It is not entirely meaningless. It might be an indicator that
the number of calls to a method is intentionally unlimited.
This is similar to e.g. an @inheritDoc PHPDoc comment that
marks a method as being "intentionally undocumented".
However, what's the meaning of being "intentionally
unconstrained"? Let's just not have any constraint then.
I feel all these ->expects( $this->any() ) bloat the test
code so much that it's never worth it.
Change-Id: I9925e7706bd03e1666f6eb0b284cb42b0dd3be23
Ended up using
grep -Prl '\->setMethods\(' . | xargs sed -r -i 's/setMethods\(/onlyMethods\(/g'
special-casing setMethods( null ) -> onlyMethods( [] )
and then manual fix of failing test (from PS2 onwards).
Bug: T278010
Change-Id: I012dca7ae774bb430c1c44d50991ba0b633353f1
My personal best practice is to not document @params when there
is a @dataProvider. I mean, these test…() functions are not
meant to be called from anywhere. They do not really need
documentation. @param tags don't do much but duplicate what the
@dataProvider does. This is error-prone, as demonstrated by the
examples in this patch.
This patch also removes @throws tags from tests. A test…() can
never throw an exception. Otherwise the test would fail.
Most of these are found by the not yet released I10559d8.
Change-Id: I3782bca43f875687cd2be972144a7ab6b298454e
If I try to run ApiMainTest with GlobalPreferences enabled, it takes
forever (or at least some number of minutes) to run. This is because
when @depends is used to transfer data from one test to another via
the return value, PHPUnit runs Enumerator::enumerate() on the data. When
it contains a reference to the active TestCase, PHPUnit ends up
iterating through its internal data structures, which takes a long time.
My conclusion is that @depends with a return value should be considered
harmful. Stop doing it in ApiMainTest. Stop recommending it in
SampleTest.
Change-Id: I63e94f2886a4ee4b3fd0ea6b19cd2fb67ba912de
The limit tests would fail if there is apihighlimits for everyone
(group *)
mergeMwGlobalArrayValue does not do deep merge, it just overrides;
setting the '*' group to the minimum required to pass tests.
Change-Id: I95fba69af1845f28132370e9ded3350acdfdb8c4
This data structure is sufficient to generate menus in
all Wikimedia deployed skins.
This new method will be used immediately in Example skin:
Ifb30a2c1314692c2869bd99c523e19c821be1f08
and Vector skin:
I5f7adc1840441b508ffee40139b85b64021789e6
Bug: T262098
Bug: T255924
Change-Id: I1a163cac0bff7620dcac50350cb6b93445a0cfbc
This converts user options management to a separate
service for use in DI context.
User options are accessed quite early on in installation
process and full-on options management depends on the
database. Prior we have protected from accessing the DB
by setting a hacky $wgUser with 0 id, and relying on the
implementation that it doesn't go into the database to
get the default user options. Now we can't really do that
since DBLoadBalancer is required to instantiate the options
manager. Instead, we redefine the options manager with
a DefaultOptionsManager, that only provides access to
default options and doesn't require DB access.
UserOptionsManager uses PreferencesFactory, however
injecting it will produce a cyclic dependency. The problem
is that we separate options to different kinds, which are
inferred from the PreferencesFactory declaration for those
options (e.g. if it's a radio button in the UI declaration,
the option is of multiselect kind). This is plain wrong,
the dependency should be wise versa. This will be addressed
separately, since it's requires larger refactoring. For now
the PreferencesFactory is obtained on demand. This will be
addressed in a followup.
Bug: T248527
Change-Id: I74917c5eaec184d188911a319895b941ed55ee87
In VisualEditor, when the user is saving their edit, we want to ensure
that they understand how their edit will be attributed. Therefore, if
the user gets logged out or logs in in another tab, we want to display
a message about it before saving.
We've been detecting this situation by manually managing tokens and
handling the 'badtoken' error, but our code would be much simpler and
it would be possible to share it with other extensions if we could
instead rely on automatic retrying in mw.Api#postWithToken and use
'assertuser' and 'assert' parameters. 'assert=anon' is the only
feature we're missing.
Bug: T245327
Change-Id: I485f99e1f5f493262b0c9af22370da01adf1e09c
This brings significant modularization to the Action API's parameter
validation, and allows the Action API and MW REST API to share
validation code.
