Prevent all users from having a password in the blacklist

Bug: T151425
Change-Id: I8d8f738176a47ccc5bd0a9eeac3a3385c3809088

diff --git a/RELEASE-NOTES-1.34 b/RELEASE-NOTES-1.34
index 03ced76..828d0fb 100644 (file)
--- a/RELEASE-NOTES-1.34
+++ b/RELEASE-NOTES-1.34
@@ -26,6 +26,13 @@ For notes on 1.33.x and older releases, see HISTORY.
 
 === Configuration changes for system administrators in 1.34 ===
 
+In an effort to enforce best practices for passwords, MediaWiki will now warn
+users, and suggest that they change their password, if it is in the list of
+100,000 commonly used passwords that are considered bad passwords. If you want
+to disable this for your users, please add the following to your local settings:
+
+$wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
+
 ==== New configuration ====
 * $wgAllowExternalReqID (T201409) - This configuration setting controls whether
   Mediawiki accepts the request ID set by the incoming request via the

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 48943de..5d3fba7 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4463,7 +4463,7 @@ $wgCentralIdLookupProvider = 'local';
  *             Deprecated since 1.33. Use PasswordNotInLargeBlacklist instead.
  *     - PasswordNotInLargeBlacklist - Password not in best practices list of
  *             100,000 commonly used passwords. Due to the size of the list this
- *      is a probabilistic test.
+ *             is a probabilistic test.
  *
  * If you add custom checks, for Special:PasswordPolicies to display them correctly,
  * every check should have a corresponding passwordpolicies-policy-<check> message,
@@ -4481,28 +4481,25 @@ $wgPasswordPolicy = [
                'bureaucrat' => [
                        'MinimalPasswordLength' => 10,
                        'MinimumPasswordLengthToLogin' => 1,
-                       'PasswordNotInLargeBlacklist' => true,
                ],
                'sysop' => [
                        'MinimalPasswordLength' => 10,
                        'MinimumPasswordLengthToLogin' => 1,
-                       'PasswordNotInLargeBlacklist' => true,
                ],
                'interface-admin' => [
                        'MinimalPasswordLength' => 10,
                        'MinimumPasswordLengthToLogin' => 1,
-                       'PasswordNotInLargeBlacklist' => true,
                ],
                'bot' => [
                        'MinimalPasswordLength' => 10,
                        'MinimumPasswordLengthToLogin' => 1,
-                       'PasswordNotInLargeBlacklist' => true,
                ],
                'default' => [
                        'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ],
                        'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
                        'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
                        'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
+                       'PasswordNotInLargeBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
                ],
        ],
        'checks' => [