r103467 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r103466‎ \| r103467 \| r103468 >
Date:	15:16, 17 November 2011
Author:	mah
Status:	reverted (Comments)
Tags:	core
Comment:	Adapt and re-apply Michael Newton's patch from Bug 24464 - Execute LoginAuthenticateAudit hook more often. Also updated release notes.
Modified paths:	/trunk/phase3/RELEASE-NOTES-1.19 (modified) (history) /trunk/phase3/docs/hooks.txt (modified) (history) /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/docs/hooks.txt
—	—	@@ -1212,8 +1212,10 @@
1213	1213	- wrap String Wrap the message in html (usually something like "<div ...>$1</div>").
1214	1214	- flags Integer display flags (NO_ACTION_LINK,NO_EXTRA_USER_LINKS)
1215	1215
1216		~~-'LoginAuthenticateAudit': a login attempt for a valid user account either~~
1217		~~-succeeded or failed. No return data is accepted; this hook is for auditing only.~~
	1216	+'LoginAuthenticateAudit': a login attempt either succeeded or
	1217	+failed. This may be called before the User object is populated, so a
	1218	+user object equivalent to an anonymous user. No return data is
	1219	+accepted; this hook is for auditing only.
1218	1220	$user: the User object being authenticated against
1219	1221	$password: the password being submitted and found wanting
1220	1222	$retval: a LoginForm class constant with authenticateUserData() return
Index: trunk/phase3/RELEASE-NOTES-1.19
—	—	@@ -11,6 +11,9 @@
12	12	production.
13	13
14	14	=== Configuration changes in 1.19 ===
	15	+* Changed LoginAuthenticateAudit hook so that it may be called before a
	16	+ valid user is available. In those cases, an anonymouse user object
	17	+ will be supplied
15	18	* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
16	19	* (bug 27132) movefile right granted by default to registered users.
17	20	* Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
—	—	@@ -475,6 +475,7 @@
476	476	$this->load();
477	477
478	478	if ( $this->mUsername == '' ) {
	479	+ wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NO_NAME ) );
479	480	return self::NO_NAME;
480	481	}
481	482
—	—	@@ -486,20 +487,24 @@
487	488	// If the user doesn't have a login token yet, set one.
488	489	if ( !self::getLoginToken() ) {
489	490	self::setLoginToken();
	491	+ wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NEED_TOKEN ) );
490	492	return self::NEED_TOKEN;
491	493	}
492	494	// If the user didn't pass a login token, tell them we need one
493	495	if ( !$this->mToken ) {
	496	+ wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NEED_TOKEN ) );
494	497	return self::NEED_TOKEN;
495	498	}
496	499
497	500	$throttleCount = self::incLoginThrottle( $this->mUsername );
498	501	if ( $throttleCount === true ) {
	502	+ wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::THROTTLED ) );
499	503	return self::THROTTLED;
500	504	}
501	505
502	506	// Validate the login token
503	507	if ( $this->mToken !== self::getLoginToken() ) {
	508	+ wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::WRONG_TOKEN ) );
504	509	return self::WRONG_TOKEN;
505	510	}
506	511
—	—	@@ -520,6 +525,7 @@
521	526	# user choose a different wiki name.
522	527	$u = User::newFromName( $this->mUsername );
523	528	if( !( $u instanceof User ) \|\| !User::isUsableName( $u->getName() ) ) {
	529	+ wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, self::ILLEGAL ) );
524	530	return self::ILLEGAL;
525	531	}
526	532
—	—	@@ -527,6 +533,7 @@
528	534	if ( 0 == $u->getID() ) {
529	535	$status = $this->attemptAutoCreate( $u );
530	536	if ( $status !== self::SUCCESS ) {
	537	+ wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, $status ) );
531	538	return $status;
532	539	} else {
533	540	$isAutoCreated = true;
—	—	@@ -547,6 +554,7 @@
548	555	// Give general extensions, such as a captcha, a chance to abort logins
549	556	$abort = self::ABORTED;
550	557	if( !wfRunHooks( 'AbortLogin', array( $u, $this->mPassword, &$abort, &$this->mAbortLoginErrorMsg ) ) ) {
	558	+ wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, $abort ) );
551	559	return $abort;
552	560	}
553	561

Follow-up revisions

Revision	Commit summary	Author	Date
r106446	followup r103467 - Make sure we pass a user object when we call LoginAuthenti...	mah	17:19, 16 December 2011
r110797	Revert r103467, r106446 (bug 24464: calling LoginAuthenticateAudit hook more ...	demon	22:44, 6 February 2012

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r103396	Applying Michael Newton's patch from Bug 24464 - Execute...	mah	22:24, 16 November 2011

Comments

#Comment by Reach Out to the Truth (talk | contribs) 19:49, 17 November 2011

"anonymouse"?

#Comment by Krinkle (talk | contribs) 22:53, 18 November 2011

*peep* :P

#Comment by 😂 (talk | contribs) 20:22, 18 November 2011

Rather than passing a useless anonymous object, how about just passing null?

#Comment by Platonides (talk | contribs) 21:00, 18 November 2011

That new user seems a bug source. If you have to provide a user, why not the context, unauthenticated, one?

#Comment by 😂 (talk | contribs) 22:51, 18 November 2011

That makes sense too.

#Comment by MarkAHershberger (talk | contribs) 21:39, 18 November 2011

My thinking was that passing a null would cause bugs with hook users that were depending on an object being passed in. By passing an anonymous user, they get an object that they expect and can treat like a user.

#Comment by Nikerabbit (talk | contribs) 09:52, 15 December 2011

+wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, self::ILLEGAL ) );

$u is not necessarily an user object here.

#Comment by MarkAHershberger (talk | contribs) 17:13, 16 December 2011

good catch. Thanks!

#Comment by Aaron Schulz (talk | contribs) 00:54, 21 January 2012

FIXME'd per chad.

#Comment by MarkAHershberger (talk | contribs) 18:45, 24 January 2012

If I'm not mistaken, I already fixed that issue in r103467

#Comment by Aaron Schulz (talk | contribs) 00:33, 2 February 2012

No, it is still passing "new User".

Status & tagging log

22:44, 6 February 2012 😂 (talk | contribs) changed the status of r103467 [removed: fixme added: reverted]
00:33, 2 February 2012 Aaron Schulz (talk | contribs) changed the status of r103467 [removed: new added: fixme]
18:45, 24 January 2012 MarkAHershberger (talk | contribs) changed the status of r103467 [removed: fixme added: new]
00:54, 21 January 2012 Aaron Schulz (talk | contribs) changed the status of r103467 [removed: new added: fixme]
05:47, 5 January 2012 RobLa-WMF (talk | contribs) changed the tags for r103467 [added: core]
17:19, 16 December 2011 MarkAHershberger (talk | contribs) changed the status of r103467 [removed: fixme added: new]
09:47, 16 December 2011 Nikerabbit (talk | contribs) changed the status of r103467 [removed: new added: fixme]