NOTE: This also changes the semantics of MediaWikiServices::resetGlobalInstance
to only reset services instances, not service wiring. The wiring will be copied
from the old global MediaWikiServices instance to the new one.
Bug: T132707
Change-Id: Ie2ca3ff99aa74fffa9eb6c8faccab857dc0874f7
Changes here are:
* action=login is deprecated for use other than bot passwords
* list=users will indicate if a missing user name is creatable.
* Added action=query&meta=authmanagerinfo
* Added action=clientlogin is to be used to log into the main account
* action=createaccount is changed in a non-BC manner
* Added action=linkaccount
* Added action=unlinkaccount
* Added action=changeauthenticationdata
* Added action=removeauthenticationdata
* Added action=resetpassword
Bug: T110276
Bug: T110747
Bug: T110751
Bug: T32788
Bug: T67857
Bug: T28597
Bug: T76103
Change-Id: I244fa9b1e0623247d6d9fa30990411c6df94a496
This implements the AuthManager class and its needed interfaces and
subclasses, and integrates them into the backend portion of MediaWiki.
Integration with frontend portions of MediaWiki (e.g. ApiLogin,
Special:Login) is left for a followup.
Bug: T91699
Bug: T71589
Bug: T111299
Co-Authored-By: Gergő Tisza <gtisza@wikimedia.org>
Change-Id: If89d24838e326fe25fe867d02181eebcfbb0e196
(This is part of I6ec374ac9 wich was a re-submit of Ie98bf5af5
which got reverted by Ide7ab563)
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* integration tests (which most of the existing phpunit tests are)
In contrast to I6ec374ac9, this change does not cause singeltons
of legacy services to be reset. It is assumed that legacy services
use global state to access services and configuration, so any
change in confuguration would affect them immediately.
NOTE: the original I6ec374ac9 would cause session information to
get lost if the user session was creatsed before initialization
was complete. This was apparently triggered by the MobileFrontend
extension under some circumstances. Check with Addshore and Catrope.
Change-Id: Ie06782ffb96e675c0aa55dc26fb8f22037e8517d
This makes the channels more explicit and defined in a less
ad-hoc way. Systems like Kafka would prefer explicit channel
definitions anyway, so the channel prefix just obscures things.
Change-Id: I5631eb1b1382083396a0f08904d9273cc92601e8
Instead of setting $wgHiddenPrefs in Setup.php when $wgEnotifMinorEdits
is false, it is better to check the config in Preferences.php.
This makes it easier to found the config, why the preference is not
shown.
$wgHiddenPrefs should not be used in core itself
Change-Id: I7e1afd65c8924f18fdfa6cb5c9a47481b036b74f
Remove "\\" in namespacing. This is a Doxygen compatibility hack but
does not seem needed anymore, Doxygen reads namespaced class names
correctly, see e.g. https://doc.wikimedia.org/mediawiki-core/master/php/classMediaWiki_1_1Services_1_1ServiceContainer.html
PHP IDEs, on the other hand, were broken by the double backslash.
As an unrelated small doc fix, add parameter docs to PermissionError
constructor (parent has different arguments so the inherited
documentation is wrong).
Change-Id: I6da0f512b8c84f65fd20e90e4617108fe6a8fcd2
$wgAllowMicroDataAttributes and $wgAllowRdfaAttributes have been
introduced in MediaWiki 1.16 and required at this moment $wgHTML5
to be true. This last setting has been removed in MediaWiki 1.22.
To simplify the code maintenance and the configuration complexity,
those settings are removed and the features are always available.
RDFa users must now explicitly set $wgHtml5Version to a RDFa
version. Currently the correct values are:
- HTML+RDFa 1.0
- XHTML+RDFa 1.0
Bug: T130040
Change-Id: I17a7bff2cad170e381eabf0aec4e26e4fd0cddc3
This change mirrors logic that has been in use on the Wikimedia
Foundation production cluster's Varnish cache system for over 2 years to
guard against accidentally caching backend responses which include
Set-Cookie headers.
Bug: T127993
Change-Id: Ic79cf6c959dd870d6458874a9bffe9e25aba4919
Stop using a TLD in the EmailNotification class that can now
potentially become a valid domainname.
Bug: T97711
Change-Id: If69d5f32b97320986b14260c851d4aca0d28aa69
When an entry point specifies MW_NO_SESSION, actually enforce that by
having both SessionManager and PHP's session handling (session_start()
and friends) throw exceptions.
If an entry point needs the old behavior of using PHP's default session
handling (as defined in php.ini), it should define
MW_NO_SESSION_HANDLER instead of or in addition to MW_NO_SESSION.
This also makes PHPSessionHandler be installed in CLI mode, where it
wasn't installed before.
Bug: T127233
Change-Id: I2a3db06ee8e44a044096c57a819b5fd5e51c5c5c
As an attempt to detect SessionManager errors that log people into
the wrong account, log multiple IPs using the same session, or the same
user account.
Bug: T125455
Change-Id: I27468a3f6d582d9b46984227b9307dc71190fd6a
Follow up to 7491b52. The 'private, must-revalidate' argument to
session_cache_limiter() does not match any expected values for the
function. This results in the PHP runtime treating it like the
documented empty string argument which completely disables the automatic
addition of cache related headers. Change the implementation to use the
empty string argument explicitly rather than continuing to rely on
the undocumented and potentially confusing existing behavior.
session_cache_limiter( '' ) is called unconditionally in
MediaWiki\Session\PHPSessionHandler::install(). This is safe now that it
is understood that we are disabling the setting of the automatic
headers.
