Changed some inserts to use multi-row insert for small performance
benefit where possible and not already used.
InsertQueryBuilder does not return a value, deprecated since 1.33
Bug: T353219
Change-Id: I2380ebc8ec8db178dd790247aefbdd798b6d62ff
Why:
* The default value of wgAutoCreateTempUser has not changed since
the decision to use a different prefix for temporary accounts
(T332805).
* The default needs to be updated to reduce the number of overrides
in operations/mediawiki-config and also to make the development
experience more consistent with what is happening on WMF
production.
What:
* Update the wgAutoCreateTempUser default in the following ways:
** Set expireAfterDays as 365
** Set notifyBeforeExpirationDays as 10
** Set genPattern and reservedPattern to '~$1'
** Set matchPattern to null, which will mean that the genPattern
is used as the value.
* Update RealTempUserConfig::getPlaceholderName to add the year to
the placeholder name so that if the match pattern includes the
first digit of the year, then the placeholder name still is
considered a valid temporary account username.
* Replace modifications of the wgAutoCreateTempUser config in
integration tests with a use of the TempUserTestTrait to make
the code cleaner and make it easier to find tests that relies on
the values in wgAutoCreateTempUser.
* Update multiple tests to handle the new defaults for the config.
Bug: T359335
Change-Id: Ifa5a0123cd915bdb7c87e473c51fb93321622f12
This is inconsistent with the access pattern of other constants in
MediaWiki. it's also confusing (e.g. it's unclear to a newcomer why
UserFactory is implementing IDBAccessObject) and it's prone to clashes
(e.g. BagOStuff class has a clashing constant).
It has been already announced: https://w.wiki/9DAX
Bug: T354194
Change-Id: Ic2357634b8385d65b55db2b557191419b06c40e0
- Add getRightDescriptionHtml() to return HTML
the change handles cases where the message contains wikitext
- Use the new method getRightDescriptionHtml() in createBotPassword
Bug: T312819
Change-Id: If3b9bce2f02806572cc6cc1194a07cb7d5b8d6da
In DatabaseBlockTest changed from addDBDataOnce() to addDBData() as
ChangedTablesTracker cannot reset tables changed by addDBDataOnce()
between each test run.
Remove also User::clearInstanceCache done together with the deletion as
the TestUser class is calling this already between tests.
Change-Id: Ibd5e544138a2a9b554abc2dea54a5db38f9a828f
TempUserCreator calls AuthManager::autoCreateUser, which calls
User::addToDatabase. Set user_is_temp from addToDatabase.
Inserts to the user table are done elsewhere, but they are not
updated here. They don't insert temporary users, and
user_is_temp defaults to false.
Bug: T333223
Bug: T355175
Change-Id: I7c71fc7b4fd44e23cd4a68425f64bc631284a9b7
Why:
Temporary accounts (introduced as part of IP Masking)
are supposed to expire 1 year after their registration.
Automatic account expiration can be done via a maintenance
script, which would be periodically executed via cron / systemd.
Make it possible for extensions to provide their own logic
for generating a list of temporary accounts to invalidate.
This is used in CentralAuth to base registration timestamp
on the global registration timestamp.
The default behavior is "temporary accounts do not expire",
given the feature requires a maintenance script to run
periodically, which will not be the case on third party
instances.
What:
* Add `expireAfterDays` to $wgAutoCreateTempUser, controlling
how many days temporary accounts have.
* Add UserSelectQueryBuilder::whereRegisteredTimestamp(),
filtering accounts based on user_registration.
* Add ExpireTemporaryAccounts maintenance script, which is
@stable to extend.
Bug: T344695
Change-Id: If17bf84ee6620c8eb784b7d835682ad5e7afdfcc
* Remove User::$mBlock, mBlockedby, mBlockreason and mHideName, which
cached block status for a user.
* Inline User::getBlockedStatus() into User::getBlock() and use
getBlock() internally to implement the deprecated public methods.
Bug: T345683
Depends-On: I4898a23fcde34db8ef94b92d41722cedf9380dbc
Depends-On: If57d4e910d35f386028afd9cb900d78f3b6a0e13
Change-Id: I25b84b0a8f9cacd0908a415b3a4a50ff7ecc72f4
This is unfortunately by necessity a breaking change to the soon-to-
be-removed mBlockreason from string to CommentStoreComment. Oh well.
