Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/editpage/IEditObject.php
Dreamy Jazz 3b3f1d7851 Handle collisions from SerialProvider::acquireIndex 
Why:
* When using the TempUserCreator::create or ::acquireAndStashName to
  get temporary account when the chosen username already existed, that
  temporary account is treated as if it doesn't exist. This causes
  confusing "userexists" errors and also causes the user to be logged
  into an already existing temporary account.
* Furthermore, because the user existence check in AuthManager::auto
  CreateUser only checks the local wiki, if an existing temporary
  account exists globally but not on the local wiki then the code
  sign a new user into an existing temporary account.
* This is very bad behaviour, though shouldn't happen unless the
  serialMapping configuration uses a SerialMapping class that could
  provide duplicates and/or the configuration has been changed to
  use a different SerialMapping class.
* There is a need to change the SerialMapping class in use to a
  different class, which means that the code will attempt to use
  temporary account usernames which already exist.
* As such, the code that is generating the temporary account usernames
  based on the SerialMapping and SerialProvider should be aware that
  it may produce an already existing temporary account username, even
  if the SerialMapping class being used is asserted to never provide
  duplicates.
* Therefore, the code that generates temporary account usernames
  should always attempt to verify that a automatically generated
  temporary account name does not already exist on the wiki.

What:
* Update TempUserCreator::acquireName to check to see if the username
  it generates already exists centrally using the CentralIdLookup.
  If it does, then the method returns null. Otherwise, the username
  that hasn't been used yet is returned.
* Create the private method TempUserCreator::attemptAutoCreate that
  attempts an autocreate for a temporary account name, and optionally
  logs the account in.
* Update TempUserCreator::create to use ::attemptAutoCreate to
  first to check if the account can be created and then again once
  the account is created to actually login to that temporary account.
  This is done to prevent logins to existing temporary accounts on
  the local wiki. The second call to actually perform the login is
  necessary as there is no other way to login to a temporary account.
* Update TempUserCreator::acquireAndStashName to respond to the changes
  to ::acquireName, such that it returns null if ::acquireName returns
  null and also does not modify the session.
* Update EditPage::maybeActivateTempUserCreate to return a Status and
  return a good status in all cases except when a temporary account
  name could not be acquired.
* Add IEditObject::AS_UNABLE_TO_ACQUIRE_TEMP_ACCOUNT, and use it as
  the value of the fatal status returned by EditPage
  ::internalAttemptSave if a temporary account name could not be
  acquired. This will cause the display of a useful error to the
  user on edit.
* Update ApiEditPage and ApiAcquireTempUserName to die with an error
  if a temporary account username was unable to be acquired.
* Provide tests for the untested ApiAcquireTempUserName.php file
  including testing the new behaviour.
* Add and update tests for TempUserCreator.php

Bug: T353390
Change-Id: Id3a316ea0eba544d51d4ffcdfb03e35f4b3c54cc
2023-12-21 14:49:42 +00:00

120 lines
4.3 KiB
PHP
Raw Blame History

<?php
/**
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
namespace MediaWiki\EditPage;
/**
* Serves as a common repository of constants for EditPage edit status results
*
* Each of these is a possible status value
*
* @internal
*/
interface IEditObject {
/** Status: Article successfully updated */
public const AS_SUCCESS_UPDATE = 200;
/** Status: Article successfully created */
public const AS_SUCCESS_NEW_ARTICLE = 201;
/** Status: Article update aborted by a hook function */
public const AS_HOOK_ERROR = 210;
/** Status: A hook function returned an error */
public const AS_HOOK_ERROR_EXPECTED = 212;
/** Status: User is blocked from editing this page */
public const AS_BLOCKED_PAGE_FOR_USER = 215;
/** Status: Content too big (> $wgMaxArticleSize) */
public const AS_CONTENT_TOO_BIG = 216;
/** Status: revision x was deleted while editing (?action=edit&oldid=x) */
public const AS_REVISION_WAS_DELETED = 217;
/** Status: this anonymous user is not allowed to edit this page */
public const AS_READ_ONLY_PAGE_ANON = 218;
/** Status: this logged in user is not allowed to edit this page */
public const AS_READ_ONLY_PAGE_LOGGED = 219;
/** Status: wiki is in readonly mode (ReadOnlyMode::isReadOnly() == true) */
public const AS_READ_ONLY_PAGE = 220;
/** Status: rate limiter for action 'edit' was tripped */
public const AS_RATE_LIMITED = 221;
/** Status: article was deleted while editing and wpRecreate == false or form was not posted */
public const AS_ARTICLE_WAS_DELETED = 222;
/** Status: user tried to create this page, but is not allowed to do that */
public const AS_NO_CREATE_PERMISSION = 223;
/** Status: user tried to create a blank page and wpIgnoreBlankArticle == false */
public const AS_BLANK_ARTICLE = 224;
/** Status: (non-resolvable) edit conflict */
public const AS_CONFLICT_DETECTED = 225;
/**
* Status: no edit summary given and the user has forceeditsummary set and the user is not
* editing in his own userspace or talkspace and wpIgnoreBlankSummary == false
*/
public const AS_SUMMARY_NEEDED = 226;
/** Status: user tried to create a new section without content */
public const AS_TEXTBOX_EMPTY = 228;
/** Status: article is too big (> $wgMaxArticleSize), after merging in the new section */
public const AS_MAX_ARTICLE_SIZE_EXCEEDED = 229;
/** Status: WikiPage::doEdit() was unsuccessful */
public const AS_END = 231;
/** Status: summary contained spam according to one of the regexes in $wgSummarySpamRegex */
public const AS_SPAM_ERROR = 232;
/** Status: anonymous user is not allowed to upload (User::isAllowed('upload') == false) */
public const AS_IMAGE_REDIRECT_ANON = 233;
/** Status: logged in user is not allowed to upload (User::isAllowed('upload') == false) */
public const AS_IMAGE_REDIRECT_LOGGED = 234;
/**
* Status: user tried to modify the content model, but is not allowed to do that
* ( User::isAllowed('editcontentmodel') == false )
*/
public const AS_NO_CHANGE_CONTENT_MODEL = 235;
/** Status: user tried to create self-redirect and wpIgnoreSelfRedirect is false */
public const AS_SELF_REDIRECT = 236;
/** Status: an error relating to change tagging. Look at the message key for more details */
public const AS_CHANGE_TAG_ERROR = 237;
/** Status: can't parse content */
public const AS_PARSE_ERROR = 240;
/** Status: edit rejected because browser doesn't support Unicode. */
public const AS_UNICODE_NOT_SUPPORTED = 242;
/** Status: edit rejected because server was unable to acquire a temporary account name for this user */
public const AS_UNABLE_TO_ACQUIRE_TEMP_ACCOUNT = 243;
}
Reference in a new issue View git blame Copy permalink