| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
In MediaWiki/Exception, to follow PSR-4 per plural vs. singular (this can be
changed later if people really care). Also, move the couple of exceptions in
here that were already namespaced in the MW-top-level into the new space.
Bug: T353458
Change-Id: I12ed850ae99effb699a6d7ada173f54e72f0570e
|
| |
|
|
|
|
| |
The doc block is identical to the type declaration for each argument.
Change-Id: I8281b94351fe2be30344f1425a60f31fbf205100
|
| |
|
|
|
|
| |
Adds missing documentation to the constructor's docblock.
Change-Id: Iaf74931a422251584906ba83952c34fc54a1a265
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This should allow us to track which logins/account creations
come from temp and named users.
For convenience added a internal method in UserIdentityUtils
to not copy paste same code all over again.
Bug: T341650
Bug: T375510
Bug: T375505
Change-Id: I967d69a04c4435bb6b1398c94dbef91bde2022d3
|
| |
|
|
|
|
|
|
|
|
| |
Add doc-typehints to class properties found by the PropertyDocumentation
sniff to improve the documentation.
Once the sniff is enabled it avoids that new code is missing type
declarations. This is focused on documentation and does not change code.
Change-Id: I41ad89cc3112a2911ad40c55583bff2d7787da68
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add relevant `@ingroup` to special pages that belong to a specific
component and for which a doc group is already defined (defgroup),
e.g. "Upload" for SpecialUpload, "JobQueue" for SpecialRunJobs.
* Remove duplicate descriptions from file blocks in favour of class
doc blocks. This reduces needless duplication and was often
incorrect or outdated, and helps make file headers more consistently
(visually) ignorable.
Add missing `ingroup` to class blocks (and remove any from file blocks)
as otherwise the file is indexed twice (e.g. in Doxygen) which makes
navigation on doc.wikimedia.org rather messy.
Ref https://gerrit.wikimedia.org/r/q/message:ingroup+is:merged
Bug: T364652
Change-Id: I795c43b6d72782d457c963e352d7e1b022c2b641
|
| |
|
|
| |
Change-Id: I7f85d931d3b79da23e87b4e5692b2e14be8fcaa0
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This takes us one step closer to deprecating Status,
so we can isolate StatusValue from presentation logic.
FormatterFactory is introduced as a mechanism for
getting instance of formatters that need access to the user interface
language and other request dependent information.
Usage is demonstrated in thumb.php, SpecialCreateAccount, and
SearchHandler. The examples indicates that there is no work do
be done around ErrorPageError and LocalizedHttpException.
Change-Id: I7fe5fee24cadf934e578c36856cc5d45fb9d0981
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `direct` is set to false, it means we don't want to do anything
immediately but instead just redirect to the "return to" page or the
main page because the user is already logged in.
So it only really makes sense to call this hook in places where direct
is set to true (on real successful login) as this happens only once per
user login.
This patch moves consumers of the UserLoginComplete hook to only places
where there is a guarantee that `$direct` is set to true.
Bug: T349791
Change-Id: I8a2c91e1f173cf7b36f3dfec169e1d118277f057
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate returning a string from SpecialPage::getDescription(), which
encourages good localization as well as helping us shift from
OutputPage::setPageTitle() to ::setPageTitleMsg(), which in turn helps
improve the accuracy of phan-taint-check.
In the process, special page description messages are formatted using
FORMAT_ESCAPED by OutputPage::setPageTitleMsg(), which is a change from
FORMAT_TEXT used prior to this patch. Descriptions shouldn't contain
raw HTML, but if a description message previously contained an HTML
metacharacter like <, >, or &, it will no longer need to be escaped
in the message localization.
Bug: T343994
Bug: T343849
Depends-On: I1a27f7697dffd3142cdbab0c8cd9854b2b94dd3a
Change-Id: Ifc3452548c44a021414cf8433c1ffbb683a9d55b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate passing a string as the 1st parameter to ::showSuccessPage(),
which is only done by SpecialCreateAccount in the 'welcomeuser' message.
The call to OutputPage::setPageTitle() is switched to
OutputPage::setPageTitleMsg(), which uses FORMAT_ESCAPED and therefore
adds a bit of hardening (see T308471).
Bug: T343994
Bug: T308471
Bug: T343849
Change-Id: I21c17ab7305b9cfe9765c892eb02d1a9b35d2bee
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Passing a Message argument to OutputPage::setPageTitle() is
deprecated, because the message is not properly HTML-escaped by
default. Use ::setPageTitleMsg() instead wherever the message doesn't
include HTML metacharacters.
Also protect arguments with Message::plaintextParams() where
appropriate.
Bug: T343994
Bug: T343849
Change-Id: Iba67d008545249772c136c5d6d302110516d3b94
|
| |/
|
|
|
|
|
| |
SpecialPageFactory is already here, but none of the others were yet.
Bug: T166010
Change-Id: I9689bf0a1ab329625e23669b99f019b96295fffd
|
| |
|
|
|
|
|
|
|
|
| |
This class is used heavily basically everywhere, moving it to Utils
wouldn't make much sense. Also with this change, we can move
StatusValue to MediaWiki\Status as well.
