r86157 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r86156‎ \| r86157 \| r86158 >
Date:	23:38, 15 April 2011
Author:	demon
Status:	ok (Comments)
Tags:
Comment:	Merge r81445 from 1.17: revert r70520 (js password complexity checker)
Modified paths:	/trunk/phase3 (modified) (history) /trunk/phase3/includes/OutputPage.php (modified) (history) /trunk/phase3/includes/specials/SpecialResetpass.php (modified) (history) /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history) /trunk/phase3/includes/templates/Userlogin.php (modified) (history) /trunk/phase3/languages/messages/MessagesEn.php (modified) (history) /trunk/phase3/maintenance/language/messages.inc (modified) (history) /trunk/phase3/resources/Resources.php (modified) (history) /trunk/phase3/skins/common/password.css (deleted) (history) /trunk/phase3/skins/common/password.js (deleted) (history)

Diff [purge]

Index: trunk/phase3/maintenance/language/messages.inc
—	—	@@ -491,15 +491,6 @@
492	492	'php-mail-error',
493	493	'php-mail-error-unknown',
494	494	),
495		~~- 'passwordstrength' => array(~~
496		~~- 'password-strength',~~
497		~~- 'password-strength-bad',~~
498		~~- 'password-strength-mediocre',~~
499		~~- 'password-strength-acceptable',~~
500		~~- 'password-strength-good',~~
501		~~- 'password-retype',~~
502		~~- 'password-retype-mismatch',~~
503		~~- ),~~
504	495	'resetpass' => array(
505	496	'resetpass',
506	497	'resetpass_announce',
Index: trunk/phase3/skins/common/password.css
—	—	@@ -1,17 +0,0 @@
2		~~-span.mw-password-bad {~~
3		~~- background: red;~~
4		~~- color: yellow;~~
5		~~- font-weight: bold;~~
6		-}
7		-
8		~~-.mw-password-mediocre {~~
9		~~- background: yellow;~~
10		-}
11		-
12		~~-.mw-password-acceptable {~~
13		~~- background: silver;~~
14		-}
15		-
16		~~-.mw-password-good {~~
17		~~- background: green;~~
18		-}
\ No newline at end of file
Index: trunk/phase3/skins/common/password.js
—	—	@@ -1,131 +0,0 @@
2		-/**
3		~~- * Password strength checker~~
4		~~- * @license WTFPL 2.0~~
5		~~- * All scores are ranged approximately 0 (total disaster) - 100 (_looks_ great)~~
6		~~- * @todo Check for popular passwords and keyboard sequences (QWERTY, etc)~~
7		~~- */~~
8		-
9		~~-// Estimates how hard it would be to pick the password using brute force~~
10		~~-window.bruteForceComplexity = function( pwd ) {~~
11		~~- var score = pwd.length * 5;~~
12		-
13		~~- var regexes = [~~
14		~~- /[a-z]/,~~
15		~~- /[A-Z]/,~~
16		~~- /[0-9]/,~~
17		~~- /[-_;:\.,'"`~!@#$%\^&\*\[\]\{\} ]/~~
18		~~- ];~~
19		-
20		~~- var charClasses = 0;~~
21		~~- for ( var i=0; i< regexes.length; i++ ) {~~
22		~~- if ( pwd.match( regexes[i] ) ) {~~
23		~~- charClasses++;~~
24		~~- }~~
25		~~- }~~
26		-
27		~~- var matches = pwd.match( /[\x80-\uFFFF]/g );~~
28		~~- if ( matches ) {~~
29		~~- charClasses++;~~
30		-
31		~~- var s = matches.join( '' );~~
32		~~- // poor man's isUpper() and isLower()~~
33		~~- if ( s != s.toLowerCase() && s != s.toUpperCase() ) {~~
34		~~- charClasses++;~~
35		~~- }~~
36		~~- }~~
37		~~- score += ( charClasses - 1 ) * 10;~~
38		-
39		~~- return score;~~
40		~~-};~~
41		-
42		~~-// Calculates a penalty to brute force score due to character repetition~~
