1) The following methods were hard deprecated:
- User::addAutopromoteOnceGroups
- User::getEffectiveGroups
- User::getAutomaticGroups
- User::getFormerGroups
2) User ::getGroups, ::getGroupMemberships, ::addGroup,
::removeGroup were replaced in the production code,
but they were not hard deprecated because of conflict
with UserRightsProxy class.
Bug: T275148
Change-Id: Ia69598316f5dc5dd9511f6112b5b13e1aa07575a
Currently both email and real name are documented as
non-nullable, but it seems there's code that breaks
this contract. Try stricter type checks.
Depends-On: Ie8fa1e7881e1b016dccdc9097a1763a07cc140b9
Depends-On: Id3bf35fe56c459597ed6a602bdf6ca4860271f6e
Change-Id: I2f4b7b3500a2b25f7d5cf25147f65ad412d61955
Refactor the database setup code to share more code between
ParserTestRunner and MediaWikiIntegrationTestCase. Made
`::setupAllTestDBs` static so it can be reused from
ParserTestRunner.
Made ParserTestRunner::addArticle more like
MediaWikiIntegrationTestCase::addCoreDBData(). Some additional
refactoring work could be done here in the future to share more code.
After the refactoring the ParserTestTables hook is no longer necessary
and so has been (soft) deprecated. MediaWikiIntegrationTestCase
clones all database tables, so ParserTestRunner no longer needs to ask
extensions for a list of specific tables it should clone. Cleaning up
the handful of extensions which define this hook will be left to a
future patch set.
Change-Id: I5124789fac333a664b73b4b4a1e801ecc0a618ca
The name change happened some time ago, and I think its
about time to start using the name name!
(Done with a find and replace)
My personal motivation for doing this is that I have started
trying out vscode as an IDE for mediawiki development, and
right now it doesn't appear to handle php aliases very well
or at all.
Change-Id: I412235d91ae26e4c1c6a62e0dbb7e7cf3c5ed4a6
So far, our key derivation code assumed that it has control over
the salt used by the derivation routines, however I want to add Argon2
support and it doesn't work this way: password_hash() generates the
salt itself, and the only way to verify a password is by using
password_verify(). Current way the things are done doesn't support it
because it relies on the result of password hashing with parameters we
provide to be deterministic.
Therefore, I'm deprecating Password::equals(), as well as whole concept
of comparing Password objects - it's used only in tests anyway. It's
getting replaced with verify() that only accepts password strings.
Uses of old function are fixed with exception of a few calls in tests
that will be addressed in my Argon2 patch.
Change-Id: I2b2be9a422ee0f773490eac316ad81505c3f8571
Instead of having basically every caller do:
$pf = new PasswordFactory();
$pf->init( RequestContext::getMain()->getConfig() );
Just create a single PasswordFactory via MediaWikiServices and pass that
around. Things that want to use their own config can still pass settings
via the new constructor.
This will eventually let us remove the init() function, removing the
only hard dependency upon MediaWiki, to make it easier to librarize
(T89742).
Change-Id: I0fc7520dc023b11a7fa66083eff7b88ebfe49c7b
During testing, we are not worried about data loss, so we can safely
bypass the CAS check when setting up a test fixture.
This change was added to address sporadic test failures like the following:
18:03:38 1) ApiEchoMarkReadTest::testMarkReadWithList
18:03:38 MWException: CAS update failed on user_touched for user ID '2' (read from slave); the version of the user to be saved is older than the current version.
18:03:38
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/includes/user/User.php:3931
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/includes/TestUser.php:83
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/includes/api/ApiTestCase.php:30
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/extensions/Echo/tests/phpunit/api/ApiEchoMarkReadTest.php:11
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/MediaWikiTestCase.php:370
Bug: T131178
Change-Id: I99b43e0db85bc2c1cd335c82971df4e95520d34b
I423f09f added this call in an attempt to speed things up. However,
User::checkPassword() was deprecated in I2c736ad7, and the call causes
some tests to fail when $wgDisableAuthManager is false.
Since this is trying to determine whether the user_password column in
the user table needs updating for the unit test, let's test that
directly instead of the much-more-complicated User::checkPassword().
Change-Id: I410de706f9074edea3f3988769a3e99231d8dca3
* Speed up password generation and verification by setting MWOldPassword as the
default password type. Do this once, in MediaWikiTestCase::makeTestConfig(),
rather than in five different places.
* Rename '$pwhash' to '$passwordHash', for consistency. It's ugly to have both
'$passwordFactory' and '$pwhash' in the same scope.
* Make TestUser::setPasswordForUser() check first whether the desired password
is already set. This is actually the common case, since the password is reset
in the setup code for every test, but only a few tests actually change the
password.
Change-Id: I423f09ff7472b6cbde21cb709ea7c7ef9e298f18
AuthManager is coming, which will make it easier to add alternative
methods of authentication. But in order to do that, we need to finally
get around to ripping the password-related bits out of the User class.
The password expiration handling isn't used anywhere in core or
extensions in Gerrit beyond testing for expired passwords on login and
resetting the expiry date on password change. Those bits have been
inlined and the functions removed; AuthManager will allow each
"authentication provider" to handle its own password expiration.
The methods for fetching passwords, including the fact that mPassword
and other fields are public, has also been removed. This is already
broken in combination with basically any extension that messes with
authentication, and the major use outside of that was in creating
system users like MassMessage's "MediaWiki message delivery" user.
Password setting methods are silently deprecated, since most of the
replacements won't be available until AuthManager. But uses in unit
testing can be replaced with TestUser::setPasswordForUser() immediately.
User::randomPassword() and User::getPasswordFactory() don't really
belong in User either. For the former a new PasswordFactory method has
been created, while the latter should just be replaced by the two lines
to create a PasswordFactory via its constructor.
Bug: T47716
Change-Id: I2c736ad72d946fa9b859e6cd335fa58aececc0d5
- Changed spaces to tabs for indentation
- space after 'function'/'if'
- Added/Removed space after parenthesis/brackets/end of line
- Removed space after cast
Change-Id: I0e8e6a19b84b5e1308b632a0266cb78f688494ee
I noticed MWOldPassword is broken while working on
I7024b287a7. When generating new passwords for it,
a superfluous : is being added to the serialized hash
within the database (and that breaks parsing so that
people can't ever log in).
As this is not really relevant in the real world (as
nobody is hopefully using plain MD5 passwords anymore),
this doesn't need any backward compatibility handling
for the broken hashes.
Change-Id: I753c135a6de39008488bd7462c2bfcda2cbac116
By only updating the user row in the database, if needed
and by making use of md5 for passwords instead of slower
hashing.
This cut down run time of some Wikibase API tests to 20%
of the original value for me!
Also it reduces the run time of MediaWiki's test suite
by about 45s on jenkins.
Change-Id: I7024b287a71fe9b327dbcdc5427cd8edb5047606
This also, as a side effect, makes sure we no longer
use hash_ functions here, which will reduce the impact of
https://github.com/facebook/hhvm/issues/3740 on us.
Change-Id: I6e0c776ef9aafe490b24b6869037bb5cb05cd151
There's no need for TestUser to remove all groups only to add some back
on. We should be able to speed things up (see bug 43762) by only
removing the groups that aren't wanted and only adding the ones that
aren't already possessed.
Change-Id: I50dd9b117a8a21c8a6170520b3bbf98e3030ae47
