From: Tim Starling <tstarling@wikimedia.org>
Date: Wed, 21 Aug 2013 01:39:45 +0000 (+1000)
Subject: Core support for disabling HTTPS based on GeoIP
X-Git-Tag: 1.31.0-rc.0~18899^2~1
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/modifier.php?a=commitdiff_plain;h=f0b346d6d07ec7b80772fd4f164b762799a21420;p=lhc%2Fweb%2Fwiklou.git

Core support for disabling HTTPS based on GeoIP

* Introduce a hook allowing automatic redirects to HTTPS to be
  disabled on the basis of client IP address.
* Make User::requiresHTTPS() return false if the client IP is
  blacklisted as such.
* On login, make the "stick HTTPS" option default to false if the
  client IP address is blacklisted as such.
* Do not redirect anonymous requests to HTTPS.
* If $wgSecureLogin is enabled, link to the HTTPS login page *via*
  the HTTP redirect, so that there is no need to vary the cache of
  anonymous page view HTML on client IP address.

Change-Id: Iaa9dd2108431b8c35e05db4bfe78a629018a003c
---

diff --git a/docs/hooks.txt b/docs/hooks.txt
index e776d4cd8b..1b44d14f2f 100644
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -758,6 +758,12 @@ $user: the user who did the block (not the one being blocked)
 $isbn: ISBN to show information for
 $output: OutputPage object in use
 
+'CanIPUseHTTPS': Determine whether the client at a given source IP is likely
+to be able to access the wiki via HTTPS.
+$ip: The IP address in human-readable form
+&$canDo: This reference should be set to false if the client may not be able 
+to use HTTPS
+
 'CanonicalNamespaces': For extensions adding their own namespaces or altering
 the defaults.
 Note that if you need to specify namespace protection or content model for
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index be4ec3e6fd..dd23538aaf 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -3967,3 +3967,16 @@ function wfIsBadImage( $name, $contextTitle = false, $blacklist = null ) {
 	wfProfileOut( __METHOD__ );
 	return $bad;
 }
+
+/**
+ * Determine whether the client at a given source IP is likely to be able to 
+ * access the wiki via HTTPS. 
+ *
+ * @param string $ip The IPv4/6 address in the normal human-readable form
+ * @return boolean
+ */
+function wfCanIPUseHTTPS( $ip ) {
+	$canDo = true;
+	wfRunHooks( 'CanIPUseHTTPS', array( $ip, &$canDo ) );
+	return !!$canDo;
+}
diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index 69e551e1c7..bb31bdfbf2 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -693,18 +693,15 @@ class SkinTemplate extends Skin {
 				: 'login';
 			$is_signup = $request->getText( 'type' ) == 'signup';
 
-			# anonlogin & login are the same
-			$proto = $wgSecureLogin ? PROTO_HTTPS : null;
-
 			$login_id = $this->showIPinHeader() ? 'anonlogin' : 'login';
 			$login_url = array(
 				'text' => $this->msg( $loginlink )->text(),
-				'href' => self::makeSpecialUrl( 'Userlogin', $returnto, $proto ),
+				'href' => self::makeSpecialUrl( 'Userlogin', $returnto ),
 				'active' => $title->isSpecial( 'Userlogin' ) && ( $loginlink == 'nav-login-createaccount' || !$is_signup ),
 			);
 			$createaccount_url = array(
 				'text' => $this->msg( 'createaccount' )->text(),
-				'href' => self::makeSpecialUrl( 'Userlogin', "$returnto&type=signup", $proto ),
+				'href' => self::makeSpecialUrl( 'Userlogin', "$returnto&type=signup" ),
 				'active' => $title->isSpecial( 'Userlogin' ) && $is_signup,
 			);
 
diff --git a/includes/User.php b/includes/User.php
index 29230265ad..25b35b34d9 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2612,6 +2612,9 @@ class User {
 		} else {
 			$https = $this->getBoolOption( 'prefershttps' );
 			wfRunHooks( 'UserRequiresHTTPS', array( $this, &$https ) );
+			if ( $https ) {
+				$https = wfCanIPUseHTTPS( $this->getRequest()->getIP() );
+			}
 			return $https;
 		}
 	}
diff --git a/includes/Wiki.php b/includes/Wiki.php
index 55805baeda..6ac9341f3a 100644
--- a/includes/Wiki.php
+++ b/includes/Wiki.php
@@ -510,7 +510,10 @@ class MediaWiki {
 			(
 				$request->getCookie( 'forceHTTPS' ) ||
 				// Avoid checking the user and groups unless it's enabled.
-				$this->context->getUser()->requiresHTTPS()
+				(
+					$this->context->getUser()->isLoggedIn()
+					&& $this->context->getUser()->requiresHTTPS()
+				)
 			) &&
 			$request->detectProtocol() == 'http'
 		) {
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 2081dd97ea..2fb1da7908 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -178,7 +178,7 @@ class LoginForm extends SpecialPage {
 				'wpStickHTTPS' => $this->mStickHTTPS
 			);
 			$url = $title->getFullURL( $query, false, PROTO_HTTPS );
-			if ( $wgSecureLogin ) {
+			if ( $wgSecureLogin && wfCanIPUseHTTPS( $this->getRequest()->getIP() ) ) {
 				$this->getOutput()->redirect( $url );
 				return;
 			} else {
@@ -1125,7 +1125,11 @@ class LoginForm extends SpecialPage {
 		}
 
 		// Decide if we default stickHTTPS on
-		if ( $wgSecureLoginDefaultHTTPS && $this->mAction != 'submitlogin' && !$this->mLoginattempt ) {
+		if ( $wgSecureLoginDefaultHTTPS 
+			&& $this->mAction != 'submitlogin' 
+			&& !$this->mLoginattempt
+			&& wfCanIPUseHTTPS( $this->getRequest()->getIP() ) )
+		{	
 			$this->mStickHTTPS = true;
 		}