* Hint that mariadb can avoid scanning already NULL rows since
we want to set them all to NULL. This lets the index with the
timestamp be used, which avoids logs of scanning for users with
many rows. For non-parallel replication, this also avoids slave
lag in particular.
Bug: T107923
Change-Id: I8cded5476ef6adb2f8fea57239afd6e9b2a49708
* This can help guard against stale reads if the user was
created or changed a second ago.
Bug: T105896
Change-Id: Ib2a59762cd8f4a4b7ad86d0700f186bee1d5b2d1
$replyto and $contentType should now be passed as an array of $options.
This will make it easier to add more options in the future without
having a long list of optional parameters.
Change-Id: I2c38bb438bd01e0ed2552024a40311f3e8e2dc08
* Also only issue DELETE if notifications exist. Previously,
this would issue a DELETE for all self talk page views.
Bug: T92007
Change-Id: Ifef11c9e5175d68d9615e59e2ed7de2f2c57bde1
Allow callers to specify why they are checking a passwords validity, so
some checks can be modified. Only check the default policy on creation,
since the account doesn't exist it's not a member of any groups.
Bug: T104615
Change-Id: I56b66002562aaa1493d94a90309bc8e4ae3841c8
Does not work as it will also log failed login attempts due
to a wrong password.
This reverts commit 9a97a7530f.
Change-Id: I6abd19da4e6939315a7fe6f7debe5227b68d38a7
To be able to identify any users who are unable to log in when switching
from allowing local authentication to strict.
Change-Id: I2ebdccdad9c7794d1c1b13db6a646a43bc770c4e
* READ_LOCKING is a composite field, so it can yeild 00, 01,
10, or 11 for the relevant two bits. Only one of them should
pass the check to avoid locking and snapshot breaking queries
for no reason.
Change-Id: Ief04ac20c7639fcf79443a3ee39a471542a59551
* This helps if multiple account creation attempts were made in a row
and the slave selected was lagged (either too much for Chronology
Protector or the user did not resend the cookies to link the session).
* The locking also better handles concurrent attempt to make another
account, especially with CentralAuth trying to make external accounts.
This assumes that the rate of concurrent account creations with close
names is low enough given trx speed to avoid gap locking issues. This
will need to be confirmed with low error log rates to be sure.
* The User::idFromName() method now includes a $flags parameter.
Bug: T104615
Change-Id: I8385526a19efc528a016ad2bbf376b377138966b
* This gives more visibility and the error rate is not
extreme (and mostly affects certain users due to
usage patterns).
Change-Id: I3eae28a584e4db8ae40ae80087a97c416b3bd3e8
* This still allows If-Modified-Since logic but does not
need to broadcast initialization values just because a
key fell out of cache. The value can differ between DCs
anyway via skew, this just lets them drift more. Actual
purge events are still broadcasted, which is what matters.
* The User class has now been simplified given this change.
* Added more general comments to getCheckKeyTime().
Change-Id: Ic1f4bbb1947e0d1dd47499c9e9dc86991c30580c
* This covers CentralAuthHooks::onUserLoadFromSession()
among other cases (OAuth user loading, ect).
Bug: T92357
Change-Id: I9c90027d8852ff8c1d626c03b5dbd765b95b0ce1
* Add the $wgExtendedLoginCookies configuration variable, which defines
the set of login cookies that can have their lifetime configured
independently
* Add the $wgExtendedLoginCookieExpiration configuration variable, which
dictates when the extended lifetime login cookies expire
* Default $wgExtendedLoginCookieExpiration to null so that the current
behaviour is unaffected
Bug: T68699
Change-Id: I0cc24524e4d7d9d1d21c9fa8a28c7c76b677b96c
* By default, users will load from the slave unless
the thread did a recent DB write. This is to handle
changes within a request.
* ChronologyProtector should avoid staleness in common
cases, and the CAS check on user_touched is a final
barrier to block stale user object updates.
* Note that passwords are not cached, so they hit the
DB when ever needed. Passwords now load from slaves
when possible, instead of the master.
* This should get the code closer to handling user
login and logged in users when the master is down.
* Fixed loadFromId() when READ_LOCKING is used.
* Also addressed TODO comment in load().
Bug: T92357
Change-Id: I0a8bdab720c19fe3fc2381799ae2e90ff09bb4cf
Make password policies defined in a configurable policy, which is
defined by group. A user's password policy will be the maximum of
each group policy that the user belongs to.
Bug: T94774
Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
Rather than call $this->load() unconditionally, get just the ID via
$this->getId(), potentially saving us a database lookup.
Change-Id: Ifa3b96956a1d66d3e877573ff01970758fad8790
* This adds a wgActivityUpdatesUseJobQueue setting, which lets
these updates work via the job queue, rather than direct DB
master updates.
Bug: T91284
Change-Id: Ie60e20162fd833e64d81763a6aa1dc3faf2162f3
* This should avoid duplicate logging events on races or when
the cache fails to update.
* Also added getDBTouched() method to get user_touched itself.
Bug: T48834
Change-Id: Ib2cd0a2c72629fa4e13dcff4d2d6fbac8e690b32
You can add tags at the same time as performing action=edit, as long as you
have the "applychangetags" right. Also, you can add or remove tags after
the fact from revisions and log entries using the API action=tags.
No UI is provided for either of these changes. The target audience is user
scripts, gadgets and similar tools.
Includes a new log parameter format type: "list", for a comma-separated
list of values.
Logging of change tag events is limited to those that do not accompany an
edit (i.e. those done after the fact), and is hidden from Special:Log by
default, similar to the patrol log.
Bug: T20670
Change-Id: I37275e0f73fa3127f55da0c320b892551b61ee80
* This method is used for clearing the User cache as well
as bumping the value of getTouched() for HTTP 304 logic.
These do not need to do the actual user_touched update.
* This also avoids problems with setting mTouched but
deferring the update. That confused the CAS update
logic since it expects mTouched to be in the DB.
Change-Id: I96b30f5c9c8b4714e6663b187f741954a13312cf
