*/
use Cdb\Reader as CdbReader;
+use MediaWiki\MediaWikiServices;
+use Wikimedia\PasswordBlacklist;
/**
* Functions to check passwords against a policy requirement
* @return Status error if username and password match, and policy is true
*/
public static function checkPasswordCannotMatchUsername( $policyVal, User $user, $password ) {
- global $wgContLang;
$status = Status::newGood();
$username = $user->getName();
- if ( $policyVal && $wgContLang->lc( $password ) === $wgContLang->lc( $username ) ) {
+ $contLang = MediaWikiServices::getInstance()->getContentLanguage();
+ if (
+ $policyVal && hash_equals( $contLang->lc( $username ), $contLang->lc( $password ) )
+ ) {
$status->error( 'password-name-match' );
}
return $status;
$status = Status::newGood();
$username = $user->getName();
if ( $policyVal ) {
- if ( isset( $blockedLogins[$username] ) && $password == $blockedLogins[$username] ) {
+ if (
+ isset( $blockedLogins[$username] ) &&
+ hash_equals( $blockedLogins[$username], $password )
+ ) {
$status->error( 'password-login-forbidden' );
}
// Example from ApiChangeAuthenticationRequest
- if ( $password === 'ExamplePassword' ) {
+ if ( hash_equals( 'ExamplePassword', $password ) ) {
$status->error( 'password-login-forbidden' );
}
}
return $status;
}
+ /**
+ * Ensure the password isn't in the list of passwords blacklisted by the
+ * wikimedia/password-blacklist library
+ *
+ * @param bool $policyVal Whether to apply this policy
+ * @param User $user
+ * @param string $password
+ *
+ * @since 1.33
+ *
+ * @return Status
+ */
+ public static function checkPasswordNotInLargeBlacklist( $policyVal, User $user, $password ) {
+ $status = Status::newGood();
+ if ( $policyVal && PasswordBlacklist\PasswordBlacklist::isBlacklisted( $password ) ) {
+ $status->error( 'passwordinlargeblacklist' );
+ }
+
+ return $status;
+ }
+
}
dépôts / lhc / web / wiklou.git / blobdiff