Per @Thiemo and @Anomie's comments on the patch, droppping dependency
of the test value to not be a global, using "dummy" in this case.
Bug: T210512
Change-Id: I26aff5fe4782837a8f52a102ae1bdbac49b748bc
blocked' option on partial blocks.
Partial blocks currently ignore this option as it gets into an edge case. The
option should take precidence if it is true, but should be ignored if it is
false. On sitewide blocks, the option should always be honored.
Bug: T210475
Change-Id: I33177b48a5c261ec3f510ce01998c1b096077b85
The fix applied in d67121f6d took care of the immediate issue in
T208398, but after further analysis it was not a correct fix.
* Near line 770, the method shouldn't even be called unless the target
is TYPE_USER.
* Near line 1598, it isn't dealing with a target at all.
* Near line 1813, you're not going to get a sensible result trying to
call `$user->getTalkPage()` for a range or auto-block ID. What you
would really need there to handle range and auto-blocks correctly is
to pass in the User actually making the edit.
But after some pushback in code review about passing the User into
Block::preventsEdit() to make line 1813 work, we'll instead replace the
method with Block::appliesToTitle() and put the check for user talk
pages back into User::isBlockedFrom().
Bug: T208398
Bug: T208472
Change-Id: I23d3a3a1925e97f0cabe328c1cc74e978cb4d24a
This should reduce excess contention and lock timeouts.
Previously, it used a pre-commit hook which ran just before the
end of the DB transaction round.
Also removed unused User::incEditCountImmediate() method.
Bug: T202715
Depends-on: I6d239a5ea286afb10d9e317b2ee1436de60f7e4f
Depends-on: I0ad3d17107efc7b0e59f1dd54d5733cd1572a2b7
Change-Id: I0d6d7ddd91bbb21995142808248d162e05696d47
When this was originally written, the plan was to read both the old and
new fields during the transition period, while stopping writes to them
midway through. It turns out that the WHERE conditions to do read-both
correctly are generally not handled well by the database and working
around that would require a lot of complicated code (see what's being
removed from ApiQueryUserContribs here, for example).
We can simplify things greatly by instead having it write both fields
during the transition period, reading from the old for the first part
and the new for the second part, as is being done for MCR.
Bug: T204669
Change-Id: I4764c1c7883dc1003cb12729455c8107319f70b1
Depends-On: I845f6ae462f2539ebd35cbb5f2ca8b5714e2c1fb
Depends-On: I88b31b977543fdbdf69f8c1158e77e448df94e11
Coverage is 100% except for one session-related bit that seems a bit
involved to test right now. It looks like it will be easier once
SessionManager becomes a service.
I removed the third parameter from the return value of
canonicalizeLoginData, since af37a4c7 made it always return true.
I also removed three lines of dead code from ApiLogin.php.
Change-Id: Ia0073eddd27c82827518e0031e3c313f83cfd7cc
This method encourages directly editing configuration variables. It's a
better idea to use setMwGlobals() (or other set wrappers) so that we can
be intelligent in the future, for instance resetting services after the
config change. Plus, a lot of the callers come out cleaner this way
anyway.
Depends-On: I8a1e81acc5c42a8d7f30938a72cface0acea4a70
Depends-On: I4105dbcf9c5399fe7239478c460ec57c015a98d4
Depends-On: I1b220996acf2f66cf7b0f092b341584663df32f9
Depends-On: Ie2d1ea65c0cb334bbde1666d00781474b7ac4dab
Change-Id: I23d77398e401f4986b1d5bd1c9e11a8a40da16f8
Instead of having basically every caller do:
$pf = new PasswordFactory();
$pf->init( RequestContext::getMain()->getConfig() );
Just create a single PasswordFactory via MediaWikiServices and pass that
around. Things that want to use their own config can still pass settings
via the new constructor.
This will eventually let us remove the init() function, removing the
only hard dependency upon MediaWiki, to make it easier to librarize
(T89742).
Change-Id: I0fc7520dc023b11a7fa66083eff7b88ebfe49c7b
So we can make the job voting, preventing other tests from regressing.
These tests can be re-enabled whenever they're made to pass.
Bug: T195807
Change-Id: I58261dd70eea3581803987a4a7739c7d55558f42
Structure tests run for extensions as well, which this test should. All
user rights should have right-* messages for display in the interface.
Bug: T143156
Change-Id: I23b8eb66bc68121b2ae17e73e705acd3e6f2d053
This introduces PageUpdater to replace WikiPage::doEditContent,
and DerivedPageDataUpdater, to replace WikiPage::doEditUpdates
and WikiPage::prepareContentForEdit.
See docs/pageupdater.txt for a description of their
functionality.
MCR migration notes:
* The interface of PageUpdater is expected to
remain mostly stable after this patch. Code that has been using
WikiPage::doEditContent can be confidently migrated to using the
new mechanism for revision creation.