43		~~-window.repetitionAdjustment = function( pwd ) {~~
44		~~- var unique = '';~~
45		~~- for ( var i=0; i< pwd.length; i++ ) {~~
46		~~- if ( unique.indexOf( pwd[i] ) < 0 ) {~~
47		~~- unique += pwd[i];~~
48		~~- }~~
49		~~- }~~
50		~~- var ratio = pwd.length / unique.length - 0.4; // allow up to 40% repetition, reward for less, penalize for more~~
51		-
52		~~- return ratio * 10;~~
53		~~-};~~
54		-
55		~~-// Checks how many simple sequences ("abc", "321") are there in the password~~
56		~~-window.sequenceScore = function( pwd ) {~~
57		~~- pwd = pwd.concat( '\0' );~~
58		~~- var score = 100, sequence = 1;~~
59		~~- for ( var i = 1; i < pwd.length; i++ ) {~~
60		~~- if ( pwd.charCodeAt( i ) == pwd.charCodeAt(i - 1) + 1 ) {~~
61		~~- sequence++;~~
62		~~- } else {~~
63		~~- if ( sequence > 2 ) {~~
64		~~- score -= sequence * 7;~~
65		~~- }~~
66		~~- sequence = 1;~~
67		~~- }~~
68		~~- }~~
69		~~- for ( var i = 1; i < pwd.length; i++ ) {~~
70		~~- if ( pwd.charCodeAt( i ) == pwd.charCodeAt(i - 1) - 1 ) {~~
71		~~- sequence++;~~
72		~~- } else {~~
73		~~- if ( sequence > 2 ) {~~
74		~~- score -= Math.sqrt( sequence ) * 15;~~
75		~~- }~~
76		~~- sequence = 1;~~
77		~~- }~~
78		~~- }~~
79		~~- return score;~~
80		~~-};~~
81		-
82		~~-(function( $ ) {~~
83		~~- function passwordChanged() {~~
84		~~- retypeChanged();~~
85		~~- var pwd = $( passwordSecurity.password ).val();~~
86		~~- if ( pwd == '' ) {~~
87		~~- $( '#password-strength' ).html( '' );~~
88		~~- return;~~
89		~~- }~~
90		~~- if ( pwd.length > 100 ) pwd = pwd.slice( 0, 100 );~~
91		~~- var scores = [~~
92		~~- bruteForceComplexity( pwd ),~~
93		~~- repetitionAdjustment( pwd ),~~
94		~~- sequenceScore( pwd )~~
95		~~- ];~~
96		-
97		~~- var score = Math.min( scores[0] - scores[1], scores[2] );~~
98		~~- var result = 'good';~~
99		~~- if ( score < 40 ) {~~
100		~~- result = 'bad';~~
101		~~- } else if ( score < 60 ) {~~
102		~~- result = 'mediocre';~~
103		~~- } else if ( score < 80 ) {~~
104		~~- result = 'acceptable';~~
105		~~- }~~
106		~~- var message = '<span class="mw-password-' + result + '">' + passwordSecurity.messages['password-strength-' + result]~~
107		~~- + '</span>';~~
108		~~- $( '#password-strength' ).html(~~
109		~~- passwordSecurity.messages['password-strength'].replace( '$1', message )~~
110		~~- //+ scores~~
111		~~- );~~
112		~~- }~~
113		-
114		~~- function retypeChanged() {~~
115		~~- var pwd = $( passwordSecurity.password ).val();~~
116		~~- var retype = $( passwordSecurity.retype ).val();~~
117		~~- var message;~~
118		~~- if ( pwd == '' \|\| pwd == retype ) {~~
119		~~- message = '';~~
120		~~- } else if ( retype == '' ) {~~
121		~~- message = passwordSecurity.messages['password-retype'];~~
122		~~- } else {~~
123		~~- message = passwordSecurity.messages['password-retype-mismatch'];~~
124		~~- }~~
125		~~- $( '#password-retype' ).html( message );~~
126		~~- }~~
127		-
128		~~- $( document ).ready( function() {~~
129		~~- $( passwordSecurity.password ).bind( 'keyup change', passwordChanged );~~
130		~~- $( passwordSecurity.retype ).bind( 'keyup change', retypeChanged );~~
131		~~- })~~
132		~~-})(jQuery);~~
