- Removed space after cast
- Removed spaces in array index
- Removed double spaces
- Added spaces around string concat
- Fixed mixed tabs and spaces at begin of line
Change-Id: I38e849723f055d2d4c05cba72f5c245a28e8d5da
* Add the $wgExtendedLoginCookies configuration variable, which defines
the set of login cookies that can have their lifetime configured
independently
* Add the $wgExtendedLoginCookieExpiration configuration variable, which
dictates when the extended lifetime login cookies expire
* Default $wgExtendedLoginCookieExpiration to null so that the current
behaviour is unaffected
Bug: T68699
Change-Id: I0cc24524e4d7d9d1d21c9fa8a28c7c76b677b96c
Make password policies defined in a configurable policy, which is
defined by group. A user's password policy will be the maximum of
each group policy that the user belongs to.
Bug: T94774
Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
* This should avoid duplicate logging events on races or when
the cache fails to update.
* Also added getDBTouched() method to get user_touched itself.
Bug: T48834
Change-Id: Ib2cd0a2c72629fa4e13dcff4d2d6fbac8e690b32
Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.
Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.
Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
* assertEquals takes expected, prior to actual
https://phpunit.de/manual/3.7/en/writing-tests-for-phpunit.html#writing-tests-for-phpunit.assertions.assertEquals
* ' trailing space ' test was failing with wgCapitalLinks false. Since the test is not about that,
I changed it to ' Trailing space '. The alternative would be to force wgCapitalLinks to true
with setMwGlobals or skip the test if it's true.
Change-Id: I677273045bdabb6248ffe2c2f003a3673b3fa51c
Seems stupid omission. Title has one. Why do I need to think how
to determine how to users objects point to the same user. Allows
more expressive code.
Also fixes a bug in multiple places where users "0" and "00" were
considered equal.
Change-Id: I682392e564b332b77ab489f2ad394fa2d28098a5
Although 'added' to the database, the user name was cleared
in User::loadDefaults() and not added correctly to the database.
Then if one has BetaFeatures extension, then the test fails.
Via a hook, BetaFeatures does "User::newFromName( $user->getName() );",
that produces a null object as name is '127.0.0.1' and then
$user->getOption() fails.
loadDefaults() is automatically called by addToDatabase() with correct
parameters, so we can just remove the call.
Bug: 68626
Change-Id: Ibb5c60192eb83b2608f72b59d7705854549a5dac
Follows-up b36d883.
By far most data providers are static (and PHPUnit expects them
to be static and calls them that way).
Most of these classes already had their data providers static
but additional commits sloppily introduced non-static ones.
* ResourceLoaderWikiModuleTest, 8968d8787f.
* TitleTest, 545f1d3a73.
Odd unused method 'dataTestIsValidMoveOperation' was introduced
in 550b878e63.
* GlobalVarConfigTest, a3e18c3670.
Change-Id: I5da99f7cd3da68c550ae507ffe1f725d31e7666f
Refactor the password checks to return a status object, so the function
can handle the entire error message, or return multiple error messages.
This patchset aims to keep the functionality identical. A followup
patchset can further improve the functionality. E.g., although
getPasswordValidity stated it could return an array of messages, it
never did so except from the hook, so most callers expect and handle a
single string.
Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a
Add functionality to expire users' passwords:
* Adds column to the user table to keep a password expiration
* Adds $wgPasswordExpirationDays, which will force users to reset
their passwords after a set number of days. By default, this set
to false, so passwords never expire.
* Adds a default grace period of 7 days, where if the user's password
is expired, they can still login, but are encouraged to reset their
password.
* Adds hook 'LoginPasswordResetMessage' to update reset message, in
case an extension wants to vary the message on a particular reset
event.
* Adds hook 'ResetPasswordExpiration' to allow extensions to change
the expiration date when the user resets their password. E.g., if
an extension wants to vary the expiration based on the user's group.
If the user is in the grace period, they get a password reset form
added to the login successful page. If an extension prevents showing
the login successful page (like CentralAuth), it should be updated to
show a password change form during the grace period. After the grace
period, the user will not be able to login without changing their
password.
Also prevents a successful reset if the user is "changing" their
password to their existing password.
No passwords will expire by default. Sites will have to call
User->expirePassword() from their own maintenance script to trigger a
password reset for a user.
Bug: 54997
Change-Id: I92a9fc63b409b182b1d7b48781d73fc7216f8061
The hooks are not actually being called multiple times,
since getDefaultOptions caches its return value
(except while unit testing).
However, this change caused a regression due to different
handling of saved values (e.g. false no longer saves
when the default is true).
This reverts commit ff355e87e2.
