Soft-deprecated since 1.26 and hard-deprecated since at least
I9776d11d4e2d184 (1.39).
Not set in production.
Change-Id: I55e4569c5a40f77a719bc7ab1924eaa706e0da53
Some less trivial cases. Also update variable names.
This doesn't really change anything, but I hope it helps promote
getConnectionProvider() as the common way to do this.
Follow-up to 8604c384f6.
Change-Id: I6657d783375fac5c7fa856b884ff1fb09285e94c
Changes to the use statements done automatically via script
Addition of missing use statements and changes to docs done manually
Change-Id: Ib326ae1e5c8409a98398c721e8b8ce42c73bd012
There are a couple of user options related classes already,
and the T321527 work on dynamic defaults is going to add
even more. Let's move them into a separate namespace
to make core a bit more organized.
Old name is kept as an alias for compatibility purposes.
Bug: T321527
Bug: T352284
Change-Id: I9822eb1553870b876d0b8a927e4e86c27d83bd52
- Set only properties defined by the class
- Use the DynamicPropertyTestHelper
- Use the existing local variables with & in closures
Dynamic properties are deprecated in php8.2
Bug: T326478
Change-Id: I7312268ecfd7c66fec72cbb2fa3df72fd1f3044c
Remove the 'user' option from the documentation and defaults. It has
been ignored since a3b4881f6f (2021, 1.37).
Fix tests which pass unknown constructor options. I found these by
temporarily patching the constructor to throw when an unknown option is
given.
Change-Id: I95cb2a38a5688d83c90ad501786f6d6bb02765ba
* Migrate callers of DatabaseBlock methods newListFromTarget,
newFromID, newFromTarget, doAutoblock.
* Deprecate DatabaseBlock methods newFromID and getAutoblockExpiry.
These are the methods with no extension callers in code search.
Bug: T255433
Change-Id: If0358459f53d32e7fe984c2fb8b61e0088f28922
* Move to DatabaseBlockStore the DatabaseBlock methods newFromID,
getQueryInfo, getRangeCond, newFromRow, isExemptedFromAutoblocks,
doAutoblock, updateTimestamp, getAutoblockExpiry, newFromTarget,
newListFromTarget.
* Split DatabaseBlock::getBlocksForIPList. Now
BlockManager::getBlocksForIPList() is responsible for XFF header
validation and trusted proxy handling. DatabaseBlockStore::
newListFromIPs() just does the queries and constructs the Block
objects.
* In DatabaseBlockStore::newFromRow() and doAutoblock(), use the
DatabaseBlock constructor instead of calling many setter methods. Add
constructor options decodedExpiry, decodedTimestamp, id,
parentBlockId and restrictions to support this.
* Move isExemptedFromAutoblocks() to its own service. Remove the cache
since in my testing with production eval.php, the WAN cache fetch is
10 times slower than just using the message cache, contradicting the
comment written in 2008.
* Fix AuthManagerTest which was previously passing an unrecognised
"restrictions" option to DatabaseBlock. Now that the option actually
works, we have to use the right type.
Bug: T255433
Change-Id: I5049e60be1681f67fcca133e569e315792dc42dd
This takes us one step closer to deprecating Status,
so we can isolate StatusValue from presentation logic.
FormatterFactory is introduced as a mechanism for
getting instance of formatters that need access to the user interface
language and other request dependent information.
Usage is demonstrated in thumb.php, SpecialCreateAccount, and
SearchHandler. The examples indicates that there is no work do
be done around ErrorPageError and LocalizedHttpException.
Change-Id: I7fe5fee24cadf934e578c36856cc5d45fb9d0981
* In AuthManager::autoCreateUser(), check the permissions of the
performer instead of relying on the secondary providers. This means
that auto-creation will be denied when the anonymous user is globally
IP-blocked.
* Remove create account block check from
CheckBlocksSecondaryAuthenticationProvider. testUserForCreation() is
supposed to only do target name checks, but it's not actually
possible to block a non-existent local name. So we don't need this
code.
* Add a $performer parameter to autoCreateUser() so that
Special:CreateLocalAccount can have elevated permissions when it
creates an account with IP block exemption.
* When a performer is passed, don't use the session as a cache.
* Since we are passing autocreateaccount as the action to
PermissionManager instead of createaccount, some special cases need to
be tweaked. Previously AuthManager checked for either
autocreateaccount or createaccount rights. Now PermissionManager does
that when the action is autocreateaccount.