* This patch keeps the code inside PageUpdater largely aligned
with the old code in WikiPage, to make review easier to to avoid
mistakes. It is intended to be refactored further, moving
application logic into stateless services.
* DerivedPageDataUpdate is intended as a stepping stone for further
refactoring. Its behavior is designed to be compatible with
callback code that currently relies on
WikiPage::prepareContentForEdit. Much of the code that currently
lives in DerivedPageDataUpdate should be factored out into
services, all behavior relevant to calling code should be exposed
via narrow interfaces.
Bug: T174038
Bug: T196653
Change-Id: If610c68f4912e89af616cdcac1d35a1be3946afa
A cookie will be set when ip users try to edit and their IP has been
blocked or if they try to create an account and the block prevents
account creation
This feature is disabled by default and can be enabled by
setting the new $wgCookieSetOnIpBlock config variable to true.
Note: this is meant to discourage vandals that try to avoid blocks by
switching their ip address while editing anonymously.
Bug: T152462
Change-Id: I0b78a5e174bcd882edea39e868a08f9a347f5aba
If a block is deleted and ->clearInstanceCache() is called to try to
make an existing User object reflect that fact, some methods are still
reflecting the old block.
To fix this, User::getBlockedStatus() needs to clear all the relevant
instance variables if the user is found not to be blocked.
Change-Id: I6ad8d5555a4c8519336aded3067e5034831dadf3
Storing the user name or IP in every row in large tables like revision
and logging takes up space and makes operations on these tables slower.
This patch begins the process of moving those into one "actor" table
which other tables can reference with a single integer field.
A subsequent patch will remove the old columns.
Bug: T167246
Depends-On: I9293fd6e0f958d87e52965de925046f1bb8f8a50
Change-Id: I8d825eb02c69cc66d90bd41325133fd3f99f0226
This makes things centralized to reduce maintenance cost and also
enables me to use this methods in Wikibase to handle RC injection
Bug: T185034
Change-Id: Ic8c602e316144ccb5b05c69a0cc607cd53e38912
These tests apply to things that are not relevant to PHP code coverage,
such as testing presence of messages, JSON files, or the PHPUnit tests
themselves.
Using @coversNothing indicates that there is no code here to be covered,
and prevents warnings when using --strict-coverage mode (T152923).
Change-Id: Id89ee2c15a3ce3f10e34b13fb677cd1af75af9e6
Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser
as it will assume an IP address for the user which is not specified in
UserTest. This will keep the unit tests focused on unit testing, as
opposed to integration.
Bug:T176103
Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
testExecute_email() should unregister the hooks
mailPasswordInternal and SpecialPasswordResetOnSubmit
for proper unit testing.
Bug: T176102
Change-Id: Id7403f57cc9d751ada85b611193c1d8f3503e713
This works by using the new table introduced with T156318.
The only thing that differs from normal Special:Contribs is we are
showing the IP address next to each entry. This is it how it is
displayed if you request to see newbie contributions:
https://en.wikipedia.org/wiki/Special:Contributions?contribs=newbie
For the time being, Special:DeletedContributions does not support
IP ranges. Various other irrelevant links such as Uploads and Logs
are also hidden.
Refer to P4725 for a way to automate creation of edits by random
IPs in your dev environment.
IP::isValidBlock() has been deprecated with this dependent change:
https://gerrit.wikimedia.org/r/#/c/373165/
Bug: T163562
Change-Id: Ice1bdae3d16cf365da14c6df0e8d91d2b914e064
This avoids postgres failures when trying to insert users with name
"false" (cast to 0, which fails since integer != text type).
Bug: T75174
Change-Id: I809edd94117811d22492eaba440fad6aaea1195b
Instead of using array_* functions, use the IPSet for checking, if a
specific IP address matches a set of addresses.
This also deprecates a backward-compatibility functionality, that
the wgProxyList array could also be an associative array, where the blocked
IP address is set as a key of the array insted of a value. All IP address
keys will be mved to values on-the-fly, however a deprecation warning will
be emitted. A notice in the Release notes was added, too.
Bug: T161580
Change-Id: I69d9534942c415ab044177969ecd54160079b593
Replaces \TestingAccessWrapper (defined in core) with
\Wikimedia\TestingAccessWrapper (defined in the composer package
wikimedia/testing-access-wrapper).
See https://gerrit.wikimedia.org/r/#/q/topic:librarize-testing-access-wrapper
for downstream patches.
The core version of the class is kept around for a while to avoid
circular dependency problems.
Bug: T163434
Change-Id: I52cc257e593da3d6c3b01a909e554a950225aec8
The default will remain PHPUnit 4.x due to PHP 5.5 support.
But, we should allow developers to run tests with newer PHPUnit
versions which are noticably faster (especially for code coverage
reports).
