This sets MainCacheType to 'hash', so the main cache is functional
within test cases. Between tests we are already calling ObjectCache::clear,
so the cache will not leak data into other test cases.
It turned out that the way we have been overriding configuration
settings in MediaWikiIntegrationTestCase is insufficient, since the
overrides would only apply in the main Config object, not in global
variables. This means they could not be overwritten with setMwGlobals.
So this patch also changes how we apply config overrides for test setup.
Config overrides that happen during tests work as before.
Depends-On: Ic36e92b73f22fd64e2d0b680d8e900f598158460
Change-Id: Ia60cb0bc18b235f23d9778da8241f65accfc0d35
The main object cache is disabled during testing. Some integration tests
need it though. This provides a clean way to enable it, to replace the hacks
that were used so far.
Note that we may want to enable the main cache during testing soon. When
that happens, this method is still useful to disable the cache in certain
tests, and to set a specific cache instance.
Change-Id: I04ae1bf1b6b2c8f6310acd2edf89459d01a9c870
overrideConfigValues() is introduced as a replacement for
setMwGlobals(). Since we are moving away from reading configuration
from global variables, test cases should not use global variables to set
configuration.
Bug: T294739
Change-Id: I9d41045bd13932bd853f53e00322233fc4f1321c
Deprecate AuthManager::checkAccountCreatePermissions in favour of
::authorizeCreateAccount, for full permissions checks and
::probablyCanCreateAccount, for quick permissions checks.
Update SpecialCreateAccount to use the appropriate checks, and
add SpecialCreateAccountTest.
Bug: T283265
Change-Id: I385f2b56ef61f64a4c61e9c97683bef564892dce
This reverts commit ec3da4589bebeb46d7f1544dc46f24baec334966.
Caused frequent session loss in the Wikimedia cluster.
Bug: T299193
Bug: T309616
Change-Id: I3a410df88071d72078672cf1b670e81c11b28117
(cherry picked from commit d1a1fcedc9eace8a5f4a8454eff44a7ed898848a)
SessionBackend::resetId() is prone to race conditions with
cookie-based session providers, where MediaWiki receives
a request with the old session and forces the client to log
out. To handle that, add a tombstone mechanism to
SessionBackend, so instead of deleting the old session from
the store on ID reset, it is marked as invalid. Tombstoned
sessions are handled as nonexistent ones, except unpersist()
is not called.
Unlike Iffd69c7f246adff40b07668328a07329440dbd6f this doesn't
prevent overwriting the session if the MediaWiki endpoint calls
persist() or unpersist(), but it is vastly simpler, and very
few endpoints persist the session.
The behavior of SessionManager::loadSessionInfoFromStore()
with a tombstoned session and SessionInfo::forceUse()===true
does not make much sense, but that's a nonsensical scenario
in the first place (it only happens when the session provider
returns true from persistsSessionId() but sets the forceUse
flag which is meant for providers which can't change the
session ID) and we are only really concerned here about
cookie-based sessions anyway.
Bug: T299193
Change-Id: I3a76b67aa51159ebf0195db15cf7c34e00a64a2e
Add a hook "TempUserCreatedRedirect" which allows an extension to modify
the post-save redirect after a temporary user is created. CentralAuth
will handle this hook in order to redirect to loginwiki. Loginwiki will
redirect back to the page being saved.
In LoginHelper::showReturnToPage add an "anchor" parameter to specify
the URL fragment to redirect to. This is intended for section editing
with a redirect via loginwiki.
In AuthManager::autoCreateUser(), just allow any valid username, don't
require it to be creatable. Previously a non-creatable username was
allowed only with $source=AUTOCREATE_SOURCE_TEMP, but CentralAuth
depends on user autocreation from the session during refreshCookies. The
session is already validated at this point, so it's not like a user can
exploit this to create arbitrary names.
Change-Id: I623330dbf5d0573c93ae22f962618d6ddbd126d9
This ensures that assertions work in a uniform way,
and provides meaningful messages in cause of failure.
Change-Id: Ic01715b9a55444d3df6b5d4097e78cb8ac082b3e
Without a default the preference is treat as unknown and possible values
identical to the default are not excluded from javascript code or
database.
Bug: T291748
Change-Id: I37cf1cd87a5ef1fd91aba0c3cc4b0e3f9c9c08b4
init() method was added to AuthenticationProvider. It helps to inject
dependecies. Overridable postInitSetup() method was added to
AbstractAuthenticationProvider. A provider can override this to do
any necessary setup.
