return;
}
+ try {
+ $this->requirePostedParameters( [ 'password', 'token' ] );
+ } catch ( UsageException $ex ) {
+ // Make this a warning for now, upgrade to an error in 1.29.
+ $this->setWarning( $ex->getMessage() );
+ $this->logFeatureUsage( 'login-params-in-query-string' );
+ }
+
$params = $this->extractRequestParams();
$result = [];
}
// Try bot passwords
- if ( $authRes === false && $this->getConfig()->get( 'EnableBotPasswords' ) &&
- strpos( $params['name'], BotPassword::getSeparator() ) !== false
+ if (
+ $authRes === false && $this->getConfig()->get( 'EnableBotPasswords' ) &&
+ ( $botLoginData = BotPassword::canonicalizeLoginData( $params['name'], $params['password'] ) )
) {
$status = BotPassword::login(
- $params['name'], $params['password'], $this->getRequest()
+ $botLoginData[0], $botLoginData[1], $this->getRequest()
);
if ( $status->isOK() ) {
$session = $status->getValue();
$authRes = 'Success';
$loginType = 'BotPassword';
- } else {
+ } elseif ( !$botLoginData[2] ) {
$authRes = 'Failed';
$message = $status->getMessage();
LoggerFactory::getInstance( 'authentication' )->info(
} else {
$linkRenderer = $this->getLinkRenderer();
- $dbr = BotPassword::getDB( DB_SLAVE );
+ $dbr = BotPassword::getDB( DB_REPLICA );
$res = $dbr->select(
'bot_passwords',
[ 'bp_app_id' ],
] );
if ( $this->operation === 'insert' || !empty( $data['resetPassword'] ) ) {
- $this->password = PasswordFactory::generateRandomPasswordString(
- max( 32, $this->getConfig()->get( 'MinimalPasswordLength' ) )
- );
+ $this->password = BotPassword::generatePassword( $this->getConfig() );
$passwordFactory = new PasswordFactory();
$passwordFactory->init( RequestContext::getMain()->getConfig() );
$password = $passwordFactory->newFromPlaintext( $this->password );
$out->addWikiMsg(
'botpasswords-newpassword',
htmlspecialchars( $username . $sep . $this->par ),
- htmlspecialchars( $this->password )
+ htmlspecialchars( $this->password ),
+ htmlspecialchars( $username ),
+ htmlspecialchars( $this->par . $sep . $this->password )
);
$this->password = null;
}
/**
* Get a database connection for the bot passwords database
- * @param int $db Index of the connection to get, e.g. DB_MASTER or DB_SLAVE.
+ * @param int $db Index of the connection to get, e.g. DB_MASTER or DB_REPLICA.
* @return DatabaseBase
*/
public static function getDB( $db ) {
return (bool)$dbw->affectedRows();
}
+ /**
+ * Returns a (raw, unhashed) random password string.
+ * @param Config $config
+ * @return string
+ */
+ public static function generatePassword( $config ) {
+ return PasswordFactory::generateRandomPasswordString(
+ max( 32, $config->get( 'MinimalPasswordLength' ) ) );
+ }
+
+ /**
+ * There are two ways to login with a bot password: "username@appId", "password" and
+ * "username", "appId@password". Transform it so it is always in the first form.
+ * Returns [bot username, bot password, could be normal password?] where the last one is a flag
+ * meaning this could either be a bot password or a normal password, it cannot be decided for
+ * certain (although in such cases it almost always will be a bot password).
+ * If this cannot be a bot password login just return false.
