In change I625a48a6ecd3fad5c2ed76b23343a0fef91e1b83 I am planning to
make Wikimedia\Message\MessageValue use it, and we try to pretend that
it is a library separate from MediaWiki, so it makes sense to move
MessageSpecifier to the same namespace under Wikimedia\.
Bug: T353458
Change-Id: I9ff4ff7beb098b60c92f564591937c7d789c6684
And deprecated aliases for the the no namespaced classes.
ReplicatedBagOStuff that already is deprecated isn't moved.
Bug: T353458
Change-Id: Ie01962517e5b53e59b9721e9996d4f1ea95abb51
Changes to the use statements done automatically via script
Addition of missing use statement done manually
Change-Id: Iae45fa269363be8ee05c598ea6926514ce817762
Some of these have been marked in-code as deprecated for a long while,
but haven't ever been announced in the RELEASE-NOTES (and later,
HISTORY) file, so let's mark them up now so we can get the ball rolling
at least.
Per Gergo, the AuthManager one was 'born deprecated' and should only
have been used by humans also reading the deprecation notice given in
the code, and indeed no uses are known to code search, so also emit
deprecation warnings there immediately; others will have to wait until
uses have been migrated.
Change-Id: I0c1c71d8f4293623039302da35d58d2a24367e97
Why:
- We want to be able to reuse this method in other places, e.g. in
temporary user account autocreation
What:
- Move LoginSignupSpecialPage's setSessionUserForCurrentRequest method
into AuthManager, while splitting out the logic that is specific to
LoginSignupSpecialPage
Bug: T364121
Change-Id: I9c96420eca4a756cc846e4ff16e7698365b044d8
There are a couple of user options related classes already,
and the T321527 work on dynamic defaults is going to add
even more. Let's move them into a separate namespace
to make core a bit more organized.
Old name is kept as an alias for compatibility purposes.
Bug: T321527
Bug: T352284
Change-Id: I9822eb1553870b876d0b8a927e4e86c27d83bd52
- Set only properties defined by the class
- Use the DynamicPropertyTestHelper
- Use the existing local variables with & in closures
Dynamic properties are deprecated in php8.2
Bug: T326478
Change-Id: I7312268ecfd7c66fec72cbb2fa3df72fd1f3044c
Remove the 'user' option from the documentation and defaults. It has
been ignored since a3b4881f6f (2021, 1.37).
Fix tests which pass unknown constructor options. I found these by
temporarily patching the constructor to throw when an unknown option is
given.
Change-Id: I95cb2a38a5688d83c90ad501786f6d6bb02765ba
* Migrate callers of DatabaseBlock methods newListFromTarget,
newFromID, newFromTarget, doAutoblock.
* Deprecate DatabaseBlock methods newFromID and getAutoblockExpiry.
These are the methods with no extension callers in code search.
Bug: T255433
Change-Id: If0358459f53d32e7fe984c2fb8b61e0088f28922
* Move to DatabaseBlockStore the DatabaseBlock methods newFromID,
getQueryInfo, getRangeCond, newFromRow, isExemptedFromAutoblocks,
doAutoblock, updateTimestamp, getAutoblockExpiry, newFromTarget,
newListFromTarget.
* Split DatabaseBlock::getBlocksForIPList. Now
BlockManager::getBlocksForIPList() is responsible for XFF header
validation and trusted proxy handling. DatabaseBlockStore::
newListFromIPs() just does the queries and constructs the Block
objects.
* In DatabaseBlockStore::newFromRow() and doAutoblock(), use the
DatabaseBlock constructor instead of calling many setter methods. Add
constructor options decodedExpiry, decodedTimestamp, id,
parentBlockId and restrictions to support this.
* Move isExemptedFromAutoblocks() to its own service. Remove the cache
since in my testing with production eval.php, the WAN cache fetch is
10 times slower than just using the message cache, contradicting the
comment written in 2008.
* Fix AuthManagerTest which was previously passing an unrecognised
"restrictions" option to DatabaseBlock. Now that the option actually
works, we have to use the right type.
Bug: T255433
Change-Id: I5049e60be1681f67fcca133e569e315792dc42dd
This takes us one step closer to deprecating Status,
so we can isolate StatusValue from presentation logic.
FormatterFactory is introduced as a mechanism for
getting instance of formatters that need access to the user interface
language and other request dependent information.
Usage is demonstrated in thumb.php, SpecialCreateAccount, and
SearchHandler. The examples indicates that there is no work do
be done around ErrorPageError and LocalizedHttpException.
Change-Id: I7fe5fee24cadf934e578c36856cc5d45fb9d0981
* In AuthManager::autoCreateUser(), check the permissions of the
performer instead of relying on the secondary providers. This means
that auto-creation will be denied when the anonymous user is globally
IP-blocked.