Note there are several changes in this patch that may affect other code;
see the entries in RELEASE-NOTES-1.35 for details.
Bug: T142080
Bug: T232672
Bug: T21195
Bug: T34675
Bug: T154774
Change-Id: I1462edc1701278760fa695308007006868b249fc
Depends-On: I10011be060fe6d27c7527312ad41218786b3f40d
This log message was added at the request of Wikimedia's Security team
in 2016, but as far as I can tell was never enabled on Wikimedia sites.
Rather than adding more logic to avoid logspam when browsers include an
Origin header for same-orign requests, let's just get rid of it
entirely.
Bug: T243908
Change-Id: I799b17a5f4891f9e739d6b62551a5736b8a6664e
Done automatically using the master version of MW codesniffer and
running composer fix.
Bug: T192167
Change-Id: If6b40f515fde32ab5eff074a90e821c30c791827
With Iee04afc27283547dd68d6db93f44ac2e0ebf1258, passing both the $class
and $factory parameter is deprecated in favor of just passing an
ObjectFactory spec as the third parameter.
Change-Id: I7b04d82c9daba52f5dc5e6c528739336279c7550
Was reverted by I549810a4cd2e424cc4a438887d2f24614a24cc00 due to
T224607.
Original change by Vedmaka Wakalaka was
Ia0d840b772ea5f20c9594ce151cc57adc270e48b.
Original commit message:
The following methods should are factored out of the User class into PermissionManager,
leaving only deprecated stubs:
- User::isAllowed -> PermissionManager::userHasRight
- User::getRights -> PermissionManager::getUserPermissions
- User::groupHasPermission -> PermissionManager::groupHasPermission
- User::getGroupPermissions -> PermissionManager::getGroupPermissions
-User::getGroupsWithPermission -> PermissionManager::getGroupsWithPermission
- User::groupHasPermission -> PermissionManager::groupHasPermission
- User::isEveryoneAllowed -> PermissionManager::isEveryoneAllowed
- User::getAllRights -> PermissionManager::getAllPermissions
Depends-On: I7909e9bd6bbfbd708c0a00b861a9b22a38c6665d
Bug: T218558
Bug: T223294
Change-Id: I8899240378f636ea70f447616710516c0a3c5c31
The code for all uncaught exceptions will in the future be
"internal_api_error". If the client needs to know the class name for
some reason, it can check the new 'errorclass' data item on the error.
Change-Id: Ia9e32bbb8d17692203f4fbcee53a20e87be1776e
Validate them in ApiMessageTrait when the message is created, and again
in ApiMain before they're included in the header.
This also introduces an "api-warning" log channel, since "api" is too
spammy for real use, and converts a few existing things to use it.
Bug: T208926
Change-Id: Ib2d8bd4d4a5d58af76431835ba783c148de7792a
Depends-On: Iced44f2602d57eea9a2d15aee5b8c9a50092b49c
Depends-On: I5c2747f527c30ded7a614feb26f5777d901bd512
Depends-On: I9c9bd8f5309518fcbab7179fb71d209c005e5e64
Clarify and simplify exception output by deprecating
$wgShowSQLErrors and wgShowDBErrorBacktrace.
$wgShowExceptionDetails will now control most related output.
$wgShowHostnames will now solely control output of
MWExceptionRenderer::reportOutageHTML.
Bug: T165768
Change-Id: Idead2c11c499463dfa6293c3d4b33be3bde92e1a
ApiMain already caches the printer in ->mPrinter, so if
getPrinterByName() is being called more than once that's because we
really want a new printer instance, without any cached errors or other
behavior that results from reusing the same instance.
Bug: T199949
Change-Id: I779cbbaa8aab9b049a8eed732416edd828121ec4
Specifically, check the assert and assertuser parameters before setting
up the action module, so errors in parsing the module's parameters due
to being logged out don't override the client's intended "am I logged
in?" check.
Note this means that assertion failures will no longer use custom module
output formatters. This seems like an acceptable tradeoff: on Wikimedia
sites in May 2018 there were no requests that would have been affected
by this change.
