The deprecated diffing in prop=revisions and such used a 'rvsection'
parameter. To enable migration of things using that, action=compare
needs corresponding section parameters.
Bug: T183823
Change-Id: If1a0e2df614c083b37640418c69cca367ce0e895
These tests apply to things that are not relevant to PHP code coverage,
such as testing presence of messages, JSON files, or the PHPUnit tests
themselves.
Using @coversNothing indicates that there is no code here to be covered,
and prevents warnings when using --strict-coverage mode (T152923).
Change-Id: Id89ee2c15a3ce3f10e34b13fb677cd1af75af9e6
This patch does two major things to the newly introduced
ApiQueryRecentChangesIntegrationTest:
* It rips the confusingly complicated assertArraySubsetsEqual appart.
* It removes all wikitext content. Note that no assertion is done on this
content (not even in the test that is about adding a category). The tests
run just fine with automatically generated content. I had to introduce the
$i counter to make sure consecutive edits are done with different content.
Otherwise the later edit is not stored.
Change-Id: Iae585be86f3fd9bff7d2b4b7b218d5b0b4258603
Quoting PHPUnit docs:
The $index parameter for the at() matcher refers to the index,
starting at zero, in all method invocations for a given mock object.
Exercise caution when using this matcher as it can lead to brittle
tests which are too closely tied to specific implementation details.
Indeed these test cases would break horribly with unintuitive error
messages ("Mocked method does not exist") if anything in preferences
or API code called any additional methods on the mocked user. For
example, it relied on the caching in Preferences::getPreferences(),
which is being removed in I92390120a16448383a25e9ba2dd35a434a2f21bf.
I'm pretty sure all that matters here is that all the setOption()
calls with different arguments happen, so let's test just that.
Change-Id: I30a814151a006e5f147eebb918344049807b2b97
Follows-up 90c95fc7f2, which included result of Skin::getDefaultModules
in the prop=modules list. All hardcoded modules in OutputPage and Parser
were also subsequently moved into Skin::getDefaultModules.
However, a number of modules cannot be moved there because fundamentally
Skin::getDefaultModules can only load modules via OutputPage::addModules().
For style modules, addModuleStyles() must be used.
Fortunately, there is already a centralised place for that, namely
Skin::setupSkinUserCss(). Include that in the ApiParse return as well.
That should resolve the last bit of inconsistency between ApiParse
and OutputPage when it comes to the module queue.
Bug: T140664
Change-Id: I35e2e3bbdccdd1aa2a259b8e624daa80c609ba8c
Fatal error was happening due to the fact that ApiUsageException was
trying to call `getMessage()` on StatusValue which doesn't have this
method.
Change-Id: Idd9c7d47d9e24a6a32db6daf75a827bf958c9b76
MWNamespace has three internal caches, only one of which can be cleared
(and that somewhat oddly by passing a boolean to
MWNamespace::getCanonicalNamespaces()).
This change introduces a MWNamespace::clearCaches() method to clear all
three caches. It also adds some resetting in tests that seemed to be
missing it.
Change-Id: I1dcfcd8713888b3ff8fc75e95329ba72bd95d0c9
The used phpcs has a bug, so the version 0.9.0 could not be enforced at the moment.
Will be fixed in next version, see T167168
Changed:
- Remove duplicate newline at end of file
- Add space between function and ( for closures
- and -> &&, or -> ||
Change-Id: I4172fb08861729bccd55aecbd07e029e2638d311
Now that ParserOptions->isSafeToCache() exists, use it where necessary.
This also moves the use inside the makeParserOptions() method so other
callers can pick it up as well.
Then pass the flag as $forceParse into WikiPage::getParserOutput()
instead of duplicating the logic in several cases, and generally clean
up the logic in the module to let WikiPage decide when to use the cache
in more cases.
Change-Id: I0079e10a40997e4a3b59ac21ef6c92246a147736
Support diffing deleted revisions, user-supplied text, and additional
properties about the diffed revisions such as the user and edit summary.
Bug: T20189
Bug: T30047
Bug: T164529
Change-Id: I5565d717d9c2fd19da7cae02890a15e244cc238b
If the load() triggered by User method calls fails, then mId becomes 0
which means there is no "user" right set in getAutomaticGroups().
Bug: T75174
Change-Id: I2d719e4b96c0142e9d408aa2d4f7c5e7a767a754
Replaces \TestingAccessWrapper (defined in core) with
\Wikimedia\TestingAccessWrapper (defined in the composer package
wikimedia/testing-access-wrapper).
See https://gerrit.wikimedia.org/r/#/q/topic:librarize-testing-access-wrapper
for downstream patches.
The core version of the class is kept around for a while to avoid
circular dependency problems.
Bug: T163434
Change-Id: I52cc257e593da3d6c3b01a909e554a950225aec8
The default will remain PHPUnit 4.x due to PHP 5.5 support.
But, we should allow developers to run tests with newer PHPUnit
versions which are noticably faster (especially for code coverage
reports).
* <https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement-for-PHPUnit-5.4.0>
PHPUnit 5 deprecates the getMock() shortcut for getMockBuilder()->getMock().