Bug: T124510
Change-Id: I63164f8b7a408e370ff01dead42be27a0135dd35
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
Always treat this as on and simplify the code.
This will also make it easier to move updateWatchlistTimestamp() into
the EnotifNotifyJob class to avoid query timeouts.
Change-Id: I8ceaa42cdcfe3ad00a26368be6a73052be329045
Call `session_cache_limiter( 'private, must-revalidate' );` before
starting a session to specify the cache control headers that PHP will
automatically emit. The calls are wrapped in MediaWiki\quietCall to
suppress "headers have already been sent" warnings that may come from PHP.
If not called explicitly PHP will default to using
the value of the session.cache_limiter ini setting. Some values of that
setting will cause PHP to add a "Pragma: no-cache" header to the
response. Certain user agents (e.g. Firefox) treat that particular
header as a signal to aggressively flush the response from local cache
to the point that back button navigation will not work.
The value used was present in `wfSetupSession` prior to a73c5b7.
Bug: T124510
Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd
It's not guaranteed that loadSessionFromStore() will succeed after
whatever alterations the SessionProvider might have made later in the
request.
So instead, let's make a new global object that stores the SessionId
of the persistent session that was loaded during Setup.php, if any. Then
we can check that when we need to know whether the session was
persisted.
Bug: T124468
Change-Id: I1e8e616c83b16aadd86b0a0a40826d40f6e8abe4
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
Follow-up to a4a3d04540.
Unlikely to be a security problem, as $2 generally has to
appear somewhere before $1 in this config option.
Bug: T48998
Change-Id: I08788713d9bd7c4c8d81479c18b5a404997a778d
Instead of relying on the global $wgRequest, which probably isn't initialized
so far, create the request object when RequestContext::getRequest() is called
the first time.
Change-Id: I6115ba44e474619d02d456a103758fe73ed298e0
Previously, logged-out users either only saw "Create account" and "Log in"
links in the personal area, or if $wgShowIPinHeader was true, they saw
[icon] 127.0.0.1 Talk for this IP address Create account Log in
where the IP address itself linked to the IP user page.
Now, logged-out users by default see the following:
[icon] Not logged in Talk Contributions Create account Log in
The old $wgShowIPinHeader feature is removed. It is very unfriendly to
show the user's IP address (in red, no less) at the top of every page,
since this will mean nothing to most visitors. Caching means that this
can't even be done reliably, anyway.
Another improvement is that the "talk" and "contributions" links are not
shown if anonymous users don't have the 'edit' right.
Modelled after the loggedOutTalkPage() function at Dutch Wikipedia
<https://nl.wikipedia.org/w/index.php?oldid=44706954>
Bug: T112724
Change-Id: I6f44e3e5d97ea917e4a03af47f3795792e4ca122
Remove the backwards compatibility shims for $wgRateLimitLog which was
deprecated in 1.23 (I86131c4).
Change-Id: I771bbaff43b44d011bff81ddda4f35166ea5f77e
When relative URL used in $wgArticlePath, and $wgArticlePath does not
start with slash (/), raise FatalError.
Bug: T48998
Change-Id: Ic7cd6f774cff97081f4f35af351161170b4b26eb
In HHVM, the settings 'upload_max_filesize' and 'post_max_size' are
not available via ini_get() due to some long-standing bug
(https://github.com/facebook/hhvm/issues/4993). Instead, one can use
'hhvm.server.upload.upload_max_file_size' and 'hhvm.server.max_post_size'
(in a typical PHP fashion, their names are subtly different than the
originals as to increase the potential for confusion).
Added a new method UploadBase::getMaxPhpUploadSize() to handle this.
Additionally:
* 'post_max_size' can be set to 0, which is equivalent to no limit.
Handle this correctly.
* $wgMaxUploadSize can be an array structure, instead of just a number.
Handle this correctly by using UploadBase::getMaxUploadSize().
* When no maximum is set, use PHP_INT_MAX rather than 1e100. It should
be big enough, and the latter is a float, results in 0 when cast to
int, and doesn't look as pretty when formatted in GB in the interface.
Bug: T116347
Change-Id: Idf707253eeae1b90792a7e26d2ab66d1317e67ae
The configuration, tested on wiki.wikimedia.it, generally improves
performance for all parties involved.
Bug: T114098
Change-Id: I76a34e8782908a28523531b2a928ea4ef7710b19
This fixes a few shortcomings in the chunked uploader:
* Raises an error if offset + chunksize > filesize.
* Enforces a minimum chunk size for non-final chunks.
* Refuses additional chunks after seeing a final chunk.
* Status of a chunked upload in progress is now available with
'checkstatus'.
Bug: T91203
Bug: T91205
Change-Id: I2262db1bc8460616b069c564475d2e4148001768
* The '.php5' entrypoints were deprecated in I68b1ae842, $wgScriptExtension
in I3690f78bc.
* Drop the associated ResourceLoader configuration variable, too. `mwgrep`
shows no usage in the MediaWiki namespace.
* Keep the scriptExtension configuration parameter for FileRepo for people who
would like to interoperate with older MediaWiki installations that still use
'.php5'.
Change-Id: I17c8a15484b7e82cd5970d34e688109a2aae3840
