/** * Given a username, returns one of several codes to indicate whether it is valid to be a NEW username or not. * * Codes: * - OK: A user with this username may be created. * - INVALID: This is not a valid username. This may mean that it is too long or has characters that aren't permitted, etc. * - EXISTS: A user with this name, so you cannot create one with this name. * * TODO: Is this a duplicate of user::isCreatableName()? It is important to note that wgWikiaMaxNameChars may be less than wgMaxNameChars which * is intentional because there are some long usernames that were created when only wgMaxNameChars limited to 255 characters and we still want * those usernames to be valid (so that they can still login), but we just don't want NEW accounts to be created above the length of wgWikiaMaxNameChars. * * @param string $uName The user name to check * * @return bool|string Return errors as an i18n key or true if the name is valid */ function wfValidateUserName($uName) { if (!User::isNotMaxNameChars($uName)) { return 'userlogin-bad-username-length'; } $userTitle = Title::newFromText($uName); if (is_null($userTitle)) { return 'userlogin-bad-username-character'; } $uName = $userTitle->getText(); if (!User::isCreatableName($uName)) { return 'userlogin-bad-username-character'; } $dbr = wfGetDB(DB_SLAVE); $uName = $dbr->strencode($uName); if ($uName == '') { return 'userlogin-bad-username-character'; } if (class_exists('SpoofUser')) { $spoof = new SpoofUser($uName); if ($spoof->isLegal()) { $conflicts = $spoof->getConflicts(); if (!empty($conflicts)) { return 'userlogin-bad-username-taken'; } } } if (in_array($uName, F::app()->wg->ReservedUsernames)) { // if we returned 'invalid', that would be confusing once a user // checked and found that the name already met the naming requirements. return 'userlogin-bad-username-taken'; } // This username is valid return true; }
public function execute() { $params = $this->extractRequestParams(); $res = $this->getResult(); $res->addValue(null, $this->getModuleName(), array('username' => $params['username'])); $spoof = new SpoofUser($params['username']); if ($spoof->isLegal()) { $normalized = $spoof->getNormalized(); $res->addValue(null, $this->getModuleName(), array('normalised' => $normalized)); $unfilteredConflicts = $spoof->getConflicts(); if (empty($unfilteredConflicts)) { $res->addValue(null, $this->getModuleName(), array('result' => 'pass')); } else { $hasSuppressed = false; $conflicts = array(); foreach ($unfilteredConflicts as $conflict) { if (!User::newFromName($conflict)->isHidden()) { $conflicts[] = $conflict; } else { $hasSuppressed = true; } } if ($hasSuppressed) { $res->addValue(null, $this->getModuleName(), array('suppressed' => 'true')); } $res->addValue(null, $this->getModuleName(), array('result' => 'conflict')); $res->setIndexedTagName($conflicts, 'u'); $res->addValue(array($this->getModuleName()), 'users', $conflicts); } } else { $error = $spoof->getError(); $res->addValue('antispoof', 'result', 'error'); $res->addValue('antispoof', 'error', $error); } }
/** * @covers SpoofUser::update */ public function testUpdate() { $user = User::newFromName('MyNewUserName'); $user->addToDatabase(); $s = new SpoofUser('MyNewUserName'); $s->update('BAZFOO'); $this->assertArrayEquals(array('MyNewUserName'), $s->getConflicts()); $foobaz = new SpoofUser('BAZFOO'); $this->assertArrayEquals(array('BazF00', 'BazFoo'), $foobaz->getConflicts()); }
/** * Can be used to cancel user account creation * * @param $user User * @param $message string * @return bool true to continue, false to abort user creation */ public static function asAbortNewAccountHook($user, &$message) { global $wgAntiSpoofAccounts, $wgUser, $wgRequest; if (!$wgAntiSpoofAccounts) { $mode = 'LOGGING '; $active = false; } elseif ($wgRequest->getCheck('wpIgnoreAntiSpoof') && $wgUser->isAllowed('override-antispoof')) { $mode = 'OVERRIDE '; $active = false; } else { $mode = ''; $active = true; } $name = $user->getName(); $spoof = new SpoofUser($name); if ($spoof->isLegal()) { $normalized = $spoof->getNormalized(); $conflicts = $spoof->getConflicts(); if (empty($conflicts)) { wfDebugLog('antispoof', "{$mode}PASS new account '{$name}' [{$normalized}]"); } else { wfDebugLog('antispoof', "{$mode}CONFLICT new account '{$name}' [{$normalized}] spoofs " . implode(',', $conflicts)); if ($active) { $numConflicts = count($conflicts); $message = wfMessage('antispoof-conflict-top', $name)->numParams($numConflicts)->parse(); $message .= '<ul>'; foreach ($conflicts as $simUser) { $message .= '<li>' . wfMessage('antispoof-conflict-item', $simUser)->escaped() . '</li>'; } $message .= '</ul>' . wfMessage('antispoof-conflict-bottom')->parse(); return false; } } } else { $error = $spoof->getError(); wfDebugLog('antispoof', "{$mode}ILLEGAL new account '{$name}' {$error}"); if ($active) { $message = wfMessage('antispoof-name-illegal', $name, $error)->text(); return false; } } return true; }
/** * AntiSpoof: verify whether the name is legal for a new account. * * @see extensions/AntiSpoof */ public function checkAntiSpoof() { $this->response->setFormat('json'); $this->response->setCacheValidity(\WikiaResponse::CACHE_DISABLED); if ($this->getVal('secret') != $this->wg->TheSchwartzSecretToken) { $this->response->setVal('allow', false); $this->response->setVal('message', 'invalid secret'); return; } $username = $this->getVal('username'); // Allow the given user name if the AntiSpoof extension is disabled. if (empty($this->wg->EnableAntiSpoofExt)) { $this->response->setVal('allow', true); return; } $spoofUser = new \SpoofUser($username); // Allow the given user name if it is legal and does not conflict with other names. $this->response->setVal('allow', $spoofUser->isLegal() && !$spoofUser->getConflicts()); return; }