| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |/
|
|
| |
Change-Id: I2cd4b647c01d84cfe0e1b4d55e155ced8c918b17
|
| |
|
|
|
| |
Bug: T321882
Change-Id: I48c10343295c4eb3d9ef8037343b0070e928f040
|
| |
|
|
|
|
| |
This change is a follow-up to 473457c64c5.
Change-Id: I3692870b2179736f7e938caabd4b36ded4623be6
|
| |
|
|
| |
Change-Id: I6e7e0dd64972ba11fd10efa1e330cbace9026e1b
|
| |
|
|
|
|
|
|
|
|
|
|
| |
"BadMethodCallException" sounds like it would fit, but it does
have a very different meaning, described as "exception thrown if
a callback refers to an undefined method or if some arguments are
missing". This is not what's going on here. These are methods that
should only be called from unit tests.
This appears to be a common mistake, often copy-pasted.
Change-Id: Ib39e28f596a883481d5f526460a5c871c75f5313
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Inappropriate @inheritDoc usage. Arguably all @inheritDoc is
inappropriate but these are the ones PHPStorm flags as misleading
due to the method not being inherited.
* Doc comment type does not match actual argument/return type.
* I replaced "@return void|never" with "@return void" since never means
never, it doesn't make sense for it to be conditional. If a method
can return (even if that is unlikely) then @return contains the type
that it returns. "@return never" means that there is no such type
because the method never returns.
* Incomplete/partial/broken doc tags
Change-Id: Ide86bd6d2b44387f37d234c2b059d6fbc42ec962
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current signature of the various execute methods only takes a
boolean parameter to determine if the session should be safe against
CSRF, but that does not give callers fine-grained control over the
Session object, including setting a specific token.
Also, do not use createNoOpMock in getSession(), since it implies
strong assertions on what methods are called. This way, getSession
can also be used to get a simple mock session that tests may further
manipulate.
Make $csrfSafe parameter of SessionHelperTestTrait::getSession
mandatory. This way, callers are forced to think what makes sense in
each use case. The various methods in HandlerTestTrait now default to
a session that is safe against CSRF. This assumes that most REST
handlers don't care about the session, and that any handler that does
care about the session and where someone needs to test the behaviour
in case of bad/missing token will explicitly provide a Session that
is NOT safe against CSRF.
Typehint the return value of Session(Backend)::getUser so that PHPUnit
will automatically make it return a mock User object even if the method
is not explicitly mocked. Remove a useless PHPUnit assertion -- setting
the return value to be X and then veryfing that is equal to X is a
tautology, and can only fail if the test itself is flawed (as was the
case, since it was using stdClass as the return type for all
methods). Remove the getUser test case altogether, there's no way to
make it work given the DummySessionBackend, and the test isn't that
helpful anyway. More and more methods will have the same issue as soon
as their return value is typehinted.
Follow-up: I2a9215bf909b83564247ded95ecdb4ead0615150
Change-Id: Ic51dc3e7bf47c81f2ac4705308bb9ecd8275bbaf
|
| |
|
|
|
|
|
|
| |
These exceptions are not documented with @throws and they're really not
meant to be caught.
Bug: T86704
Change-Id: I07f32e42c6fd4bc8785bac91547858f15a9fc2a8
|
| |
|
|
|
| |
Bug: T325687
Change-Id: I8319fc256f95c100aecbc31e24524f0208e3b0d5
|
| |
|
|
|
|
|
|
|
|
| |
The motivation is to make the code less confusing. I hope this is the
case.
?? is an older PHP 7.0 feature.
??= was added in PHP 7.4, which we can finally use.
Change-Id: Id807affa52bd1151a74c064623b41d950a389560
|
| |
|
|
|
| |
Bug: T253628
Change-Id: I5c64f436d3cf757390b751ce3e34bfc7872bc176
|
| |
|
|
|
|
|
| |
None are used in WMF-deployed extensions and have been hard deprecated
for multiple releases as well.
Change-Id: I62cfa22291f81295b4908192de8657a750c6716d
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Creating a date with date() uses local timezone. It would be better to
use gmdate() or just wfTimestampNow() to get a UTC timestamp for
deletion on the database, which stores UTC only
Bug: T307871
Change-Id: I7e77e0c8063811a573074c95df1f9dd251705c38
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Redoing I5ea70120d74 but without moving WebRequest that caused issues
with phan-taint-plugin.
Moving:
- DerivativeRequest
- FauxRequest
- FauxRequestUpload
- PathRouter
- WebRequestUpload
Bug: T321882
Change-Id: I832b133aaf61ee9f6190b0227d2f3de99bd1717b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 2bdc0b2b7209441a42a784157633a8a01b321922.
Reason for revert: T166010#8349431
Bug: T166010
Change-Id: Idcd3025647aec99532f5d69b9c1718c531761283
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Moving:
- DerivativeRequest
- FauxRequest
- FauxRequestUpload
- PathRouter
- WebRequest
- WebRequestUpload
Bug: T166010
Change-Id: I5ea70120d745f2876ae31d039f3f8a51e49e9ad8
|
| |/
|
|
|
|
|
|
| |
Introduced in PHP 7.1. Because it's shorter and looks nice.
I used regex replacement.
Change-Id: I0555e199d126cd44501f859cb4589f8bd49694da
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Constants bleed over to other tests so setting them in tests is
fragile.
Change-Id: I0a09e90ea95821260c420cf8a763b71a385727d4
|
| |/
|
|
|
|
|
| |
The variables are set conditional later, but all condition branches set
it or the variable is not used outside that scope
Change-Id: Ic9612915db507028ad4733a061d3ce9be3babfb6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
My testing of pywikibot indicates that it's normal for it to request an
edit token from a session that doesn't have one already using a GET
request, and then to POST that edit token very shortly afterwards to
save an edit. This is a stress test of cross-DC session replication. In
my test, replication won and the edit token existed, but there was only
80ms of margin.
If we create the edit token at the earliest opportunity, we should have
at least a few hundred extra milliseconds for replication to occur.
Bug: T279664
Change-Id: I5f60bbe23f6981b0215888fc62b6c2bae68ad8f8
|
| |
|
|
|
|
|
|
|
| |
This paranoia is costing about 4ms per request for anonymous page views.
It's a 160 bit random number from random_bytes(), the chances of a
collision are on the order of 1 in 10^41, assuming 10^7 existing keys.
Bug: T302623
Change-Id: I6da04ec5cf21dd4d6afa93e31778fb8191687f59
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was introduced in prep for Multi-DC MediaWiki support many
years ago, but no backend ever supported it, including Kast/RESTBag.
At least for its original use case (SessionBackend) we determined
that session writes are sufficiently rare in practice that the natural
sub-second replication pace and the natural RTT time for browsers
will suffice.
The biggest concern, as I understand it, was around writes that
happen during HTTP post requests and CentralAuth/loginwiki requests
which are routed to the primary DC as per T91820, and use of one-time
tokens which were never stored in Kask (per T278392, these moved
from Redis to mcrouter-primary-dc).
Bug: T270225
Change-Id: Ib29b4090ec84aa0738c087634cef72bfc76a5f71
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I assume it’s merely an oversight that the REST API wasn’t added here
before, and that there’s no particular reason why it shouldn’t be
possible to use bot passwords with the REST API.
In the test, apart from checking an additional constant, also add a TODO
that the test shouldn’t define the constant at all, since this is a
side-effect of the test that affects every other test which happens to
run later in the same PHP process, and which cannot be undone.
Bug: T284020
Change-Id: I710279a841428d8be177b4b90a6893d4f4f94875
|
| |
|
|
|
|
|
|
| |
MWGrants is deprecated and should be replaced with the GrantsInfo and
the GrantsLocalization services.
Bug: T253077
Change-Id: Ic73d98bc014ff46fc5d80e93db7de4bb18d84ae2
|
| |
|
|
|
| |
Bug: T283978
Change-Id: I49f8c7bf1162dc834a1708e2e581f6fb264bbd0a
|
| |
|
|
|
|
|
|
|
|
|
| |
This is mostly about adding return types to methods that implement PHP
interfaces, and not passing null to core functions that want a string.
After this patch, and an update to return types in RemexHtml,
tests/phpunit/integration/ has no more errors than in PHP 8.0.