Bug: T321882
Depends-On: I5f89ecf27ce1471a74f31c6018806461781213c3
Change-Id: I04c1dcf5129df437589149f0f3e284974d7c98fa
|
| |
|
|
| |
Change-Id: Idbdacc20d45437d141c1a0d5f2eee98ae9345875
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "Users and rights" section (internal name 'users') listed both
special pages that list or act on other users (e.g. ActiveUsers and
UserRights) and special pages that change current user's information
(e.g. ChangeCredentials and Preferences).
The "Login / create account" section (internal name 'login') only
listed those two special pages, but the CentralAuth extension added
several more special pages there related to current user's global
account status.
In order to clean up the former, and to make the latter more useful,
rename "Login / create account" to "Account management",
and put all of the pages acting on the current user there.
I'm submitting similar changes to relevant extensions.
Notes:
* The name "Account management" is my favorite, although possible
alternatives could be "Personal tools" or "Profile and settings".
* Make UserLogout listed (same as UserLogin), as it requires
confirmation now, so clicking it by accident won't be a problem.
* Move CreateAccount to "Users and rights", as it allows creating
other accounts.
Bug: T333242
Change-Id: Ieba1631ca3c0562b784aa07d2b26c418448e70a1
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
* Triple backslash in regex should really be quadruple backslash
* Using the returned value of a void method
* Immediately overwritten array keys
* Duplicate array keys
* Foreach variable reuse
* sprintf() with too many params
* Incorrect reference usage
Change-Id: I3c649b543c9561a1614058c50f3847f663ff04df
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is moderately messy.
Process was principally:
* xargs rg --files-with-matches '^use Title;' | grep 'php$' | \
xargs -P 1 -n 1 sed -i -z 's/use Title;/use MediaWiki\\Title\\Title;/1'
* rg --files-without-match 'MediaWiki\\Title\\Title;' . | grep 'php$' | \
xargs rg --files-with-matches 'Title\b' | \
xargs -P 1 -n 1 sed -i -z 's/\nuse /\nuse MediaWiki\\Title\\Title;\nuse /1'
* composer fix
Then manual fix-ups for a few files that don't have any use statements.
Bug: T166010
Follows-Up: Ia5d8cb759dc3bc9e9bbe217d0fb109e2f8c4101a
Change-Id: If8fc9d0d95fc1a114021e282a706fc3e7da3524b
|
| |
|
|
|
| |
Bug: T308471
Change-Id: Ic0ffc3a12dbcb65d9cdae22027856207d537b05a
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Deprecate AuthManager::checkAccountCreatePermissions in favour of
::authorizeCreateAccount, for full permissions checks and
::probablyCanCreateAccount, for quick permissions checks.
Update SpecialCreateAccount to use the appropriate checks, and
add SpecialCreateAccountTest.
Bug: T283265
Change-Id: I385f2b56ef61f64a4c61e9c97683bef564892dce
|
| |
|
|
|
|
|
|
| |
Add restriction support to LoginSignupSpecialPage::__construct,
and set mRestriction to 'createaccount', removes the need to
inject a PermissionManager
Change-Id: Ifd7d6e687a3c78d300cc612526458afb6934a4c0
|
| |
|
|
|
| |
Bug: T269676
Change-Id: Ief1a5e00d933ee5fa6880da60257163e55391eb6
|
| |
|
|
|
|
|
|
| |
This reverts commit 900c6663b05b6a33498a81c187ac027209dd6502.
Reason for revert: breaks Parsoid CI. Instead of fixing the test in presence of the FlaggedRevs hook, I would rather convert DefaultPreferencesFactory to Authority and fix the tests once instead of doing it twice.
Change-Id: Iaa440a9804c9ed97339e737162ef64ccf29ceb51
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added new methods:
- ::getGroupsWithAnyPermissions
- ::getGroupsWithAllPermissions
- ::groupHasAnyPermission
- ::groupHasAllPermission
Replaced relevant calls to PermissionManager with
calls to GroupPermissionsLookup.
Bug: T254537
Change-Id: I0b9c3352c5bebc94e1649239fe0527144e7c2eb2
|
| |
|
|
|
|
|
|
|
|
|
| |
The AuthManager service is only used in one method call in the
SpecialPage class, so make it optional and provide it
when needed with a setter/getter.
Use the getter also in some sub classes which needs an
AuthManager as well.
Bug: T259960
Change-Id: Ib0cbdb719d2a748622d843824b73ebb4c29fab89
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not all services are injected, only making a start:
* ContentLanguage to SpecialAllMessages
* PermissionManager to SpecialApiSandbox
* PermissionManager to SpecialAutoblockList
* PermissionManager to SpecialChangeEmail
* PermissionManager to SpecialConfirmEmail
* PermissionManager to SpecialCreateAccount
* NamespaceInfo to SpecialPasswordPolicies
* PasswordReset to SpecialPasswordReset
* PermissionManager and RepoGroup to SpecialRedirect
Bug: T232506
Change-Id: I5d45579200286ff182754e9db7230e9ef801ef0f
|
| |
|
|
|
|
|
|
| |
Remove duplicate casts
Suppress false positives
Bug: T248438
Change-Id: I2f89664a4bcd3b39b15e7cf850adda2f0c90ae6f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
|
| |
|
|
| |
Change-Id: I3320a539c6a57e4b90bf4daee282e844c17c8f63
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was previously hardcoded from three places: 1) Upon viewing EditPage,
2) Upon viewing SpecialCreateAccount, 3) For any url if the user is
logged-in (User::loadFromSession/isLoggedIn).
