Page MenuHomePhabricator
Paste P24022

(An Untitled Masterwork)
ActivePublic
Actions

Authored by taavi on Apr 1 2022, 7:31 PM.
Tags
None
Referenced Files
F35034104: raw-paste-data.txt
Apr 1 2022, 7:31 PM
Subscribers
None
Tokens
"Pirate Logo" token, awarded by Soda."Hungry Hippo" token, awarded by Dinoguy1000."Y So Serious" token, awarded by Stang."Pirate Logo" token, awarded by Remagoxer."The World Burns" token, awarded by Chlod.
From ad19fed57941c10ae948f23704b65ab0fcf4c617 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Taavi=20V=C3=A4=C3=A4n=C3=A4nen?= <hi@taavi.wtf>
Date: Fri, 1 Apr 2022 22:30:32 +0300
Subject: [PATCH] Add password re-use protection
Change-Id: I7762d14d6bb8d9b5eae440363df2a9214206f918
---
i18n/en.json | 1 +
...ntralAuthPrimaryAuthenticationProvider.php | 19 +++++++++++++++++++
2 files changed, 20 insertions(+)
diff --git a/i18n/en.json b/i18n/en.json
index fff6955d..1008d6d4 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -41,6 +41,7 @@
"action-globalgrouppermissions": "manage global groups",
"centralauth": "Global account manager",
"centralauth-abortlogin-renamed": "Your account was renamed to \"$1\". Please use that username instead.",
+ "centralauth-account-duplicate-password": "Your password must not match the passwords of other users (the one you specified is used by $1).",
"centralauth-account-exists": "Cannot create account: The requested username is already taken by a user on another wiki.",
"centralauth-account-exists-reset": "The username $1 is not registered on this wiki, but you can reset its password on [[Special:CentralAuth/$1|a wiki where it is]].",
"centralauth-account-rename-exists": "Cannot create account: The username is already in use. Please pick another name.",
diff --git a/includes/CentralAuthPrimaryAuthenticationProvider.php b/includes/CentralAuthPrimaryAuthenticationProvider.php
index 8e31a0e7..6954b3da 100644
--- a/includes/CentralAuthPrimaryAuthenticationProvider.php
+++ b/includes/CentralAuthPrimaryAuthenticationProvider.php
@@ -569,6 +569,25 @@ class CentralAuthPrimaryAuthenticationProvider
// $this->testUserForCreation() will already have rejected it if necessary
return AuthenticationResponse::newAbstain();
}
+
+ $existingUsers = $this->databaseManager
+ ->getCentralDB( DB_PRIMARY )
+ ->selectFieldValues(
+ [ 'globaluser' ],
+ 'gu_name',
+ [],
+ __METHOD__
+ );
+ foreach ( $existingUsers as $name ) {
+ $existingUser = CentralAuthUser::getPrimaryInstanceByName( $name );
+ if ( $existingUser->authenticate( $req->password ) ) {
+ return AuthenticationResponse::newFail(
+ wfMessage( 'centralauth-account-duplicate-password' )
+ ->plaintextParams( $name )
+ );
+ }
+ }
+
// Username is unused; set up as a global account
if ( !$centralUser->register( $req->password, $user->getEmail() ) ) {
// Wha?
--
2.35.1
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL