(quote): Not only is this intensive to compute (and could be an
attack vector). See also: T323125.
Bug: T323126
Change-Id: I404630ea9d580bce91d7c58f73391ce6b672178c
d70fbfc691 introduced a new helper
function to Rest handlers that prevent caching the response if it sets
any cookies. However, responses to requests where a cookie-based session
(anonymous user with session cookies or logged-in user) are not safe to
cache at all because the session manager may itself attempt to set
cookies on the response outside of the Rest framework, and the response
contents themselves may depend on user-specific invariants, such as the
user's permissions if the current wiki is private (i.e. restricts the
'read' permission to a subset of user groups). We currently rely on
HeaderCallback to fix the first case for us, and don't cover the second
case, so fix it by explicitly sending Cache-Control: private for Rest
responses for requests with an active cookie-based session.
Bug: T264631
Bug: T285210
Change-Id: I9dec6d4accd5de2bd1bde352d45f82c433913d54
* Illegal string offset and invalid argument supplied to foreach, due to incorrect type information
* Array internal pointer reset is unnecessary
* $hookData unused since MW 1.35 due to incomplete revert
* array_push() with single element
* Unnecessary sprintf()
* for loop can be replaced with str_repeat()
* preg_replace() can be replaced with rtrim()
* array_values() call is redundant
* Unnecessary cast to string
* Unnecessary ternary. Often the result relies on short-circuit evaluation, but I find it more readable nonetheless.
Change-Id: I4c45bdb59b51b243fa96286bec8b58deb097d707
Just methods where adding "static" to the declaration was enough, I
didn't do anything with providers that used $this.
Initially by search and replace. There were many mistakes which I
found mostly by running the PHPStorm inspection which searches for
$this usage in a static method. Later I used the PHPStorm "make static"
action which avoids the more obvious mistakes.
Bug: T332865
Change-Id: I47ed6692945607dfa5c139d42edbd934fa4f3a36
The current signature of the various execute methods only takes a
boolean parameter to determine if the session should be safe against
CSRF, but that does not give callers fine-grained control over the
Session object, including setting a specific token.
Also, do not use createNoOpMock in getSession(), since it implies
strong assertions on what methods are called. This way, getSession
can also be used to get a simple mock session that tests may further
manipulate.
Make $csrfSafe parameter of SessionHelperTestTrait::getSession
mandatory. This way, callers are forced to think what makes sense in
each use case. The various methods in HandlerTestTrait now default to
a session that is safe against CSRF. This assumes that most REST
handlers don't care about the session, and that any handler that does
care about the session and where someone needs to test the behaviour
in case of bad/missing token will explicitly provide a Session that
is NOT safe against CSRF.
Typehint the return value of Session(Backend)::getUser so that PHPUnit
will automatically make it return a mock User object even if the method
is not explicitly mocked. Remove a useless PHPUnit assertion -- setting
the return value to be X and then veryfing that is equal to X is a
tautology, and can only fail if the test itself is flawed (as was the
case, since it was using stdClass as the return type for all
methods). Remove the getUser test case altogether, there's no way to
make it work given the DummySessionBackend, and the test isn't that
helpful anyway. More and more methods will have the same issue as soon
as their return value is typehinted.
Follow-up: I2a9215bf909b83564247ded95ecdb4ead0615150
Change-Id: Ic51dc3e7bf47c81f2ac4705308bb9ecd8275bbaf
Mixing Handlers with Helpers doesn't look nice for consistency
reasons. Helpers should be in their own place (grouped) in the
Handlers directory as they're really "helpers for the handlers".
Change-Id: Ieeb7a0a706a4cb38778f312bfbfe781a1f366d14
This is a modified version of Ie282bc5b5f5df0bbd6a40c8362ba73fcbbf36c2e
which was reverted in 5c7cca8776.
Bug: T321969
Change-Id: I566d54a473aa51c4cdaada21a49d63c0624aab93
The motivation is to restore parsoid support for the content models
defined in the Proofread extension.