Index: trunk/phase3/includes/OutputPage.php
—	—	@@ -2190,27 +2190,6 @@
2191	2191	}
2192	2192	}
2193	2193
2194		- /**
2195		~~- * Adds JS-based password security checker~~
2196		~~- * @param $passwordId String ID of input box containing password~~
2197		~~- * @param $retypeId String ID of input box containing retyped password~~
2198		~~- * @return none~~
2199		~~- */~~
2200		~~- public function addPasswordSecurity( $passwordId, $retypeId ) {~~
2201		~~- $data = array(~~
2202		~~- 'password' => '#' . $passwordId,~~
2203		~~- 'retype' => '#' . $retypeId,~~
2204		~~- 'messages' => array(),~~
2205		~~- );~~
2206		~~- foreach ( array( 'password-strength', 'password-strength-bad', 'password-strength-mediocre',~~
2207		~~- 'password-strength-acceptable', 'password-strength-good', 'password-retype', 'password-retype-mismatch'~~
2208		~~- ) as $message ) {~~
2209		~~- $data['messages'][$message] = wfMsg( $message );~~
2210		~~- }~~
2211		~~- $this->addScript( Html::inlineScript( 'var passwordSecurity=' . FormatJson::encode( $data ) ) );~~
2212		~~- $this->addModules( 'mediawiki.legacy.password' );~~
2213		~~- }~~
2214		-
2215	2194	public function showFatalError( $message ) {
2216	2195	$this->setPageTitle( wfMsg( 'internalerror' ) );
2217	2196	$this->setRobotPolicy( 'noindex,nofollow' );
Property changes on: trunk/phase3/includes/OutputPage.php
___________________________________________________________________
Modified: svn:mergeinfo
2218	2197	Merged /branches/REL1_17/phase3/includes/OutputPage.php:r81445
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
—	—	@@ -1006,10 +1006,6 @@
1007	1007	}
1008	1008
1009	1009	if ( $this->mType == 'signup' ) {
1010		~~- global $wgLivePasswordStrengthChecks;~~
1011		~~- if ( $wgLivePasswordStrengthChecks ) {~~
1012		~~- $wgOut->addPasswordSecurity( 'wpPassword2', 'wpRetype' );~~
1013		~~- }~~
1014	1010	$template = new UsercreateTemplate();
1015	1011	$q = 'action=submitlogin&type=signup';
1016	1012	$linkq = 'type=login';
Index: trunk/phase3/includes/specials/SpecialResetpass.php
—	—	@@ -112,11 +112,8 @@
113	113	}
114	114
115	115	function showForm() {
116		~~- global $wgOut, $wgUser, $wgRequest, $wgLivePasswordStrengthChecks;~~
	116	+ global $wgOut, $wgUser, $wgRequest;
117	117
118		~~- if ( $wgLivePasswordStrengthChecks ) {~~
119		~~- $wgOut->addPasswordSecurity( 'wpNewPassword', 'wpRetype' );~~
120		~~- }~~
121	118	$self = $this->getTitle();
122	119	if ( !$this->mUserName ) {
123	120	$this->mUserName = $wgUser->getName();
—	—	@@ -153,10 +150,10 @@
154	151	wfMsgExt( 'resetpass_text', array( 'parse' ) ) . "\n" .
155	152	Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . "\n" .
156	153	$this->pretty( array(
157		~~- array( 'wpName', 'username', 'text', $this->mUserName, '' ),~~
158		~~- array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass, '' ),~~
159		~~- array( 'wpNewPassword', 'newpassword', 'password', null, '<div id="password-strength"></div>' ),~~
160		~~- array( 'wpRetype', 'retypenew', 'password', null, '<div id="password-retype"></div>' ),~~
	154	+ array( 'wpName', 'username', 'text', $this->mUserName ),
	155	+ array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ),