It instead introduces the shortcut createMock() which has better defaults
than getMockBuilder(). For example, it sets 'disableArgumentCloning' and
other things by default.
Going forward, code should either use getMockBuilder directly and configure
it using the setter methods (instead of the confusing variadic arguments
of getMock) or simply use the new minimalistic createMock method. This patch
backports the createMock method to MediaWikiTestCase so that we can start
using it.
Change-Id: I091c0289b21d2b1c876adba89529dc3e72b99af2
API tests are all subclasses of MediaWikiLangTestCase, which overrides
the content language when the tests are actually running. So we need to
always use 'en' to match that.
Bug: T162007
Change-Id: Ie001576fb62ae88c9141e471fd8fcbc49592be32
For example Special:MyPage, Special:MyTalk, and Special:MyLanguage.
Don't follow other redirect special pages like Special:MyContributions,
though, because the following only really makes sense when the redirect
is to an article.
Bug: T145541
Change-Id: I8c8065552ed128017887e48285e359def8bd3cd3
Apparently Jenkins sets $wgShowExceptionDetails to true but travis
doesn't. The test should make sure it's set since it depends on it.
And apparently no one ever added $wgShowDBErrorBacktrace to the API.
Let's do that too.
Change-Id: I0793eda349426b265a47900cdeb87bb920b5c291
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
Change-Id: I46261416f7603558dceb76ebe695a5cac274e417
Before Iae0e2ce3b, the only place in the API that had to deal with
choosing from multiple errors was ApiBase::dieStatus(), which chose the
first one in the Status object. Iae0e2ce3b changed this to choose the
last one instead, which is an unnecessary backwards compatibility break.
While we could make the change in ApiBase::dieStatus(), it's cleaner to
change ApiErrorFormatter_BackCompat's behavior instead since it seems
unlikely anything else was using that code path.
Bug: T155268
Change-Id: Ia06527f8480c3d4a689792ceb8671b0d399ffbe3
This was suggested at a Developer Summit session as a way to get people
to know about the mailing list.
This also adds a hook so ApiFeatureUsage can mention itself in
deprecation warnings too.
Bug: T148855
Change-Id: I04a7cf89e87e48f6504803dd173e779017a205d0
Validating this should be as simple as it can be: if the tests run,
this change should be fine. :-)
Change-Id: I8e4a3dfc83fdc9b8c8d7f5bbd067e088ebd2133d
Tests were failing if class cannot be loaded using `\AutoLoader` but can be loaded by composer's autoloader.
Change-Id: I005c9d99245f4733a9666c4bfe9e39baeaad3960
Use booleans, not the old empty-string-or-undefined.
This bugfix is a breaking change, but chances are it won't affect many
clients.
Bug: T153518
Change-Id: If5fa2cdcb973b186349307b29e4266daceef0a9d
Blocks made for configured proxies, dnsbls, or the configured range
soft-blocks being added in I6c11a6b9 aren't real blocks stored in the
database. Let's actually flag these blocks as such and use a more
appropriate message when displaying them to the user.
Change-Id: I697e3eec2520792e98c193200c2b1c28c35bf382
Add feature to block/unblock users by their ID. For this,a new
parameter `userid` is added to block & unblock API request.
Bug: T34496
Change-Id: I084a4e275cd937053c505cd388a365b316990ece
This is a pure documentation change. It mostly removes empty lines from
comments (and entirely empty comments), as well as adds a few missing
documentation blocks and fixes a minor mistake. I hope it's ok to have
this in one patch. I can split it, please tell me.
Change-Id: I9668338602ac77b903ab6b02ff56bd52743c37c4
API warnings and error messages are currently hard-coded English
strings. This patch changes that.
With a few exceptions, this patch should be compatible with non-updated
extensions:
* The change to ApiBase::$messageMap will blow up anything trying to
mess with it.
* The changes to the 'ApiCheckCanExecute' hook will cause a wrong
(probably unparsed) error message to be emitted for extensions not
already using an ApiMessage. Unless they're currently broken like
Wikibase.
Bug: T37074
Bug: T47843
Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898
Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec
Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6
Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed
Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c
Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b
Depends-On: I535344c29d51521147c2a26c341dae38cec3e931
Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
Message::__toString() used the same formatting mode that the last
explicit transformation used:
$msg = new Message( 'foo' );
echo $msg; // escaped
echo $msg->plain();
echo $msg; // not escaped
This is not particularly useful and makes code review hard, so let's
get rid of it.
The same behavior with $msg->toString() is left intact (and logged)
for now.
Bug: T146416
Change-Id: Ia9b2a1dcf09d52348b2c6d8299fd849b809f6e74
It looks like there is something missing after the last statement
Also remove some other empty lines at begin of functions, ifs or loops
while at these files
Change-Id: Ib00b5cfd31ca4dcd0c32ce33754d3c80bae70641
This was requested for the use of scripts that are concerned about the
possibility that the user might log in with a different account in
another browser window, thereby changing the expected user out from
underneath the script.
