X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2FDefaultSettings.php;h=f7c3fce124fb4374b56bce8fc5eb48c829a95e62;hp=a63d35212c2bb55667fb3f4ed0461b2736fbf862;hb=0d3807c510762187f6364f22a3d1c78fab8f51d8;hpb=678e0aaac2f76b46ccdb3f83d3defd0c2be08c43 diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index a63d35212c..f7c3fce124 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4451,57 +4451,71 @@ $wgCentralIdLookupProviders = [ $wgCentralIdLookupProvider = 'local'; /** - * Password policy for local wiki users. A user's effective policy - * is the superset of all policy statements from the policies for the - * groups where the user is a member. If more than one group policy - * include the same policy statement, the value is the max() of the - * values. Note true > false. The 'default' policy group is required, - * and serves as the minimum policy for all users. New statements can - * be added by appending to $wgPasswordPolicy['checks']. - * Statements: - * - MinimalPasswordLength - minimum length a user can set - * - MinimumPasswordLengthToLogin - passwords shorter than this will + * Password policy for the wiki. + * Structured as + * [ + * 'policies' => [ => [ => , ... ], ... ], + * 'checks' => [ => , ... ], + * ] + * where is a user group, is a password policy name + * (arbitrary string) defined in the 'checks' part, is the + * PHP callable implementing the policy check, is a number, + * boolean or null that gets passed to the callback. + * + * A user's effective policy is the superset of all policy statements + * from the policies for the groups where the user is a member. If more + * than one group policy include the same policy statement, the value is + * the max() of the values. Note true > false. The 'default' policy group + * is required, and serves as the minimum policy for all users. + * + * Callbacks receive three arguments: the policy value, the User object + * and the password; and must return a StatusValue. A non-good status + * means the password will not be accepted for new accounts, and existing + * accounts will be prompted for password change or barred from logging in + * (depending on whether the status is a fatal or merely error/warning). + * + * The checks supported by core are: + * - MinimalPasswordLength - Minimum length a user can set. + * - MinimumPasswordLengthToLogin - Passwords shorter than this will * not be allowed to login, regardless if it is correct. * - MaximalPasswordLength - maximum length password a user is allowed * to attempt. Prevents DoS attacks with pbkdf2. - * - PasswordCannotMatchUsername - Password cannot match username to + * - PasswordCannotMatchUsername - Password cannot match the username. * - PasswordCannotMatchBlacklist - Username/password combination cannot - * match a specific, hardcoded blacklist. + * match a blacklist of default passwords used by MediaWiki in the past. * - PasswordCannotBePopular - Blacklist passwords which are known to be * commonly chosen. Set to integer n to ban the top n passwords. * If you want to ban all common passwords on file, use the * PHP_INT_MAX constant. + * Deprecated since 1.33. Use PasswordNotInLargeBlacklist instead. * - PasswordNotInLargeBlacklist - Password not in best practices list of - * 100,000 commonly used passwords. + * 100,000 commonly used passwords. Due to the size of the list this + * is a probabilistic test. + * * @since 1.26 + * @see PasswordPolicyChecks + * @see User::checkPasswordValidity() */ $wgPasswordPolicy = [ 'policies' => [ 'bureaucrat' => [ - 'MinimalPasswordLength' => 8, + 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, - 'PasswordCannotBePopular' => 25, 'PasswordNotInLargeBlacklist' => true, ], 'sysop' => [ - 'MinimalPasswordLength' => 8, + 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, - 'PasswordCannotBePopular' => 25, 'PasswordNotInLargeBlacklist' => true, ], 'interface-admin' => [ - 'MinimalPasswordLength' => 8, + 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, - 'PasswordCannotBePopular' => 25, 'PasswordNotInLargeBlacklist' => true, ], 'bot' => [ - 'MinimalPasswordLength' => 8, + 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, 'PasswordNotInLargeBlacklist' => true, ], 'default' => [ @@ -4509,7 +4523,6 @@ $wgPasswordPolicy = [ 'PasswordCannotMatchUsername' => true, 'PasswordCannotMatchBlacklist' => true, 'MaximalPasswordLength' => 4096, - 'PasswordNotInLargeBlacklist' => false, ], ], 'checks' => [ @@ -5820,6 +5833,7 @@ $wgGrantPermissions['editmycssjs']['editmyuserjson'] = true; $wgGrantPermissions['editmycssjs']['editmyuserjs'] = true; $wgGrantPermissions['editmyoptions']['editmyoptions'] = true; +$wgGrantPermissions['editmyoptions']['editmyuserjson'] = true; $wgGrantPermissions['editinterface'] = $wgGrantPermissions['editpage']; $wgGrantPermissions['editinterface']['editinterface'] = true; @@ -5871,6 +5885,8 @@ $wgGrantPermissions['delete']['deletelogentry'] = true; $wgGrantPermissions['delete']['deleterevision'] = true; $wgGrantPermissions['delete']['undelete'] = true; +$wgGrantPermissions['oversight']['suppressrevision'] = true; + $wgGrantPermissions['protect'] = $wgGrantPermissions['editprotected']; $wgGrantPermissions['protect']['protect'] = true; @@ -5916,6 +5932,7 @@ $wgGrantPermissionGroups = [ 'viewdeleted' => 'administration', 'viewrestrictedlogs' => 'administration', 'protect' => 'administration', + 'oversight' => 'administration', 'createaccount' => 'administration', 'highvolume' => 'high-volume', @@ -8761,6 +8778,7 @@ $wgSearchRunSuggestedQuery = true; * * @see maintenance/createCommonPasswordCdb.php * @since 1.27 + * @deprecated since 1.33 * @var string path to file */ $wgPopularPasswordFile = __DIR__ . '/password/commonpasswords.cdb';