| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
In MediaWiki/Exception, to follow PSR-4 per plural vs. singular (this can be
changed later if people really care). Also, move the couple of exceptions in
here that were already namespaced in the MW-top-level into the new space.
Bug: T353458
Change-Id: I12ed850ae99effb699a6d7ada173f54e72f0570e
|
| |
|
|
|
|
|
|
|
| |
isset() should only be used to suppress errors, not for null check.
When the property is always defined, there is no need to use isset.
Found by a new phan plugin (2efea9f989)
https://www.mediawiki.org/wiki/Manual:Coding_conventions/PHP#isset
Change-Id: Ib84b7d71e8308a36409f30ecfd16e9de149e97b3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Why:
* When a temporary account exits their session, the
Special:UserLogout page is loaded to indicate the success.
* However, the success page talks about the temporary account
logging out which may cause confusion.
* Per design mocks shared on T374519, this should be modified
to indicate that the user logged out of a temporary account.
What:
* Set 'templogout' as the page title when the user is logging out
of a temporary account.
* Set 'logouttext-for-temporary-account' as the message shown
for a logout success when the user is logging out from a
temporary account
* Update mediawiki.page.ready/ready.js to add a flag to the
URL Special:UserLogout URL that is redirected to once the
logout API call has occured.
* Update tests for SpecialUserLogoutTest
Bug: T374519
Change-Id: Ib62cdb5ba716976321cd556aa9defe97b3446b33
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add relevant `@ingroup` to special pages that belong to a specific
component and for which a doc group is already defined (defgroup),
e.g. "Upload" for SpecialUpload, "JobQueue" for SpecialRunJobs.
* Remove duplicate descriptions from file blocks in favour of class
doc blocks. This reduces needless duplication and was often
incorrect or outdated, and helps make file headers more consistently
(visually) ignorable.
Add missing `ingroup` to class blocks (and remove any from file blocks)
as otherwise the file is indexed twice (e.g. in Doxygen) which makes
navigation on doc.wikimedia.org rather messy.
Ref https://gerrit.wikimedia.org/r/q/message:ingroup+is:merged
Bug: T364652
Change-Id: I795c43b6d72782d457c963e352d7e1b022c2b641
|
| |
|
|
|
| |
Bug: T353458
Change-Id: I09e66c3223018ec47e0549ee7f6a590b676f4eef
|
| |
|
|
|
|
|
|
| |
Also remove some unchecked exception from doc comments.
Bug: T328220
Bug: T240672
Change-Id: I88b1e948ce5da77d9c4862a2b98793d6ba00cf8b
|
| |
|
|
|
|
|
| |
SpecialPageFactory is already here, but none of the others were yet.
Bug: T166010
Change-Id: I9689bf0a1ab329625e23669b99f019b96295fffd
|
| |
|
|
| |
Change-Id: I75b04a7a65f8d37da12d2ed3892e065e97c92437
|
| |
|
|
|
|
|
|
|
|
| |
This class is used heavily basically everywhere, moving it to Utils
wouldn't make much sense. Also with this change, we can move
StatusValue to MediaWiki\Status as well.
Bug: T321882
Depends-On: I5f89ecf27ce1471a74f31c6018806461781213c3
Change-Id: I04c1dcf5129df437589149f0f3e284974d7c98fa
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "Users and rights" section (internal name 'users') listed both
special pages that list or act on other users (e.g. ActiveUsers and
UserRights) and special pages that change current user's information
(e.g. ChangeCredentials and Preferences).
The "Login / create account" section (internal name 'login') only
listed those two special pages, but the CentralAuth extension added
several more special pages there related to current user's global
account status.
In order to clean up the former, and to make the latter more useful,
rename "Login / create account" to "Account management",
and put all of the pages acting on the current user there.
I'm submitting similar changes to relevant extensions.
Notes:
* The name "Account management" is my favorite, although possible
alternatives could be "Personal tools" or "Profile and settings".
* Make UserLogout listed (same as UserLogin), as it requires
confirmation now, so clicking it by accident won't be a problem.
* Move CreateAccount to "Users and rights", as it allows creating
other accounts.
Bug: T333242
Change-Id: Ieba1631ca3c0562b784aa07d2b26c418448e70a1
|
| |
|
|
|
|
|
| |
Avoid global state by RequestContext::getMain() while a language is also
available from the context source of the special page
Change-Id: I8175c84c4166d4f3da6f7243d384eaefc41e0017
|
| |
|
|
|
|
|
|
|
|
| |
I056a97d466bde8342f7091a110f70bba3f105844 broke the behavior of the
UserLogoutComplete hook, since it gets the old user name after the
call to $user->logout(), causing the old user name to always be that of
the anonymous user. The old user name must be saved before the call to
$user->logout().
Change-Id: I971d13e2984d6dc07f6ef82f3b27cf8d6186296c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* In PermissionManager, if a user is anonymous but temporary user
creation is possible, grant elevated permissions at RIGOR_QUICK rigor
level. This is mostly to make skins show "edit" instead of "view
source" to anonymous users in the recommended permissions
configuration.
* Present temporary users as if they are not logged in in various places
in the interface: create/move permissions errors, login, preferences,
watchlist, BotPasswords, ChangeEmail, ResetTokens.
* Show a warning on login/logout about loss of access to the temp
account.
* On login, don't show the temporary name as a suggestion for the login
username.
Change-Id: Id0d5ffa46c3ca5c7b30d540cedbaa528b682aa85
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
|
| |
|
|
| |
Change-Id: I9c19e5ce8d789847d0f019372738a2eecb4c37a6
|
| |
|
|
| |
Change-Id: Ibc5849cc8ea7e7c4eb30ded9c1cfa5f52187c377
|
| |
|
|
|
|
|
| |
Special page now only requires POST
Bug: T222626
Change-Id: I056a97d466bde8342f7091a110f70bba3f105844
|
| |
|
|
|
|
|
|
|
|
|
| |
Special:Userlogout now requires a token
Api action=logout requires a csrf token and the request to be POSTed
Patch author: bawolff
Bug: T25227
Change-Id: Icb674095956bb3f6c847c9553c53e404402ea774
|
| |
|
|
|
|
|
| |
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
Change-Id: Ic878feaea72893a1c47ea79ac284e581209e1731
|
|
|
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
|