Bug: T146770
Change-Id: I94e0421cb263a418e86649f0d22ece4cfec6a395
All deprecated ApiResult methods are removed. These have been deprecated
since 1.24 or 1.25, and the only users remaining in Gerrit are wrapped
in backwards-compatibility checks and so should not be being called.
ApiBase, ApiFormatBase, ApiMain, and ApiQuery methods for generating the
pre-Ib14c00df help text are removed. Nothing has called these for a long
time, and only Flow implemented them in any way. Deprecated methods for
providing the text for such help, such as getDescription(), haven't been
removed yet, though, since some extensions still call some of them.
Change-Id: I3ca7c98174b4a3f6f67f2b023e0f4446637e7a84
Useful for search engines that allow users to customize search profiles.
Depends-On: Icd577c8ebc6e162befe30bde4fe276e633d2e434
Change-Id: I471cd090730d2a25cb70d622ec3bebbe9583118c
An @ in the username caused the password to be treated as a bot password,
but apparently some real usernames still contain it. Try both logins
instead. Security considerations are the same as for the other bot
password syntax: the length check makes sure we do not provide any
information on a timing side channel about the password unless it is
extremely long.
Change-Id: I58f42544a08c3208c41f54cfae932632d9c5affa
If a client submits data that is not NFC-normalized Unicode or that
contains C0 controls other than HT, LF, and CR, it gets normalized before
the API ever sees it. Which can lead to difficult-to-handle bugs when,
for example, a title is subject to normalization so the client can't
find the specific title it submitted anywhere in the response (T139130).
This patch does two things:
* Detects when normalization was applied to an input value (at the
MediaWiki level, anyway; if PHP or earlier does it we're just out of
luck) and add a warning to that effect.
* For ApiPageSet's 'titles' parameter, split into the individual titles
and add them to the 'normalized' list in the response. This requires
encoding the pre-normalized strings to avoid ApiResult's own
normalization.
Bug: T29849
Bug: T144071
Change-Id: I215fd3edd7a5e1b45292e60768bf6dd5ad7f34de
When a multi-valued parameter's value begins with U+001F, the values
will be split on that character instead of pipes. This will be useful
for things such as action=options&change= or meta=allmessages&amargs=.
Since MediaWiki doesn't otherwise accept C0 control characters
(WebRequest::getVal() replaces them with �), there's no possibility that
this will conflict with a literal use of U+001F.
Special:ApiSandbox and mw.Api are updated to make use of this, with the
latter having an option to disable the behavior in case something is
depending on [ 'foo', 'bar|baz' ] turning into 'foo|bar|baz'.
Pipe is still used as the separator when the value doesn't begin with
U+001F, and will be forever since it's generally more human-friendly and
is needed for backwards compatibility with basically every API client in
existence. The requirement that the value begin with U+001F, rather than
simply contain U+001F, is to avoid clients having to somehow
special-case "param=foo|bar" where that's intended to be a single value
"foo|bar" rather than two values "foo" and "bar".
Bug: T141960
Change-Id: I45f69997667b48887a2b67e93906364a652ace5a
* Set an indexed tag name in ApiParamInfo and ApiAuthManagerHelper.
* Use 'key' instead of 'message' for the (not yet used) non-BC
ApiErrorFormatter.
Change-Id: I07f0a690e263b34e09210673241af8bf750cbd1b
Revert commit 23e5cdb503
temporarily so Pywikibot users can catch up with API changes
Bug: T121527
Bug: T142155
Change-Id: I3879a5d76a1727dd653daeebc79d4d9cabd0332e
In I6f987db this parameter was inadvertantly renamed to qiprofile. The
qiprofile is something different, and is also a BC break. The BC break is
pretty minor, for a randomly chosen day this looks to be used 157 times
out of 28.7M requests, but since this really isn't a qiprofile rename
it back to what it was.
Change-Id: I1cc07945888c15ea4b4c9596eea447b706606fae
We have a number of parameters that are pretty much the same between
these different search api's. Lets make them actually the same by
sharing the definitions, and then letting individual classes tweak them
as needed by removing the offset, or adjusting the max limits as
necessary.
Change-Id: I6f987db8ecb63dc943b4d2518bfe3703c677448e
Database queries used to get user's watchlist items in API are quite
complex due to number of options oferred by the API.
Generating the query is moved to WatchedItemQueryService.
ApiQueryWatchlistRaw no longer contains database-related code.
Simple user watchlist item lookups should use WatchedItemStore.
ApiQueryWatchlistRaw tests have been introduced in
I9c07aa237607143985f0efe20ed0065d2bde27e4
Bug: T132566
Change-Id: I875a92074b52c00ac11db1fa05615abbf5262ab1
This moves generating of a complex Watchlist and RecentChanges
related query to a WatchedItemQueryService class.
ApiQueryWatchlist class no longer contains any database-related
code.
Bug: T132565
Change-Id: I5a5cda13f8091baa430ac1a8e2176e0efd1ae192
The unit tests spend nearly half of their run time resetting the user table for
each test. But the majority of tests do not depend on the user table having the
exact value that the setup code resets it to, and do not need to modify the
user objects they require to run.