+ * @param string $username
+ * @param string $password
+ * @return array|false
+ */
+ public static function canonicalizeLoginData( $username, $password ) {
+ $sep = BotPassword::getSeparator();
+ if ( strpos( $username, $sep ) !== false ) {
+ // the separator is not valid in usernames so this must be a bot login
+ return [ $username, $password, false ];
+ } elseif ( strlen( $password ) > 32 && strpos( $password, $sep ) !== false ) {
+ // the strlen check helps minimize the password information obtainable from timing
+ $segments = explode( $sep, $password );
+ $password = array_pop( $segments );
+ $appId = implode( $sep, $segments );
+ if ( preg_match( '/^[0-9a-w]{32,}$/', $password ) ) {
+ return [ $username . $sep . $appId, $password, true ];
+ }
+ }
+ return false;
+ }
+
/**
* Try to log the user in
* @param string $username Combined user name and app ID
"yourpasswordagain": "Retype password:",
"createacct-yourpasswordagain": "Confirm password",
"createacct-yourpasswordagain-ph": "Enter password again",
- "remembermypassword": "Remember my login on this browser (for a maximum of $1 {{PLURAL:$1|day|days}})",
"userlogin-remembermypassword": "Keep me logged in",
"userlogin-signwithsecure": "Use secure connection",
+ "cannotlogin-title": "Cannot log in",
+ "cannotlogin-text": "Logging in is not possible.",
"cannotloginnow-title": "Cannot log in now",
"cannotloginnow-text": "Logging in is not possible when using $1.",
+ "cannotcreateaccount-title": "Cannot create accounts",
+ "cannotcreateaccount-text": "Direct account creation is not enabled on this wiki.",
"yourdomainname": "Your domain:",
"password-change-forbidden": "You cannot change passwords on this wiki.",
"externaldberror": "There was either an authentication database error or you are not allowed to update your external account.",
"botpasswords-updated-body": "The bot password for bot name \"$1\" of user \"$2\" was updated.",
"botpasswords-deleted-title": "Bot password deleted",
"botpasswords-deleted-body": "The bot password for bot name \"$1\" of user \"$2\" was deleted.",
- "botpasswords-newpassword": "The new password to log in with <strong>$1</strong> is <strong>$2</strong>. <em>Please record this for future reference.</em>",
+ "botpasswords-newpassword": "The new password to log in with <strong>$1</strong> is <strong>$2</strong>. <em>Please record this for future reference.</em> <br> (For old bots which require the login name to be the same as the eventual username, you can also use <strong>$3</strong> as username and <strong>$4</strong> as password.)",
"botpasswords-no-provider": "BotPasswordsSessionProvider is not available.",
"botpasswords-restriction-failed": "Bot password restrictions prevent this login.",
"botpasswords-invalid-name": "The username specified does not contain the bot password separator (\"$1\").",
"file-thumbnail-no": "The filename begins with <strong>$1</strong>.\nIt seems to be an image of reduced size <em>(thumbnail)</em>.\nIf you have this image in full resolution upload this one, otherwise change the filename please.",
"fileexists-forbidden": "A file with this name already exists, and cannot be overwritten.\nIf you still want to upload your file, please go back and use a new name.\n[[File:$1|thumb|center|$1]]",
"fileexists-shared-forbidden": "A file with this name exists already in the shared file repository.\nIf you still want to upload your file, please go back and use a new name.\n[[File:$1|thumb|center|$1]]",
+ "fileexists-no-change": "The upload is an exact duplicate of the current version of <strong>[[:$1]]</strong>.",
+ "fileexists-duplicate-version": "The upload is an exact duplicate of {{PLURAL:$2|an older version|older versions}} of <strong>[[:$1]]</strong>.",
"file-exists-duplicate": "This file is a duplicate of the following {{PLURAL:$1|file|files}}:",
"file-deleted-duplicate": "A file identical to this file ([[:$1]]) has previously been deleted.\nYou should check that file's deletion history before proceeding to re-upload it.",
"file-deleted-duplicate-notitle": "A file identical to this file has previously been deleted, and the title has been suppressed.\nYou should ask someone with the ability to view suppressed file data to review the situation before proceeding to re-upload it.",
"filerevert-submit": "Revert",
"filerevert-success": "<strong>[[Media:$1|$1]]</strong> has been reverted to the [$4 version as of $3, $2].",
"filerevert-badversion": "There is no previous local version of this file with the provided timestamp.",
+ "filerevert-identical": "The current version of the file is already identical to the selected one.",
"filedelete": "Delete $1",
"filedelete-legend": "Delete file",
"filedelete-intro": "You are about to delete the file <strong>[[Media:$1|$1]]</strong> along with all of its history.",
"rollbacklinkcount-morethan": "rollback more than $1 {{PLURAL:$1|edit|edits}}",
"rollbackfailed": "Rollback failed",
"rollback-missingparam": "Missing required parameters on request.",
+ "rollback-missingrevision": "Unable to load revision data.",
"cantrollback": "Cannot revert edit;\nlast contributor is only author of this page.",
"alreadyrolled": "Cannot rollback last edit of [[:$1]] by [[User:$2|$2]] ([[User talk:$2|talk]]{{int:pipe-separator}}[[Special:Contributions/$2|{{int:contribslink}}]]);\nsomeone else has edited or rolled back the page already.\n\nThe last edit to the page was by [[User:$3|$3]] ([[User talk:$3|talk]]{{int:pipe-separator}}[[Special:Contributions/$3|{{int:contribslink}}]]).",
"editcomment": "The edit summary was: <em>$1</em>.",
"pageinfo-article-id": "Page ID",
"pageinfo-language": "Page content language",
"pageinfo-content-model": "Page content model",
+ "pageinfo-content-model-change": "change",
"pageinfo-robot-policy": "Indexing by robots",
"pageinfo-robot-index": "Allowed",
"pageinfo-robot-noindex": "Disallowed",
"linkaccounts-submit": "Link accounts",
"unlinkaccounts": "Unlink accounts",
"unlinkaccounts-success": "The account was unlinked.",
- "authenticationdatachange-ignored": "The authentication data change was not handled. Maybe no provider was configured?"