AbstractAuthenticationProvider ::setLogger(), ::setManager(), ::setConfig(),
::setHookContainer() were soft deprecated. Now developers must use
AbstractAuthenticationProvider::init().
Bug: T275030
Change-Id: I6ca63eddac1b177eeadbdcce992e71c44a480160
This is the default anyway when using ->with(). The test code
becomes so much more readable without this, I would like to
argue. Let it just say "with these values".
Because of the way I split my changes into multiple patches
there are a few other changes in this patch I could not split,
e.g. removing unnecessary ->any(). This is the default anyway
and doesn't make the test more specific.
Change-Id: I34990799fa9258ba8dc64c7e78ec43f7903b7681
It is not entirely meaningless. It might be an indicator that
the number of calls to a method is intentionally unlimited.
This is similar to e.g. an @inheritDoc PHPDoc comment that
marks a method as being "intentionally undocumented".
However, what's the meaning of being "intentionally
unconstrained"? Let's just not have any constraint then.
I feel all these ->expects( $this->any() ) bloat the test
code so much that it's never worth it.
Change-Id: I9925e7706bd03e1666f6eb0b284cb42b0dd3be23
It's the same and makes the test code much more readable, I
would like to argue.
Because of the was I split all the changes I made into smaller
patches this patch contains some other changes in the same
lines where I could not split them off. E.g. removal of
->any(), which is the default anyway and doesn't do anything.
Change-Id: Ib297b989d4aec33b31a4e33fe9d5032865b39be0
Ended up using
grep -Prl '\->setMethods\(' . | xargs sed -r -i 's/setMethods\(/onlyMethods\(/g'
special-casing setMethods( null ) -> onlyMethods( [] )
and then manual fix of failing test (from PS2 onwards).
Bug: T278010
Change-Id: I012dca7ae774bb430c1c44d50991ba0b633353f1
RememberMeAuthentication request shows a "remember me" checkbox that,
when checked, will extend the amount of time before the authenticated
session expires. It was previously not possible to extend the session
when the login form is skipped, which happens when there are no
non-skippable fields on the form. This patch introduces a configuration
variable, $wgRememberMe. Valid values are:
- CHOOSE_REMEMBER: the user may be able to choose whether to be
remembered or not (depends upon whether login form is skipped)
- FORCE_CHOOSE_REMEMBER: the user will be able to choose whether to be
remembered or not (forces login form not to be skipped)
- ALWAYS_REMEMBER: the authenticated session will always be extended
- NEVER_REMEMBER: the authenticated session will never be extended
Default behavior is identical to what it was before adding this
functionality.
Bug: T265263
Change-Id: I779aae3c1b96b380b50092245f616219088b038d
When autocreation is forced by another user, that action is logged
already and attirbuted to the correct actor (e.g. the sysop who
forcibly autocreated the account). The 'autocreate' log should not
be created in this scenario because it would incorrectly attribute
an action to the subject of the autocreation, when they indeed had
not taken any action themself. Collateral damage is explaiend in
T275979.
This patch also corrects the wording of the method's documentation
Bug: T269494
Change-Id: I9c771a6a8bed7711508f43b793c295cd30e4ea6b
Cut the explicit dependency on PermissionManager
and rely on the fact that User implements Authority.
There's still a few ends we need to cut before converting
the method parameters to Authority, but that can be done
in followup steps.
Bug: T273510
Change-Id: I69617e624f47944f8a383d0b28885678c1249f23
These are not only 100% identical to the actual code, but also:
* It's error-prone. Some are already wrong.
* These test…() functions are not meant to be called from
anywhere. What is the target audience for this documentation?
* There is a @dataProvider. What such @param tags actually do is
document the provider, but in an odd place. Just looking at
the provider should give the same information.
* The MediaWiki CodeSniffer allows to skip @param when there is
a @dataProvider, for the reasone listed.
Change-Id: I0f6f42f9a15776df944a0da48a50f9d5a2fb6349
Most of these are found by the not yet released I10559d8.
I remove the type MockObject in some cases when the calling
code really does not need to know if he get's a mock or the
real thing. However, I do this only in places that are very
closely related to the fixes.
Change-Id: I26a4c3c5a8ae141bf56161b52b54bce7e68f2e30
