diff --git a/includes/Permissions/PermissionManager.php b/includes/Permissions/PermissionManager.php index ed31d7b7d82..56deaa7e6a2 100644 --- a/includes/Permissions/PermissionManager.php +++ b/includes/Permissions/PermissionManager.php @@ -23,6 +23,7 @@ use Action; use Article; use Exception; use MediaWiki\Block\BlockErrorFormatter; +use MediaWiki\Block\DatabaseBlock; use MediaWiki\Config\ServiceOptions; use MediaWiki\HookContainer\HookContainer; use MediaWiki\HookContainer\HookRunner; @@ -702,9 +703,8 @@ class PermissionManager { $short, LinkTarget $page ) { - // Account creation blocks handled at userlogin. // Unblocking handled in SpecialUnblock - if ( $rigor === self::RIGOR_QUICK || in_array( $action, [ 'createaccount', 'unblock' ] ) ) { + if ( $rigor === self::RIGOR_QUICK || in_array( $action, [ 'unblock' ] ) ) { return $errors; } @@ -723,6 +723,37 @@ class PermissionManager { $useReplica = ( $rigor !== self::RIGOR_SECURE ); $block = $user->getBlock( $useReplica ); + if ( $action === 'createaccount' ) { + $applicableBlock = null; + if ( $block && $block->appliesToRight( 'createaccount' ) ) { + $applicableBlock = $block; + } + + # T15611: if the IP address the user is trying to create an account from is + # blocked with createaccount disabled, prevent new account creation there even + # when the user is logged in + if ( !$this->userHasRight( $user, 'ipblock-exempt' ) ) { + $ipBlock = DatabaseBlock::newFromTarget( + null, $user->getRequest()->getIP() + ); + if ( $ipBlock && $ipBlock->appliesToRight( 'createaccount' ) ) { + $applicableBlock = $ipBlock; + } + } + // @todo FIXME: Pass the relevant context into this function. + if ( $applicableBlock ) { + $context = RequestContext::getMain(); + $message = $this->blockErrorFormatter->getMessage( + $applicableBlock, + $context->getUser(), + $context->getLanguage(), + $context->getRequest()->getIP() + ); + $errors[] = array_merge( [ $message->getKey() ], $message->getParams() ); + return $errors; + } + } + // If the user does not have a block, or the block they do have explicitly // allows the action (like "read" or "upload"). if ( !$block || $block->appliesToRight( $action ) === false ) { diff --git a/includes/api/ApiAMCreateAccount.php b/includes/api/ApiAMCreateAccount.php index bcf52b05c4b..cd9cc25c14f 100644 --- a/includes/api/ApiAMCreateAccount.php +++ b/includes/api/ApiAMCreateAccount.php @@ -91,7 +91,7 @@ class ApiAMCreateAccount extends ApiBase { $reqs[] = $req; } } - $res = $manager->beginAccountCreation( $this->getUser(), $reqs, $params['returnurl'] ); + $res = $manager->beginAccountCreation( $this->getAuthority(), $reqs, $params['returnurl'] ); } $this->getResult()->addValue( null, 'createaccount', diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php index b0f67bdb0b1..4a102643568 100644 --- a/includes/auth/AuthManager.php +++ b/includes/auth/AuthManager.php @@ -29,7 +29,9 @@ use MediaWiki\Block\BlockManager; use MediaWiki\HookContainer\HookContainer; use MediaWiki\HookContainer\HookRunner; use MediaWiki\MediaWikiServices; +use MediaWiki\Permissions\Authority; use MediaWiki\Permissions\PermissionStatus; +use MediaWiki\User\UserIdentity; use MediaWiki\User\UserNameUtils; use MediaWiki\Watchlist\WatchlistManager; use Psr\Log\LoggerAwareInterface; @@ -1039,10 +1041,10 @@ class AuthManager implements LoggerAwareInterface { /** * Basic permissions checks on whether a user can create accounts - * @param User $creator User doing the account creation + * @param Authority $creator User doing the account creation * @return Status */ - public function checkAccountCreatePermissions( User $creator ) { + public function checkAccountCreatePermissions( Authority $creator ) { // Wiki is read-only? if ( $this->readOnlyMode->isReadOnly() ) { return Status::newFatal( wfMessage( 'readonlytext', $this->readOnlyMode->getReason() ) ); @@ -1058,15 +1060,6 @@ class AuthManager implements LoggerAwareInterface { } $ip = $this->getRequest()->getIP(); - - $block = $creator->isBlockedFromCreateAccount(); - if ( $block ) { - $language = \RequestContext::getMain()->getLanguage(); - return Status::newFatal( - $this->blockErrorFormatter->getMessage( $block, $creator, $language, $ip ) - ); - } - if ( $this->blockManager->isDnsBlacklisted( $ip, true /* check $wgProxyWhitelist */ ) ) { return Status::newFatal( 'sorbs_create_account_reason' ); } @@ -1087,13 +1080,13 @@ class AuthManager implements LoggerAwareInterface { * should be omitted. If the CreateFromLoginAuthenticationRequest has a * username set, that username must be used for all other requests. * - * @param User $creator User doing the account creation + * @param Authority $creator User doing the account creation * @param AuthenticationRequest[] $reqs * @param string $returnToUrl Url that REDIRECT responses should eventually * return to. * @return AuthenticationResponse */ - public function beginAccountCreation( User $creator, array $reqs, $returnToUrl ) { + public function beginAccountCreation( Authority $creator, array $reqs, $returnToUrl ) { $session = $this->request->getSession(); if ( !$this->canCreateAccounts() ) { // Caller should have called canCreateAccounts() @@ -1116,7 +1109,7 @@ class AuthManager implements LoggerAwareInterface { if ( !$status->isGood() ) { $this->logger->debug( __METHOD__ . ': {creator} cannot create users: {reason}', [ 'user' => $username, - 'creator' => $creator->getName(), + 'creator' => $creator->getUser()->getName(), 'reason' => $status->getWikiText( null, null, 'en' ) ] ); return AuthenticationResponse::newFail( $status->getMessage() ); @@ -1128,7 +1121,7 @@ class AuthManager implements LoggerAwareInterface { if ( !$status->isGood() ) { $this->logger->debug( __METHOD__ . ': {user} cannot be created: {reason}', [ 'user' => $username, - 'creator' => $creator->getName(), + 'creator' => $creator->getUser()->getName(), 'reason' => $status->getWikiText( null, null, 'en' ) ] ); return AuthenticationResponse::newFail( $status->getMessage() ); @@ -1145,7 +1138,7 @@ class AuthManager implements LoggerAwareInterface { $session->remove( 'AuthManager::accountCreationState' ); $this->logger->debug( __METHOD__ . ': UserData is invalid: {reason}', [ 'user' => $user->getName(), - 'creator' => $creator->getName(), + 'creator' => $creator->getUser()->getName(), 'reason' => $status->getWikiText( null, null, 'en' ), ] ); return AuthenticationResponse::newFail( $status->getMessage() ); @@ -1158,8 +1151,8 @@ class AuthManager implements LoggerAwareInterface { $state = [ 'username' => $username, 'userid' => 0, - 'creatorid' => $creator->getId(), - 'creatorname' => $creator->getName(), + 'creatorid' => $creator->getUser()->getId(), + 'creatorname' => $creator->getUser()->getName(), 'reqs' => $reqs, 'returnToUrl' => $returnToUrl, 'primary' => null, @@ -2066,10 +2059,10 @@ class AuthManager implements LoggerAwareInterface { * - ACTION_UNLINK: Same as ACTION_REMOVE, but limited to linked accounts. * * @param string $action One of the AuthManager::ACTION_* constants - * @param User|null $user User being acted on, instead of the current user. + * @param UserIdentity|null $user User being acted on, instead of the current user. * @return AuthenticationRequest[] */ - public function getAuthenticationRequests( $action, User $user = null ) { + public function getAuthenticationRequests( $action, UserIdentity $user = null ) { $options = []; $providerAction = $action; @@ -2136,14 +2129,14 @@ class AuthManager implements LoggerAwareInterface { * @param string $providerAction Action to pass to providers * @param array $options Options to pass to providers * @param AuthenticationProvider[] $providers - * @param User|null $user + * @param UserIdentity|null $user being acted on * @return AuthenticationRequest[] */ private function getAuthenticationRequestsInternal( - $providerAction, array $options, array $providers, User $user = null + $providerAction, array $options, array $providers, UserIdentity $user = null ) { $user = $user ?: \RequestContext::getMain()->getUser(); - $options['username'] = $user->isAnon() ? null : $user->getName(); + $options['username'] = $user->isRegistered() ? $user->getName() : null; // Query them and merge results $reqs = []; diff --git a/includes/specialpage/AuthManagerSpecialPage.php b/includes/specialpage/AuthManagerSpecialPage.php index 023673b76d4..2e2aac0a969 100644 --- a/includes/specialpage/AuthManagerSpecialPage.php +++ b/includes/specialpage/AuthManagerSpecialPage.php @@ -373,7 +373,7 @@ abstract class AuthManagerSpecialPage extends SpecialPage { case AuthManager::ACTION_LOGIN_CONTINUE: return $authManager->continueAuthentication( $requests ); case AuthManager::ACTION_CREATE: - return $authManager->beginAccountCreation( $this->getUser(), $requests, + return $authManager->beginAccountCreation( $this->getAuthority(), $requests, $returnToUrl ); case AuthManager::ACTION_CREATE_CONTINUE: return $authManager->continueAccountCreation( $requests ); diff --git a/includes/user/User.php b/includes/user/User.php index 08b9760d89b..8a8d88a053d 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -3670,6 +3670,7 @@ class User implements Authority, IDBAccessObject, UserIdentity, UserEmailContact /** * Get whether the user is explicitly blocked from account creation. + * @deprecated since 1.37. Instead use Authority::authorize* for createaccount permission. * @return bool|AbstractBlock */ public function isBlockedFromCreateAccount() { diff --git a/tests/phpunit/includes/auth/AuthManagerTest.php b/tests/phpunit/includes/auth/AuthManagerTest.php index 5c619c9354f..7f3f591da8d 100644 --- a/tests/phpunit/includes/auth/AuthManagerTest.php +++ b/tests/phpunit/includes/auth/AuthManagerTest.php @@ -24,6 +24,7 @@ use Psr\Container\ContainerInterface; use Psr\Log\LoggerInterface; use Psr\Log\LogLevel; use ReadOnlyMode; +use Status; use StatusValue; use WebRequest; use Wikimedia\ObjectFactory; @@ -74,6 +75,11 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { /** @var WatchlistManager */ private $watchlistManager; + protected function setUp(): void { + parent::setUp(); + $this->tablesUsed[] = 'ipblocks'; + } + /** * Sets a mock on a hook * @param string $hook @@ -1403,7 +1409,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { } public static function provideAllowsAuthenticationDataChange() { - $ignored = \Status::newGood( 'ignored' ); + $ignored = Status::newGood( 'ignored' ); $ignored->warning( 'authmanager-change-not-supported' ); $okFromPrimary = StatusValue::newGood(); @@ -1417,17 +1423,17 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { [ StatusValue::newGood(), StatusValue::newGood(), - \Status::newGood(), + Status::newGood(), ], [ StatusValue::newGood(), StatusValue::newGood( 'ignore' ), - \Status::newGood(), + Status::newGood(), ], [ StatusValue::newGood( 'ignored' ), StatusValue::newGood(), - \Status::newGood(), + Status::newGood(), ], [ StatusValue::newGood( 'ignored' ), @@ -1437,27 +1443,27 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { [ StatusValue::newFatal( 'fail from primary' ), StatusValue::newGood(), - \Status::newFatal( 'fail from primary' ), + Status::newFatal( 'fail from primary' ), ], [ $okFromPrimary, StatusValue::newGood(), - \Status::wrap( $okFromPrimary ), + Status::wrap( $okFromPrimary ), ], [ StatusValue::newGood(), StatusValue::newFatal( 'fail from secondary' ), - \Status::newFatal( 'fail from secondary' ), + Status::newFatal( 'fail from secondary' ), ], [ StatusValue::newGood(), $okFromSecondary, - \Status::wrap( $okFromSecondary ), + Status::wrap( $okFromSecondary ), ], [ StatusValue::newGood(), $throttledMailPassword, - \Status::newGood( 'throttled-mailpassword' ), + Status::newGood( 'throttled-mailpassword' ), ] ]; } @@ -1502,30 +1508,48 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { } } - public function testCheckAccountCreatePermissions() { - $this->initializeManager( true ); - + /** + * @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions() + */ + public function testCheckAccountCreatePermissions_anon() { $this->setGroupPermissions( '*', 'createaccount', true ); $this->initializeManager( true ); $this->assertEquals( - \Status::newGood(), + Status::newGood(), $this->manager->checkAccountCreatePermissions( new \User ) ); + } - $readOnlyMode = \MediaWiki\MediaWikiServices::getInstance()->getReadOnlyMode(); - $readOnlyMode->setReason( 'Because' ); - $this->assertEquals( - \Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ), - $this->manager->checkAccountCreatePermissions( new \User ) - ); - $readOnlyMode->setReason( false ); - + /** + * @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions() + */ + public function testCheckAccountCreatePermissions_anonNotAllowed() { $this->setGroupPermissions( '*', 'createaccount', false ); $this->initializeManager( true ); $status = $this->manager->checkAccountCreatePermissions( new \User ); $this->assertFalse( $status->isOK() ); $this->assertTrue( $status->hasMessage( 'badaccess-groups' ) ); - $this->setGroupPermissions( '*', 'createaccount', true ); + } + + /** + * @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions() + */ + public function testCheckAccountCreatePermissions_readOnly() { + $this->initializeManager( true ); + $readOnlyMode = $this->getServiceContainer()->getReadOnlyMode(); + $readOnlyMode->setReason( 'Because' ); + $this->assertEquals( + Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ), + $this->manager->checkAccountCreatePermissions( new \User ) + ); + $readOnlyMode->setReason( false ); + } + + /** + * @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions() + * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock() + */ + public function testCheckAccountCreatePermissions_blocked() { $this->initializeManager( true ); $user = \User::newFromName( 'UTBlockee' ); @@ -1534,12 +1558,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { \TestUser::setPasswordForUser( $user, 'UTBlockeePassword' ); $user->saveSettings(); } - $blockStore = MediaWikiServices::getInstance()->getDatabaseBlockStore(); - $oldBlock = DatabaseBlock::newFromTarget( 'UTBlockee' ); - if ( $oldBlock ) { - // An old block will prevent our new one from saving. - $blockStore->deleteBlock( $oldBlock ); - } + $blockStore = $this->getServiceContainer()->getDatabaseBlockStore(); $blockOptions = [ 'address' => 'UTBlockee', 'user' => $user->getId(), @@ -1555,7 +1574,16 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $status = $this->manager->checkAccountCreatePermissions( $user ); $this->assertFalse( $status->isOK() ); $this->assertTrue( $status->hasMessage( 'blockedtext' ) ); + } + /** + * @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions() + * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock() + */ + public function testCheckAccountCreatePermissions_ipBlocked() { + $this->setGroupPermissions( '*', 'createaccount', true ); + $this->initializeManager( true ); + $blockStore = $this->getServiceContainer()->getDatabaseBlockStore(); $blockOptions = [ 'address' => '127.0.0.0/24', 'by' => $this->getTestSysop()->getUser()->getId(), @@ -1566,12 +1594,15 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { ]; $block = new DatabaseBlock( $blockOptions ); $blockStore->insertBlock( $block ); - $scopeVariable = new ScopedCallback( [ $block, 'delete' ] ); $status = $this->manager->checkAccountCreatePermissions( new \User ); $this->assertFalse( $status->isOK() ); $this->assertTrue( $status->hasMessage( 'blockedtext-partial' ) ); - ScopedCallback::consume( $scopeVariable ); + } + /** + * @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions() + */ + public function testCheckAccountCreatePermissions_DNSBlacklist() { $this->setMwGlobals( [ 'wgEnableDnsBlacklist' => true, 'wgDnsBlacklistUrls' => [ @@ -1589,6 +1620,49 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->assertTrue( $status->isGood() ); } + /** + * @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions() + * @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock() + */ + public function testCheckAccountCreatePermissions_ipIsBlockedByUserNot() { + $this->initializeManager( true ); + + $user = \User::newFromName( 'UTBlockee' ); + if ( $user->getId() == 0 ) { + $user->addToDatabase(); + \TestUser::setPasswordForUser( $user, 