By removing redundant checks from testUserForCreation(), the number of
ipblocks queries during a normal Special:CreateAccount post request is
reduced from 8 to 6.
The CentralAuth change I7e7a7fc8bcd86285f857063a38de02b41b5175d0 should
be merged immediately after this one.
Bug: T234371
Bug: T345683
Change-Id: If2937c7d717d2adc249f608d4585122b02a43fff
PermissionManager has an extensive need for block information, and it
gets it from the global state with User::getBlock(). In the future it
should get block information from BlockManager.
However, this is complicated because BlockManager already depends on
PermissionManager, solely for ipblock-exempt rights. For now, have
BlockManager use the service container for this information.
To simplify review, the changes which use
PermissionManager::$blockManager will be in a subsequent commit.
Bug: T345683
Change-Id: I7a92eed142dcf2595cc3e2c5fa85a362c2a10d99
While we can wrap these in an additional `fn ()` we can also use
"lcfirst" directly. Function names encoded as strings are valid
callables in PHP.
Change-Id: I966046d5e357b409c57a9bff8a4a5737c1e22b03
To replace DatabaseLogEntry::getSelectQueryData()
Many migrations can't happen right now because of use of
ChangeTagsStore::modifyDisplayQuery() but I will fix that soon.
Bug: T344971
Change-Id: Iafb2bb5ea3a0da49da1dafb69b65dea3c15029ed
The script couldn't find these because they were using wfGetDb(). I
fixed that and that cleaned up a lot more.
Bug: T344971
Change-Id: I5c4c5fa65c42292bfb4d870936775e598fb30719
This class is used heavily basically everywhere, moving it to Utils
wouldn't make much sense. Also with this change, we can move
StatusValue to MediaWiki\Status as well.
Bug: T321882
Depends-On: I5f89ecf27ce1471a74f31c6018806461781213c3
Change-Id: I04c1dcf5129df437589149f0f3e284974d7c98fa
If a username matches $wgAutoCreateTempUser['reservedPattern'], but the
username is not a valid temp user, return false from
UserNameUtils::isUsable().
This makes reserved patterns analogous to $wgReservedUsernames, and
provides a simple way to reject central sessions for temp users on wikis
where temp users are disabled.
Bug: T342475
Change-Id: I1d7f843e71e605fccf3de93fd145ff43e396619f
These tests are all making two assumptions:
- That the sysop test account exists
- That its name is UTSysop
Both assumptions happen to be true right now, but the first one will no
longer be after change I30861742. The second one will probably remain
true for a while, but still, tests shouldn't rely on this implementation
detail when possible.
If a test needs an exiting test user, it should call getTestUser /
getTestSysop.
Use mocks or different usernames where the user actually doesn't matter,
e.g. in non-Database tests where UTSysop already doesn't exist.
Bug: T342428
Change-Id: Ie77e72f5a5ee6a2ef4ec9dceaa9044bb690f68b2
Temporary users are blocked if their IP address is listed in
$wgDnsBlacklistUrls or $wgSoftBlockRanges.
Bug: T343704
Change-Id: Ia3383bd10c3c6c35c586550b68f4af5f4659e815
Mock the relevant services that need the DB instead, when possible. When
not possible, e.g. because DB access is needed for the test to make
sense, add the test to the Database group instead.
Change-Id: Iefbfe00bedc243906c6b860572568343268646cc
This patch introduces session keys as constants as they repeat across
this class but are the same strings. Making them as constants will ensure
they're the same across usage and avoid errors.
If we ever want to change this key in the future, we can just change the
value of the constant and no need to change all occurrences in the entire
file.
== Introduces ==
+ AUTHN_STATE
+ ACCOUNT_CREATION_STATE
+ ACCOUNT_LINK_STATE
+ AUTOCREATE_BLOCKLIST
NOTE: Constants created as public but marked as internal to be used by
relevant tests in core.
Change-Id: I49e4ea01f0f8b548e32f88653e67ba4058c8bc07
* Fix tests depending on $wgUsePigLatinVariant=true, which is in
DevelopmentSettings.php but not TestSetup::applyInitialConfig().
* Fix test depending on DNS resolution details.
Change-Id: I877dc3323bf4024caab7666a8820103de0b48d23
equalTo() no longer takes a $delta parameter, so use equalToWithDelta()
instead.
Increase the delta to 2 seconds.
Add comments for readability.
