This reduces the runtime of database-bound tests by about 40%
(on my system, from 4:55 to 2:47; results from Jenkins are
inconclusive).
The basic idea is to call addCoreDBData() only once, and have
a addDBDataOnce() that is called once per test class, not for
every test method lie addDBData() is. Most tests could be
trivially be changed to implement addDBDataOnce() instead of
addDBData(). The ones for which this did not work immediately
were left out for now. A closer look at the tests that still
implement addDBData() may reveal additional potential for
improvement.
TODO: Once this is merged, try to change addDBData() to
addDBDataOnce() where possible in extensions.
Change-Id: Iec4ed4c8419fb4ad87e6710de808863ede9998b7
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
User keeps most of its token-related methods because anon edit tokens
are special. Login and createaccount tokens are completely moved.
Change-Id: I524218fab7e2d78fd24482ad364428e98dc48bdf
None of this works and it's been long begging for a mercy kill.
All it does is waste contributor time on updating deprecations
in the dead code. I imagine we wouldn't reuse much of this
code if we're ever going to reimplement it.
Bug: T119336
Change-Id: Ibd26a4bea621857aac77823017e9be9b7dc52cca
Sigh, PHP. You allow for an array to have string "1" as a key (e.g. when
casting from object to array), but then you do everything wrong when
trying to deal with it.
Bug: T123663
Change-Id: I49f09901a69aab39ca1519bbe9e41267bf9a1216
Bot passwords are something like OAuth-lite, or Google's application
passwords: the bot can use API action=login to log in with the special
username and password, and will then be allowed to use the API with a
restricted set of rights.
This is intended to provide an easy migration path for legacy bots and
for bots on wikis without OAuth, since AuthManager is going to greatly
complicate non-interactive authentication. If OAuth is available, an
owner-only consumer would be a better choice.
Bug: T121113
Change-Id: Iaa4015e00edbfbfaedcc8b2d27a2d3fd25009159
Depends-On: I7e15331efb162275c4116bcae61f19d6b884cbe3
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
* This does the same thing ApiOptions does to avoid these errors.
A new getInstanceForUpdate() method is now in the User class to
simplify this pattern.
* Avoid overriding $user in ApiOptions for code readability.
* Fixed IDEA errors around Preferences::getFormObject() return type.
Bug: T95839
Change-Id: If2385b7486c043bd70d7031ff35e37dfb079a4d2
Some tests fails on wikis with $wgLanguageCode not = 'en', fix this by
setting the correct language context.
Change-Id: Ia72017df59d8beb5c508832584b2431ffab0f77f
If we really need this we can do it in MediaWikiTestCase, next
to the setting of wgMainCacheType. But from what I can see the
code being tested here already doesn't use the old $wgMemc.
Change-Id: I9e4b2109b2f3c18d8d5551bbadae5711c1d4c0a6
* ApiQueryTest: One random is enough.
* FileBackendTest: More consistent and idiomatic via wfRandomString()
* MigrateFileRepoLayoutTest: Use getNewTempDirectory(). Similar to
what FileBackendTest used already.
* UploadFromUrlTestSuite: Use getNewTempDirectory().
Change-Id: I772de2134be41506d8ed08367be8c18f354bfc72
AuthManager is coming, which will make it easier to add alternative
methods of authentication. But in order to do that, we need to finally
get around to ripping the password-related bits out of the User class.
The password expiration handling isn't used anywhere in core or
extensions in Gerrit beyond testing for expired passwords on login and
resetting the expiry date on password change. Those bits have been
inlined and the functions removed; AuthManager will allow each
"authentication provider" to handle its own password expiration.
The methods for fetching passwords, including the fact that mPassword
and other fields are public, has also been removed. This is already
broken in combination with basically any extension that messes with
authentication, and the major use outside of that was in creating
system users like MassMessage's "MediaWiki message delivery" user.
Password setting methods are silently deprecated, since most of the
replacements won't be available until AuthManager. But uses in unit
testing can be replaced with TestUser::setPasswordForUser() immediately.
User::randomPassword() and User::getPasswordFactory() don't really
belong in User either. For the former a new PasswordFactory method has
been created, while the latter should just be replaced by the two lines
to create a PasswordFactory via its constructor.
Bug: T47716
Change-Id: I2c736ad72d946fa9b859e6cd335fa58aececc0d5
This allows generator implementations to define how generator data
about a redirect gets merged into the redirect destination. This
does not change any defaults, only modules that explicitly set a
merge policy will have a change in their results.