Fix that by providing an API for tests to get User objects, and to indicate
whether the User object will be subject to destructive modification or not.
This allows User objects to be reused across multiple unit tests.
Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
Take into account that the tag might have parameters.
Bug: T123653
Change-Id: Ie9799f5ea45badfb4e7b4be7e7fbc1c35cc86f26
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
The header is intended for use with XMLHttpRequest when the request
might be part of an XSS. The hook is for extensions that might need to
add additional checks of some sort.
Bug: T98313
Change-Id: I0e5f2d3b29a79a12461dc33c90c812a56810f536
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Changes here are:
* action=login is deprecated for use other than bot passwords
* list=users will indicate if a missing user name is creatable.
* Added action=query&meta=authmanagerinfo
* Added action=clientlogin is to be used to log into the main account
* action=createaccount is changed in a non-BC manner
* Added action=linkaccount
* Added action=unlinkaccount
* Added action=changeauthenticationdata
* Added action=removeauthenticationdata
* Added action=resetpassword
Bug: T110276
Bug: T110747
Bug: T110751
Bug: T32788
Bug: T67857
Bug: T28597
Bug: T76103
Change-Id: I244fa9b1e0623247d6d9fa30990411c6df94a496
This implements the AuthManager class and its needed interfaces and
subclasses, and integrates them into the backend portion of MediaWiki.
Integration with frontend portions of MediaWiki (e.g. ApiLogin,
Special:Login) is left for a followup.
Bug: T91699
Bug: T71589
Bug: T111299
Co-Authored-By: Gergő Tisza <gtisza@wikimedia.org>
Change-Id: If89d24838e326fe25fe867d02181eebcfbb0e196
* Speed up password generation and verification by setting MWOldPassword as the
default password type. Do this once, in MediaWikiTestCase::makeTestConfig(),
rather than in five different places.
* Rename '$pwhash' to '$passwordHash', for consistency. It's ugly to have both
'$passwordFactory' and '$pwhash' in the same scope.
* Make TestUser::setPasswordForUser() check first whether the desired password
is already set. This is actually the common case, since the password is reset
in the setup code for every test, but only a few tests actually change the
password.
Change-Id: I423f09ff7472b6cbde21cb709ea7c7ef9e298f18
Note: This change does not add tests for deleted revision/log data
(comment, action, user). These should be added in a follow up.
Change-Id: Ia76c39134564c477aa46ccb7b6595173410b0251
Iec4ed4c8 made it so addCoreDBData() only gets called once. Which is
nice, except for the fact that it means any test that puts
'user_groups' into $this->tablesUsed is going to cause UTSysop to no
longer be a sysop, so any later test that expects it to be one is going
to mysteriously fail.
The fix is to make resetDB() actually clear out the 'user' table when
requested, but then to re-call addCoreDBData() so UTSysop is still
there.
This might break extension tests if they're relying on the 'user' table
never being cleared even if it's specified in $this->tablesUsed, but
hopefully that's not often the case.
Bug: T132411
Change-Id: If251739fd486544f54a0c07edcc24aeef0998342
Depends-On: I0546a4f18e0751d209b6b7c6cd42973f25828313
Depends-On: I4924ae941b3844b39dd3f44c6986c3bf29b0d62a
This reduces the runtime of database-bound tests by about 40%
(on my system, from 4:55 to 2:47; results from Jenkins are
inconclusive).
The basic idea is to call addCoreDBData() only once, and have
a addDBDataOnce() that is called once per test class, not for
every test method lie addDBData() is. Most tests could be
trivially be changed to implement addDBDataOnce() instead of
addDBData(). The ones for which this did not work immediately
were left out for now. A closer look at the tests that still
implement addDBData() may reveal additional potential for
improvement.
TODO: Once this is merged, try to change addDBData() to
addDBDataOnce() where possible in extensions.
Change-Id: Iec4ed4c8419fb4ad87e6710de808863ede9998b7
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
User keeps most of its token-related methods because anon edit tokens
are special. Login and createaccount tokens are completely moved.
Change-Id: I524218fab7e2d78fd24482ad364428e98dc48bdf
None of this works and it's been long begging for a mercy kill.
All it does is waste contributor time on updating deprecations
in the dead code. I imagine we wouldn't reuse much of this
code if we're ever going to reimplement it.
Bug: T119336
Change-Id: Ibd26a4bea621857aac77823017e9be9b7dc52cca
Sigh, PHP. You allow for an array to have string "1" as a key (e.g. when
casting from object to array), but then you do everything wrong when
trying to deal with it.
Bug: T123663
Change-Id: I49f09901a69aab39ca1519bbe9e41267bf9a1216
Bot passwords are something like OAuth-lite, or Google's application
passwords: the bot can use API action=login to log in with the special
username and password, and will then be allowed to use the API with a
restricted set of rights.
This is intended to provide an easy migration path for legacy bots and
for bots on wikis without OAuth, since AuthManager is going to greatly
complicate non-interactive authentication. If OAuth is available, an
owner-only consumer would be a better choice.
