| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Refactor password checking a little to allow skipping the normal flow
in a special situation like this.
Bug: T104092
Change-Id: Ib4a4e1f34b6963a6414c6f88893884b0ec369ca5
|
| |
|
|
|
|
|
|
|
| |
Make password policies defined in a configurable policy, which is
defined by group. A user's password policy will be the maximum of
each group policy that the user belongs to.
Bug: T94774
Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I noticed MWOldPassword is broken while working on
I7024b287a7. When generating new passwords for it,
a superfluous : is being added to the serialized hash
within the database (and that breaks parsing so that
people can't ever log in).
As this is not really relevant in the real world (as
nobody is hopefully using plain MD5 passwords anymore),
this doesn't need any backward compatibility handling
for the broken hashes.
Change-Id: I753c135a6de39008488bd7462c2bfcda2cbac116
|
| |
|
|
|
|
|
|
|
|
|
|
| |
By only updating the user row in the database, if needed
and by making use of md5 for passwords instead of slower
hashing.
This cut down run time of some Wikibase API tests to 20%
of the original value for me!
Also it reduces the run time of MediaWiki's test suite
by about 45s on jenkins.
Change-Id: I7024b287a71fe9b327dbcdc5427cd8edb5047606
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Various code passes null around to mean "an invalid password". It
shouldn't all have to test for null and specially handle that.
This also fixes a codepath where User::$mNewpassword could get set to an
empty string rather than a password object, which would cause problems
later when anything else tries to use it.
Bug: 71421
Change-Id: Ib5f94b52c07e7dba89328b98fb43c86db95ee09f
|
| |
|
|
|
|
|
| |
- Use short form of boolean
- Use capital at begin of doc text
Change-Id: Ic5afacfa7298b1938d3b45ffd0cac5ce01f2f9db
|
| |
|
|
|
|
|
|
|
|
| |
It seems HHVM does not like the use of
dynamic typing in hash_pbkdf2() (also it's
kind of not the best idea in general), so
added explicit (int) casting to parameters.
Follows-up: I0a9c972931a0eff0cfb2619cef3ddffd03710285
Change-Id: I8adae3cc2cdf8029be59e2d62a3ab0fbfb73b7aa
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
A few @since 1.23 --> 1.24
Change-Id: I55d00ab9c3f9dae96ed804a22f19d713879663fa
Follows-Up: I0a9c972931a0eff0cfb2619cef3ddffd03710285
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| | |
Slight syntax code change for $wgPasswordDefault in DefaultSettings.php
and fixed reference to global in BcryptPassword.php.
Change-Id: I8d1d12c09ecd2f422f21a586e948f314e29fa605
|
| |/
|
|
| |
Change-Id: I7256325492b2f6451223714efb8b3e07fca9ee3e
|
|
|
Deprecated the old User::crypt, et. al password hashing
system and implemented an extensible password hashing
API.
The new Password class allows registering of child classes
and provides factory functions for creating new Password
objects. The built-in hash types are the old MediaWiki MD5
types, which are for backwards-compatibility only, and bcrypt.
Also included is support for wrapping existing hashes as well
as encrypting passwords with a configured encryption key.
Bug: 54948
Bug: 28419
Change-Id: I0a9c972931a0eff0cfb2619cef3ddffd03710285
|