Bug: T246403
Change-Id: I33d269e42fede28139f7c923504326a77d11ee13
This introduces an interface HtmlOutputHelper that is implemented
by both HtmlMessageOutputHelper or HtmlOutputRendererHelper based
on the page we're dealing with.
Bug: T323558
Change-Id: I1fb8dcc5cc05ce3f32f3c1862b88045f1c8e612b
This reverts commit d32c260ed0.
Reason for revert: Timo has reservations, I'll submit an updated version later.
Change-Id: I71d4d61a879fda4dccfc105127446cfedde75a7b
* Share logic previously implemented for html/with formats through
a trait class
* source/bare formats doesn't execute a temporary redirect. the
JSON body will contain a key "redirect_target" instead if a wiki
redirect is found
* Introduce PageRedirectHandlerTest to test redirect logic shared
between multiple handlers
* Move Handler instatiation to HandlerTestTrait
* Update api-testing tests in Update.js
Change-Id: Id66e33e19adabdb3c9621eaea4a5d441f23edafd
Otherwise the mocked getLangCode() method returns null, which is not
allowed any more in PHP 8.1.
Bug: T289926
Required-For: I7e026cca216aba24ee5d5662b6fca322b3cec9ae
Change-Id: I178def7f03a44f6b49cdb461d9ab340e1c89517f
This adds applyCacheControl() to the Handler base class.
REST handlers can override this method to apply cache control to the
response.
Change-Id: Ib31b91a0048dbc57fbcadfec6533e672c1567509
* DeprecatedHooksTest: Don't use assertContains().
* Replace uses of deprecated asserts:
- assertFileNotExists() -> assertFileDoesNotExist()
* Update hierarchy of MediaWikiPHPUnitResultPrinter, since ResultPrinter
is an interface in PHPUnit 9.
* Remove temporary forward-compat methods.
* Remove directories that don't exist from tests/phpunit/suite.xml, since
they now make PHPUnit exit:
- tests/phpunit/skins, it used to have SideBarTest, then moved to
tests/phpunit/includes/skins
- tests/phpunit/documentation, it used to have ReleaseNotesTest, then
moved to tests/phpunit/unit/documentation
* Update configuration with --migrate-configuration and reformat.
* Avoid redefining getMockBuilder() in
ActionModuleBasedHandlerTestTrait, use a @method annotation instead.
* In RCCacheEntryFactoryTest, avoid using internal PHPUnit logic for
HTML validation, and use native PHP methods instead. The code was
copied from Xml::load (moved to \Xml\Loader::load in PHPUnit 9) and
simplified for this use case.
Bug: T243600
Bug: T262076
Change-Id: I851b9158b73d0cfc315eed9d63b15c54b05895e3
What was previously a REST API-only feature (the thumbnails
hook allowing for thumbnails for non-file pages via the
PageImages extension) is now also being adopted in the main
search page.
That hook will now be called with NS_FILE result thumbnails
pre-filled, which was not the case previously. PageImages
essentially duplicated NS_FILE thumbnail logic that was
already present in Special:Search, so that can (and will
in a follow-up patch) then be removed there. Special:Search
will then simply take whatever is produced from the provider
(which will include both NS_FILE thumbs - which it handled
already - as well as whatever else it receives from the hook),
as will the REST API (which already received both)
Since thumbnails can now come in for multiple namespaces &
having some of those results with & others without a thumbnail
can be quite jarring, it was decided that we'd display
placeholder images (for certain namespaces). This is now
controlled by $wgThumbnailNamespaces.
I also split up a few things in FullSearchResultWidget::
generateFileHtml for more clarity.
Meanwhile also updated mediawiki.special.search.styles.less
to use variables for known colors.
Also implemented a 'transform' (required for testing this
change properly) and 'getDisplayWidthHeight' (it became
needed after implementing transform) callback function for
mock Files, and updated some existing tests in response to
these changes.
