CSRF tokens should only be required (and only be allowed) if
the current session isn't already inherently safe against
CSRF due to the way the authentication mechanism works.
This allows (and requires) tokens to be omitted for requests
that use an OAuth Authorization header.
Bug: T230843
Bug: T230842
Bug: T237852
Change-Id: Ib2922d556ff2470d4bf8c386c18986ca9f37d1b5
In Core REST API MediaFileHandler, display a different error for
title not found vs file not found. Files may be unfindable even if
the title exists due to permission errors, or if they are missing
from the file system.
Bug: T238374
Change-Id: If49273b979291e284043f6251ad8d989a10defe1
NOTE: once this is merged, also merge Ie7b47e6868cc on the OAuth repo,
to fix unit tests after a breaking change to Router's constructor
signature.
Bug: T230842
Change-Id: I8f5b92918a58e44a4f2d8c78d234d9f64c2d06bf
* There were two separate integration test suites, both testing
the TemplateParser class. One extended MediaWikiTestCase, which is an
alias for MediaWikiIntegrationTestCase. The other was extending
MediaWikiIntegrationTestCase directly.
I've merged these into the same file.
* Use an injected BagOStuff instance.
This means we can inject a mock and more cleanly assert the
subject class' observable behaviour and contract toward BagOStuff,
without hardcoding any internal details of TemplateParser.
* Add coverage for getTemplate() not using the cache in any way
when wgSecretKey is false.
Change-Id: Ic01f23b1d59c430ab6adf247e0244514b98e20b8
* Injecting the cache object makes the class easier to test.
* The $forceRecompile parameter was not used anywhere, not tested,
and only mentioned in one README (fixed in I13fba7314).
Based on past experience I generally expect that when bypassing a
cache, it is neither read from nor written to. Such feature might
be reached out to when testing something, in which case it should
not be stored.
If this was intended as a way to purge it in prod via eval.php,
we generally don't provide dedicated purging commands in code.
We either call BagOStuff or Memc/Apcu directly, or invalidate the
underlying data (e.g. touch the template file, or bump the cache
version).
To use TemplateParser without caching, one can still pass
'new EmptyBagOStuff' instead if needed.
* Set the $ttl parameter in the set() call.
It is generally an anti-pattern to store something without
any TTL as that means it can needlessly compete for space
even after further deployments have changed the key or stopped
using a particular key. For now I used a liberal default
of 1 week.
Change-Id: Ic84b996b46c72e9dc33eed2645204fc2d6c5240c
These were left out by mistake (made easier by a bug where some phpunit
tests never run). Fixing the test bug is blocked on fixing the SQLite
schema so that DatabaseSqliteTest.php passes when it actually runs.
Bug: T246077
Change-Id: I75d7a7fb56a07c2984e987b6136e1fd00615c421
Template names aren't expected to be globally unique. Template paths are
by construction.
Include the template directory in the cache key in order to avoid the
cache keys of ambiguosly-named templates - e.g. index.mustache -
overriding one another.
Bug: T113095
Bug: T248010
Change-Id: I3196967ec2a7a5cec409a0c7ce4471a7d8773978
Add several new internal methods to help with wrangling
the various formats that rows, conditions, options, and
unique key lists can come in. Remove now unused method
isMultiRowArray().
Add various sanity checks and logging for parameters to
upsert(), replace(), insert(), and insertSelect().
Move DatabasePostgresTest to the integration/ directory.
Change-Id: If5988a6f0816e8da2cbf2fd612e1a3e3a2e9c52f
Add integration tests covering how TemplateParser::getTemplate interacts
with the server-local cache.
Bug: T113095
Change-Id: Ie0da8a157796bfe8ab4d758f38a4c6a2d5dc90ce
This was added in 4bd1b4b455 but reverted due to a bug in other
changes within that patch, namely, the replace() method changes.
Change-Id: Id73c3fed9e1862daeeecbf47bcfa53d1719c59bb
This was done automatically by replacing every assertContains with
string *needle*. Then verifying the results.
Bug: T192167
Change-Id: Id8cbbf3b01e948f80046714183cc299f86be21fd
Done automatically using the master version of MW codesniffer and
running composer fix.
Bug: T192167
Change-Id: If6b40f515fde32ab5eff074a90e821c30c791827
The immediate use case is for testing, where some tests need to use the
PHP implementation even when wikidiff2 is installed.
Bug: T237049
Change-Id: I41dc4c0933429065d7638f518ec31f0a056afc41
This reverts commit 4bd1b4b455.
Reason for revert: Incorrect syntax for SQLite "ON CONFLICT (...) DO UPDATE".
Bug: T234795
Change-Id: I987e6e7052368d5d9d0b6de9dd189edc4feaebe5
assertSame() is guaranteed to not do any type conversion. This can be
critical when acciden tially comparing, for example, 0 to 0.0.
Change-Id: Iffcc9bda69573623ba14af655dcd697d0fcce525
Following discussion in Ibb8175981092d7f41864e641cc3c118af70a5c76, this patch
proposes to further reduce the scope of what unit tests may access, by removing
the loading of DefaultSettings and GlobalFunctions.php. This also has the
implied effect of disabling the storage backend, as well as the global service
locator.
MediaWikiTestCase is renamed to MediaWikiIntegrationTestCase so it's scope and
purpose is more clear. Whether we still need to keep `@group Database`
annotation around is debatable, as it's unclear to me what the performance costs
are of implying database access for all tests which extend IntegrationTestCase.
As far as I can tell, `@group Database` is primarily used in CI to run faster
tests before slower ones, and with the new UnitTestCase the annotation seems
redundant.
To run all testsuites, use `composer phpunit`. Other composer scripts:
- `composer phpunit:unit` to run unit tests
- `composer phpunit:integration` to run integration tests
- `composer phpunit:coverage` to generate code coverage reports from unit
tests (requires XDebug).
Note that you can pass arguments to composer scripts with `--`, e.g. `composer
phpunit:integration --exclude-group Dump`.
Other changes:
- Rename bootstrap.php to bootstrap.maintenance.php so it's clear it's part of
the legacy PHPUnit-as-maintenance-class setup
- Create new bootstrap.php which loads the minimal configuration necessary for
the tests, and do additional setup in the run() method of the unit/integration
test case classes
- Move the unit-tests.xml file to phpunit.xml.dist in preparation for this being
the default test configuration
For a follow-up patch:
- Find unit/integration tests for extensions/skins
- Migrate other test suites from suite.xml
- Support running all tests via vendor/bin/phpunit
Bug: T84948
Bug: T89432
Bug: T87781
Change-Id: Ie717b0ecf4fcfd089d46248f14853c80b7ef4a76