* <https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement-for-PHPUnit-5.4.0>
PHPUnit 5 deprecates the getMock() shortcut for getMockBuilder()->getMock().
It instead introduces the shortcut createMock() which has better defaults
than getMockBuilder(). For example, it sets 'disableArgumentCloning' and
other things by default.
Going forward, code should either use getMockBuilder directly and configure
it using the setter methods (instead of the confusing variadic arguments
of getMock) or simply use the new minimalistic createMock method. This patch
backports the createMock method to MediaWikiTestCase so that we can start
using it.
Change-Id: I091c0289b21d2b1c876adba89529dc3e72b99af2
Let there be highlight! and there were highlights
And RCFilters separated the highlight from the darkness
And it defined highlights as five colors
The lights are called yellow and green, and the darks red and blue
And there were colors and there were circles; one highlight.
This is the commit that adds highlight support for filters both in the backend
and the UI. The backend tags results based on which filter they fit and the
front end paints those results according to the color chosen by the user.
Highlights can be toggled off and on.
Also added circle indicators to the capsule items and each line of results
to indicate whether the line has more than one color affecting it.
Bug: T149467
Bug: T156164
Change-Id: I341c3f7c224271a18d455b9e5f5457ec43de802d
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
Change-Id: I46261416f7603558dceb76ebe695a5cac274e417
This change adds a HMAC to the block-cookie to prevent someone
spoofing a cookie and so discovering revdeleted users' names.
The HMAC is only added if $wgSecretKey is set; if it isn't, the
existing plain-ID format is used. A note about this has been
added to DefaultSettings.php.
Tests are updated and new tests added to demonstrate an
inauthentic HMAC, and for when $wgSecretKey is not definied.
Bug: T152951
Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
This patch adds an ug_expiry column to the user_groups table, a timestamp
giving a date when the user group expires. A new UserGroupMembership class,
based on the Block class, manages entries in this table.
When the expiry date passes, the row in user_groups is ignored, and will
eventually be purged from the DB when UserGroupMembership::insert is next
called. Old, expired user group memberships are not kept; instead, the log
entries are available to find the history of these memberships, similar
to the way it has always worked for blocks and protections.
Anyone getting user group info through the User object will get correct
information. However, code that reads the user_groups table directly will
now need to skip over rows with ug_expiry < wfTimestampNow(). See
UsersPager for an example of how to do this.
NULL is used to represent infinite (no) expiry, rather than a string
'infinity' or similar (except in the API). This allows existing user group
assignments and log entries, which are all infinite in duration, to be
treated the same as new, infinite-length memberships, without special
casing everything.
The whole thing is behind the temporary feature flag
$wgDisableUserGroupExpiry, in accordance with the WMF schema change policy.
The opportunity has been taken to refactor some static user-group-related
functions out of User into UserGroupMembership, and also to add a primary
key (ug_user, ug_group) to the user_groups table.
There are a few breaking changes:
- UserRightsProxy-like objects are now required to have a
getGroupMemberships() function.
- $user->mGroups (on a User object) is no longer present.
- Some protected functions in UsersPager are altered or removed.
- The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted
extension) has a change of parameter.
Bug: T12493
Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa
Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8
Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
In https://gerrit.wikimedia.org/r/80061/, Chad was convinced this
preference is barely used and mostly set to weird values by people
who don't understand what they're doing.
He made some quick stats: http://p.defau.lt/?fgGU0StB4J9l0LC5GZq8AA
Used defaults of 80 columns and 25 rows in places that still
were asking for it. The old default values are left in
$wgDefaultUserOptions for now, since various extensions are
using them.
The 'rows' and 'columns' messages don't appear to be in use in
any extensions in Git, so I killed those as well.
(This is the same as I642188c74d929a586b1882a1cf8656056c4fcf5a.)
Bug: T26430
Change-Id: I6c9802bc4f9cf32fb75c3dd7b9e2dc18f271eedf
This variable allows for blocking anonymous contributions from certain
IP addresses. Account creation from these addresses will be allowed.
The idea here is that, for example, Wikimedia could add 10.0.0.0/8 to
prevent logged-out bots on labs from making confusing edits. See
I74f5f4a3.
The default for the new variable is empty to avoid causing issues on
upgrade for wikis on private networks.
Change-Id: I6c11a6b9e1a740de074e7ccd753418f94c4b6288
Rather than use wgCookieExpiration as the basis for the maximum
life of a block cookie, just use 1 day.
Tests have been updated also.
Bug: T153347
Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
This changes a test of expiry dates to be a 10-second range,
to account for slow testing. For example, a test may start and
set the block's expiry in one second, but by the time it is
reading the value from that block's cookie it can sometimes be
the next second. Making it 10 seconds just gives it more room
for being slow.
Bug: T153527
Change-Id: I5efde7785134a75487d31ef3d8b7b14f53b7f5d0
