r75585 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r75584‎ | r75585 | r75586 >
Date:21:17, 27 October 2010
Author:hashar
Status:ok (Comments)
Tags:
Comment:
Optional feature to login through HTTPS and come back to HTTP.

Based on an idea by George Herbert <george dot herbert at gmail dot com>
http://lists.wikimedia.org/pipermail/wikitech-l/2010-October/050065.html
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/DefaultSettings.php (modified) (history)
  • /trunk/phase3/includes/SkinTemplate.php (modified) (history)
  • /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)
  • /trunk/phase3/includes/templates/Userlogin.php (modified) (history)
  • /trunk/phase3/languages/messages/MessagesEn.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SkinTemplate.php
@@ -586,6 +586,21 @@
587587 $loginlink = $wgUser->isAllowed( 'createaccount' )
588588 ? 'nav-login-createaccount'
589589 : 'login';
 590+
 591+ # anonlogin & login are the same
 592+ $login_url = array(
 593+ 'text' => wfMsg( $loginlink ),
 594+ 'href' => self::makeSpecialUrl( 'Userlogin', $returnto ),
 595+ 'active' => $title->isSpecial( 'Userlogin' )
 596+ );
 597+ global $wgProto, $wgSecureLogin;
 598+ if( $wgProto === 'http' && $wgSecureLogin ) {
 599+ $title = SpecialPage::getTitleFor( 'Userlogin' );
 600+ $https_url = preg_replace( '/^http:/', 'https:', $title->getFullURL() );
 601+ $login_url['href'] = $https_url;
 602+ $login_url['class'] = 'link-https'; # FIXME class depends on skin
 603+ }
 604+
590605 if( $this->showIPinHeader() ) {
591606 $href = &$this->userpageUrlDetails['href'];
592607 $personal_urls['anonuserpage'] = array(
@@ -602,17 +617,9 @@
603618 'class' => $usertalkUrlDetails['exists'] ? false : 'new',
604619 'active' => ( $pageurl == $href )
605620 );
606 - $personal_urls['anonlogin'] = array(
607 - 'text' => wfMsg( $loginlink ),
608 - 'href' => self::makeSpecialUrl( 'Userlogin', $returnto ),
609 - 'active' => $title->isSpecial( 'Userlogin' )
610 - );
 621+ $personal_urls['anonlogin'] = $login_url;
611622 } else {
612 - $personal_urls['login'] = array(
613 - 'text' => wfMsg( $loginlink ),
614 - 'href' => self::makeSpecialUrl( 'Userlogin', $returnto ),
615 - 'active' => $title->isSpecial( 'Userlogin' )
616 - );
 623+ $personal_urls['login'] = $login_url;
617624 }
618625 }
619626
Index: trunk/phase3/includes/DefaultSettings.php
@@ -2954,6 +2954,19 @@
29552955 */
29562956 $wgAllowPrefChange = array();
29572957
 2958+/**
 2959+ * This is to let user authenticate using https when they come from http.
 2960+ * Based on an idea by George Herbert on wikitech-l:
 2961+ * http://lists.wikimedia.org/pipermail/wikitech-l/2010-October/050065.html
 2962+ * @since 1.17
 2963+ */
 2964+$wgSecureLogin = false;
 2965+/**
 2966+ * Default for 'use secure login' checkbox
 2967+ * @since 1.17
 2968+ */
 2969+$wgSecureLoginStickHTTPS = false;
 2970+
29582971 /** @} */ # end user accounts }
29592972
29602973 /************************************************************************//**
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
@@ -59,7 +59,7 @@
6060 var $mName, $mPassword, $mRetype, $mReturnTo, $mCookieCheck, $mPosted;
6161 var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword;
6262 var $mLoginattempt, $mRemember, $mEmail, $mDomain, $mLanguage;
63 - var $mSkipCookieCheck, $mReturnToQuery, $mToken;
 63+ var $mSkipCookieCheck, $mReturnToQuery, $mToken, $mStickHTTPS;
6464
6565 private $mExtUser = null;
6666
@@ -89,6 +89,7 @@
9090 $this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
9191 $this->mAction = $request->getVal( 'action' );
9292 $this->mRemember = $request->getCheck( 'wpRemember' );
 93+ $this->mStickHTTPS = $request->getCheck( 'wpStickHTTPS' );
9394 $this->mLanguage = $request->getText( 'uselang' );
9495 $this->mSkipCookieCheck = $request->getCheck( 'wpSkipCookieCheck' );
9596 $this->mToken = ( $this->mType == 'signup' ) ? $request->getVal( 'wpCreateaccountToken' ) : $request->getVal( 'wpLoginToken' );
@@ -853,7 +854,12 @@
854855 if ( !$titleObj instanceof Title ) {
855856 $titleObj = Title::newMainPage();
856857 }
857 - $wgOut->redirect( $titleObj->getFullURL( $this->mReturnToQuery ) );
 858+ $redirectUrl = $titleObj->getFullURL( $this->mReturnToQuery );
 859+ global $wgSecureLogin;
 860+ if( $wgSecureLogin && !$this->mStickHTTPS ) {
 861+ $redirectUrl = preg_replace( '/^https:/', 'http:', $redirectUrl );
 862+ }
 863+ $wgOut->redirect( $redirectUrl );
858864 }
859865 }
860866
@@ -941,6 +947,7 @@
942948 global $wgUser, $wgOut, $wgHiddenPrefs, $wgEnableEmail;
943949 global $wgRequest, $wgLoginLanguageSelector;
944950 global $wgAuth, $wgEmailConfirmToEdit, $wgCookieExpiration;
 951+ global $wgSecureLogin, $wgSecureLoginStickHTTPS;
945952
946953 $titleObj = SpecialPage::getTitleFor( 'Userlogin' );
947954
@@ -1030,6 +1037,8 @@
10311038 $template->set( 'canremember', ( $wgCookieExpiration > 0 ) );
10321039 $template->set( 'usereason', $wgUser->isLoggedIn() );
10331040 $template->set( 'remember', $wgUser->getOption( 'rememberpassword' ) || $this->mRemember );
 1041+ $template->set( 'cansecurelogin', ( $wgSecureLogin === true ) );
 1042+ $template->set( 'stickHTTPS', $this->mStickHTTPS );
10341043
10351044 if ( $this->mType == 'signup' ) {
10361045 if ( !self::getCreateaccountToken() ) {
Index: trunk/phase3/includes/templates/Userlogin.php
@@ -105,8 +105,24 @@
106106 </td>
107107 </tr>
108108 <?php } ?>
 109+<?php if( $this->data['cansecurelogin'] ) { ?>
109110 <tr>
110111 <td></td>
 112+ <td class="mw-input">
 113+ <?php
 114+ echo Xml::checkLabel(
 115+ wfMsg( 'securelogin-stick-https' ),
 116+ 'wpStickHTTPS',
 117+ 'wpStickHTTPS',
 118+ $this->data['stickHTTPS'],
 119+ array( 'tabindex' => '9' )
 120+ );
 121+ ?>
 122+ </td>
 123+ </tr>
 124+<?php } ?>
 125+ <tr>
 126+ <td></td>
111127 <td class="mw-submit">
112128 <?php
113129 echo Html::input( 'wpLoginAttempt', wfMsg( 'login' ), 'submit', array(
Index: trunk/phase3/languages/messages/MessagesEn.php
@@ -1039,6 +1039,7 @@
10401040 'yourpassword' => 'Password:',
10411041 'yourpasswordagain' => 'Retype password:',
10421042 'remembermypassword' => 'Remember my login on this browser (for a maximum of $1 {{PLURAL:$1|day|days}})',
 1043+'securelogin-stick-https' => 'Stay connected to HTTPS after login',
10431044 'yourdomainname' => 'Your domain:',
10441045 'externaldberror' => 'There was either an authentication database error or you are not allowed to update your external account.',
10451046 'login' => 'Log in',
Index: trunk/phase3/RELEASE-NOTES
@@ -79,6 +79,7 @@
8080 to move LocalSettings.php
8181 * The FailFunction "error handling" method has now been removed
8282 * $wgAdditionalMailParams added to allow setting extra options to mail() calls.
 83+* $wgSecureLogin & $wgSecureLoginStickHTTPS to optionaly login using HTTPS
8384
8485 === New features in 1.17 ===
8586 * (bug 10183) Users can now add personal styles and scripts to all skins via