+ "authenticationdatachange-ignored": "The authentication data change was not handled. Maybe no provider was configured?",
+ "userjsispublic": "Please note: JavaScript subpages should not contain confidential data as they are viewable by other users.",
+ "usercssispublic": "Please note: CSS subpages should not contain confidential data as they are viewable by other users."
}
"2axterix2",
"Ата",
"Matěj Suchánek",
- "Chaduvari"
+ "Chaduvari",
+ "MarcoAurelio"
]
},
"sidebar": "{{notranslate}}",
"yourpasswordagain": "Since 1.22 no longer used in core, but may be used by some extensions. DEPRECATED",
"createacct-yourpasswordagain": "In create account form, label for field to re-enter password\n\nSee example: [{{canonicalurl:Special:UserLogin|type=signup}} Special:UserLogin?type=signup]\n{{Identical|Confirm password}}",
"createacct-yourpasswordagain-ph": "Placeholder text in create account form for re-enter password field.\n\nSee example: [{{canonicalurl:Special:UserLogin|type=signup}} Special:UserLogin?type=signup]",
- "remembermypassword": "Used as checkbox label on [[Special:ChangePassword]]. Parameters:\n* $1 - number of days\n{{Identical|Remember my login on this computer}}",
"userlogin-remembermypassword": "The text for a check box in [[Special:UserLogin]].",
"userlogin-signwithsecure": "Text of link to HTTPS login form.\n\nSee example: [[Special:UserLogin]]",
- "cannotloginnow-title": "Error page title shown when logging in is not possible.",
- "cannotloginnow-text": "Error page text shown when logging in is not possible. Parameters:\n* $1 - Session type in use that makes it not possible to log in, from a message like {{msg-mw|sessionprovider-mediawiki-session-cookiesessionprovider}}.",
+ "cannotlogin-title": "Error page title shown when logging in is not possible. This is a catch-all when a more specific reason is not available.",
+ "cannotlogin-text": "Error page text shown when logging in is not possible. This is a catch-all when a more specific reason is not available.",
+ "cannotloginnow-title": "Error page title shown when logging in is not possible becuse the session provider in use does the user authentication itself.",
+ "cannotloginnow-text": "Error page text shown when logging in is not possible becuse the session provider in use does the user authentication itself. Parameters:\n* $1 - Session type in use that makes it not possible to log in, from a message like {{msg-mw|sessionprovider-mediawiki-session-cookiesessionprovider}}.",
+ "cannotcreateaccount-title": "Error page title shown when manual account creation is not possible. That probably means the wiki supports some other account creation method, e.g. autocreation by the session provider. (When account creation is possible but the current user does not have permission to do it, a more specific error message is displayed.)",
+ "cannotcreateaccount-text": "Error page text shown when manual account creation is not possible. That probably means the wiki supports some other account creation method, e.g. autocreation by the session provider. (When account creation is possible but the current user does not have permission to do it, a more specific error message is displayed.)",
"yourdomainname": "Used as label for listbox.",
"password-change-forbidden": "Error message shown when an external authentication source does not allow the password to be changed.",
"externaldberror": "This message is thrown when a valid attempt to change the wiki password for a user fails because of a database error or an error from an external system.",
"botpasswords-updated-body": "Success message when a bot password is updated. Parameters:\n* $1 - Bot name\n* $2 - User name",
"botpasswords-deleted-title": "Title of the success page when a bot password is deleted.",
"botpasswords-deleted-body": "Success message when a bot password is deleted. Parameters:\n* $1 - Bot name\n* $2 - User name",