Bug: T197672
Change-Id: I02a71395d5ed9f445e57162f2136292825f8dbb5
Find: /isset\(\s*([^()]+?)\s*\)\s*\?\s*\1\s*:\s*/
Replace with: '\1 ?? '
(Everywhere except includes/PHPVersionCheck.php)
(Then, manually fix some line length and indentation issues)
Then manually reviewed the replacements for cases where confusing
operator precedence would result in incorrect results
(fixing those in I478db046a1cc162c6767003ce45c9b56270f3372).
Change-Id: I33b421c8cb11cdd4ce896488c9ff5313f03a38cf
One bug fixed: if ApiCheckCanExecute returned false but didn't set
$message, we would try to output a message of false, which would throw
an exception.
Change-Id: Ib06970e280d750ff57d81672f1b365167b93aa3e
If the load() triggered by User method calls fails, then mId becomes 0
which means there is no "user" right set in getAutomaticGroups().
Bug: T75174
Change-Id: I2d719e4b96c0142e9d408aa2d4f7c5e7a767a754
Replaces \TestingAccessWrapper (defined in core) with
\Wikimedia\TestingAccessWrapper (defined in the composer package
wikimedia/testing-access-wrapper).
See https://gerrit.wikimedia.org/r/#/q/topic:librarize-testing-access-wrapper
for downstream patches.
The core version of the class is kept around for a while to avoid
circular dependency problems.
Bug: T163434
Change-Id: I52cc257e593da3d6c3b01a909e554a950225aec8
The default will remain PHPUnit 4.x due to PHP 5.5 support.
But, we should allow developers to run tests with newer PHPUnit
versions which are noticably faster (especially for code coverage
reports).
* <https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement-for-PHPUnit-5.4.0>
PHPUnit 5 deprecates the getMock() shortcut for getMockBuilder()->getMock().
It instead introduces the shortcut createMock() which has better defaults
than getMockBuilder(). For example, it sets 'disableArgumentCloning' and
other things by default.
Going forward, code should either use getMockBuilder directly and configure
it using the setter methods (instead of the confusing variadic arguments
of getMock) or simply use the new minimalistic createMock method. This patch
backports the createMock method to MediaWikiTestCase so that we can start
using it.
Change-Id: I091c0289b21d2b1c876adba89529dc3e72b99af2
API tests are all subclasses of MediaWikiLangTestCase, which overrides
the content language when the tests are actually running. So we need to
always use 'en' to match that.
Bug: T162007
Change-Id: Ie001576fb62ae88c9141e471fd8fcbc49592be32
Apparently Jenkins sets $wgShowExceptionDetails to true but travis
doesn't. The test should make sure it's set since it depends on it.
And apparently no one ever added $wgShowDBErrorBacktrace to the API.
Let's do that too.
Change-Id: I0793eda349426b265a47900cdeb87bb920b5c291
This was suggested at a Developer Summit session as a way to get people
to know about the mailing list.
This also adds a hook so ApiFeatureUsage can mention itself in
deprecation warnings too.
Bug: T148855
Change-Id: I04a7cf89e87e48f6504803dd173e779017a205d0
Tests were failing if class cannot be loaded using `\AutoLoader` but can be loaded by composer's autoloader.
Change-Id: I005c9d99245f4733a9666c4bfe9e39baeaad3960
API warnings and error messages are currently hard-coded English
strings. This patch changes that.
With a few exceptions, this patch should be compatible with non-updated
extensions:
* The change to ApiBase::$messageMap will blow up anything trying to
mess with it.
* The changes to the 'ApiCheckCanExecute' hook will cause a wrong
(probably unparsed) error message to be emitted for extensions not
already using an ApiMessage. Unless they're currently broken like
Wikibase.
Bug: T37074
Bug: T47843
Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898
Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec
Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6
Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed
Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c
Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b
Depends-On: I535344c29d51521147c2a26c341dae38cec3e931
Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
This was requested for the use of scripts that are concerned about the
possibility that the user might log in with a different account in
another browser window, thereby changing the expected user out from
underneath the script.
Bug: T146770
Change-Id: I94e0421cb263a418e86649f0d22ece4cfec6a395
The header is intended for use with XMLHttpRequest when the request
might be part of an XSS. The hook is for extensions that might need to
add additional checks of some sort.
Bug: T98313
Change-Id: I0e5f2d3b29a79a12461dc33c90c812a56810f536
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
