'SpecialPageFactory' => __DIR__ . '/includes/specialpage/SpecialPageFactory.php',
'SpecialPageLanguage' => __DIR__ . '/includes/specials/SpecialPageLanguage.php',
'SpecialPagesWithProp' => __DIR__ . '/includes/specials/SpecialPagesWithProp.php',
+ 'SpecialPasswordPolicies' => __DIR__ . '/includes/specials/SpecialPasswordPolicies.php',
'SpecialPasswordReset' => __DIR__ . '/includes/specials/SpecialPasswordReset.php',
'SpecialPermanentLink' => __DIR__ . '/includes/specials/SpecialPermanentLink.php',
'SpecialPreferences' => __DIR__ . '/includes/specials/SpecialPreferences.php',
'Listbots' => SpecialListBots::class,
'Userrights' => UserrightsPage::class,
'EditWatchlist' => SpecialEditWatchlist::class,
+ 'PasswordPolicies' => SpecialPasswordPolicies::class,
// Recent changes and logs
'Newimages' => SpecialNewFiles::class,
--- /dev/null
+<?php
+/**
+ * Implements Special:PasswordPolicies
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @ingroup SpecialPage
+ */
+
+/**
+ * This special page lists the defined password policies for user groups.
+ * See also @ref $wgPasswordPolicy.
+ *
+ * @ingroup SpecialPage
+ * @since 1.32
+ */
+class SpecialPasswordPolicies extends SpecialPage {
+ public function __construct() {
+ parent::__construct( 'PasswordPolicies' );
+ }
+
+ /**
+ * Show the special page
+ * @param string|null $par
+ */
+ public function execute( $par ) {
+ $this->setHeaders();
+ $this->outputHeader();
+
+ $out = $this->getOutput();
+ $out->addModuleStyles( 'mediawiki.special' );
+
+ $this->addHelpLink( 'Help:Password policies' );
+
+ $out->addHTML(
+ Xml::openElement( 'table', [ 'class' => 'wikitable mw-passwordpolicies-table' ] ) .
+ '<tr>' .
+ Xml::element( 'th', null, $this->msg( 'passwordpolicies-group' )->text() ) .
+ Xml::element( 'th', null, $this->msg( 'passwordpolicies-policies' )->text() ) .
+ '</tr>'
+ );
+
+ $config = $this->getConfig();
+ $policies = $config->get( 'PasswordPolicy' );
+
+ $groupPermissions = $config->get( 'GroupPermissions' );
+ $revokePermissions = $config->get( 'RevokePermissions' );
+ $addGroups = $config->get( 'AddGroups' );
+ $removeGroups = $config->get( 'RemoveGroups' );
+ $groupsAddToSelf = $config->get( 'GroupsAddToSelf' );
+ $groupsRemoveFromSelf = $config->get( 'GroupsRemoveFromSelf' );
+ $allGroups = array_unique( array_merge(
+ array_keys( $groupPermissions ),
+ array_keys( $revokePermissions ),
+ array_keys( $addGroups ),
+ array_keys( $removeGroups ),
+ array_keys( $groupsAddToSelf ),
+ array_keys( $groupsRemoveFromSelf )
+ ) );
+ asort( $allGroups );
+
+ $linkRenderer = $this->getLinkRenderer();
+
+ foreach ( $allGroups as $group ) {
+ if ( $group == '*' ) {
+ continue;
+ }
+
+ $groupnameLocalized = UserGroupMembership::getGroupName( $group );
+
+ $grouppageLocalizedTitle = UserGroupMembership::getGroupPage( $group )
+ ?: Title::newFromText( MWNamespace::getCanonicalName( NS_PROJECT ) . ':' . $group );
+
+ $grouppage = $linkRenderer->makeLink(
+ $grouppageLocalizedTitle,
+ $groupnameLocalized
+ );
+
+ if ( $group === 'user' ) {
+ // Link to Special:listusers for implicit group 'user'
+ $grouplink = '<br />' . $linkRenderer->makeKnownLink(
+ SpecialPage::getTitleFor( 'Listusers' ),
+ $this->msg( 'listgrouprights-members' )->text()
+ );
+ } elseif ( !in_array( $group, $config->get( 'ImplicitGroups' ) ) ) {
+ $grouplink = '<br />' . $linkRenderer->makeKnownLink(
+ SpecialPage::getTitleFor( 'Listusers' ),
+ $this->msg( 'listgrouprights-members' )->text(),
+ [],
+ [ 'group' => $group ]
+ );
+ } else {
+ // No link to Special:listusers for other implicit groups as they are unlistable
+ $grouplink = '';
+ }
+
+ $out->addHTML( Html::rawElement( 'tr', [ 'id' => Sanitizer::escapeIdForAttribute( $group ) ], "