Bug: T121113
Change-Id: Iaa4015e00edbfbfaedcc8b2d27a2d3fd25009159
Depends-On: I7e15331efb162275c4116bcae61f19d6b884cbe3
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
* This does the same thing ApiOptions does to avoid these errors.
A new getInstanceForUpdate() method is now in the User class to
simplify this pattern.
* Avoid overriding $user in ApiOptions for code readability.
* Fixed IDEA errors around Preferences::getFormObject() return type.
Bug: T95839
Change-Id: If2385b7486c043bd70d7031ff35e37dfb079a4d2
Some tests fails on wikis with $wgLanguageCode not = 'en', fix this by
setting the correct language context.
Change-Id: Ia72017df59d8beb5c508832584b2431ffab0f77f
If we really need this we can do it in MediaWikiTestCase, next
to the setting of wgMainCacheType. But from what I can see the
code being tested here already doesn't use the old $wgMemc.
Change-Id: I9e4b2109b2f3c18d8d5551bbadae5711c1d4c0a6
* ApiQueryTest: One random is enough.
* FileBackendTest: More consistent and idiomatic via wfRandomString()
* MigrateFileRepoLayoutTest: Use getNewTempDirectory(). Similar to
what FileBackendTest used already.
* UploadFromUrlTestSuite: Use getNewTempDirectory().
Change-Id: I772de2134be41506d8ed08367be8c18f354bfc72
AuthManager is coming, which will make it easier to add alternative
methods of authentication. But in order to do that, we need to finally
get around to ripping the password-related bits out of the User class.
The password expiration handling isn't used anywhere in core or
extensions in Gerrit beyond testing for expired passwords on login and
resetting the expiry date on password change. Those bits have been
inlined and the functions removed; AuthManager will allow each
"authentication provider" to handle its own password expiration.
The methods for fetching passwords, including the fact that mPassword
and other fields are public, has also been removed. This is already
broken in combination with basically any extension that messes with
authentication, and the major use outside of that was in creating
system users like MassMessage's "MediaWiki message delivery" user.
Password setting methods are silently deprecated, since most of the
replacements won't be available until AuthManager. But uses in unit
testing can be replaced with TestUser::setPasswordForUser() immediately.
User::randomPassword() and User::getPasswordFactory() don't really
belong in User either. For the former a new PasswordFactory method has
been created, while the latter should just be replaced by the two lines
to create a PasswordFactory via its constructor.
Bug: T47716
Change-Id: I2c736ad72d946fa9b859e6cd335fa58aececc0d5
This allows generator implementations to define how generator data
about a redirect gets merged into the redirect destination. This
does not change any defaults, only modules that explicitly set a
merge policy will have a change in their results.
This functionality is initially used for the search api modules to
retain search positions within the final result set.
Bug: T92796
Change-Id: If2f49e0fc3176288c95e870240754ee320a6bf91
Changed some old bugzilla links to new phabricator links in comments,
test data and error message. This reduces the need for redirects from
old bugzilla to new phabricator from our source code.
Change-Id: Id98278e26ce31656295a23f3cadb536859c4caa5
It was kept around in the ApiResult rewrite because Wikibase was
(mis)using it as an "XML mode" flag.
Bug: T96596
Change-Id: Ic8259649c8cb0cce0444c907607c36d96fb2eb7e
Specifically, GET requests can now return ETag and Last-Modified
headers, and If-None-Match and If-Modified-Since headers on such GET
requests will be honored. This doesn't change any API modules to
actually return these values, it just provides the infrastructure.
For reasoning on why only GET requests and why only these two of the
five precondition headers defined by RFC 7232, see the doc comment on
ApiMain::checkConditionalRequestHeaders().
Change-Id: Ia18874c9360fcffdad323b341ca867ba773788fd
Two bugs here:
* Setting NO_SIZE_CHECK also bypassed validation
* ApiResult::valueSize() didn't handle ApiSerializable, which is fixed
by defining that the value needs to be passed through
ApiResult::validateValue() first.
Bug: T111796
Change-Id: I7c00d8ee53364a26f8f63f82a4d83b92baf5383e
This allows for merging the KVP key into the value for the alternative
output format. Specifically,
{ "key": { "foo": "bar" } }
can now be turned into
[{ "name": "key", "foo": "bar" }]
instead of
[{ "name": "key", "value": { "foo": "bar" } }]
Change-Id: Ie1f9235893dbbcd2948c46e0356360b5635a3ddd
This allows them to be stored in the session, for example.
Note that properly serializing a Message requires that all its
parameters be serializable as well; we don't attempt to account for that
here.
Change-Id: I3a42a2a883e8eef900eeb02355fc3b064411f642
The new format is much easier to use correctly, and should therefore be
the default. The old format is maintained for clients that need the
additional flexibility.
Bug: T96858
Change-Id: I984e63581f4ef23ccada916b6d45131d1fb5e001
- Removed space after casts
- Removed spaces in array index
- Added spaces around string concat
- Added space after words: switch, foreach
- else if -> elseif
- Removed parentheses around require_once, because it is not a function
- Added newline at end of file
- Removed double spaces
- Added spaces around operations
- Removed repeated newlines
Bug: T102609
Change-Id: Ib860222b24f8ad8e9062cd4dc42ec88dc63fb49e
wfSuppressWarnings() and wfRestoreWarnings() were split out into a
separate library. All usages in core were replaced with the new
functions, and the wf* global functions are marked as deprecated.
