r110825 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r110824‎ \| r110825 \| r110826 >
Date:	08:07, 7 February 2012
Author:	dantman
Status:	ok (Comments)
Tags:
Comment:	(bug 34237) Regenerate an empty user_token and save to the database when we try to set the user's cookies for login. This allows the entire user_token column to be regenerated after a leak by running `UPDATE user SET user_token = NULL;` and letting the user_tokens be regenerated as users try to log back in.
Modified paths:	/trunk/phase3/includes/User.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
—	—	@@ -2753,6 +2753,14 @@
2754	2754
2755	2755	$this->load();
2756	2756	if ( 0 == $this->mId ) return;
	2757	+ if ( !$this->mToken ) {
	2758	+ // When token is empty or NULL generate a new one and then save it to the database
	2759	+ // This allows a wiki to re-secure itself after a leak of it's user table or $wgSecretKey
	2760	+ // Simply by setting every cell in the user_token column to NULL and letting them be
	2761	+ // regenerated as users log back into the wiki.
	2762	+ $this->setToken();
	2763	+ $this->saveSettings();
	2764	+ }
2757	2765	$session = array(
2758	2766	'wsUserID' => $this->mId,
2759	2767	'wsToken' => $this->mToken,

Follow-up revisions

Revision	Commit summary	Author	Date
r111006	Revert r88270, r97711 and r110825 out of 1.19	reedy	01:16, 9 February 2012
r114241	Backport CryptRand from r110825 and r114233 to REL1_17, REL1_18, and REL1_19 ...	dantman	09:39, 20 March 2012

Comments

#Comment by Dantman (talk | contribs) 08:12, 7 February 2012

Btw, anyone who wants to should feel free to update the user_token schema to remove the `NOT NULL`. This code still works when you use instead of NULL so I didn't bother writing a schema update. Especially considering you can't remove a `NOT NULL` without also specifying the column type.

Tagged for a 1.19 revert since it's new code and we can just defer it to 1.20.

#Comment by Reedy (talk | contribs) 15:13, 7 February 2012

I thought we were not adding new stuff to be backed out of 1.19 when branched? Except for older commits....

Status & tagging log

01:21, 9 February 2012 Reedy (talk | contribs) changed the tags for r110825 [removed: revert1.19]
01:21, 9 February 2012 Reedy (talk | contribs) changed the tags for r110825 []
21:39, 7 February 2012 Aaron Schulz (talk | contribs) changed the status of r110825 [removed: new added: ok]
08:12, 7 February 2012 Dantman (talk | contribs) changed the tags for r110825 [added: revert1.19]