Some tests using ReflectionProperty::setValue(), which is deprecated for
static values in php8.3
Bug: T352910
Change-Id: I702cbf3de9c448d0a4e41fd06adc59d4074137cc
Prepare phpunit tests for a world where $wgHooks behaves like other
config variables: on-the-fly manipulation doesn't have an effect,
service objects need to be reset after changing it.
Change-Id: I34385f4c52febfe1c91bd7ea4100c06d1331adc8
Calling ->onlyMethods( [] ) with an empty array does have an effect.
By default, all methods are mocked, which means the original code is
not called. Calling ->onlyMethods( [] ) turns this around. No methods
are mocked but all call the original code.
This is almost the same as ->enableProxyingToOriginalMethods(). The
difference is that ->enableProxyingToOriginalMethods() also requires
the original constructor to be called, but ->onlyMethods( [] ) does
not.
We can get rid of this confusing setup in tests that don't need it.
All tests in this patch that succeed with a simple ->createMock()
just demonstrated that they don't need it.
Change-Id: I341323a1ca793c039498f80b7f073c124b6b6ae0
Follows-up I361fde0de7f4406bce6ed075ed397effa5be3359.
Per T253461, not mass-changing source code, but the use of the native
error silencing operator (@) is especially useful in tests because:
1. It requires any/all statements to be explicitly marked. The
suppressWarnings/restoreWarnings sections encourage developers to
be "lazy" and thus encapsulate more than needed if there are multiple
ones near each other, which would ignore potentially important
warnings in a test case, which is generally exactly the time when
it is really useful to get warnings etc.
2. It avoids leaking state, for example in LBFactoryTest the
assertFalse call would throw a PHPUnit assertion error (not meant
to be caught by the local catch), and thus won't reach
AtEase::restoreWarnings. This then causes later code to end up
in a mismatching state and creates a confusing error_reporting
state.
See .phpcs.xml, where the at operator is allowed for all test code.
Change-Id: I68d1725d685e0a7586468bc9de6dc29ceea31b8a
Ended up using
grep -Prl '\->setMethods\(' . | xargs sed -r -i 's/setMethods\(/onlyMethods\(/g'
special-casing setMethods( null ) -> onlyMethods( [] )
and then manual fix of failing test (from PS2 onwards).
Bug: T278010
Change-Id: I012dca7ae774bb430c1c44d50991ba0b633353f1
This is very noisy (logs several times in the same request), but
I'm not sure much can be done about that. It is a flaw in
SessionManager, which does call SessionProvider::persist/unpersist
that many times, and relies on cookie deduplication in WebResponse.
But it should give some idea of when cookies are emitted, and does
not log on normal requests (where no cookies are emitted) so it
shouldn't overload the logging backend.
Bug: T264793
Change-Id: I93733d73af1dfcf539a94b17cf5e4de76cc59748
The name change happened some time ago, and I think its
about time to start using the name name!
(Done with a find and replace)
My personal motivation for doing this is that I have started
trying out vscode as an IDE for mediawiki development, and
right now it doesn't appear to handle php aliases very well
or at all.
Change-Id: I412235d91ae26e4c1c6a62e0dbb7e7cf3c5ed4a6
There is native support for all of this now in PHP, thanks to changes
and additions that have been made in later versions. There should be no
need any more to ever use call_user_func() or call_user_func_array().
Reviewing this should be fairly easy: Because this patch touches
exclusivly tests, but no production code, there is no such thing as
"insufficent test coverage". As long as CI goes green, this should be
fine.
Change-Id: Ib9690103687734bb5a85d3dab0e5642a07087bbc
The method has been simply renamed to expectExceptionMessageMatches()
and the old name, kept as alias, will be removed in PHPUnit 9
Bug: T243600
Change-Id: Ida95d92ba28faab012370a1ac62c7a09a91221aa
Otherwise, session tests don't work in PHP 7.2 because headers are
already sent: https://bugs.php.net/bug.php?id=75628
Bug: T206476
Change-Id: Ie88db4a61a56b756c6445d2579a2f30da22c3ee8
To improve readability of the code. Done using the NestedInlineIfsSniff
I wrote for MediaWiki-Codesniffer (T171520, I0ddf05d9).
Change-Id: I89ac6e9b5eab1f599fec3686b40a3e01d29d0250
Replaces \TestingAccessWrapper (defined in core) with
\Wikimedia\TestingAccessWrapper (defined in the composer package
wikimedia/testing-access-wrapper).
See https://gerrit.wikimedia.org/r/#/q/topic:librarize-testing-access-wrapper
for downstream patches.
The core version of the class is kept around for a while to avoid
circular dependency problems.
Bug: T163434
Change-Id: I52cc257e593da3d6c3b01a909e554a950225aec8
The test sleeps for nine seconds (3 invocations, 3 seconds per
invocation) which is difficult to sit through.
The test code sets the value of two PHP parameters, session.gc_divisor
and session.gc_probability, to 1. This may be to ensure that PHP will
invoke the session handler's gc() method when the call is made to
session_start() below. But the call to PHPSessionHandler::gc() is
immaterial, for two reasons:
- PHPSessionHandler::gc() evicts items by calling the
deleteObjectsExpiringBefore() on the BagOStuff instance it uses for
storage. The only BagOStuff implementation that actually uses that
method to evict items is SqlBagOStuff, which we're not using here,
and which would be an odd choice of a storage backend for sessions.
- PHP calls SessionHandler::gc() _after_ opening the new (or resumed)
session and loading its data, so even if deleteObjectsExpiringBefore()
actually did anything, it would not influence the result of the test.
Bug: T135576
Change-Id: I6e153ec8bfa5972ed45a0e6b7720832692b952fb
This fixes a bug where SessionBackend::resetId() of the PHP session will
fail to properly load $_SESSION because the new session ID hasn't been
saved to the store yet. It's also a reasonable performance improvement,
no need to call loadSessionInfoFromStore() when we already have the
session loaded.
Change-Id: I30f159ef1267442a6325aabbbdfaf69defc10ed6
* Use PSR-3 templates and context where applicable
* Add log coverage for exceptional events
Bug: T125452
Change-Id: I8f96fa1c5766c739a21219abcae2dbb76de53e2a
Ie161e0f was done in a hurry, and so didn't do things in the best ways.
This introduces a new "CachedBagOStuff" that transparently handles all
the logic that had been copy-pasted all over in Ie161e0f.
The differences between CachedBagOStuff and MultiWriteBagOStuff are:
* CachedBagOStuff supports only one "backend".
* There's a flag for writes to only go to the in-memory cache.
* The in-memory cache is always updated.
* Locks go to the backend cache (with MultiWriteBagOStuff, it would wind
up going to the HashBagOStuff used for the in-memory cache).
Change-Id: Iea494729bd2e8c6c5ab8facf4c241232e31e8215
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
This introduces an in-process cache (using a HashBagOStuff) for session
data, and only saves to the external cache when the session is
persisted.
Bug: T125267
Change-Id: Ie161e0f7522cd68515b060ad8cf8c151b7198b0b
It's easily possible for SessionManager::getSessionById() to not be
able to load the specified session and to not be able to create an empty
one by that ID, for example if the user's token changed. So change this
from an exceptional condition to an expected one, and adjust callers to
deal with it appropriately.
Let's also make the checks for invalid data structure when loading the
session from the store delete the bogus data entirely.
At the same time, let's change the silly "$noEmpty" parameter to
"$create" and make the default behavior be not to create an empty
session.
Bug: T124126
Change-Id: I085d2026d1b366b1af9fd0e8ca3d815fd8288030
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
