AuthManager is coming, which will make it easier to add alternative
methods of authentication. But in order to do that, we need to finally
get around to ripping the password-related bits out of the User class.
The password expiration handling isn't used anywhere in core or
extensions in Gerrit beyond testing for expired passwords on login and
resetting the expiry date on password change. Those bits have been
inlined and the functions removed; AuthManager will allow each
"authentication provider" to handle its own password expiration.
The methods for fetching passwords, including the fact that mPassword
and other fields are public, has also been removed. This is already
broken in combination with basically any extension that messes with
authentication, and the major use outside of that was in creating
system users like MassMessage's "MediaWiki message delivery" user.
Password setting methods are silently deprecated, since most of the
replacements won't be available until AuthManager. But uses in unit
testing can be replaced with TestUser::setPasswordForUser() immediately.
User::randomPassword() and User::getPasswordFactory() don't really
belong in User either. For the former a new PasswordFactory method has
been created, while the latter should just be replaced by the two lines
to create a PasswordFactory via its constructor.
Bug: T47716
Change-Id: I2c736ad72d946fa9b859e6cd335fa58aececc0d5
This allows generator implementations to define how generator data
about a redirect gets merged into the redirect destination. This
does not change any defaults, only modules that explicitly set a
merge policy will have a change in their results.
This functionality is initially used for the search api modules to
retain search positions within the final result set.
Bug: T92796
Change-Id: If2f49e0fc3176288c95e870240754ee320a6bf91
Changed some old bugzilla links to new phabricator links in comments,
test data and error message. This reduces the need for redirects from
old bugzilla to new phabricator from our source code.
Change-Id: Id98278e26ce31656295a23f3cadb536859c4caa5
It was kept around in the ApiResult rewrite because Wikibase was
(mis)using it as an "XML mode" flag.
Bug: T96596
Change-Id: Ic8259649c8cb0cce0444c907607c36d96fb2eb7e
Specifically, GET requests can now return ETag and Last-Modified
headers, and If-None-Match and If-Modified-Since headers on such GET
requests will be honored. This doesn't change any API modules to
actually return these values, it just provides the infrastructure.
For reasoning on why only GET requests and why only these two of the
five precondition headers defined by RFC 7232, see the doc comment on
ApiMain::checkConditionalRequestHeaders().
Change-Id: Ia18874c9360fcffdad323b341ca867ba773788fd
Two bugs here:
* Setting NO_SIZE_CHECK also bypassed validation
* ApiResult::valueSize() didn't handle ApiSerializable, which is fixed
by defining that the value needs to be passed through
ApiResult::validateValue() first.
Bug: T111796
Change-Id: I7c00d8ee53364a26f8f63f82a4d83b92baf5383e
This allows for merging the KVP key into the value for the alternative
output format. Specifically,
{ "key": { "foo": "bar" } }
can now be turned into
[{ "name": "key", "foo": "bar" }]
instead of
[{ "name": "key", "value": { "foo": "bar" } }]
Change-Id: Ie1f9235893dbbcd2948c46e0356360b5635a3ddd
This allows them to be stored in the session, for example.
Note that properly serializing a Message requires that all its
parameters be serializable as well; we don't attempt to account for that
here.
Change-Id: I3a42a2a883e8eef900eeb02355fc3b064411f642
The new format is much easier to use correctly, and should therefore be
the default. The old format is maintained for clients that need the
additional flexibility.
Bug: T96858
Change-Id: I984e63581f4ef23ccada916b6d45131d1fb5e001
- Removed space after casts
- Removed spaces in array index
- Added spaces around string concat
- Added space after words: switch, foreach
- else if -> elseif
- Removed parentheses around require_once, because it is not a function
- Added newline at end of file
- Removed double spaces
- Added spaces around operations
- Removed repeated newlines
Bug: T102609
Change-Id: Ib860222b24f8ad8e9062cd4dc42ec88dc63fb49e
wfSuppressWarnings() and wfRestoreWarnings() were split out into a
separate library. All usages in core were replaced with the new
functions, and the wf* global functions are marked as deprecated.
Additionally, some uses of @ were replaced due to composer's autoloader
being loaded even earlier.
Ie1234f8c12693408de9b94bf6f84480a90bd4f8e adds the library to
mediawiki/vendor.
Bug: T100923
Change-Id: I5c35079a0a656180852be0ae6b1262d40f6534c4
RequestContext::getMain()->getUser() in a (faux) API request doesn't return the
user the (faux) API call is made with, but the user running the tests.