Bug: 60653
Change-Id: Ibbd34dde5ec5fafbdf6097337cc0fa94614f0b85
Since we only want to save non default user options, we have to strip
out any user option that match the default ones. We did that by calling
User::getDefaultOption( 'some option name' ); on each of the option.
Since the User mOptions property is a merge of the default option, we
end up doing a lot of unneeded processing. The loop roughly looks like:
User::getDefaultOption()
User::getDefaultOptions()
Language->getCode()
SearchEngine::searchableNamespaces()
language->getNamespaces()
wfRunHooks('SearcheableNamespaces')
wfRunHooks('UserGetDefaultOptions')
For EACH of the mOptions.
Instead this patch does an array_diff to strip out from mObjects any
default option. We still skip options whose value is false or null.
Test provided to make sure we only save what we want.
Change-Id: Ie98d3a17edab74401ed32f759ba11f723b56e376
These are needed for OAuth grants.
Note that we don't bother with a 'viewmyoptions' right, since the
majority will be determinable from just observing the interface.
Note that the fact of having a confirmed email address cannot be
reliably hidden, and if the user has 'sendemail' they may be able to
determine the real name and email address by sending an email to another
account that they control.
Change-Id: I3f03dd010020e8d43cc2d3bca7b3ef7196d1c548
Fix almost all occurences of the following sniffs:
Generic.CodeAnalysis.UselessOverridingMethod.Found
Generic.Formatting.NoSpaceAfterCast.SpaceFound
Generic.Functions.FunctionCallArgumentSpacing.SpaceBeforeComma
Generic.Functions.OpeningFunctionBraceKernighanRitchie.BraceOnNewLine
Generic.PHP.LowerCaseConstant.Found
PSR2.Classes.PropertyDeclaration.ScopeMissing
PSR2.Files.EndFileNewline.TooMany
PSR2.Methods.MethodDeclaration.StaticBeforeVisibility
Change-Id: I96aacef5bafe5a2bca659744fba1380999cfc37d
consistent with WikiPageTest and other places, perform the test
with the Help namespace as a workaround for now.
Change-Id: I2b766c17f35e0e79662b6302c122225a1a33e7be
The bug has actually already been fixed, so this
patch just removes extraneous function calls and code in
User::getOption() and User::setOption(). It also adds
unit tests for user options (including a test for the
case provided in the bug report).
Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
UserTest::testEditCount did eleven calls to doEdit which is slow when
used with the sqlite backend. I have made to do less edits and also
marked it as '@group medium' which means the timeout will be 10 seconds
instead of 2 seconds.
Change-Id: If2d055075470f837009568d56b1119a57b177ba3
Rather trivial test for User::getEditCount as suggested by
Siebrand in https://gerrit.wikimedia.org/r/26457
This required adding the User in the test to DB, as the data
is written to and read from the DB.
Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
This commit depends on the introduction of
MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4.
Various tests already set their globals, but forgot to restore
them afterwards, or forgot to call the parent setUp, tearDown...
Either way they won't have to anymore with setMwGlobals.
Consistent use of function characteristics:
* protected function setUp
* protected function tearDown
* public static function (provide..)
(Matching the function signature with PHPUnit/Framework/TestCase.php)
Replaces:
* public function (setUp|tearDown)\(
* protected function $1(
* \tfunction (setUp|tearDown)\(
* \tprotected function $1(
* \tfunction (data|provide)\(
* \tpublic static function $1\(
Also renamed a few "data#", "provider#" and "provides#" functions
to "provide#" for consistency. This also removes confusion where
the /media tests had a few private methods called dataFile(),
which were sometimes expected to be data providers.
Fixes:
TimestampTest often failed due to a previous test setting a
different language (it tests "1 hour ago" so need to make sure
it is set to English).
MWNamespaceTest became a lot cleaner now that it executes with
a known context. Though the now-redundant code that was removed
didn't work anyway because wgContentNamespaces isn't keyed by
namespace id, it had them was values...
FileBackendTest:
* Fixed: "PHP Fatal: Using $this when not in object context"
HttpTest
* Added comment about:
"PHP Fatal: Call to protected MWHttpRequest::__construct()"
(too much unrelated code to fix in this commit)
ExternalStoreTest
* Add an assertTrue as well, without it the test is useless
because regardless of whether wgExternalStores is true or false
it only uses it if it is an array.
Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
New test case, which checked, if for all available rights a right-
message exist (Core and Extensions)
Some missing rights added with extra patch sets (need merge/rebasing
before merge of this)
Change-Id: I28957835fb77a01a799439ad7b3d22b96db07204
This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller.
The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
There are many cases this method will fail for non-latin languages,
but not added now since there are bugs reported on that already and results
a rewrite of the method as per UAX 31 standard.
* User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces.
* Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan.
* Fix tests that set User::mRights
The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