- "botpasswords-newpassword": "Success message to display the new password when a bot password is created or updated. Parameters:\n* $1 - User name to be used for login.\n* $2 - Password to be used for login.",
+ "botpasswords-newpassword": "Success message to display the new password when a bot password is created or updated. Parameters:\n* $1 - User name to be used for login.\n* $2 - Password to be used for login.\n* $3, $4 - an alternative version of the user name and password, respectively, which is less preferred, but more compatible with old bots.",
"botpasswords-no-provider": "Error message when login is attempted but the BotPasswordsSessionProvider is not included in <code>$wgSessionProviders</code>.",
"botpasswords-restriction-failed": "Error message when login is rejected because the configured restrictions were not satisfied.",
"botpasswords-invalid-name": "Error message when a username lacking the separator character is passed to BotPassword. Parameters:\n* $1 - The separator character.",
"file-thumbnail-no": "Error message at [[Special:Upload]]. Parameters:\n* $1 - String (e.g. \"180px-\")",
"fileexists-forbidden": "{{doc-important|''thumb'' and ''center'' are magic words. Leave it untranslated!}}\nParameters:\n* $1 - name of the existing file",
"fileexists-shared-forbidden": "{{doc-important|''thumb'' and ''center'' are magic words. Leave it untranslated!}}\nError message at [[Special:Upload]].\nParameters:\n* $1 - name of the existing file",
+ "fileexists-no-change": "Used in [[Special:Upload]] to warn when the upload is an exact duplicate of the current version of the file.\nParameters:\n* $1 - name of the existing file",
+ "fileexists-duplicate-version": "Used in [[Special:Upload]] to warn when the upload is an exact duplicate of (an) older version(s) of the file\nParameters:\n* $1 - name of the existing file\n* $2 - Amount of matching older versions (PLURAL support)",
"file-exists-duplicate": "Used as warning in [[Special:Upload]].\nThis message is followed by the gallery of the duplicate files.\n\nParameters:\n* $1 - number of duplicate files",
"file-deleted-duplicate": "Used in [[Special:Upload]. Parameters:\n* $1 - page title of the file\n\nSee also:\n* {{msg-mw|file-deleted-duplicate-notitle}}",
"file-deleted-duplicate-notitle": "Used in [[Special:Upload]] when the title of the deleted duplicate is not available.\n\nSee also:\n* {{msg-mw|file-deleted-duplicate}}",
"filerevert-submit": "{{Identical|Revert}}",
"filerevert-success": "Message displayed when you succeed in reverting a version of a file.\n* $1 is the name of the media\n* $2 is a date\n* $3 is a time\n* $4 is an URL and must follow square bracket: [$4\n{{Identical|Revert}}",
"filerevert-badversion": "Used as error message.",
+ "filerevert-identical": "Used as error message.",
"filedelete": "Used as page title. Parameters:\n* $1 - file title\nSee also:\n* {{msg-mw|Filedelete-intro}}",
"filedelete-legend": "Used as fieldset label in the \"Delete file\" form.\n{{Identical|Delete file}}",
"filedelete-intro": "Used as introduction for FileDelete form. Parameters:\n* $1 - page title for file\nSee also:\n* {{msg-mw|Filedelete|page title}}",
"rollbacklinkcount-morethan": "{{doc-actionlink}}\nText of the rollback link when a greater number of edits is to be rolled back. See also {{msg-mw|rollbacklink}}.\n\nWhen the number of edits rolled back is smaller than [[mw:Special:MyLanguage/Manual:$wgShowRollbackEditCount|$wgShowRollbackEditCount]], {{msg-mw|rollbacklinkcount}} is used instead.\n\nParameters:\n* $1 - number of edits",
"rollbackfailed": "{{Identical|Rollback}}",
"rollback-missingparam": "Used as error message that rollback is accessed without the required parameters\n\nSee also:\n* {{msg-mw|Rollbackfailed}}",
+ "rollback-missingrevision": "Used as error message that rollback failed to load revision data\n\nSee also:\n* {{msg-mw|Rollbackfailed}}",
"cantrollback": "Used as error message when rollback fails due to there not being a valid revision to revert back to.\n\nSee also:\n* {{msg-mw|Notvisiblerev}}\n{{Identical|Revert}}\n{{Identical|Rollback}}",