	156	+ array( 'wpNewPassword', 'newpassword', 'password', null ),
	157	+ array( 'wpRetype', 'retypenew', 'password', null ),
161	158	) ) . "\n" .
162	159	$rememberMe .
163	160	"<tr>\n" .
—	—	@@ -175,7 +172,7 @@
176	173	function pretty( $fields ) {
177	174	$out = '';
178	175	foreach ( $fields as $list ) {
179		~~- list( $name, $label, $type, $value, $extra ) = $list;~~
	176	+ list( $name, $label, $type, $value ) = $list;
180	177	if( $type == 'text' ) {
181	178	$field = htmlspecialchars( $value );
182	179	} else {
—	—	@@ -196,8 +193,9 @@
197	194	else
198	195	$out .= wfMsgHtml( $label );
199	196	$out .= "</td>\n";
200		~~- $out .= "\t<td class='mw-input'>$field</td>\n";~~
201		~~- $out .= "\t<td>$extra</td>\n";~~
	197	+ $out .= "\t<td class='mw-input'>";
	198	+ $out .= $field;
	199	+ $out .= "</td>\n";
202	200	$out .= "</tr>";
203	201	}
204	202	return $out;
Index: trunk/phase3/includes/templates/Userlogin.php
—	—	@@ -198,7 +198,6 @@
199	199	'autofocus'
200	200	) ); ?>
201	201	</td>
202		~~- <td></td>~~
203	202	</tr>
204	203	<tr>
205	204	<td class="mw-label"><label for='wpPassword2'><?php $this->msg('yourpassword') ?></label></td>
—	—	@@ -211,7 +210,6 @@
212	211	'size' => '20'
213	212	) + User::passwordChangeInputAttribs() ); ?>
214	213	</td>
215		~~- <td><div id="password-strength"></div></td>~~
216	214	</tr>
217	215	<?php if( $this->data['usedomain'] ) {
218	216	$doms = "";
—	—	@@ -227,7 +225,6 @@
228	226	<?php echo $doms ?>
229	227	</select>
230	228	</td>
231		~~- <td></td>~~
232	229	</tr>
233	230	<?php } ?>
234	231	<tr>
—	—	@@ -241,7 +238,6 @@
242	239	'size' => '20'
243	240	) + User::passwordChangeInputAttribs() ); ?>
244	241	</td>
245		~~- <td><div id="password-retype"></div></td>~~
246	242	</tr>
247	243	<tr>
248	244	<?php if( $this->data['useemail'] ) { ?>
—	—	@@ -266,13 +262,12 @@
267	263	} ?>
268	264	</div>
269	265	</td>
270		~~- <td></td>~~
271	266	<?php } ?>
272	267	<?php if( $this->data['userealname'] ) { ?>
273	268	</tr>
274	269	<tr>
275	270	<td class="mw-label"><label for='wpRealName'><?php $this->msg('yourrealname') ?></label></td>
276		~~- <td class="mw-input" colspan="2">~~
	271	+ <td class="mw-input">
277	272	<input type='text' class='loginText' name="wpRealName" id="wpRealName"
278	273	tabindex="6"
279	274	value="<?php $this->text('realname') ?>" size='20' />
—	—	@@ -280,13 +275,12 @@
281	276	<?php $this->msgWiki('prefs-help-realname'); ?>
282	277	</div>
283	278	</td>
284		~~- <td></td>~~
285	279	<?php } ?>
286	280	<?php if( $this->data['usereason'] ) { ?>
287	281	</tr>
288	282	<tr>
289	283	<td class="mw-label"><label for='wpReason'><?php $this->msg('createaccountreason') ?></label></td>
290		~~- <td class="mw-input" colspan="2">~~
	284	+ <td class="mw-input">
291	285	<input type='text' class='loginText' name="wpReason" id="wpReason"
292	286	tabindex="7"
293	287	value="<?php $this->text('reason') ?>" size='20' />
—	—	@@ -296,7 +290,7 @@
297	291	<?php if( $this->data['canremember'] ) { ?>
298	292	<tr>
299	293	<td></td>
300		~~- <td class="mw-input" colspan="2">~~
	294	+ <td class="mw-input">
301	295	<?php
302	296	global $wgCookieExpiration, $wgLang;
303	297	echo Xml::checkLabel(
—	—	@@ -324,7 +318,7 @@