Change-Id: Iac918def95fb0600f2d805d2d95732b280d8fd81
Temporary users are blocked if their IP address is listed in
$wgDnsBlacklistUrls or $wgSoftBlockRanges.
Bug: T343704
Change-Id: Ia3383bd10c3c6c35c586550b68f4af5f4659e815
Rate limits will automatically be checked by definitelyCan(),
authorizeRead() and authorizeWrite(). The authorize methods also
increment the counter.
UserAuthority tracks which limits have already been incremented during
the current request, to avoid duplicate increments caused by code that
still calls pingLimiter directly.
DEPLOY: Risky! We SHOULD not hit rate limits more often, but we might.
Rate limit metrics should be monitored closely, see
<https://grafana.wikimedia.org/d/8oA6CWr4z/mw-rate-limiting-overview>.
Bug: T310476
Depends-On: Iebd62b0487af9172edaeae41c9b31aaf2f20fd06
Change-Id: Ic349f03b7040343815b60b0a2c84a5780326c797
Replace all core calls to User::getQueryInfo() with an equivalent
SelectQueryBuilder.
Bug: T311866
Change-Id: Ib249a9d9098b1c09907a90607206edd8331bad3d
UserTest::testUserId() was failing when run alone, because getId() was
always fetched from the database following setId(), and the test does
not write it to the database.
It passed when run with other tests since more than 7 users were present
in the database since the last truncate. Adding 'user' to tablesUsed
makes the failure reproducible.
It makes sense for setId() to mark 'id' as loaded, by analogy with
UserFactory::newFromId(). The test failure seems valid.
Fixing it in clearInstanceCache() instead of setId() seems correct to
me. There are only two callers of clearInstanceCache() with
$reloadFrom set to a field name in core and WMF deployed extensions.
So, when clearInstanceCache() is called with the name of a field to
reload from, mark that field as already loaded.
Depends-On: Iabe011bf796016b357ab2a317b810bea2568a9f5
Change-Id: Ibbf753d318a376c7c5819930dd5669d0e44eda30
Just methods where adding "static" to the declaration was enough, I
didn't do anything with providers that used $this.
Initially by search and replace. There were many mistakes which I
found mostly by running the PHPStorm inspection which searches for
$this usage in a static method. Later I used the PHPStorm "make static"
action which avoids the more obvious mistakes.
Bug: T332865
Change-Id: I47ed6692945607dfa5c139d42edbd934fa4f3a36
Notable changes:
* In SqlBagOStuff::getConnectionFromServerInfo, only two loggers were
injected. The rest implicitly got a NullLogger due to being absent.
These are now effectively unsilenced.
* Database::__construct() required almost all parameters, even the
loggers. I've wanted to move some of DatabaseFactory into the ctor
here for a while. In order to make this change not a breaking
change, the new 'logger' parameter is optional with NullLogger as
default. This allowed some of the test cases, which were simply
passing NullLogger, to be fixed by passing nothing instead of
passing the new option name.
The Database class is behind a dozen layers of indirection for
real use, so this will still be injected just fine (DBF, LB, LBF,
MWLBF, etc.).
* In LegacyLogger, the handling for $wgDBerrorLog was previously
limited to DBConnection and DBQuery. This now includes errors
from other (generally, newer) parts of Rdbms as well, which were
previously missing.
This only affects sites (typically CI and dev setup) where
$wgDBerrorLog is used, as opposed to the more common
$wgDebugLogGroups by-channel configuration.
* TransactionProfiler gets its logger injected in a rather odd way,
via entrypoints (MediaWiki.php, ApiMain.php, and MaintenanceRunner)
as opposed to service wiring. This is kept as-is for now.
* In LBFactoryTest, in particular testInvalidSelectDBIndependent2,
there are cases that intentionally produce failures of which
the result is then observed. In CI we assert that dberror.log is
empty so instead of adding the missing logger fields to that
LBFactory instance, the only one set (replLogger) is removed.
The alternative is to set 'logger' now, which would naturally
cause CI failures due to unexpected entries coming through to
non-mocked error log.
Bug: T320873
Change-Id: I7ca996618e41b93f488cb5c4de82000bb36e0dd3
The following User methods, deprecated in 1.38, have been removed:
* ::blockedBy
* ::getBlockId
Bug: T277511
Change-Id: I00e2fec4ababa3f9c12dee34c3d922d18e1c78d7
