My dev wiki has some settings for these globals,
which results in broken test
1) UserTest::testGetEffectiveGroups
Failed asserting that two arrays are equal.
--- Expected
+++ Actual
@@ @@
Array (
- 0 => 'autoconfirmed'
- 1 => '*'
- 2 => 'user'
+ 0 => '*'
+ 1 => 'user'
)
Change-Id: Id062c92aefdf9381d7575ece95124d62ec315aa4
User objects are apparently serialized somewhere, removing
the trait until this gets fixed.
Remove UserTest::testSerialization_fails to
allow this change for now.
Bug: T264363
Change-Id: Id804755653452dc94184e5e481efcac3053e6535
The NonSerializableTrait prevents object serialization via php's native
serialization mechanism. Most objects are not safe to serialize, and
NonSerializableTrait provides a covenient and uniform way to protect
against serialization attempts.
This patch applies the NonSerializableTrait to some key classes in
MediaWiki.
Bug: T187731
Bug: T259181
Change-Id: I0c3b558d97e3415413bbaa3d98f6ebd5312c4a67
Without this, a user created from an invalid user ID would end up
representing the current requests IP address, which may lead to
confusion. Using the reserved name "Unknown user" seems safer.
Change-Id: Icbfe7c3a561ac927713b610ac9a0b5e6b88bf2f0
Following 23c3c70d7f, soft deprecate the static methods on
DatabaseBlock that have been moved to DatabaseBlockStore:
* ::insert
* ::delete
* ::update
* ::purgeExpired
Update calls to the deprecated methods from core.
Change-Id: I1272eb978594fd4f386bda12cbc24131ad7d882f
This makes User::pingLimiter() include the expiry time in the payload of
the cache key that holds the current count. This allows us to ignore
stale counts.
Until now, we have been relying on the cache implementation to expire
the relevant keys in time. This however seems to fail sometimes.
Bug: T246991
Change-Id: Ifa3c558b4449f1ca133d0064781f26ac1bf59425
It's not the WatchedItemStore that throws this exception, but
really the methods in the User class that implement this behavior.
Hence it needs to be tested in UserTest. And documented. That was
missing before.
This patch also replaces some Title::newFromText with slightly faster
Title::makeTitle, if possible.
Change-Id: Id930a547329145c0703b4c97773a49fd78dd6332
"user" style rate limits can't be cross-site, since they are based on
the user ID. "user-global" uses CentralIdLookup to allow cross-wiki
rate limits.
Bug: T251661
Change-Id: Id680b96be2ea81d29447c4c1abafc8f98a339626
The name change happened some time ago, and I think its
about time to start using the name name!
(Done with a find and replace)
My personal motivation for doing this is that I have started
trying out vscode as an IDE for mediawiki development, and
right now it doesn't appear to handle php aliases very well
or at all.
Change-Id: I412235d91ae26e4c1c6a62e0dbb7e7cf3c5ed4a6
Add $wgForceHTTPS. When set to true:
* It makes the HTTP to HTTPS redirect unconditional and suppresses the
forceHTTPS cookie.
* It makes session cookies be secure.
* In the Action API, it triggers the existing deprecation warning and
avoids more expensive user/session checks.
* In login and signup, it suppresses the old hidden form fields for
protocol switching.
* It hides the prefershttps user preference.
Other changes:
* Factor out the HTTPS redirect in MediaWiki::main() into
maybeDoHttpsRedirect() and shouldDoHttpRedirect(). Improve
documentation.
* User::requiresHTTPS() reflects $wgForceHTTPS whereas the Session
concept of "force HTTPS" does not. The documentation of
User::requiresHTTPS() says that it includes configuration, and
retaining this definition was beneficial for some callers. Whereas
Session::shouldForceHTTPS() was used fairly narrowly as the value
of the forceHTTPS cookie, and injecting configuration into it is not
so easy or beneficial, so I left it as it was, except for clarifying
the documentation.
* Deprecate the following hooks: BeforeHttpsRedirect, UserRequiresHTTPS,
CanIPUseHTTPS. No known extension uses them, and they're not compatible
with the long-term goal of ending support for mixed-protocol wikis.
BeforeHttpsRedirect was documented as unstable from its inception.
CanIPUseHTTPS was a WMF config hack now superseded by GFOC's SNI
sniffing.
* For tests which failed with $wgForceHTTPS=true, I mostly split the
tests, testing each configuration value separately.
* Add ArrayUtils::cartesianProduct() as a helper for generating
combinations of boolean options in the session tests.
Bug: T256095
Change-Id: Iefb5ba55af35350dfc7c050f9fb8f4e8a79751cb
Uses User::getNewMessageLinks, which uses Revision objects
Only caller updated to use a new private method
Bug: T253949
Change-Id: I04c0558916e7216540dd7bd12a2a391a1ed7660a
Introduce a UserGroupManagerFactory and UserGroupManager.
The factory utilizes the same pattern as RevisionStore
for access to user groups of a foreign wiki.