This functionality is initially used for the search api modules to
retain search positions within the final result set.
Bug: T92796
Change-Id: If2f49e0fc3176288c95e870240754ee320a6bf91
Changed some old bugzilla links to new phabricator links in comments,
test data and error message. This reduces the need for redirects from
old bugzilla to new phabricator from our source code.
Change-Id: Id98278e26ce31656295a23f3cadb536859c4caa5
It was kept around in the ApiResult rewrite because Wikibase was
(mis)using it as an "XML mode" flag.
Bug: T96596
Change-Id: Ic8259649c8cb0cce0444c907607c36d96fb2eb7e
Specifically, GET requests can now return ETag and Last-Modified
headers, and If-None-Match and If-Modified-Since headers on such GET
requests will be honored. This doesn't change any API modules to
actually return these values, it just provides the infrastructure.
For reasoning on why only GET requests and why only these two of the
five precondition headers defined by RFC 7232, see the doc comment on
ApiMain::checkConditionalRequestHeaders().
Change-Id: Ia18874c9360fcffdad323b341ca867ba773788fd
Two bugs here:
* Setting NO_SIZE_CHECK also bypassed validation
* ApiResult::valueSize() didn't handle ApiSerializable, which is fixed
by defining that the value needs to be passed through
ApiResult::validateValue() first.
Bug: T111796
Change-Id: I7c00d8ee53364a26f8f63f82a4d83b92baf5383e
This allows for merging the KVP key into the value for the alternative
output format. Specifically,
{ "key": { "foo": "bar" } }
can now be turned into
[{ "name": "key", "foo": "bar" }]
instead of
[{ "name": "key", "value": { "foo": "bar" } }]
Change-Id: Ie1f9235893dbbcd2948c46e0356360b5635a3ddd
This allows them to be stored in the session, for example.
Note that properly serializing a Message requires that all its
parameters be serializable as well; we don't attempt to account for that
here.
Change-Id: I3a42a2a883e8eef900eeb02355fc3b064411f642
The new format is much easier to use correctly, and should therefore be
the default. The old format is maintained for clients that need the
additional flexibility.
Bug: T96858
Change-Id: I984e63581f4ef23ccada916b6d45131d1fb5e001
- Removed space after casts
- Removed spaces in array index
- Added spaces around string concat
- Added space after words: switch, foreach
- else if -> elseif
- Removed parentheses around require_once, because it is not a function
- Added newline at end of file
- Removed double spaces
- Added spaces around operations
- Removed repeated newlines
Bug: T102609
Change-Id: Ib860222b24f8ad8e9062cd4dc42ec88dc63fb49e
wfSuppressWarnings() and wfRestoreWarnings() were split out into a
separate library. All usages in core were replaced with the new
functions, and the wf* global functions are marked as deprecated.
Additionally, some uses of @ were replaced due to composer's autoloader
being loaded even earlier.
Ie1234f8c12693408de9b94bf6f84480a90bd4f8e adds the library to
mediawiki/vendor.
Bug: T100923
Change-Id: I5c35079a0a656180852be0ae6b1262d40f6534c4
RequestContext::getMain()->getUser() in a (faux) API request doesn't return the
user the (faux) API call is made with, but the user running the tests.
Bug: T101388
Change-Id: Icbbf14a6433edf5c91162a9d67899d6a2d5c33df
Adds the 'modules', 'jsconfigvars', and 'encodedjsconfigvars' props
to action=expandtemplates, that output the modules and Javascript
configuration variables added to ResourceLoader by extensions and
parser functions, in the same way action=parse does.
This is needed by Parsoid to correctly include all modules used by
parser functions.
Based on I5c3ccb25385e57633639bb0c7e6f562eb58b05a2 by @Jackmcbarn.
Bug: T69540
Change-Id: Iaf58c66c987a318c0dd1ee2b81774106c40e7561
I had thought no one would be silly enough to set invalid tag names for
ApiResult::setIndexedTagName(), since it's specifically *for* XML tag
names. Apparently I was wrong.
Bug: T97599
Change-Id: I62ad832b1d8c23a275e5c67160f0b1febe5f3454
Nothing in this patch should result in changed output for format=json or
format=php except as noted in RELEASE-NOTES-1.25, and changed output for
format=xml should be similar or cosmetic. However, other code accessing
the result data directly may need to be updated.
Bug: T87053
Bug: T12887
Change-Id: I3500708965cb8869b5aed1543381aad208dadd13
