Instead of having basically every caller do:
$pf = new PasswordFactory();
$pf->init( RequestContext::getMain()->getConfig() );
Just create a single PasswordFactory via MediaWikiServices and pass that
around. Things that want to use their own config can still pass settings
via the new constructor.
This will eventually let us remove the init() function, removing the
only hard dependency upon MediaWiki, to make it easier to librarize
(T89742).
Change-Id: I0fc7520dc023b11a7fa66083eff7b88ebfe49c7b
During testing, we are not worried about data loss, so we can safely
bypass the CAS check when setting up a test fixture.
This change was added to address sporadic test failures like the following:
18:03:38 1) ApiEchoMarkReadTest::testMarkReadWithList
18:03:38 MWException: CAS update failed on user_touched for user ID '2' (read from slave); the version of the user to be saved is older than the current version.
18:03:38
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/includes/user/User.php:3931
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/includes/TestUser.php:83
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/includes/api/ApiTestCase.php:30
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/extensions/Echo/tests/phpunit/api/ApiEchoMarkReadTest.php:11
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/MediaWikiTestCase.php:370
Bug: T131178
Change-Id: I99b43e0db85bc2c1cd335c82971df4e95520d34b
I423f09f added this call in an attempt to speed things up. However,
User::checkPassword() was deprecated in I2c736ad7, and the call causes
some tests to fail when $wgDisableAuthManager is false.
Since this is trying to determine whether the user_password column in
the user table needs updating for the unit test, let's test that
directly instead of the much-more-complicated User::checkPassword().
Change-Id: I410de706f9074edea3f3988769a3e99231d8dca3
* Speed up password generation and verification by setting MWOldPassword as the
default password type. Do this once, in MediaWikiTestCase::makeTestConfig(),
rather than in five different places.
* Rename '$pwhash' to '$passwordHash', for consistency. It's ugly to have both
'$passwordFactory' and '$pwhash' in the same scope.
* Make TestUser::setPasswordForUser() check first whether the desired password
is already set. This is actually the common case, since the password is reset
in the setup code for every test, but only a few tests actually change the
password.
Change-Id: I423f09ff7472b6cbde21cb709ea7c7ef9e298f18
AuthManager is coming, which will make it easier to add alternative
methods of authentication. But in order to do that, we need to finally
get around to ripping the password-related bits out of the User class.
The password expiration handling isn't used anywhere in core or
extensions in Gerrit beyond testing for expired passwords on login and
resetting the expiry date on password change. Those bits have been
inlined and the functions removed; AuthManager will allow each
"authentication provider" to handle its own password expiration.
The methods for fetching passwords, including the fact that mPassword
and other fields are public, has also been removed. This is already
broken in combination with basically any extension that messes with
authentication, and the major use outside of that was in creating
system users like MassMessage's "MediaWiki message delivery" user.
Password setting methods are silently deprecated, since most of the
replacements won't be available until AuthManager. But uses in unit
testing can be replaced with TestUser::setPasswordForUser() immediately.
User::randomPassword() and User::getPasswordFactory() don't really
belong in User either. For the former a new PasswordFactory method has
been created, while the latter should just be replaced by the two lines
to create a PasswordFactory via its constructor.
Bug: T47716
Change-Id: I2c736ad72d946fa9b859e6cd335fa58aececc0d5
- Changed spaces to tabs for indentation
- space after 'function'/'if'
- Added/Removed space after parenthesis/brackets/end of line
- Removed space after cast
Change-Id: I0e8e6a19b84b5e1308b632a0266cb78f688494ee
I noticed MWOldPassword is broken while working on
I7024b287a7. When generating new passwords for it,
a superfluous : is being added to the serialized hash
within the database (and that breaks parsing so that
people can't ever log in).
As this is not really relevant in the real world (as
nobody is hopefully using plain MD5 passwords anymore),
this doesn't need any backward compatibility handling
for the broken hashes.
Change-Id: I753c135a6de39008488bd7462c2bfcda2cbac116
By only updating the user row in the database, if needed
and by making use of md5 for passwords instead of slower
hashing.
This cut down run time of some Wikibase API tests to 20%
of the original value for me!
Also it reduces the run time of MediaWiki's test suite
by about 45s on jenkins.
Change-Id: I7024b287a71fe9b327dbcdc5427cd8edb5047606
This also, as a side effect, makes sure we no longer
use hash_ functions here, which will reduce the impact of
https://github.com/facebook/hhvm/issues/3740 on us.
Change-Id: I6e0c776ef9aafe490b24b6869037bb5cb05cd151
There's no need for TestUser to remove all groups only to add some back
on. We should be able to speed things up (see bug 43762) by only
removing the groups that aren't wanted and only adding the ones that
aren't already possessed.
Change-Id: I50dd9b117a8a21c8a6170520b3bbf98e3030ae47