Additionally, some uses of @ were replaced due to composer's autoloader
being loaded even earlier.
Ie1234f8c12693408de9b94bf6f84480a90bd4f8e adds the library to
mediawiki/vendor.
Bug: T100923
Change-Id: I5c35079a0a656180852be0ae6b1262d40f6534c4
RequestContext::getMain()->getUser() in a (faux) API request doesn't return the
user the (faux) API call is made with, but the user running the tests.
Bug: T101388
Change-Id: Icbbf14a6433edf5c91162a9d67899d6a2d5c33df
Adds the 'modules', 'jsconfigvars', and 'encodedjsconfigvars' props
to action=expandtemplates, that output the modules and Javascript
configuration variables added to ResourceLoader by extensions and
parser functions, in the same way action=parse does.
This is needed by Parsoid to correctly include all modules used by
parser functions.
Based on I5c3ccb25385e57633639bb0c7e6f562eb58b05a2 by @Jackmcbarn.
Bug: T69540
Change-Id: Iaf58c66c987a318c0dd1ee2b81774106c40e7561
I had thought no one would be silly enough to set invalid tag names for
ApiResult::setIndexedTagName(), since it's specifically *for* XML tag
names. Apparently I was wrong.
Bug: T97599
Change-Id: I62ad832b1d8c23a275e5c67160f0b1febe5f3454
Nothing in this patch should result in changed output for format=json or
format=php except as noted in RELEASE-NOTES-1.25, and changed output for
format=xml should be similar or cosmetic. However, other code accessing
the result data directly may need to be updated.
Bug: T87053
Bug: T12887
Change-Id: I3500708965cb8869b5aed1543381aad208dadd13
This adds supportsDirectApiEditing and
supportsDirectEditing methods to ContentHandler. Both
return false by default for the ContentHandler base
class, and true for TextContentHandler and it's
derivatives. (everything in core)
Extension content types that directly extend
AbstractContent / ContentHandler, often / generally don't
support direct editing. EntityContent in Wikibase
and Flow boards are the two such content types currently
in gerrit-hosted extensions.
The use and direct settings of the allowNonTextContent
member variable is replaced by enableApiEditOverride and
a setter for that. The only place allowNonTextContent is
used in all of Wikimedia-hosted git repos is core itself
(EditPage and ApiEditPage), so should be safe to make
this change.
With this change, Wikibase can remove its ApiCheckCanExecute
hook handler that disallows editing there, and MobileFrontend
could check if direct editing is allowed before enabling it's
editing features, instead of Wikibase having to add
MobileFrontend hook handlers to disable the features.
Bug: T96382
Change-Id: I276cd6ecedf38108f1f2be16b38e699e8c5d2d0c
ApiResult was a mess: some methods could only be used with an array
reference instead of manipulating the stored data, methods that had both
array-ref and internal-data versions had names that didn't at all
correspond, some methods that worked on an array reference were
annoyingly non-static, and then the whole mess with setIndexedTagName.
ApiFormatXml is also entirely annoying to deal with, as it liked to
throw exceptions if certain metadata wasn't provided that no other
formatter required. Its legacy also means we have this silly convention
of using empty-string rather than boolean true, annoying restrictions on
keys (leading to things that should be hashes being arrays of key-value
object instead), '*' used as a key all over the place, and so on.
So, changes here:
* ApiResult is no longer an ApiBase or a ContextSource.
* Wherever sensible, ApiResult provides a static method working on an
arrayref and a non-static method working on internal data.
* Metadata is now always added to ApiResult's internal data structure.
Formatters are responsible for stripping it if necessary. "raw mode"
is deprecated.
* New metadata to replace the '*' key, solve the array() => '[]' vs '{}'
question, and so on.
* New class for formatting warnings and errors using i18n messages, and
support for multiple errors and a more machine-readable format for
warnings. For the moment, though, the actual output will not be changing
yet (see T47843 for future plans).
* New formatversion parameter for format=json and format=php, to select
between BC mode and the modern output.
* In BC mode, booleans will be converted to empty-string presence style;
modules currently returning booleans will need to use
ApiResult::META_BC_BOOLS to preserve their current output.
Actual changes to the API modules' output (e.g. actually returning
booleans for the new formatversion) beyond the use of
ApiResult::setContentValue() are left for a future change.
Bug: T76728
Bug: T57371
Bug: T33629
Change-Id: I7b37295e8862b188d1f3b0cd07f66ac34629678f
These are available in phpunit since 3.5.0, which I think
is reasonable to expect people to have at this point,
especially when we actually require 3.7.0 or higher in phpunit.php:
Use assertSame instead of assertArrayEquals in UIDGeneratorTest.
assertSame (and assertEqual) care about sortorder of the array,
and is perfectly sufficient in this case to check they array is correct.
if ( $puVersion !== '@package_version@' && version_compare( $puVersion, '3.7.0', '<' ) ) {
die( "PHPUnit 3.7.0 or later required; you have {$puVersion}.\n" );
}
Change-Id: Ic32ab45110e4c4304ef046ae8d0e98c741255559
It's still slow though because ApiTestCase does expensive things in
setUp(), but nothing in these tests need database access anymore.