'UTBlockeePassword' ); + $user->saveSettings(); + } + $blockStore = $this->getServiceContainer()->getDatabaseBlockStore(); + $blockOptions = [ + 'address' => 'UTBlockee', + 'user' => $user->getId(), + 'by' => $this->getTestSysop()->getUser()->getId(), + 'reason' => __METHOD__, + 'expiry' => time() + 100500, + 'createAccount' => false, + ]; + $block = new DatabaseBlock( $blockOptions ); + $blockStore->insertBlock( $block ); + + $blockOptions = [ + 'address' => '127.0.0.0/24', + 'by' => $this->getTestSysop()->getUser()->getId(), + 'reason' => __METHOD__, + 'expiry' => time() + 100500, + 'createAccount' => true, + 'sitewide' => false, + ]; + $block = new DatabaseBlock( $blockOptions ); + $blockStore->insertBlock( $block ); + + $this->resetServices(); + $this->initializeManager( true ); + $status = $this->manager->checkAccountCreatePermissions( $user ); + $this->assertFalse( $status->isOK() ); + $this->assertTrue( $status->hasMessage( 'blockedtext-partial' ) ); + } + /** * @param string $uniq * @return string @@ -1606,7 +1680,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->initializeManager(); $this->assertEquals( - \Status::newFatal( 'authmanager-create-disabled' ), + Status::newFatal( 'authmanager-create-disabled' ), $this->manager->canCreateAccount( $username ) ); @@ -1621,7 +1695,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->initializeManager( true ); $this->assertEquals( - \Status::newFatal( 'userexists' ), + Status::newFatal( 'userexists' ), $this->manager->canCreateAccount( $username ) ); @@ -1636,17 +1710,17 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->initializeManager( true ); $this->assertEquals( - \Status::newFatal( 'noname' ), + Status::newFatal( 'noname' ), $this->manager->canCreateAccount( $username . '<>' ) ); $this->assertEquals( - \Status::newFatal( 'userexists' ), + Status::newFatal( 'userexists' ), $this->manager->canCreateAccount( 'UTSysop' ) ); $this->assertEquals( - \Status::newGood(), + Status::newGood(), $this->manager->canCreateAccount( $username ) ); @@ -1661,7 +1735,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->initializeManager( true ); $this->assertEquals( - \Status::newFatal( 'fail' ), + Status::newFatal( 'fail' ), $this->manager->canCreateAccount( $username ) ); } @@ -2559,7 +2633,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $expect = \Status::newGood(); + $expect = Status::newGood(); $expect->warning( 'userexists' ); $this->assertEquals( $expect, $ret ); $this->assertNotEquals( 0, $user->getId() ); @@ -2575,7 +2649,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true ); $this->unhook( 'LocalUserCreated' ); - $expect = \Status::newGood(); + $expect = Status::newGood(); $expect->warning( 'userexists' ); $this->assertEquals( $expect, $ret ); $this->assertNotEquals( 0, $user->getId() ); @@ -2594,7 +2668,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $user = \User::newFromName( $username ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ), $ret ); + $this->assertEquals( Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2611,7 +2685,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'test' ), $ret ); + $this->assertEquals( Status::newFatal( 'test' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2626,7 +2700,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'test2' ), $ret ); + $this->assertEquals( Status::newFatal( 'test2' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2641,7 +2715,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'noname' ), $ret ); + $this->assertEquals( Status::newFatal( 'noname' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username . '@', $user->getId() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2660,7 +2734,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'authmanager-autocreate-noperm' ), $ret ); + $this->assertEquals( Status::newFatal( 'authmanager-autocreate-noperm' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2682,7 +2756,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_MAINT, true, false ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'ok' ), $ret ); + $this->assertEquals( Status::newFatal( 'ok' ), $ret ); // Test that both permutations of permissions are allowed // (this hits the two "ok" entries in $mocks['pre']) @@ -2695,7 +2769,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'ok' ), $ret ); + $this->assertEquals( Status::newFatal( 'ok' ), $ret ); $this->setGroupPermissions( '*', 'createaccount', true ); $this->setGroupPermissions( '*', 'autocreateaccount', false ); @@ -2705,7 +2779,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'ok' ), $ret ); + $this->assertEquals( Status::newFatal( 'ok' ), $ret ); $logger->clearBuffer(); // Test lock fail @@ -2717,7 +2791,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); unset( $lock ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'usernameinprogress' ), $ret ); + $this->assertEquals( Status::newFatal( 'usernameinprogress' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2732,7 +2806,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'fail-in-pre' ), $ret ); + $this->assertEquals( Status::newFatal( 'fail-in-pre' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2749,7 +2823,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'fail-in-primary' ), $ret ); + $this->assertEquals( Status::newFatal( 'fail-in-primary' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2766,7 +2840,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'fail-in-secondary' ), $ret ); + $this->assertEquals( Status::newFatal( 'fail-in-secondary' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2787,7 +2861,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newFatal( 'authmanager-autocreate-exception' ), $ret ); + $this->assertEquals( Status::newFatal( 'authmanager-autocreate-exception' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2806,7 +2880,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { ->willReturn( \Status::newFatal( 'because' ) ); $user->setName( $username ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); - $this->assertEquals( \Status::newFatal( 'because' ), $ret ); + $this->assertEquals( Status::newFatal( 'because' ), $ret ); $this->assertSame( 0, $user->getId() ); $this->assertNotEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2854,11 +2928,11 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $status = $oldUser->addToDatabase(); $this->assertTrue( $status->isOK(), 'sanity check' ); $user->setId( $oldUser->getId() ); - return \Status::newFatal( 'userexists' ); + return Status::newFatal( 'userexists' ); } ) ); $user->setName( $username ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); - $expect = \Status::newGood(); + $expect = Status::newGood(); $expect->warning( 'userexists' ); $this->assertEquals( $expect, $ret ); $this->assertNotEquals( 0, $user->getId() ); @@ -2879,7 +2953,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { ->with( $callback, true ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newGood(), $ret ); + $this->assertEquals( Status::newGood(), $ret ); $this->assertNotEquals( 0, $user->getId() ); $this->assertEquals( $username, $user->getName() ); $this->assertEquals( $user->getId(), $session->getUser()->getId() ); @@ -2897,7 +2971,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { ->with( $callback, true ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true ); $this->unhook( 'LocalUserCreated' ); - $this->assertEquals( \Status::newGood(), $ret ); + $this->assertEquals( Status::newGood(), $ret ); $this->assertNotEquals( 0, $user->getId() ); $this->assertEquals( $username, $user->getName() ); $this->assertSame( 0, $session->getUser()->getId() ); @@ -2915,7 +2989,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase { $username = self::usernameForCreation(); $user = \User::newFromName( $username ); $ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true ); - $this->assertEquals( \Status::newGood(), $ret ); + $this->assertEquals( Status::newGood(), $ret ); $logger->clearBuffer(); $data = \DatabaseLogEntry::getSelectQueryData();