+ <td>$grouppage$grouplink</td>
+ <td>" . $this->formatPolicies( $policies, $group ) . '</td>
+ '
+ ) );
+
+ }
+
+ $out->addHTML( Xml::closeElement( 'table' ) );
+ }
+
+ /**
+ * Create a HTML list of password policies for $group
+ *
+ * @param array $policies Original $wgPasswordPolicy array
+ * @param array $group Group to format password policies for
+ *
+ * @return string HTML list of all applied password policies
+ */
+ private function formatPolicies( $policies, $group ) {
+ $groupPolicies = UserPasswordPolicy::getPoliciesForGroups(
+ $policies['policies'],
+ [ $group ],
+ $policies['policies']['default']
+ );
+
+ $ret = [];
+ foreach ( $groupPolicies as $gp => $val ) {
+ if ( $val === false ) {
+ // Policy isn't enabled, so no need to dislpay it
+ continue;
+ } elseif ( $val === true ) {
+ $msg = $this->msg( 'passwordpolicies-policy-' . strtolower( $gp ) );
+ } else {
+ $msg = $this->msg( 'passwordpolicies-policy-' . strtolower( $gp ) )->numParams( $val );
+ }
+ $ret[] = $this->msg(
+ 'passwordpolicies-policy-display',
+ $msg,
+ '<span class="mw-passwordpolicies-policy-name">' . $gp . '</span>'
+ )->parse();
+ }
+ if ( !count( $ret ) ) {
+ return '';
+ } else {
+ return '<ul><li>' . implode( "</li>\n<li>", $ret ) . '</li></ul>';
+ }
+ }
+
+ protected function getGroupName() {
+ return 'users';
+ }
+}
"pagedata-text": "This page provides a data interface to pages. Please provide the page title in the URL, using subpage syntax.\n* Content negotiation applies based on your client's Accept header. This means that the page data will be provided in the format preferred by your client.",
"pagedata-not-acceptable": "No matching format found. Supported MIME types: $1",
"pagedata-bad-title": "Invalid title: $1.",
- "unregistered-user-config": "For security reasons JavaScript, CSS and JSON user subpages cannot be loaded for unregistered users."
+ "unregistered-user-config": "For security reasons JavaScript, CSS and JSON user subpages cannot be loaded for unregistered users.",
+ "passwordpolicies": "Password policies",
+ "passwordpolicies-summary": "This is a list of the effective password policies for the user groups defined in this wiki.",
+ "passwordpolicies-helppage": "Manual:$wgPasswordPolicy",
+ "passwordpolicies-group": "Group",
+ "passwordpolicies-policies": "Policies",
+ "passwordpolicies-policy-display": "<span class=\"passwordpolicies-policy\">$1 <code>($2)</code></span>",
+ "passwordpolicies-policy-minimalpasswordlength": "Password must be at least $1 {{PLURAL:$1|character|characters}} long",
+ "passwordpolicies-policy-minimumpasswordlengthtologin": "Password must be at least $1 {{PLURAL:$1|character|characters}} long to be able to login",
+ "passwordpolicies-policy-passwordcannotmatchusername": "Password cannot be the same as username",
+ "passwordpolicies-policy-passwordcannotmatchblacklist": "Password cannot match specifically blacklisted passwords",
+ "passwordpolicies-policy-maximalpasswordlength": "Password must be less than $1 {{PLURAL:$1|character|characters}} long",
+ "passwordpolicies-policy-passwordcannotbepopular": "Password cannot be {{PLURAL:$1|the popular password|in the list of $1 popular passwords}}"
}
"pagedata-text": "Error shown when none of the formats acceptable to the client is supported (HTTP error 406). Parameters:\n* $1 - the list of supported MIME types",
"pagedata-not-acceptable": "No matching format found. Supported MIME types: $1",
"pagedata-bad-title": "Error shown when the requested title is invalid. Parameters:\n* $1: the malformed ID",
- "unregistered-user-config": "Shown when viewing a user JS, CSS or JSON subpage with ?action=raw&ctype=<mime type> where there is no such user. It is shown as a paragraph after a header saying 'Forbidden'."