* Remove create account block check from
CheckBlocksSecondaryAuthenticationProvider. testUserForCreation() is
supposed to only do target name checks, but it's not actually
possible to block a non-existent local name. So we don't need this
code.
* Add a $performer parameter to autoCreateUser() so that
Special:CreateLocalAccount can have elevated permissions when it
creates an account with IP block exemption.
* When a performer is passed, don't use the session as a cache.
* Since we are passing autocreateaccount as the action to
PermissionManager instead of createaccount, some special cases need to
be tweaked. Previously AuthManager checked for either
autocreateaccount or createaccount rights. Now PermissionManager does
that when the action is autocreateaccount.
By removing redundant checks from testUserForCreation(), the number of
ipblocks queries during a normal Special:CreateAccount post request is
reduced from 8 to 6.
The CentralAuth change I7e7a7fc8bcd86285f857063a38de02b41b5175d0 should
be merged immediately after this one.
Bug: T234371
Bug: T345683
Change-Id: If2937c7d717d2adc249f608d4585122b02a43fff
PermissionManager has an extensive need for block information, and it
gets it from the global state with User::getBlock(). In the future it
should get block information from BlockManager.
However, this is complicated because BlockManager already depends on
PermissionManager, solely for ipblock-exempt rights. For now, have
BlockManager use the service container for this information.
To simplify review, the changes which use
PermissionManager::$blockManager will be in a subsequent commit.
Bug: T345683
Change-Id: I7a92eed142dcf2595cc3e2c5fa85a362c2a10d99
To replace DatabaseLogEntry::getSelectQueryData()
Many migrations can't happen right now because of use of
ChangeTagsStore::modifyDisplayQuery() but I will fix that soon.
Bug: T344971
Change-Id: Iafb2bb5ea3a0da49da1dafb69b65dea3c15029ed
The script couldn't find these because they were using wfGetDb(). I
fixed that and that cleaned up a lot more.
Bug: T344971
Change-Id: I5c4c5fa65c42292bfb4d870936775e598fb30719
This class is used heavily basically everywhere, moving it to Utils
wouldn't make much sense. Also with this change, we can move
StatusValue to MediaWiki\Status as well.
Bug: T321882
Depends-On: I5f89ecf27ce1471a74f31c6018806461781213c3
Change-Id: I04c1dcf5129df437589149f0f3e284974d7c98fa
If a username matches $wgAutoCreateTempUser['reservedPattern'], but the
username is not a valid temp user, return false from
UserNameUtils::isUsable().
This makes reserved patterns analogous to $wgReservedUsernames, and
provides a simple way to reject central sessions for temp users on wikis
where temp users are disabled.
Bug: T342475
Change-Id: I1d7f843e71e605fccf3de93fd145ff43e396619f
These tests are all making two assumptions:
- That the sysop test account exists
- That its name is UTSysop
Both assumptions happen to be true right now, but the first one will no
longer be after change I30861742. The second one will probably remain
true for a while, but still, tests shouldn't rely on this implementation
detail when possible.
If a test needs an exiting test user, it should call getTestUser /
getTestSysop.
Use mocks or different usernames where the user actually doesn't matter,
e.g. in non-Database tests where UTSysop already doesn't exist.
Bug: T342428
Change-Id: Ie77e72f5a5ee6a2ef4ec9dceaa9044bb690f68b2
Temporary users are blocked if their IP address is listed in
$wgDnsBlacklistUrls or $wgSoftBlockRanges.
Bug: T343704
Change-Id: Ia3383bd10c3c6c35c586550b68f4af5f4659e815
This patch introduces session keys as constants as they repeat across
this class but are the same strings. Making them as constants will ensure
they're the same across usage and avoid errors.
If we ever want to change this key in the future, we can just change the
value of the constant and no need to change all occurrences in the entire
file.
== Introduces ==
+ AUTHN_STATE
+ ACCOUNT_CREATION_STATE
+ ACCOUNT_LINK_STATE
+ AUTOCREATE_BLOCKLIST
NOTE: Constants created as public but marked as internal to be used by
relevant tests in core.
Change-Id: I49e4ea01f0f8b548e32f88653e67ba4058c8bc07
* Fix tests depending on $wgUsePigLatinVariant=true, which is in
DevelopmentSettings.php but not TestSetup::applyInitialConfig().
* Fix test depending on DNS resolution details.
Change-Id: I877dc3323bf4024caab7666a8820103de0b48d23
equalTo() no longer takes a $delta parameter, so use equalToWithDelta()
instead.