Some user group related methods were ported from User
and UserGroupMembership and deprecated, more methods to
be moved over in future patches, not to make this one to large.
Eventually as all the group-related methods are moved and their
usages are replaced, the need for the UserRightsProxy will disappear,
thus it also will be deprecated and removed. Currently for backwards
compatibility, I've had to create artificial UserIdentityValue
objects in some of the deprecated methods to avoid making transitional
temporary methods in the UserGroupManager that would take user ID
instead of the UserIdentity. All of this will go away once migration
to UserGroupManager is completed.
Bug: T234921
Change-Id: If29c6a03dfdbb80b2e846243f7e384b334da9f07
The new HookContainer.php introduces a scopedRegister() method for
temporarily setting hooks. Let's use that in MediaWikiUnitTestCase
and MediaWikiIntegrationTestCase instead of directly accessing
global $wgHooks to do so.
Also introduces setTemporaryHook() and removeTemporaryHook()
methods in MWIntegrationTestCase for easily adding/removing of
temporary hooks.
Bug: T250300
Change-Id: I8cefd41b66f882c53646b76de76c51f0d8730f72
UserTest::testGetNewMessageLinks was sometimes failing under postgres,
when the two revisions got the same timestamp. The reason for this is
that User::getNewMessageLinks() is based on
TalkPageNotificationManager::getLatestSeenMessageTimestamp(). To
reliably test the behavior of User::getNewMessageLinks(), we need to
operate on revisions with distinct timestamps.
Change-Id: I701983c3b241a70167a6bf212c41a6571b9b0f62
In mysql the user_id and user_ip fields are not nullable,
but include a default 0 and '', however in Postgress the default
was not set, while user_id was set to not nullable. In the
code that uses this table, we set either user_id or user_ip
depending on whether the user is anon or registered. Thus both
fields should either be nullable, or contain a default.
Given that mysql has defaults set, I've opted for bringing
Postgress closer to what mysql does.
This was always broken and was discovered by adding new tests
for this functionality.
Bug: T239640
Change-Id: I75bf469a30225687a4b0cb550a4068cb07208c01
This converts user options management to a separate
service for use in DI context.
User options are accessed quite early on in installation
process and full-on options management depends on the
database. Prior we have protected from accessing the DB
by setting a hacky $wgUser with 0 id, and relying on the
implementation that it doesn't go into the database to
get the default user options. Now we can't really do that
since DBLoadBalancer is required to instantiate the options
manager. Instead, we redefine the options manager with
a DefaultOptionsManager, that only provides access to
default options and doesn't require DB access.
UserOptionsManager uses PreferencesFactory, however
injecting it will produce a cyclic dependency. The problem
is that we separate options to different kinds, which are
inferred from the PreferencesFactory declaration for those
options (e.g. if it's a radio button in the UI declaration,
the option is of multiselect kind). This is plain wrong,
the dependency should be wise versa. This will be addressed
separately, since it's requires larger refactoring. For now
the PreferencesFactory is obtained on demand. This will be
addressed in a followup.
Bug: T248527
Change-Id: I74917c5eaec184d188911a319895b941ed55ee87
The code is appropriately logging when it encounters a database
'Duplicate entry' error. However, the CI interprets that as
an actual exception being thrown. Setting the logger to null
allows the CI to complete.
Bug: T248195
Change-Id: I6419fdb7a6ae54478da1236a3c14b491ade65022
This replaces User::isValidUserName, ::isUsableName, ::isCreatableName,
::getCanonicalName, and ::isIP.
Unlike User::isIP, UserNameUtils::isIP will //not// return true
for IPv6 ranges.
UserNameUtils::isIPRange, like User::isIPRange, accepts a name and
simply calls IPUtils::isValidRange.
User::isValidUserName, ::isUsableName, ::isCreatableName,
::getCanonical, ::isIP, and ::isValidRange are all soft deprecated
A follow up patch will add this to the release notes, to avoid merge
conflicts.
Bug: T245231
Bug: T239527
Change-Id: I46684bc492bb74b728ff102971f6cdd4d746a50a
This should be the exact same. Its more a style change than anything.
So why do it then?
* I believe this is much less confusing than code mentioning a weird
"standard class". Barely anybody knows what this is, and what the
difference between "object" and "stdClass" is.
* The code is shorter.
* It's even faster. In my micro benchmark it's twice as fast.
Change-Id: I7ee0e8ae6d9264a89b6cd1dd861f0466ae620ccc
* Make use of assertGreaterThan() where possible.
* Use the more trivial assertSame() for arrays with only 0 or 1
elements.
* Flip a few assertions where the expected and actual value have been
flipped.
* Remove some unused function arguments.
Change-Id: I1d3b5dd55736931fa484065a4aa8d7e336980682
Similar to checkPasswordCannotMatchUsername, MediaWiki should ensure
that users are unable to accidentally create or edit their username
to include their password as a substring of said username.
Bug: T241845
Change-Id: I437e91a5b83a792c5ad31e291915491bbb382dfa