Bug: T101388
Change-Id: Icbbf14a6433edf5c91162a9d67899d6a2d5c33df
Adds the 'modules', 'jsconfigvars', and 'encodedjsconfigvars' props
to action=expandtemplates, that output the modules and Javascript
configuration variables added to ResourceLoader by extensions and
parser functions, in the same way action=parse does.
This is needed by Parsoid to correctly include all modules used by
parser functions.
Based on I5c3ccb25385e57633639bb0c7e6f562eb58b05a2 by @Jackmcbarn.
Bug: T69540
Change-Id: Iaf58c66c987a318c0dd1ee2b81774106c40e7561
I had thought no one would be silly enough to set invalid tag names for
ApiResult::setIndexedTagName(), since it's specifically *for* XML tag
names. Apparently I was wrong.
Bug: T97599
Change-Id: I62ad832b1d8c23a275e5c67160f0b1febe5f3454
Nothing in this patch should result in changed output for format=json or
format=php except as noted in RELEASE-NOTES-1.25, and changed output for
format=xml should be similar or cosmetic. However, other code accessing
the result data directly may need to be updated.
Bug: T87053
Bug: T12887
Change-Id: I3500708965cb8869b5aed1543381aad208dadd13
This adds supportsDirectApiEditing and
supportsDirectEditing methods to ContentHandler. Both
return false by default for the ContentHandler base
class, and true for TextContentHandler and it's
derivatives. (everything in core)
Extension content types that directly extend
AbstractContent / ContentHandler, often / generally don't
support direct editing. EntityContent in Wikibase
and Flow boards are the two such content types currently
in gerrit-hosted extensions.
The use and direct settings of the allowNonTextContent
member variable is replaced by enableApiEditOverride and
a setter for that. The only place allowNonTextContent is
used in all of Wikimedia-hosted git repos is core itself
(EditPage and ApiEditPage), so should be safe to make
this change.
With this change, Wikibase can remove its ApiCheckCanExecute
hook handler that disallows editing there, and MobileFrontend
could check if direct editing is allowed before enabling it's
editing features, instead of Wikibase having to add
MobileFrontend hook handlers to disable the features.
Bug: T96382
Change-Id: I276cd6ecedf38108f1f2be16b38e699e8c5d2d0c
ApiResult was a mess: some methods could only be used with an array
reference instead of manipulating the stored data, methods that had both
array-ref and internal-data versions had names that didn't at all
correspond, some methods that worked on an array reference were
annoyingly non-static, and then the whole mess with setIndexedTagName.
ApiFormatXml is also entirely annoying to deal with, as it liked to
throw exceptions if certain metadata wasn't provided that no other
formatter required. Its legacy also means we have this silly convention
of using empty-string rather than boolean true, annoying restrictions on
keys (leading to things that should be hashes being arrays of key-value
object instead), '*' used as a key all over the place, and so on.
So, changes here:
* ApiResult is no longer an ApiBase or a ContextSource.
* Wherever sensible, ApiResult provides a static method working on an
arrayref and a non-static method working on internal data.
* Metadata is now always added to ApiResult's internal data structure.
Formatters are responsible for stripping it if necessary. "raw mode"
is deprecated.
* New metadata to replace the '*' key, solve the array() => '[]' vs '{}'
question, and so on.
* New class for formatting warnings and errors using i18n messages, and
support for multiple errors and a more machine-readable format for
warnings. For the moment, though, the actual output will not be changing
yet (see T47843 for future plans).
* New formatversion parameter for format=json and format=php, to select
between BC mode and the modern output.
* In BC mode, booleans will be converted to empty-string presence style;
modules currently returning booleans will need to use
ApiResult::META_BC_BOOLS to preserve their current output.
Actual changes to the API modules' output (e.g. actually returning
booleans for the new formatversion) beyond the use of
ApiResult::setContentValue() are left for a future change.
Bug: T76728
Bug: T57371
Bug: T33629
Change-Id: I7b37295e8862b188d1f3b0cd07f66ac34629678f
These are available in phpunit since 3.5.0, which I think
is reasonable to expect people to have at this point,
especially when we actually require 3.7.0 or higher in phpunit.php:
Use assertSame instead of assertArrayEquals in UIDGeneratorTest.
assertSame (and assertEqual) care about sortorder of the array,
and is perfectly sufficient in this case to check they array is correct.
if ( $puVersion !== '@package_version@' && version_compare( $puVersion, '3.7.0', '<' ) ) {
die( "PHPUnit 3.7.0 or later required; you have {$puVersion}.\n" );
}
Change-Id: Ic32ab45110e4c4304ef046ae8d0e98c741255559
It's still slow though because ApiTestCase does expensive things in
setUp(), but nothing in these tests need database access anymore.
