUser->getOption( 'rememberpassword' ) || $this->mRemember );
+		$template->set( 'cansecurelogin', ( $wgSecureLogin === true ) );
+		$template->set( 'stickHTTPS', $this->mStickHTTPS );
 
 		if ( $this->mType == 'signup' ) {
 			if ( !self::getCreateaccountToken() ) {
diff --git a/includes/templates/Userlogin.php b/includes/templates/Userlogin.php
index 92ad9cb4b7..6ad2afe94e 100644
--- a/includes/templates/Userlogin.php
+++ b/includes/templates/Userlogin.php
@@ -104,6 +104,22 @@ class UserloginTemplate extends QuickTemplate {
 				?>
 			</td>
 		</tr>
+<?php } ?>
+<?php if( $this->data['cansecurelogin'] ) { ?>
+		<tr>
+			<td></td>
+			<td class="mw-input">
+			<?php
+			echo Xml::checkLabel(
+				wfMsg( 'securelogin-stick-https' ),
+				'wpStickHTTPS',
+				'wpStickHTTPS',
+				$this->data['stickHTTPS'],
+				array( 'tabindex' => '9' )
+			);
+		?>
+			</td>
+		</tr>
 <?php } ?>
 		<tr>
 			<td></td>
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index ae1b4b2c3f..9458d6148f 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1039,6 +1039,7 @@ Do not forget to change your [[Special:Preferences|{{SITENAME}} preferences]].',
 'yourpassword'               => 'Password:',
 'yourpasswordagain'          => 'Retype password:',
 'remembermypassword'         => 'Remember my login on this browser (for a maximum of $1 {{PLURAL:$1|day|days}})',
+'securelogin-stick-https'    => 'Stay connected to HTTPS after login',
 'yourdomainname'             => 'Your domain:',
 'externaldberror'            => 'There was either an authentication database error or you are not allowed to update your external account.',
 'login'                      => 'Log in',