r52494 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r52493‎ | r52494 | r52495 >
Date:16:53, 27 June 2009
Author:demon
Status:resolved (Comments)
Tags:
Comment:
(bug 19157) createAndPromote error on bad password
* Tweak User::isValidPassword() and hook. Return a STRING msg key on failure, not false. Updated all callers to handle this
* Split too-short/match username errors for clarity
* Update docs, messages.
* Merge fix for bug from maintenance-work branch
Modified paths:
  • /trunk/phase3/config/index.php (modified) (history)
  • /trunk/phase3/docs/hooks.txt (modified) (history)
  • /trunk/phase3/includes/User.php (modified) (history)
  • /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)
  • /trunk/phase3/languages/messages/MessagesEn.php (modified) (history)
  • /trunk/phase3/maintenance/createAndPromote.php (modified) (history)
  • /trunk/phase3/maintenance/language/messages.inc (modified) (history)

Diff [purge]

Index: trunk/phase3/maintenance/createAndPromote.php
@@ -36,9 +36,14 @@
3737 die( 1 );
3838 }
3939
 40+try {
 41+ $user->setPassword( $password );
 42+} catch( PasswordError $pwe ) {
 43+ $this->error( $pwe->getText(), true );
 44+}
 45+
4046 # Insert the account into the database
4147 $user->addToDatabase();
42 -$user->setPassword( $password );
4348 $user->saveSettings();
4449
4550 # Promote user
Index: trunk/phase3/maintenance/language/messages.inc
@@ -422,6 +422,7 @@
423423 'wrongpassword',
424424 'wrongpasswordempty',
425425 'passwordtooshort',
 426+ 'password-name-match',
426427 'mailmypassword',
427428 'passwordremindertitle',
428429 'passwordremindertext',
Index: trunk/phase3/docs/hooks.txt
@@ -830,7 +830,7 @@
831831
832832 'isValidPassword': Override the result of User::isValidPassword()
833833 $password: The password entered by the user
834 -&$result: Set this and return false to override the internal checks
 834+&$result: Set this to either true (passes) or the key for a message error
835835 $user: User the password is being validated for
836836
837837 'LanguageGetMagic': Use this to define synonyms of magic words depending
Index: trunk/phase3/includes/User.php
@@ -616,21 +616,23 @@
617617 /**
618618 * Is the input a valid password for this user?
619619 *
620 - * @param $password \string Desired password
621 - * @return \bool True or false
 620+ * @param $password String Desired password
 621+ * @return mixed: true on success, string of error message on failure
622622 */
623623 function isValidPassword( $password ) {
624624 global $wgMinimalPasswordLength, $wgContLang;
625625
626 - $result = null;
627626 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
628627 return $result;
629 - if( $result === false )
630 - return false;
631628
632 - // Password needs to be long enough, and can't be the same as the username
633 - return strlen( $password ) >= $wgMinimalPasswordLength
634 - && $wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName );
 629+ // Password needs to be long enough
 630+ if( strlen( $password ) < $wgMinimalPasswordLength ) {
 631+ return 'passwordtooshort';
 632+ } elseif( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
 633+ return 'password-name-match';
 634+ } else {
 635+ return true;
 636+ }
635637 }
636638
637639 /**
@@ -1714,9 +1716,10 @@
17151717 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
17161718 }
17171719
1718 - if( !$this->isValidPassword( $str ) ) {
 1720+ $valid = $this->isValidPassword( $str );
 1721+ if( $valid !== true ) {
17191722 global $wgMinimalPasswordLength;
1720 - throw new PasswordError( wfMsgExt( 'passwordtooshort', array( 'parsemag' ),
 1723+ throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
17211724 $wgMinimalPasswordLength ) );
17221725 }
17231726 }
@@ -2725,7 +2728,7 @@
27262729 // to. Certain authentication plugins do NOT want to save
27272730 // domain passwords in a mysql database, so we should
27282731 // check this (incase $wgAuth->strict() is false).
2729 - if( !$this->isValidPassword( $password ) ) {
 2732+ if( $this->isValidPassword( $password ) !== true ) {
27302733 return false;
27312734 }
27322735
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
@@ -277,9 +277,10 @@
278278 }
279279
280280 # check for minimal password length
281 - if ( !$u->isValidPassword( $this->mPassword ) ) {
 281+ $valid = $u->isValidPassword( $this->mPassword );
 282+ if ( $valid !== true ) {
282283 if ( !$this->mCreateaccountMail ) {
283 - $this->mainLoginForm( wfMsgExt( 'passwordtooshort', array( 'parsemag' ), $wgMinimalPasswordLength ) );
 284+ $this->mainLoginForm( wfMsgExt( $valid, array( 'parsemag' ), $wgMinimalPasswordLength ) );
284285 return false;
285286 } else {
286287 # do not force a password for account creation by email
Index: trunk/phase3/config/index.php
@@ -702,7 +702,7 @@
703703 # Various password checks
704704 if( $conf->SysopPass != '' ) {
705705 if( $conf->SysopPass == $conf->SysopPass2 ) {
706 - if( !$u->isValidPassword( $conf->SysopPass ) ) {
 706+ if( $u->isValidPassword( $conf->SysopPass ) !== true ) {
707707 $errs['SysopPass'] = "Bad password";
708708 }
709709 } else {
Index: trunk/phase3/languages/messages/MessagesEn.php
@@ -956,8 +956,9 @@
957957 Please try again.',
958958 'wrongpasswordempty' => 'Password entered was blank.
959959 Please try again.',
960 -'passwordtooshort' => 'Your password is invalid or too short.
961 -It must have at least {{PLURAL:$1|1 character|$1 characters}} and be different from your username.',
 960+'passwordtooshort' => 'Your password is too short.
 961+It must have at least {{PLURAL:$1|1 character|$1 characters}}.',
 962+'password-name-match' => 'Your password must be different from your username.',
962963 'mailmypassword' => 'E-mail new password',
963964 'passwordremindertitle' => 'New temporary password for {{SITENAME}}',
964965 'passwordremindertext' => 'Someone (probably you, from IP address $1) requested a new

Follow-up revisions

RevisionCommit summaryAuthorDate
r52495Followup to r52494: Update only extension using isValidPassword in SVN or lis...demon16:54, 27 June 2009

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r52336Merge maintenance-work branch:...demon02:02, 24 June 2009

Comments

#Comment by Brion VIBBER (talk | contribs)   00:11, 24 August 2009

Eww... this is a really ugly calling convention.

If the function is named 'isSomething', it needs to return a boolean otherwise you're just asking for trouble. An optional outparam for returning a message key would be much less annoying in this context.

#Comment by Tim Starling (talk | contribs)   07:39, 2 September 2009

I think it would be better to split off say User::getPasswordValidity(), which would return a Status object or some other flexible goodness. Then User::isValidPassword() would be a trivial wrapper around it: return $this->getPasswordValidity($password)->isOK();

#Comment by Fenzik (talk | contribs)   03:06, 19 October 2009

Fixed in r57877, as per Tim Starling's comment.

#Comment by 😂 (talk | contribs)   10:07, 19 October 2009

Re-marking as fixme, want Tim/Brion to review fixes.

#Comment by 😂 (talk | contribs)   23:26, 26 October 2009

As of r58171/58172 this should be better.

#Comment by 😂 (talk | contribs)   07:32, 28 November 2009

All fixed with r58266. Marking this resolved.

Status & tagging log