"alreadyrolled": "Appear when there's rollback and/or edit collision.\n\nRefers to:\n* {{msg-mw|Pipe-separator}}\n* {{msg-mw|Contribslink}}\nParameters:\n* $1 - the page to be rolled back\n* $2 - the editor to be rolled-back of that page\n* $3 - the editor that cause collision\n{{Identical|Rollback}}",
"editcomment": "Only shown if there is an edit {{msg-mw|Summary}}. Parameters:\n* $1 - the edit summary",
"pageinfo-article-id": "The numeric identifier of the page.\n{{Identical|Page ID}}",
"pageinfo-language": "Language in which the page content is written.",
"pageinfo-content-model": "The model in which the page content is written.\n\nUsed as label at [{{fullurl:Main Page|action=info}} action=info]. Followed by one of the following messages:\n* {{msg-mw|Content-model-wikitext}}\n* {{msg-mw|Content-model-javascript}}\n* {{msg-mw|Content-model-css}}\n* {{msg-mw|Content-model-text}}",
+ "pageinfo-content-model-change": "Link text for a link to Special:ChangeContentModel. The link will be wrapped in parenthesis.\n{{Identical|Change}}",
"pageinfo-robot-policy": "The search engine status of the page.\n\nUsed as label. Followed by any one of the following messages:\n*{{msg-mw|Pageinfo-robot-index}}\n*{{msg-mw|Pageinfo-robot-noindex}}",
"pageinfo-robot-index": "An indication that the page is indexable by search engines, that is listed in their search results.\n\nPreceded by the label {{msg-mw|Pageinfo-robot-policy}}.\n{{Identical|Allowed}}",
"pageinfo-robot-noindex": "An indication that the page is not indexable (that is, is not listed on the results page of a search engine).\n\nPreceded by the label {{msg-mw|Pageinfo-robot-policy}}.",
"logentry-delete-revision": "{{Logentry|[[Special:Log/delete]]}}\n{{Logentryparam}}\n* $5 - the number of affected revisions of the page $3",
"logentry-delete-event-legacy": "{{Logentry|[[Special:Log/delete]]}}",
"logentry-delete-revision-legacy": "{{Logentry|[[Special:Log/delete]]}}",
- "logentry-suppress-delete": "{{Logentry}}\n\n'Hid' is a possible alternative to 'suppressed' in this message.",
+ "logentry-suppress-delete": "{{Logentry}}\n\n'Hid' is a possible alternative to 'suppressed' in this message.\n\n'''This is not a normal deletion log entry''' and is used only when the page is removed even from administrators view (on WMF wikis this is called 'oversight' or 'suppression'.",
"logentry-suppress-event": "{{Logentry}}\n{{Logentryparam}}\n* $5 - count of affected log events",
"logentry-suppress-revision": "{{Logentry}}\n{{Logentryparam}}\n* $5 - the number of affected revisions of the page $3.",
"logentry-suppress-event-legacy": "{{Logentry}}",
"linkaccounts-submit": "Text of the main submit button on [[Special:LinkAccounts]] (when there is one)",
"unlinkaccounts": "Title of the special page [[Special:UnlinkAccounts]] which allows the user to remove linked remote accounts.",
"unlinkaccounts-success": "Account unlinking form success message",
- "authenticationdatachange-ignored": "Shown when authentication data change was unsuccessful due to configuration problems.\n\nCf. e.g. {{msg-mw|Passwordreset-ignored}}."
+ "authenticationdatachange-ignored": "Shown when authentication data change was unsuccessful due to configuration problems.\n\nCf. e.g. {{msg-mw|Passwordreset-ignored}}.",
+ "userjsispublic": "A reminder to users that Javascript subpages are not preferences but normal pages, and thus can be viewed by other users and the general public. This message is shown to a user whenever they are editing a subpage in their own user-space that ends in .js. See also {{msg-mw|usercssispublic}}.",
+ "usercssispublic": "A reminder to users that CSS subpages are not preferences but normal pages, and thus can be viewed by other users and the general public. This message is shown to a user whenever they are editing a subpage in their own user-space that ends in .css. See also {{msg-mw|userjsispublic}}"
}
dépôts / lhc / web / wiklou.git / commitdiff