r110797 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r110796‎ \| r110797 \| r110798 >
Date:	22:44, 6 February 2012
Author:	demon
Status:	ok
Tags:
Comment:	Revert r103467, r106446 (bug 24464: calling LoginAuthenticateAudit hook more often) Pretty narrow use case isn't very well defined, and this has felt wrong to me since it was committed in November. Easier to pull for now rather than blocking release.
Modified paths:	/trunk/phase3/RELEASE-NOTES-1.19 (modified) (history) /trunk/phase3/docs/hooks.txt (modified) (history) /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/docs/hooks.txt
—	—	@@ -1238,10 +1238,8 @@
1239	1239	- 'comment' Wikitext string in the same format as an edit summary
1240	1240	- 'timestamp' Timestamp when the action occured
1241	1241
1242		~~-'LoginAuthenticateAudit': a login attempt either succeeded or~~
1243		~~-failed. This may be called before the User object is populated, so a~~
1244		~~-user object equivalent to an anonymous user. No return data is~~
1245		~~-accepted; this hook is for auditing only.~~
	1242	+LoginAuthenticateAudit': a login attempt for a valid user account either
	1243	+succeeded or failed. No return data is accepted; this hook is for auditing only.
1246	1244	$user: the User object being authenticated against
1247	1245	$password: the password being submitted and found wanting
1248	1246	$retval: a LoginForm class constant with authenticateUserData() return
Index: trunk/phase3/RELEASE-NOTES-1.19
—	—	@@ -11,9 +11,6 @@
12	12	production.
13	13
14	14	=== Configuration changes in 1.19 ===
15		~~-* Changed LoginAuthenticateAudit hook so that it may be called before a~~
16		~~- valid user is available. In those cases, an anonymouse user object~~
17		~~- will be supplied.~~
18	15	* Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
19	16	* (bug 27132) movefile right granted by default to registered users.
20	17	* Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
—	—	@@ -477,7 +477,6 @@
478	478	$this->load();
479	479
480	480	if ( $this->mUsername == '' ) {
481		~~- wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NO_NAME ) );~~
482	481	return self::NO_NAME;
483	482	}
484	483
—	—	@@ -489,24 +488,20 @@
490	489	// If the user doesn't have a login token yet, set one.
491	490	if ( !self::getLoginToken() ) {
492	491	self::setLoginToken();
493		~~- wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NEED_TOKEN ) );~~
494	492	return self::NEED_TOKEN;
495	493	}
496	494	// If the user didn't pass a login token, tell them we need one
497	495	if ( !$this->mToken ) {
498		~~- wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NEED_TOKEN ) );~~
499	496	return self::NEED_TOKEN;
500	497	}
501	498
502	499	$throttleCount = self::incLoginThrottle( $this->mUsername );
503	500	if ( $throttleCount === true ) {
504		~~- wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::THROTTLED ) );~~
505	501	return self::THROTTLED;
506	502	}
507	503
508	504	// Validate the login token
509	505	if ( $this->mToken !== self::getLoginToken() ) {
510		~~- wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::WRONG_TOKEN ) );~~
511	506	return self::WRONG_TOKEN;
512	507	}
513	508
—	—	@@ -526,20 +521,14 @@
527	522	# TODO: Allow some magic here for invalid external names, e.g., let the
528	523	# user choose a different wiki name.
529	524	$u = User::newFromName( $this->mUsername );
530		~~- if( !( $u instanceof User ) ) {~~
531		~~- wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::ILLEGAL ) );~~
	525	+ if( !( $u instanceof User ) \|\| !User::isUsableName( $u->getName() ) ) {
532	526	return self::ILLEGAL;
533	527	}
534		~~- if( !User::isUsableName( $u->getName() ) ) {~~
535		~~- wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, self::ILLEGAL ) );~~
536		~~- return self::ILLEGAL;~~
537		~~- }~~
538	528
539	529	$isAutoCreated = false;
540	530	if ( 0 == $u->getID() ) {
541	531	$status = $this->attemptAutoCreate( $u );
542	532	if ( $status !== self::SUCCESS ) {
543		~~- wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, $status ) );~~
544	533	return $status;
545	534	} else {
546	535	$isAutoCreated = true;
—	—	@@ -560,7 +549,6 @@
561	550	// Give general extensions, such as a captcha, a chance to abort logins
562	551	$abort = self::ABORTED;
563	552	if( !wfRunHooks( 'AbortLogin', array( $u, $this->mPassword, &$abort, &$this->mAbortLoginErrorMsg ) ) ) {
564		~~- wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, $abort ) );~~
565	553	return $abort;
566	554	}
567	555

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r103396	Applying Michael Newton's patch from Bug 24464 - Execute...	mah	22:24, 16 November 2011
r103467	Adapt and re-apply Michael Newton's patch from Bug 24464 - Execute...	mah	15:16, 17 November 2011
r106446	followup r103467 - Make sure we pass a user object when we call LoginAuthenti...	mah	17:19, 16 December 2011

Status & tagging log

23:05, 6 February 2012 Aaron Schulz (talk | contribs) changed the status of r110797 [removed: new added: ok]