And some more Rest test files have been updated to allow
passing around a HookContainer instead of only an array of
hooks (from which a new HookContainer would then be created)
to allow the same container to be used across all relevant
objects, who may have it injected as dependency.
Bug: T306883
Change-Id: I2a679b51758020d3e822da01a1bde1ae632b0b0a
When creating ServiceOptions objects or fake HashConfigs use the
constant to refer the config name
Change-Id: I59a29f25b76e896c07e82156c6cc4494f98e64cc
Cast values to string. This seems to be consistent with what
Router::substPathParams does, and also would be consistent with
the pre php-8.1 behaviour.
Bug: T313663
Change-Id: I631478101b7a679efa7bb897c6c2bb5d51d6281b
Besides being used for caching of the responses of GET requests,
the ETag and Last-Modified headers can be used with PUT and POST
requests to control the conditional execution of requests using
the If-Match and If-Unmodified-Since headers.
For that reason it is important to distinguish between the ETag and
modification date of a resource at the time a request is received
(before the resource is modified), and at the time the response is
being sent (after the resource has been modified). The before-state
is used to check conditionals, while the after-state can be sent back
to the client in the response.
For a GET request, it is reasonable to re-use the ETag and Last-Modified
values that were used to check conditionals in the response.
For PUT and POST, that would generally be wrong, since the resource has
since changed.
Bug: T311819
Change-Id: I1a09b0ef35ae2365e0b261fb5295003aec1f5b17
All revision related classes are namespaced MediaWiki\Revision
instead of MediaWiki\Storage since 1.32. The old namespaced
class names are deprecated and only kept for backwards-compatibility.
Bug: T305784
Change-Id: I34e492d84d9fc4bc78481667202716d93b3c43cb
Only check if "real" pages are redirects,
since our RedirectLookup::getRedirectTarget()
does not allow passing in a non-real (e.g.
special page) for redirect lookup.
Bug: T301346, T303352
Change-Id: Icd1fd980bb98f7271b26048b6901927b35549820
This adds full integration tests for extension registration, ensuring
that ExtensionProcessor and ExtensionRegistry work together as expected.
The existing tests for ExtensionProcessor and ExtensionRegistry are
converted to "pure" unit tests.
This change is intended to protect against bugs while refactoring
ExtensionProcessor and ExtensionRegistry to better integrate with the
new SettingsBuilder class.
Bug: T297166
Change-Id: I2d9cc373b8a4aa014aef93b0a8e8d83758851783
Add a field to the response object of the REST
endpoint /search/page to display the title of the page
that the given page is a redirect to, or null if
the page is not a redirect.
Bug: T296671
Change-Id: I6673d50e8eae822455972403c82ec33e6ffce5dd
Previously, when a user with correct permissions uses completion search on a
private wiki, the results are returned and cached. Since we are on a private wiki,
we don't want to cache results since the content is not accessible to all users.
Now, content that is not accessible to all users will not be cached.
This patch achieves this by setting the appropriate Cache-Control response headers
for the MW REST Search endpoint.
Bug: T292763
Change-Id: I693b4088df9c0520d5238c286312ec52ab273604
Before MovePageTest was skipped if the move was valid,
claiming we can't test actual moves. Now we can.
Additionally, use MediaTestTrait for file and repo
mocking.
Change-Id: Ie8a1edbdb2f22432919f03a60c2dacc5d4528615
Allows us to reduce direct mocking in individual tests, or relying
on MediaWikiServices, by having a reusable service instead that
can be used in unit tests.
Make use of it in a few places.
This dummy service is also less coupled to individual tests;
in the rest handler tests, replacing mocks that report that
only a specific string is an ip address with the actual implementation
that accepts other ip address, and in BlockUtilsTest use
an actually invalid user name instead of making the mock
UserNameUtils complain about a perfectly valid name.
Change-Id: Iaa3195002ac4ae7e0c9c58ed57c80c02762d4070