Change-Id: Iaf431cc62fe23154c42967e6391c533fe1c5346e
* Remove redundant @licence/@license from test suite files.
They already have full licence headers. And @licence raises a
warning in Doxygen.
* Fix weird messes of comments inside comments and other things.
Change-Id: I38da8ca76330f72b8dc22b0ecf1ea69d5ea55ede
ApiQueryTestBase::check() should pass all optional params
like session and user to the doApiRequest()
Change-Id: If1cb52b03faba06c97d330a91a23893fe08acf22
phpunit has removed that class in
f0322b6978
instead adding a dependency on "sebastian/comparator": "dev-master"
https://github.com/sebastianbergmann/comparator
The class name changed from PHPUnit_Framework_ComparisonFailure
to \SebastianBergmann\Comparator\ComparisonFailure\ComparisonFailure
Bug: T90880
Change-Id: I8988d0b07c00f54c8c8dd38a5e92a5736d88b163
* Use MediaWikiTestCase::getNewTempFile and getNewTempDirectory
instead of wfTempDir().
The upload api tests wrote a tempnam() file directly (where
wfTempDir() is typically shared with other systems and concurrent
runs). Use MediaWikiTestCase::getNewTempFile and
getNewTempDirectory instead.
This also ensures its removal by the teardown handler without
needing manual unlink() calls. And it doesn't rely on the test
passing. (Many unlink calls where at the bottom of tests,
which wouldn't be reached in case of failure).
* For the upload test, the presistent storing of
'Oberaargletscher_from_Oberaar.jpg' (downloaded from Commons)
was removed. Note that this didn't work for Jenkins builds anyway
as Jenkins builds set $wgTmpDirectory to a unique directory
in tmpfs associated with an individual build.
* For filebackend tests, moved directory creation from the dataProvider
to the main test.
Implemented addTmpFiles() to allow subclasses to register
additional files (created by other means) to be cleaned up also.
Removed unused $tmpName and $toPath parameters in data
provider for FileBackendTest::testStore. And fixed weird double
$op2 variable name to be called $op3.
* Skipped parserTest.inc, MockFileBackend.php, and
UploadFromUrlTestSuite.php as those don't use MediaWikiTestCase.
Change-Id: Ic7feb06ef0c1006eb99485470a1a59419f972545
Extensions using $wgAutoloadClasses where this test will fail
Follow-Up: If1125cd5fa4ed836fe15fc79480d78ebd899be4e
Change-Id: Ic2024605d7d59890c527cc0580a49da73f8516c8
I7b37295e is going to be changing around how ApiResult works,
which is going to need corresponding changes in the formatters. So it
would probably be a good idea to have a decent starting point to catch
any breakage. The non-backwards-compatible changes to ApiFormatTestBase
shouldn't be a concern, as no extensions in Gerrit reference this class
or any /ApiFormat.*Test/ class.
This also fixes two small bugs in ApiFormatWddx (null handling and
spacing for non-fm slow path) discovered during testing, and works
around some HHVM wddx extension bugs.
Bug: T85236
Change-Id: I9cdf896e7070ed51e42625d61609ad9ef91cd567
wddx_serialize_value() fails to escape the ampersand under HHVM. It has
been fixed upstream https://github.com/facebook/hhvm/issues/4283 but
has not been released yet.
When running under HHVM and detecting the ampersand is not escaped, skip
the test..
Bug: T75531
Change-Id: Ia58ec20b4daf78cd90da1bdf8af6cac86015c5d7
ApiLogin and ApiCreateAccount calling wfSetupSession, which leaks a
session over the test.
The test RequestContextText needs a clear session to work, so the api
tests should avoid leaking the session.
Doing this in the ApiTestCase because some tests calling ApiLogin over
FauxRequest and that also starts a session.
Change-Id: Icf5cb4d4a2c24c96698cac5bf32147c0c9149ef3
The @requires just works for other tests, not for php functions.
This fixed a failure for the hhvm test server:
1) ApiFormatWddxTest::testValidSyntax
Failed asserting that null is of type "array".
Change-Id: Iadd8238ce62d4803cdf56508886ad016f8ac8f1d