325	319	?><td><?php
326	320	}
327	321	?></td>
328		~~- <td class="mw-input" colspan="2">~~
	322	+ <td class="mw-input">
329	323	<input type="<?php echo htmlspecialchars( $inputItem['type'] ) ?>" name="<?php
330	324	echo htmlspecialchars( $inputItem['name'] ); ?>"
331	325	tabindex="<?php echo $tabIndex++; ?>"
—	—	@@ -359,7 +353,7 @@
360	354	?>
361	355	<tr>
362	356	<td></td>
363		~~- <td class="mw-submit" colspan="2">~~
	357	+ <td class="mw-submit">
364	358	<input type='submit' name="wpCreateaccount" id="wpCreateaccount"
365	359	tabindex="<?php echo $tabIndex++; ?>"
366	360	value="<?php $this->msg('createaccount') ?>" />
Index: trunk/phase3/languages/messages/MessagesEn.php
—	—	@@ -1156,15 +1156,6 @@
1157	1157	'php-mail-error' => '$1', # do not translate or duplicate this message to other languages
1158	1158	'php-mail-error-unknown' => "Unknown error in PHP's mail() function",
1159	1159
1160		~~-# JavaScript password checks~~
1161		~~-'password-strength' => 'Estimated password strength: $1',~~
1162		~~-'password-strength-bad' => 'BAD',~~
1163		~~-'password-strength-mediocre' => 'mediocre',~~
1164		~~-'password-strength-acceptable' => 'acceptable',~~
1165		~~-'password-strength-good' => 'good',~~
1166		~~-'password-retype' => 'Retype password here',~~
1167		~~-'password-retype-mismatch' => 'Passwords do not match',~~
1168		-
1169	1160	# Password reset dialog
1170	1161	'resetpass' => 'Change password',
1171	1162	'resetpass_announce' => 'You logged in with a temporary e-mailed code.
Index: trunk/phase3/resources/Resources.php
—	—	@@ -569,13 +569,6 @@
570	570	'dependencies' => array( 'mediawiki.legacy.wikibits', 'jquery.client' ),
571	571	'messages' => array( 'search-mwsuggest-enabled', 'search-mwsuggest-disabled' ),
572	572	),
573		~~- 'mediawiki.legacy.password' => array(~~
574		~~- 'scripts' => 'common/password.js',~~
575		~~- 'remoteBasePath' => $GLOBALS['wgStylePath'],~~
576		~~- 'localBasePath' => "{$GLOBALS['IP']}/skins",~~
577		~~- 'styles' => 'common/password.css',~~
578		~~- 'dependencies' => 'mediawiki.legacy.wikibits',~~
579		~~- ),~~
580	573	'mediawiki.legacy.prefs' => array(
581	574	'scripts' => 'common/prefs.js',
582	575	'remoteBasePath' => $GLOBALS['wgStylePath'],
Property changes on: trunk/phase3
___________________________________________________________________
Modified: svn:mergeinfo
583	576	Merged /branches/REL1_17/phase3:r81445

Follow-up revisions

Revision	Commit summary	Author	Date
r86199	Rebuild all language files....	siebrand	11:27, 16 April 2011
r101520	Bug 32125: remove stray $wgLivePasswordStrengthChecks leftover from a reverte...	brion	20:17, 1 November 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r70520	JavaScript-based password complexity checker on account creation and password...	maxsem	19:16, 5 August 2010
r81445	1.17: Take out r70520 (JS password strength checker)	catrope	12:24, 3 February 2011

Comments

#Comment by Reach Out to the Truth (talk | contribs) 16:39, 1 November 2011

$wgLivePasswordStrengthChecks was never removed from DefaultSettings.php.

Status & tagging log

00:32, 16 April 2011 Reedy (talk | contribs) changed the status of r86157 [removed: new added: ok]