Change-Id: Iaf431cc62fe23154c42967e6391c533fe1c5346e
* Remove redundant @licence/@license from test suite files.
They already have full licence headers. And @licence raises a
warning in Doxygen.
* Fix weird messes of comments inside comments and other things.
Change-Id: I38da8ca76330f72b8dc22b0ecf1ea69d5ea55ede
ApiQueryTestBase::check() should pass all optional params
like session and user to the doApiRequest()
Change-Id: If1cb52b03faba06c97d330a91a23893fe08acf22
phpunit has removed that class in
f0322b6978
instead adding a dependency on "sebastian/comparator": "dev-master"
https://github.com/sebastianbergmann/comparator
The class name changed from PHPUnit_Framework_ComparisonFailure
to \SebastianBergmann\Comparator\ComparisonFailure\ComparisonFailure
Bug: T90880
Change-Id: I8988d0b07c00f54c8c8dd38a5e92a5736d88b163
* Use MediaWikiTestCase::getNewTempFile and getNewTempDirectory
instead of wfTempDir().
The upload api tests wrote a tempnam() file directly (where
wfTempDir() is typically shared with other systems and concurrent
runs). Use MediaWikiTestCase::getNewTempFile and
getNewTempDirectory instead.
This also ensures its removal by the teardown handler without
needing manual unlink() calls. And it doesn't rely on the test
passing. (Many unlink calls where at the bottom of tests,
which wouldn't be reached in case of failure).
* For the upload test, the presistent storing of
'Oberaargletscher_from_Oberaar.jpg' (downloaded from Commons)
was removed. Note that this didn't work for Jenkins builds anyway
as Jenkins builds set $wgTmpDirectory to a unique directory
in tmpfs associated with an individual build.
* For filebackend tests, moved directory creation from the dataProvider
to the main test.
Implemented addTmpFiles() to allow subclasses to register
additional files (created by other means) to be cleaned up also.
Removed unused $tmpName and $toPath parameters in data
provider for FileBackendTest::testStore. And fixed weird double
$op2 variable name to be called $op3.
* Skipped parserTest.inc, MockFileBackend.php, and
UploadFromUrlTestSuite.php as those don't use MediaWikiTestCase.
Change-Id: Ic7feb06ef0c1006eb99485470a1a59419f972545
Extensions using $wgAutoloadClasses where this test will fail
Follow-Up: If1125cd5fa4ed836fe15fc79480d78ebd899be4e
Change-Id: Ic2024605d7d59890c527cc0580a49da73f8516c8
I7b37295e is going to be changing around how ApiResult works,
which is going to need corresponding changes in the formatters. So it
would probably be a good idea to have a decent starting point to catch
any breakage. The non-backwards-compatible changes to ApiFormatTestBase
shouldn't be a concern, as no extensions in Gerrit reference this class
or any /ApiFormat.*Test/ class.
This also fixes two small bugs in ApiFormatWddx (null handling and
spacing for non-fm slow path) discovered during testing, and works
around some HHVM wddx extension bugs.
Bug: T85236
Change-Id: I9cdf896e7070ed51e42625d61609ad9ef91cd567
wddx_serialize_value() fails to escape the ampersand under HHVM. It has
been fixed upstream https://github.com/facebook/hhvm/issues/4283 but
has not been released yet.
When running under HHVM and detecting the ampersand is not escaped, skip
the test..
Bug: T75531
Change-Id: Ia58ec20b4daf78cd90da1bdf8af6cac86015c5d7
ApiLogin and ApiCreateAccount calling wfSetupSession, which leaks a
session over the test.
The test RequestContextText needs a clear session to work, so the api
tests should avoid leaking the session.
Doing this in the ApiTestCase because some tests calling ApiLogin over
FauxRequest and that also starts a session.
Change-Id: Icf5cb4d4a2c24c96698cac5bf32147c0c9149ef3
The @requires just works for other tests, not for php functions.
This fixed a failure for the hhvm test server:
1) ApiFormatWddxTest::testValidSyntax
Failed asserting that null is of type "array".
Change-Id: Iadd8238ce62d4803cdf56508886ad016f8ac8f1d
The default behavior for continuation for action=query will be changing.
Warn clients that they will need to update.
Change-Id: I52d048040e898a0c9630e2aed071b339ec12de42
This test creates 2 TestUser objects on setUp. Due to recent
changes in TestUser, this isn't even possible anymore if
MediaWikiTestCase hasn't setupTestDB() properly.
Change-Id: Idadfb94bd48270ad085cfece2bf17024ed9d97cd
Tokens returned from User::getEditToken will now include an encoded
timestamp (and therefore will be up to 16 bytes longer).