+ "unregistered-user-config": "Shown when viewing a user JS, CSS or JSON subpage with ?action=raw&ctype=<mime type> where there is no such user. It is shown as a paragraph after a header saying 'Forbidden'.",
+ "passwordpolicies": "The name of the special page [[Special:PasswordPolicies]].",
+ "passwordpolicies-summary": "The description used on [[Special:ListGroupRights]].\n\nRefers to {{msg-mw|Passwordpolicies-helppage}}.",
+ "passwordpolicies-helppage": "The link used on [[Special:PasswordPolicies]].",
+ "passwordpolicies-group": "The title of the column in the table, about user groups (like you are in the ''translator'' group).\n\n{{Identical|Group}}\n{{Related|Passwordpolicies}}",
+ "passwordpolicies-policies": "The title of the column in the table, about password policies.\n{{Related|Passwordpolicies}}",
+ "passwordpolicies-policy-display": "{{optional}}\nParameters:\n* $1 - the text from the \"passwordpolicies-policy-...\" messages, i.e. {{msg-mw|passwordpolicies-policy-minimalpasswordlength}}\n* $2 - the name of this password policy",
+ "passwordpolicies-policy-minimalpasswordlength": "Password policy that enforces a minimum number of characters a password must be. $1 - minimum number of characters that a password can be",
+ "passwordpolicies-policy-minimumpasswordlengthtologin": "Password policy that enforces a minimum number of characters a password must be to be able to login to the wiki. $1 - minimum number of characters that a password can be to be able to login",
+ "passwordpolicies-policy-passwordcannotmatchusername": "Password policy that enforces that the password of the account cannot be the same as the username",
+ "passwordpolicies-policy-passwordcannotmatchblacklist": "Password policy that enforces that passwords are not on a list of blacklisted passwords (often previously used during MediaWiki automated testing)",
+ "passwordpolicies-policy-maximalpasswordlength": "Password policy that enforces a maximum number of characters a password must be. $1 - maximum number of characters that a password can be",
+ "passwordpolicies-policy-passwordcannotbepopular": "Password policy that enforces that a password is not in a list of $1 number of \"popular\" passwords. $1 - number of popular passwords the password will be checked against"
+
}
'PagesWithProp' => [ 'PagesWithProp', 'Pageswithprop', 'PagesByProp', 'Pagesbyprop' ],
'PageData' => [ 'PageData' ],
'PageLanguage' => [ 'PageLanguage' ],
+ 'PasswordPolicies' => [ 'PasswordPolicies' ],
'PasswordReset' => [ 'PasswordReset' ],
'PermanentLink' => [ 'PermanentLink', 'PermaLink' ],
'Preferences' => [ 'Preferences' ],
color: #72777d;
font-size: 90%;
}
+
+/* Special:PasswordPolicies */
+.mw-passwordpolicies-table tr {
+ vertical-align: top;
+}
$status = PasswordPolicyChecks::checkPopularPasswordBlacklist( PHP_INT_MAX, $user, $password );
$this->assertSame( $expected, $status->isGood() );
}
+
+ /**
+ * Verify that all password policy description messages actually exist.
+ * Messages used on Special:PasswordPolicies
+ */
+ public function testPasswordPolicyDescriptionsExist() {
+ global $wgPasswordPolicy;
+ $lang = Language::factory( 'en' );
+
+ foreach ( array_keys( $wgPasswordPolicy['checks'] ) as $check ) {
+ $msgKey = 'passwordpolicies-policy-' . strtolower( $check );
+ $this->assertTrue(
+ wfMessage( $msgKey )->useDatabase( false )->inLanguage( $lang )->exists(),
+ "Message '$msgKey' required by '$check' must exist"
+ );
+ }
+ }
}