== User::loadFromSession
Performing cookie blocks from here created a circular dependency because
Block may need the user language for localisation, which is determined by
asking the User object. This was previously worked around by using a
DeferredUpdate (T180050, T226777). Moving this logic explicitly to the
end of the pre-send cycle in MediaWiki::preOutputCommit breaks the cycle.
This is also where other request-specific handling resides already.
== Limited effect on unregistered users
When an unregistered user performs an edit, and gets blocked,
the cookie block is not applied until they open built-in editor
or CreateAccount page. This makes it more likely for a user's
IP to change meanwhile. Either intentionally, or simply due to
IPs varying naturally (e.g. between mobile locations, or when
going on/off WiFi). By applying it throughout sessioned page
views for unregistered users, it is more likely to get set.
Similar to what was already done for logged-in users.
This commit also makes the intent of not caching EditPage and
SpecialCreateAccount explicit. This was previously implicit
through nothing having called setCdnMaxage() and/or due to
Session::persist being checked for by OutputPage::sendCacheControl.
Bug: T233594
Change-Id: Icf5a00f9b41d31bb6d4742c049feca0039d0c9d9
|
| |
|
|
|
|
| |
Bug: T220191
Depends-On: I509cd88355cfd0cc074f4135ec86399b4075f89f
Change-Id: I2341e6f1d108c92924620fba3c64ec090cb09918
|
| |
|
|
|
| |
Bug: T220191
Change-Id: Ifa8afa90c432723b0bba0033a46b6a499c77e6fc
|
| |
|
|
| |
Change-Id: Ibd8ad594950d53f5feb337c30f184ecaf218bc81
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the cookie blocking logic into one place. Specifically, move
these methods to the BlockManager:
* User::trackBlockWithCookie
* DatabaseBlock::setCookie
* DatabaseBlock::clearCookie
* DatabaseBlock::getCookieValue
* DatabaseBlock::getIdFromCookieValue
* AbstractBlock::shouldTrackWithCookie
After this, BlockManager::trackBlockWithCookie should be called to
track a block, and BlockManager::clearBlockCookie should be called
to unset the cookie. The other methods in the above list are
helper methods that are made private or marked internal.
Also update places in core that call User::trackBlockWithCookie to
BlockManager::trackBlockWithCookie
Bug: T225141
Change-Id: I818962c6932c01c841a549a101637e00a7593e48
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A cookie will be set when ip users try to edit and their IP has been
blocked or if they try to create an account and the block prevents
account creation
This feature is disabled by default and can be enabled by
setting the new $wgCookieSetOnIpBlock config variable to true.
Note: this is meant to discourage vandals that try to avoid blocks by
switching their ip address while editing anonymously.
Bug: T152462
Change-Id: I0b78a5e174bcd882edea39e868a08f9a347f5aba
|
| |
|
|
| |
Change-Id: I074ee184ad1fec84ef2e93eea8397d932e96e0cd
|
| |
|
|
|
|
|
| |
Also, move some events which did not belong there to the
'authentication' channel.
Change-Id: I4d7564343318899fc498ed2bd2d5260041ee22cc
|
| |
|
|
|
|
|
|
| |
This will help to differentiate between actual login and visiting
the login page while already logged in.
Bug: T140853
Change-Id: If8582ff61aee62b1d424e473b230ca883ddb6d05
|
| |
|
|
| |
Change-Id: I3b2ede8a11863c0fb775d851abb251e44ad616db
|
| |
|
|
|
|
|
|
|
| |
Fixes authentication metrics. We want to go in the opposite
direction eventually, but having auth metrics broken on the day
after the AuthManager deployment to group2 is not fun, and this
is less risky as an emergency deploy than messing with log config.
Change-Id: I5e7a6bf1ce40aa132626207f6d7c45dd0c832c10
|
| |
|
|
| |
Change-Id: I05daab1166ffee31453692c53533efb09b7ad2ed
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
|
| |
|
|
|
|
|
|
|
|
| |
Per wikitech-l consensus:
https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html
Notes:
* Disabled CallTimePassByReference due to false positives (T127163)
Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
|
| |
|
|
|
| |
Bug: T123591
Change-Id: I521ebdd5e8eb8f7f4df927dc38732170aef2ac19
|
| |
|
|
|
| |
Bug: 67549
Change-Id: I433d825d99878f385c607346bed92b01a79d9a21
|
| |
|
|
|
| |
Bug: 66589
Change-Id: I3848ae3e19aae7625acbf3ec332f8820d02215d6
|
| |
|
|
| |
Change-Id: Ib4522f22551ed5501e1ab7767b8f481fe6cd72d2
|