Bug: T342775
Change-Id: I85c7a650a45dbdaf0645f45d1277b1e7515a06eb
This reduces the acceptable forms for hook handlers to three things:
* a callable (in the form of a string, an array, or a closure)
* an object, which is expected to have a public "on" method that
matches the hook name.
* an array containing an object spec in the "handler" key, for use
with ExtensionRegistry.
All other forms will trigger a deprecation warning.
Bug: T339167
Depends-On: I980f2d45e6bb8c6a04058e68c758f71bbcf709de
Depends-On: Ieae405f70caa01d84602583cc214b0ee3fadc796
Depends-On: If15df4b598c02ed9bda5eea0ae89a16ebbf4f2e2
Depends-On: Id70276fa1e1821bd400dc0ae5cea722a21d524d5
Change-Id: I83bc81d1b3033c38b9313884a9c70a187fdde227
This parameter was unused outside core, and the functionality
was intended for testing. Removing it simplifies the code quite a bit.
Note that the $replace parameter remains functional in
MediaWikiIntegrationTestCase::setTemporaryHook.
Change-Id: Ib5b4f379fbb74d54c600040a4c90f8354f4c1c61
This reverts change I50c3d1c5df (commit b0317287bc), thus reinstating
change I7d690a1172 (commit d139eb07fe). The only change from the
original is in getHookMethodName(), additionally replacing '-' with '_'
(not just ':' and '\'). The original commit message follows:
This converts all hook handlers to the same internal representation.
This is done lazily, when the hook is run for the first time.
The logic for temporarily disabling handlers by calling scopedRegister()
with the $replace parameter set has been greatly simplified.
There are some minor changes to the class's interface and behavior,
none of which should be breaking changes:
* run() will emit deprecation warnings if and only if it was called
with the deprecationVersion option set, for all kinds of handlers.
The idea is that deprecated hooks should emit a warning either from
run(), or from emitDeprecationWarnings(). The latter happens if the
hook is listed in DeprecatedHooks.
* register() now also accepts hook handlers declared in the way that
extensions register hooks.
* Attempts to call register() with an invalid hook definition now
result in an invalidArgumentException.
* Attempts to call register() for a deprecated hook will consistently
result in a deprecation warning.
* The internal getRegisteredHooks() method has been removed in favor
of the identical getHookNames() method.
* The internal getLegacyHandlers method has been removed in favor
of getHandlerDescriptions() and getHandlerCallbacks().
* The call order changed so that dynamically registered handlers
are called last, instead of getting called before handler objects
from extensions.
Bug: T338213
Change-Id: I6efb09e314ad2b124a33a757fdda2a07ae0d8f7c
This apparently caused some change in how hook handlers are called (it
now calls e.g. AbuseFilterHookHandler::onAbuseFilter-generateUserVars()
instead of AbuseFilterHookHandler::onAbuseFilter_generateUserVars()),
causing both test failures and errors on Beta.
This reverts commit d139eb07fe.
Bug: T338213
Change-Id: I50c3d1c5dfd2d7eeac59992156a8a644cf0197e5
This converts all hook handlers to the same internal representation.
This is done lazily, when the hook is run for the first time.
The logic for temporarily disabling handlers by calling scopedRegister()
with the $replace parameter set has been greatly simplified.
There are some minor changes to the class's interface and behavior,
none of which should be breaking changes:
* run() will emit deprecation warnings if and only if it was called
with the deprecationVersion option set, for all kinds of handlers.
The idea is that deprecated hooks should emit a warning either from
run(), or from emitDeprecationWarnings(). The latter happens if the
hook is listed in DeprecatedHooks.
* register() now also accepts hook handlers declared in the way that
extensions register hooks.
* Attempts to call register() with an invalid hook definition now
result in an invalidArgumentException.
* Attempts to call register() for a deprecated hook will consistently
result in a deprecation warning.
* The internal getRegisteredHooks() method has been removed in favor
of the identical getHookNames() method.
* The internal getLegacyHandlers method has been removed in favor
of getHandlerDescriptions() and getHandlerCallbacks().
* The call order changed so that dynamically registered handlers
are called last, instead of getting called before handler objects
from extensions.
Change-Id: I7d690a1172af44a90b957b2274d68e51b7f09938
Initally used a new sniff with autofix (T333745),
but some provide are defined non-static in TestBase class
and need more work to make them static in a compatible way
Bug: T332865
Change-Id: I889d33424f0c01fb26f2d86f8d4fc3de3e568843