Bug: T289879
Bug: T289926
Change-Id: Ia424f5cc897070f4188ae126b5bf6a1f552db0e1
|
| |
|
|
|
| |
Bug: T307282
Change-Id: I523928b3f5e0e02e23c45e7023d9d2701d986e5c
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit ec3da4589bebeb46d7f1544dc46f24baec334966.
Caused frequent session loss in the Wikimedia cluster.
Bug: T299193
Bug: T309616
Change-Id: I3a410df88071d72078672cf1b670e81c11b28117
(cherry picked from commit d1a1fcedc9eace8a5f4a8454eff44a7ed898848a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SessionBackend::save() results in the session provider unpersisting
when the session backend metadata is dirty (which is always true
for a new session). This breaks the tombstone mechanism introduced
in I3a76b67aa51159ebf0195db15cf7c34e00a64a2e: after the manager
refuses to load the tombstoned session, it will create an empty
session, and that will unpersist the session ID and log the user
out if the session ID was the only thing that kept them logged in.
Saving the session has two effects: the unpersisting (invalid
cookies are cleaned up) and saving the session data in in-process
cache (but not the real storage). The latter might cause an extra
session storage read per unauthenticated request, though in theory
it shouldn't as the SessionBackend itself gets cached so a new
session lookup only happens for a different WebRequest object.
Still, if it becomes a problem, we can just add some sort of
explicit cache warming step to empty session creation.
Skipping the unpersisting could mean that invalid (e.g. expired)
session cookies stick around and prevent the user from being
served from edge cache. But for non-tombstoned requests, as long
as there is a syntactically valid session ID and either no user
ID or a user ID pointing to a valid user, CookieSessionProvider
will return a non-null session info, and SessionManager will
reject it and unpersist; and CentralAuthSessionProvider behaves
similarly except for the case when there is no local session
cookie but there is a global session cookie on the second-level
domain. That seems a narrow enough edge case to ignore.
Bug: T299193
Change-Id: Ib34a84d1d3abbce4dcf7433b51abf6e694984c59
|
| |
|
|
|
|
|
|
|
| |
The getConfig of a ContextSource should only be used, if the
ContextSource is available. Getting the global context just for the
config looks harder to fix/inject as using the MainConfig from
MediaWikiServices
Change-Id: Iaf14bfc7bd68cc315672e1c256887faf87e22542
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SessionBackend::resetId() is prone to race conditions with
cookie-based session providers, where MediaWiki receives
a request with the old session and forces the client to log
out. To handle that, add a tombstone mechanism to
SessionBackend, so instead of deleting the old session from
the store on ID reset, it is marked as invalid. Tombstoned
sessions are handled as nonexistent ones, except unpersist()
is not called.
Unlike Iffd69c7f246adff40b07668328a07329440dbd6f this doesn't
prevent overwriting the session if the MediaWiki endpoint calls
persist() or unpersist(), but it is vastly simpler, and very
few endpoints persist the session.
The behavior of SessionManager::loadSessionInfoFromStore()
with a tombstoned session and SessionInfo::forceUse()===true
does not make much sense, but that's a nonsensical scenario
in the first place (it only happens when the session provider
returns true from persistsSessionId() but sets the forceUse
flag which is meant for providers which can't change the
session ID) and we are only really concerned here about
cookie-based sessions anyway.
Bug: T299193
Change-Id: I3a76b67aa51159ebf0195db15cf7c34e00a64a2e
|
| |/
|
|
|
|
|
|
| |
SessionManager is a singleton and thus this could lead to
storing an outdated ObjectFactory instance.
Bug: T307998
Change-Id: I5bacb45cc0d85c21907e22bc9bbb32f6286b8cc5
|
| |
|
|
|
|
|
| |
See https://phabricator.wikimedia.org/T289879#7893656
Bug: T289879
Change-Id: I8240e56147a15dba293d577a22e36b7f7dc97cf3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now largely automated:
VARS=$(grep -o "'[A-Za-z0-9_]*'" includes/MainConfigNames.php | \
tr "\n" '|' | sed "s/|$/\n/;s/'//g")
sed -i -E "s/'($VARS)'/MainConfigNames::\1/g" \
$(grep -ERIl "'($VARS)'" includes/)
Then git add -p with lots of error-prone manual checking. Then
semi-manually add all the necessary "use" lines:
vim $(grep -L 'use MediaWiki\\MainConfigNames;' \
$(git diff --cached --name-only --diff-filter=M HEAD^))
I didn't bother fixing lines that were over 100 characters unless they
were over 120 and triggered phpcs.