User::matchEditToken and User::matchEditTokenNoSuffix are gaining a
"maxage" parameter: when specified, only tokens with an encoded timestamp
within $maxage seconds will be accepted.
Change-Id: Ic4cf148cc1fa9d0561aac0bd2d68a09c7851896d
The syntax highlighting applied to the XML format is not all that great,
and applying it to other formats is just wrong. Instead of doing it
ourselves, let's just add a hook and let Extension:SyntaxHighlight_GeSHi
do it for us.
But for that to work, we have to add RL support to the pretty-printed
output, which means OutputPage. At the same time, lets internationalize
the header.
Bug: 65403
Change-Id: I04b1a3842abdf1fb360c54aa7164fc7cd2e50f4b
With the query-continue style of continuation, it's easy for the client
to know when a batch of pages from the generator is complete. The
simplified continuation should support this too, and without requiring
the client to parse the "continue" result property.
Change-Id: Ie407e2e27c017e8813143859cc58674553bc641b
The existing API help, formatted as basically a plain-text document
embedded in XML and with a little bolding and a few links
syntax-highlighted in after the fact, works ok for experienced programmers
but isn't at all newbie-friendly. Further, all the help is hard-coded in
English, which isn't very friendly to non-English speakers.
So let's rewrite it. The help text is now obtained from i18n messages
and output in HTML, with the default display consisting of help for a
single module with links to help for other modules. This, of course,
necessitates deprecating many of the existing help-related methods and
hooks and replacing them with new ones, but backwards compatibility is
maintained for almost everything.
At the same time, action=paraminfo also needs to support the
'description' and other help-related fields being output in wikitext or
HTML, and I11cb063d (to access all modules via the 'modules' parameter
instead of having 'modules', 'formatmodules', 'querymodules', and so on)
is folded in.
And we also add Special:ApiHelp. When directly accessed, it simply
redirects to api.php with appropriate parameters. But it's also
transcludable to allow up-to-date API help text to be included within
the on-wiki documentation.
Note this patch doesn't actually add i18n messages for any API modules
besides ApiMain and ApiHelp. That will come in a followup patch, but for
the moment the backwards-compatibility code handles them nicely.
While we're messing with the documentation, we may as well add the
"internal" flag requested in bug 62905 (although the 'includeinternal'
parameter it also requests doesn't make much sense anymore) and a
"deprecated" flag that's needed by several modules now.
Bug: 30936
Bug: 38126
Bug: 42343
Bug: 45641
Bug: 62905
Bug: 63211
Change-Id: Ib14c00df06d85c2f6364d83b2b10ce34c7f513cc
In cases where an extension has multiple API modules that
have the same exact factory requirements, it would let them
use the same factory function and check with the module manager
what the class name to construct should be. This is already possible
using getNamesWithClasses, but this makes it much more
straightforward.
Change-Id: I889e3e6f15907896a8df376913125d903debe984
MediaWiki default is "@return type Description", so set a type after
return and start the description with a capital letter. Also use the
more common spelling of boolean.
See http://phpdoc.org/docs/latest/references/phpdoc/tags/return.html for
more about @return
Change-Id: I4e5198822fe92836f9cef9918a9fc1a1a1e0a043
- Added newline at end of files
- Added/Removed spaces around comma, parentheses and negation
- Added space after function word
Change-Id: I2dd338153aeb5f07702ba015945e95c7d0ae673b
We're going to throw an exception right away here, but this is still
problematic because of PHPUnit:
"By default, PHPUnit converts PHP errors, warnings, and notices that
are triggered during the execution of a test to an exception."
http://phpunit.de/manual/4.2/en/writing-tests-for-phpunit.html#writing-tests-for-phpunit.errors
Also change the exception message to something saner.
Change-Id: I766c36076d34428035be78bbb3cf36cc572b565b
- Swap "$variable type" to "type $variable"
- Fixed spacing inside docs
- Makes beginning of @param/@var/@throws in capital
- Changed some types to match the more common spelling
Change-Id: Ia041964250d8b7c0349d79dc9b131c5b8696e795
This enables factory functions to be registered for API modules,
in addition to the module class itself. This allows modules to
use proper dependency injection via the modules constructor.
Example:
$wgAPIModules['foo'] = array(
'class' => 'ApiFoo',
'factory' => function( $main, $action ) { ... }
)
Change-Id: Ieb85493a7765f466317f5fa74b0b0e262220deab
This change enables the direct creation of empty pages without needing
to use a work-around (such as "{{subst:ns:0}}"). A warning is added as
the message "blankarticle" to request confirmation that the empty page
was meant to be blank. A automatic edit summary has been added when
creating a blank page. The message is: "autosumm-newblank."
The API has been updated to permit the creation of empty pages, when
"text" is null, but not non-existant.
Unit tests have also been added to test these features.
Bug: 57238
Bug: 65206
Change-Id: I3457c36a909d1dbfaeed04a1f0568c69e0ef3386
- Removed spaces after not operator (!)
- Removed spaces inside array index
- use tab as indent instead of spaces
- Add newline at end of file
- Removed spaces after casts
Change-Id: I9ba17c4385fcb43d38998d45f89cf42952bc791b