Increase the delta to 2 seconds.
Add comments for readability.
Bug: T342775
Change-Id: I85c7a650a45dbdaf0645f45d1277b1e7515a06eb
This reverts change I50c3d1c5df (commit b0317287bc), thus reinstating
change I7d690a1172 (commit d139eb07fe). The only change from the
original is in getHookMethodName(), additionally replacing '-' with '_'
(not just ':' and '\'). The original commit message follows:
This converts all hook handlers to the same internal representation.
This is done lazily, when the hook is run for the first time.
The logic for temporarily disabling handlers by calling scopedRegister()
with the $replace parameter set has been greatly simplified.
There are some minor changes to the class's interface and behavior,
none of which should be breaking changes:
* run() will emit deprecation warnings if and only if it was called
with the deprecationVersion option set, for all kinds of handlers.
The idea is that deprecated hooks should emit a warning either from
run(), or from emitDeprecationWarnings(). The latter happens if the
hook is listed in DeprecatedHooks.
* register() now also accepts hook handlers declared in the way that
extensions register hooks.
* Attempts to call register() with an invalid hook definition now
result in an invalidArgumentException.
* Attempts to call register() for a deprecated hook will consistently
result in a deprecation warning.
* The internal getRegisteredHooks() method has been removed in favor
of the identical getHookNames() method.
* The internal getLegacyHandlers method has been removed in favor
of getHandlerDescriptions() and getHandlerCallbacks().
* The call order changed so that dynamically registered handlers
are called last, instead of getting called before handler objects
from extensions.
Bug: T338213
Change-Id: I6efb09e314ad2b124a33a757fdda2a07ae0d8f7c
This apparently caused some change in how hook handlers are called (it
now calls e.g. AbuseFilterHookHandler::onAbuseFilter-generateUserVars()
instead of AbuseFilterHookHandler::onAbuseFilter_generateUserVars()),
causing both test failures and errors on Beta.
This reverts commit d139eb07fe.
Bug: T338213
Change-Id: I50c3d1c5dfd2d7eeac59992156a8a644cf0197e5
This converts all hook handlers to the same internal representation.
This is done lazily, when the hook is run for the first time.
The logic for temporarily disabling handlers by calling scopedRegister()
with the $replace parameter set has been greatly simplified.
There are some minor changes to the class's interface and behavior,
none of which should be breaking changes:
* run() will emit deprecation warnings if and only if it was called
with the deprecationVersion option set, for all kinds of handlers.
The idea is that deprecated hooks should emit a warning either from
run(), or from emitDeprecationWarnings(). The latter happens if the
hook is listed in DeprecatedHooks.
* register() now also accepts hook handlers declared in the way that
extensions register hooks.
* Attempts to call register() with an invalid hook definition now
result in an invalidArgumentException.
* Attempts to call register() for a deprecated hook will consistently
result in a deprecation warning.
* The internal getRegisteredHooks() method has been removed in favor
of the identical getHookNames() method.
* The internal getLegacyHandlers method has been removed in favor
of getHandlerDescriptions() and getHandlerCallbacks().
* The call order changed so that dynamically registered handlers
are called last, instead of getting called before handler objects
from extensions.
Change-Id: I7d690a1172af44a90b957b2274d68e51b7f09938
The db/ directory does not have an owner and it's a mess in general.
These classes don't depend on anything in core except the rdbms library.
Let's simply move it there. In other words, Krinkle made me do it.
Since the class was moved in I6202e52ba73 merged less than a week ago,
no need to alias anything.
Bug: T321882
Change-Id: I24ceeb8bf765a50f441270136acd612359d50aa2
They are not suitable to go to rdbms library as they depend on mediawiki
pieces, the second best place is the db/ directory.
Bug: T321882
Change-Id: I6202e52ba7306d74261206c2ba7930c5f1a0a18e
* Unnecessary regex modifier. I agree with this inspection which flags
/s modifiers on regexes that don't use a dot.
* Property declared dynamically.
* Unused local variable. But it's acceptable for an unused local
variable to take the return value of a method under test, when it is
being tested for its side-effects. And it's acceptable for an unused
local variable to document unused list expansion elements, or the
nature of array keys in a foreach.
Change-Id: I067b5b45dd1138c00e7269b66d3d1385f202fe7f
Just methods where adding "static" to the declaration was enough, I
didn't do anything with providers that used $this.
Initially by search and replace. There were many mistakes which I
found mostly by running the PHPStorm inspection which searches for
$this usage in a static method. Later I used the PHPStorm "make static"
action which avoids the more obvious mistakes.
Bug: T332865
Change-Id: I47ed6692945607dfa5c139d42edbd934fa4f3a36