Bug: T305805
Change-Id: I74e0ab511abecb276717ad4276a124760a268147
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* In PermissionManager, if a user is anonymous but temporary user
creation is possible, grant elevated permissions at RIGOR_QUICK rigor
level. This is mostly to make skins show "edit" instead of "view
source" to anonymous users in the recommended permissions
configuration.
* Present temporary users as if they are not logged in in various places
in the interface: create/move permissions errors, login, preferences,
watchlist, BotPasswords, ChangeEmail, ResetTokens.
* Show a warning on login/logout about loss of access to the temp
account.
* On login, don't show the temporary name as a suggestion for the login
username.
Change-Id: Id0d5ffa46c3ca5c7b30d540cedbaa528b682aa85
|
| |
|
|
|
|
|
| |
This covers all occurrences of /onfig->.*get( '/ in includes/.
Undoubtedly there are still plenty more to go.
Change-Id: I33196c4153437778496f40436bcde399638ac361
|
| |
|
|
|
|
|
|
| |
MWGrants is deprecated and should be replaced with the GrantsInfo and
the GrantsLocalization services.
Bug: T253077
Change-Id: I3cbf568b6de654acb6b06b4ab5d9d97a09f78ece
|
| |
|
|
|
|
|
|
|
|
|
| |
These two interfaces' methods have tentative return types in PHP 8.1,
which causes code without the type hints to raise warnings. Where the
type hint is "mixed", we need to use the special declaration
[\ReturnTypeWillChange] in a comment to suppress the warning as long as
we still support PHP < 8.0, which doesn't have a "mixed" type hint.
Bug: T289879
Change-Id: I1a126e602e92b8d13c7795eb6d790effd5ddc986
|
| |
|
|
|
|
|
|
|
|
|
| |
Use name constants instead of string literals in calls to Config::get
and ServiceOptions::get, when referring to core configuration variables.
This protects against typos and makes the decumentation and schema
declaration of the config settings discoverable.
This is the first batch, only touching files directly under /includes/
Change-Id: I7252e636c7c86d950d9257b33491af492c6dd5eb
|
| |
|
|
|
|
|
|
|
| |
Make phan stricter about conditional variable declaration
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T259172
Change-Id: I1f200ac37df7448453688bf464a8250c97313e5d
|
| |
|
|
|
|
|
|
|
|
|
| |
Make phan stricter about array keys
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T304887
Depends-On: I3105a5fd4826f8667b5232834defc5ec93be32a1
Depends-On: Ie9610a6e83731468311edb3ed17f80fc509de385
Change-Id: I701f12ab94478c3b8e7fd82110ade74a8e6b04ef
|
| |
|
|
|
|
|
| |
Conventionally, public constants are accessed via their declaring
class, except for self:: which is an acceptable shortcut.
Change-Id: If05eab72140267e6ef54736710d751d7f24a7860
|
| |
|
|
|
|
|
|
|
|
|
| |
Make phan stricter about null types by setting null_casts_as_any_type to
false (the default in mediawiki-phan-config)
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T242536
Bug: T301991
Change-Id: I0f295382b96fb3be8037a01c10487d9d591e7e01
|
| |
|
|
|
|
|
|
|
| |
Make phan stricter about scalar types by setting scalar_implicit_cast to
false (the default in mediawiki-phan-config)
Bug: T242536
Bug: T301991
Change-Id: Ia2fe30b17804186571722e728578121c8b75d455
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Depends-On: I99c5e5664d2401c36a9890f148eba7c25e6e8324
Depends-On: I48ab818b2965da14af15ef370aa83ad9455badd9
Depends-On: I018371e4b77911e56152ca7b2df734afc73f58a5
Change-Id: I04ebdb52102f6191d49a9cc70b1f98308299e72f
|
| |/
|
|
|
|
| |
Found by phan strict checks
Change-Id: If41d16b473baddd92cc4261cdc2bfbe65fedcb19
|
