r57877 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r57876‎ | r57877 | r57878 >
Date:03:01, 19 October 2009
Author:fenzik
Status:resolved (Comments)
Tags:
Comment:
* function isValidPassword modified to return boolean(true/false)
* Added function getPasswordValidity return error message on failure for the given unvalidated password input.
* Replaced isValidPassword() fn call to getPasswordValidity() in SpecialUserlogin.php
Modified paths:
  • /trunk/phase3/config/Installer.php (modified) (history)
  • /trunk/phase3/docs/hooks.txt (modified) (history)
  • /trunk/phase3/includes/User.php (modified) (history)
  • /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/docs/hooks.txt
@@ -864,7 +864,7 @@
865865
866866 'isValidPassword': Override the result of User::isValidPassword()
867867 $password: The password entered by the user
868 -&$result: Set this to either true (passes) or the key for a message error
 868+&$result: Set this and return false to override the internal checks
869869 $user: User the password is being validated for
870870
871871 'LanguageGetMagic': DEPRECATED, use $magicWords in a file listed in
Index: trunk/phase3/includes/User.php
@@ -619,20 +619,38 @@
620620 * Is the input a valid password for this user?
621621 *
622622 * @param $password String Desired password
623 - * @return mixed: true on success, string of error message on failure
 623+ * @return bool True or false
624624 */
625625 function isValidPassword( $password ) {
626626 global $wgMinimalPasswordLength, $wgContLang;
627627
628628 if( !wfRunHooks( 'isValidPassword', array( $password, &$result, $this ) ) )
629629 return $result;
 630+ if( $result === false )
 631+ return false;
 632+
 633+ // Password needs to be long enough, and can't be the same as the username
 634+ return strlen( $password ) >= $wgMinimalPasswordLength
 635+ && $wgContLang->lc( $password ) !== $wgContLang->lc( $this->mName );
 636+ }
630637
631 - // Password needs to be long enough
632 - if( strlen( $password ) < $wgMinimalPasswordLength ) {
633 - return 'passwordtooshort';
634 - } elseif( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
635 - return 'password-name-match';
636 - } else {
 638+ /**
 639+ * Given unvalidated password input, return error message on failure.
 640+ *
 641+ * @param $password String Desired password
 642+ * @return mixed: true on success, string of error message on failure
 643+ */
 644+ static function getPasswordValidity( $password ) {
 645+ global $wgMinimalPasswordLength, $wgContLang;
 646+
 647+ if(!$this->isValidPassword( $password )) {
 648+ if( strlen( $password ) < $wgMinimalPasswordLength ) {
 649+ return 'passwordtooshort';
 650+ } elseif( $wgContLang->lc( $password ) == $wgContLang->lc( $this->mName ) ) {
 651+ return 'password-name-match';
 652+ }
 653+ }
 654+ else {
637655 return true;
638656 }
639657 }
@@ -1735,13 +1753,13 @@
17361754 if( !$wgAuth->allowPasswordChange() ) {
17371755 throw new PasswordError( wfMsg( 'password-change-forbidden' ) );
17381756 }
1739 -
1740 - $valid = $this->isValidPassword( $str );
1741 - if( $valid !== true ) {
1742 - global $wgMinimalPasswordLength;
 1757+
 1758+ if( !$this->isValidPassword( $str ) ) {
 1759+ global $wgMinimalPasswordLength;
 1760+ $valid = $this->getPasswordValidity( $str );
17431761 throw new PasswordError( wfMsgExt( $valid, array( 'parsemag' ),
17441762 $wgMinimalPasswordLength ) );
1745 - }
 1763+ }
17461764 }
17471765
17481766 if( !$wgAuth->setPassword( $this, $str ) ) {
@@ -2720,7 +2738,7 @@
27212739 // to. Certain authentication plugins do NOT want to save
27222740 // domain passwords in a mysql database, so we should
27232741 // check this (incase $wgAuth->strict() is false).
2724 - if( $this->isValidPassword( $password ) !== true ) {
 2742+ if( !$this->isValidPassword( $password ) ) {
27252743 return false;
27262744 }
27272745
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
@@ -283,7 +283,7 @@
284284 }
285285
286286 # check for minimal password length
287 - $valid = $u->isValidPassword( $this->mPassword );
 287+ $valid = $u->getPasswordValidity( $this->mPassword );
288288 if ( $valid !== true ) {
289289 if ( !$this->mCreateaccountMail ) {
290290 $this->mainLoginForm( wfMsgExt( $valid, array( 'parsemag' ), $wgMinimalPasswordLength ) );
Index: trunk/phase3/config/Installer.php
@@ -713,7 +713,7 @@
714714 # Various password checks
715715 if( $conf->SysopPass != '' ) {
716716 if( $conf->SysopPass == $conf->SysopPass2 ) {
717 - if( $u->isValidPassword( $conf->SysopPass ) !== true ) {
 717+ if( !$u->isValidPassword( $conf->SysopPass ) ) {
718718 $errs['SysopPass'] = "Bad password";
719719 }
720720 } else {

Follow-up revisions

RevisionCommit summaryAuthorDate
r57954Fix fatal in r57877: can't use $this in a static functioncatrope19:47, 20 October 2009
r57955Whitespace cleanup for r57877catrope19:48, 20 October 2009

Comments

#Comment by 😂 (talk | contribs)   10:06, 19 October 2009
  • SpecialUserLogin.php isn't fixed, it's still checking for $valid !== true
  • You're duplicating a lot of logic in isValidPassword/checkPasswordValidity. It was suggested to make isValidPassword a wrapper around the latter, not to implement the methods twice. Suggest refactoring isValidPassword
#Comment by Raymond (talk | contribs)   18:07, 20 October 2009

Seen at Translatewiki:

[20-Oct-2009 17:54:47] PHP Fatal error: Using $this when not in object context in /var/www/w/includes/User.php on line 646

#Comment by Catrope (talk | contribs)   19:49, 20 October 2009

This was fixed in r57954

#Comment by 😂 (talk | contribs)   23:26, 26 October 2009

As of r58171/58172 this should be better. Tagging resolved.

#Comment by 😂 (talk | contribs)   16:13, 27 October 2009

Those got reverted. Changing back to fixme.

#Comment by 😂 (talk | contribs)   07:31, 28 November 2009

This all got cleaned up (finally) in r58266. Marking this resolved.

Status & tagging log