This patch emits deprecation warnings when extensions override
Handler::getBodyValidator() or otherwise use JsonBodyValidator.
Request body validation should be performed based on body parameter
declarations returned from getBodyParamSettings().
Bug: T358560
Depends-On: I8b12c9c9d5a73c620e3c5d035f815d7c951c7b30
Change-Id: I44b3395b8d2489c5e7ec8de0077fd7a7c9f49bfe
This switches from logging warnings when clients use string instead of
numbers in JSON requests.
Bug: T305973
Depends-On: I17f7d0b89cb584eef5a7203a8f26cb5b100e2abb
Change-Id: I2d00d320f59652040ff914005aad58bf3e724689
In JSON request bodies, empty strings should be accepted in required
string fields. So far, empty strings are considered as missing, which is
the default behavior for query parameters.
Bug: T305973
Change-Id: I97a9556bb440b9564e7d3618d189df4ef6f6725c
DEPLOY: watch the api-warning channel for misbehaving clients.
We are now using TypeDef objects for validating fields in JSON
request bodies. Since TypeDef was designed for use in the action API, it
assumes that all client data is originally supplied as strings. These
strings are parsed and converted to the appropriate type.
But for JSON requests, we don't want that. If a field is defined to be a
boolean, it should be required to be a boolean, not the string "yes" or
"0".
This adds an option to TypeDefs that triggers strict type checks for
booleans and numbers. This option is enabled for all request types other
than form data.
For now, the check does not trigger a validation error. It just logs a
warning. This allows us to assess how often clients would trigger this
kind of error. The warning are logged to the "api-warning" channel.
Bug: T305973
Change-Id: I11e9e37af93bc3b9414eb77095e7cc0ce821a462
Note that "post" parameters remain accessible through
getValidatedParams(), while "body" parameters have to be
accessed though getValidatedBody().
This adds a number of tests that ensure that this remains to be the case,
while deprecation warnings are triggered when appropriate.
Code search to check that this is unused in prod: https://codesearch.wmcloud.org/things/?q=SOURCE+*%3D%3E+*%27post%27&files=&excludeFiles=&repos=
Previous reverted incarnation of this: Ia0eedb383e69b
Bug: T362850
Bug: T358560
Depends-On: Id94335b3ec8f0549ff7350d31cb7cfee8feaa012
Change-Id: I88accc52c5faab70b453709b02ed88a8af4bc181
Mostly used find-and-replace:
Find:
/\*[\*\s]+@var (I?[A-Z](\w+)(?:Interface)?)[\s\*]+/\s*(private|protected|public) (\$[a-z]\w+;\n)((?=\s*/\*[\*\s]+@var (I?[A-Z](\w+)(?:Interface)?))\n|)
Replace with:
\3 \1 \4
More could be done, but to keep this patch reasonably sized, I only
changed the most obvious and unambiguously correct cases.
In some cases, I also removed redundant doc comments on the
constructor, and re-ordered the properties to match the constructor.
Change-Id: Ifa710fdf4d8d44a2d7244798b787a1b2a58c35a7
- fix test for body validation errors in HandlerTest that was never
called.
- provide additional test cases for body validation failures
- provide an error key and failure code when encountering extra body
parameters, for consistency with other validation errors.
Bug: T305973
Change-Id: I3453a37f9b5dd1348890046582fb2d25c00dfa6c
This patch introduces a namespace declaration for the
MediaWiki\Json to FormatJson and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: I5e1311e4eb7a878a7db319b725ae262f40671c32
- fix type on the "rest-body-validation-error" message key, causing
the message to remain untranslated.
- fix error meta-data included when reporting body validation failures.
Bug: T358560
Change-Id: I56ef63e3534770c777cb5f938e3032101abae54b
After merging gerrit change 1023933, I realized I missed a couple
of comment typos in code review. Also noticed another in Validator.
So just fixing these up for general tidiness.
Change-Id: I7c40274482136ac78dc8ace5f8a0dffa67e4a9cb
Note that "post" parameters remain accessible through
getValidatedParams(), while "body" parameters have to be
accessed though getValidatedBody().
This adds a numebr of tests that ensure that this remains to be the case, while deprecation warnings are triggered when appropriate.
Bug: T358560
Change-Id: Ia0eedb383e69b48a0baa0895a8c9d2229f670367
ParamValidator so far only supports primitive types as input, which is
insufficient for validating request bodies.
This adds an "array" parameter type that accepts any array. In the
future, we should add validation for such parameters, based on JSON
schema.
Change-Id: Idfa1c90be40772948a3c53d010441905b44b7b4e
Throw if a client sends unexpected body fields to a handler that supports body validation.
Bug: T360434
Change-Id: I7b8ed5fe23613183f941ab3b162e0a3c488167df
Since we are now using the parameter validation mechanism also for
fields in the request body, we need to wrap the validation errors to
make clear that the "parameters" are actually fields on the request
body.