Follow-up revisions

RevisionCommit summaryAuthorDate
r75607Follow up r75585 : messages.inc entry missinghashar06:35, 28 October 2010
r79860Removes $wgSecureLoginStickHTTPS which was never really used...hashar13:06, 8 January 2011

Comments

#Comment by Siebrand (talk | contribs)   21:29, 27 October 2010

phase3/maintenance/language/messages.inc entry missing.

#Comment by Hashar (talk | contribs)   06:36, 28 October 2010

Entry added in r75607 Marking 'new'

#Comment by Raymond (talk | contribs)   06:50, 28 October 2010

If I see right this functionality cannot work for WMF sites because https://en.wikipedia.org is not defined (this is bug 20643).

Would it be an idea to add $wgHTTPSUrl or similar?

#Comment by Hashar (talk | contribs)   07:12, 28 October 2010

Using https://secure.wikimedia.org/ means having to convert the project from being host based to path based : 

 fr.wikipedia.org => wikipedia/fr

In my mind, most admin use the same host, path for both protocols.

#Comment by Ilmari Karonen (talk | contribs)   12:38, 28 October 2010

The current secure server config uses hooks to do URL mangling. If we added a couple here, server admins could use them to implement any URL scheme they wanted. I think at least a "GetLoginURL" hook could be useful.

#Comment by Nikerabbit (talk | contribs)   12:47, 28 October 2010

That sounds overtly specific for a hook. We can have a more general hook and pass the title object to it. Actually we already have one: GetLocalUrl – and it works.

#Comment by Hashar (talk | contribs)   06:28, 29 October 2010

This patch was not meant to install "as is" for WikiMedia special case which is a different issue nor it was intended to support any exotic setup. The secret plan is to make WikiMedia use HTTPS with the same host.

#Comment by 😂 (talk | contribs)   16:15, 29 October 2010

I don't think having two different hostnames for HTTP/HTTPS is that unusual.

#Comment by Hashar (talk | contribs)   16:10, 29 October 2010

see also bug 225

#Comment by Happy-melon (talk | contribs)   23:04, 14 December 2010

$wgSecureLoginStickHTTPS is a horrible name; $wgSecureLoginPerpetuateHttps or something would be better.

#Comment by Hashar (talk | contribs)   10:54, 7 February 2011

wgSecureLoginStickHTTPS is removed by r79860

#Comment by Hashar (talk | contribs)   13:08, 8 January 2011

Marking this rev new since it does implement the http / https functionalities when using the same host + path.

#Comment by Firefishy (talk | contribs)   16:32, 20 September 2011

Does not set returnto on secure Userlogin link.

#Comment by Hashar (talk | contribs)   06:21, 21 September 2011

> Does not set returnto on secure Userlogin link.

Firefishy, can you please report it as a bug at https://bugzilla.wikimedia.org/ ?

#Comment by Firefishy (talk | contribs)   08:58, 21 September 2011

Created: https://bugzilla.wikimedia.org/show_bug.cgi?id=31040

Status & tagging log