* Add the $wgExtendedLoginCookies configuration variable, which defines
the set of login cookies that can have their lifetime configured
independently
* Add the $wgExtendedLoginCookieExpiration configuration variable, which
dictates when the extended lifetime login cookies expire
* Default $wgExtendedLoginCookieExpiration to null so that the current
behaviour is unaffected
Bug: T68699
Change-Id: I0cc24524e4d7d9d1d21c9fa8a28c7c76b677b96c
* By default, users will load from the slave unless
the thread did a recent DB write. This is to handle
changes within a request.
* ChronologyProtector should avoid staleness in common
cases, and the CAS check on user_touched is a final
barrier to block stale user object updates.
* Note that passwords are not cached, so they hit the
DB when ever needed. Passwords now load from slaves
when possible, instead of the master.
* This should get the code closer to handling user
login and logged in users when the master is down.
* Fixed loadFromId() when READ_LOCKING is used.
* Also addressed TODO comment in load().
Bug: T92357
Change-Id: I0a8bdab720c19fe3fc2381799ae2e90ff09bb4cf
Make password policies defined in a configurable policy, which is
defined by group. A user's password policy will be the maximum of
each group policy that the user belongs to.
Bug: T94774
Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
Rather than call $this->load() unconditionally, get just the ID via
$this->getId(), potentially saving us a database lookup.
Change-Id: Ifa3b96956a1d66d3e877573ff01970758fad8790
* This adds a wgActivityUpdatesUseJobQueue setting, which lets
these updates work via the job queue, rather than direct DB
master updates.
Bug: T91284
Change-Id: Ie60e20162fd833e64d81763a6aa1dc3faf2162f3
* This should avoid duplicate logging events on races or when
the cache fails to update.
* Also added getDBTouched() method to get user_touched itself.
Bug: T48834
Change-Id: Ib2cd0a2c72629fa4e13dcff4d2d6fbac8e690b32
You can add tags at the same time as performing action=edit, as long as you
have the "applychangetags" right. Also, you can add or remove tags after
the fact from revisions and log entries using the API action=tags.
No UI is provided for either of these changes. The target audience is user
scripts, gadgets and similar tools.
Includes a new log parameter format type: "list", for a comma-separated
list of values.
Logging of change tag events is limited to those that do not accompany an
edit (i.e. those done after the fact), and is hidden from Special:Log by
default, similar to the patrol log.
Bug: T20670
Change-Id: I37275e0f73fa3127f55da0c320b892551b61ee80
* This method is used for clearing the User cache as well
as bumping the value of getTouched() for HTTP 304 logic.
These do not need to do the actual user_touched update.
* This also avoids problems with setting mTouched but
deferring the update. That confused the CAS update
logic since it expects mTouched to be in the DB.
Change-Id: I96b30f5c9c8b4714e6663b187f741954a13312cf
* This does not handle race conditions, but is a prelude to using CAS
style logic on save using the timestamp.
Change-Id: I9c31c272fcf77b686764b7c3a6a32ac29576347c
* Ideally saveSettings() would not just silently do nothing in
read-only mode as not all callers expect that behavior. This
change is just the first step.
Change-Id: Ieeaf531dac3027ddba89c60159b98f9c04de78d3
Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.
Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.
Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
* Warn when saving slave-loaded data in saveSettings()
* Respect the loading $flags for preferences/groups
* Fixed use of flags in addToDatabase()
* Made loadFromCache() protected to make this mess easier
to reason about (no callers found)
* Added some doc comments
Bug: T92232
Change-Id: Ic1dd66063cc2f98fc03861df1c523981f846a0be
* The loading logic is complex enough without more possible
entry points to cover
* No outside callers found
Change-Id: I7e9bace35afb0a540993423cf1da98381a516ac5