Bug: T358850
Change-Id: I02e59a66459e8d88d1c5d0e454da9139ec1b42c6
All POST requests must have a body, even if the body's is
empty, with content-length set to 0. When the body is empty, it should
not be necessary to specify a content-type either.
A typical use case would be some kind of "touch" semantics that would
update a resource's state without needing any additional information
from the client.
Change-Id: I7d20bb6a8c484b9b4725f056342ff8d015a171ac
This reverts commit 890558f1fa.
This restores Id584208d9b67d877606a0add1d71c9b1784cdb1b with some fixes.
Bug: T323786
Bug: T352742
Change-Id: Ib31c451ddd75b06c95a544c8a3d2a64b32264126
This is only enabled in development mode for now.
It's intended as a baseline for further development,
the feature is not ready for production.
Bug: T323786
Change-Id: Id584208d9b67d877606a0add1d71c9b1784cdb1b
Co-authored-by: Atieno <pnjira@wikimedia.org>
This patch adds another validation layer to JsonBodyValidator, i.e. that
all parameters in the request body are known to the handler. This is
especially useful for optional parameter if the client uses the wrong
name, since otherwise it may be difficult for them to realize what's
wrong.
Bug: T305973
Depends-On: I7efe73d21f1751552614b4c3e2351010693b23bf
Change-Id: I854046efe15dba3b00eae4323f7bb591e145b6b9
Per RFC 7231 (https://www.rfc-editor.org/rfc/rfc7231#section-4.3.5), sending a body
with the DELETE method "has no defined semantics". Allow it, as it is useful for
passing the csrf token required by some authentication methods.
Bug: T309388
Change-Id: I9fb7f3c536af4636e33f776de32f9f90b88827c9
Migrate away from the Title object, use
TitleParser::parseTitle() which returns a
TitleValue which is enough. Will be followed by
switching UserDefTest to a unit test, but in a separate
commit.
Change-Id: Ia756964861c4e0f3edea89f6beec2643243ca741
Maintain the existing behavior for creating based on a user
id or name that does not correspond to an existing user:
* if creating a User object based on the id 0, User::loadFromId()
will load the defaults with the name being set to false, and
User::getName() will convert that false to the ip of the current
request. We probably don't want UserDef to be doing that, but
this behavior should be changed separately - at the moment
we are just matching the existing behavior (see the prior commit
which adds tests to confirm the behavior isn't changing)
* if creating a User object based on an id that cannot be found
in the database, User::loadFromDatabase() will load the same
defaults, *except* that it will set the user name to "Unknown user"
* if creating a User object based on a name, User::getId() will,
if the id isn't already known, return 0 if the name matches
UserNameUtils::isIP() or ExternalUserNames::isExternal(). However,
the User object is currently only created based on a name after
passing an ExternalUserNames check, and the creation with
RIGOR_VALID prevents it from being an ip. Thus, the existing
code will call User::load(), which will check the database or
fallback to 0 if the user does not exist.
When creating a User from an id that does not exist, User::getId()
will return that id, until after the object tries to fully load,
after which it'll return 0 for the id. Since we cannot replicate
this with UserIdentity (switching the id to 0 only after getName()
is called for the first time) we set the id to always be 0, which
is more accurate. This is the only change in behavior.
We will remove the use of the context ip in a follow-up that will
switch to using "Unknown user" instead.
Accordingly, we will use a UserIdentityLookup as well as
manual construction of UserIdentityValue objects to match this
behavior.
Bug: T288311
Change-Id: Ida80c5d04d721fafa8d66f656dbd346c6cf643eb
Make it clearer that the 'post' mode of ParamValidator only
applies to application/x-www-form-urlencoded or multipart/form-data
requests, and point to the equivalent mechanism for other request
types. Since developers coming from the action API are already
familiar with ParamValidator, this hopefully makes the other
validation mechanism easier to discover.
Change-Id: Iaa352a2d7e1d52a881b2cd960e34ebb0507ce83c
- Begin injecting services into UserDef to support
unit tests.
- Replace static User class functions with
UserFactory functions.
Bug: T259145
Bug: T257464
Change-Id: Iccc0c39e013679f15f2e62738c56df09ba56c494
For compliance with the new version of the table interface policy
(T255803).
This patch was created by an automated search & replace operation
on the includes/ directory.
Bug: T257789
Change-Id: I17e5e92e24c708ffc846945a136347670a3a20c7
Per the Stable Interface Policy, PHP interfaces should not be
directly implemented by extensions, unless they are marked to be safe
for that purpose.
Bug: T247862
Change-Id: Idd5783b70fc00c03d57f5b1a887f0e47c4d7b146
This commit also changes ApiWatch to make use of the new parameter type.
Other APIs will be updated to use it in a separate patch (T248196).
In doing this, we are for the first using logic within a TypeDef outside
the API. This seems acceptable given TypeDefs chiefly appear to serve as
a validation method, with otherwise no particular logic tied to the
concept of APIs.
wfIsInfinity() now uses ExpiryDef::INFINITY_VALS
Bug: T248508
Change-Id: If8f0df059eafb73ec9f39cc076b3a9ce2412d60a
