| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Anything that wants to be "central" right now has to depend on
CentralAuth, and then either can't work without CentralAuth or has to
branch all over the place based on whether CentralAuth is present. Most
of the time all it really needs is a mapping from local users to central
user IDs and back or the ability to query whether the local user is
attached on some other wiki, so let's make an interface for that in
core.
See I52aa0460 for an example implementation (CentralAuth), and Ibd192e29
for an example use (OAuth).
Bug: T111302
Change-Id: I49568358ec35fdfd0b9e53e441adabded5c7b80f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AuthManager is coming, which will make it easier to add alternative
methods of authentication. But in order to do that, we need to finally
get around to ripping the password-related bits out of the User class.
The password expiration handling isn't used anywhere in core or
extensions in Gerrit beyond testing for expired passwords on login and
resetting the expiry date on password change. Those bits have been
inlined and the functions removed; AuthManager will allow each
"authentication provider" to handle its own password expiration.
The methods for fetching passwords, including the fact that mPassword
and other fields are public, has also been removed. This is already
broken in combination with basically any extension that messes with
authentication, and the major use outside of that was in creating
system users like MassMessage's "MediaWiki message delivery" user.
Password setting methods are silently deprecated, since most of the
replacements won't be available until AuthManager. But uses in unit
testing can be replaced with TestUser::setPasswordForUser() immediately.
User::randomPassword() and User::getPasswordFactory() don't really
belong in User either. For the former a new PasswordFactory method has
been created, while the latter should just be replaced by the two lines
to create a PasswordFactory via its constructor.
Bug: T47716
Change-Id: I2c736ad72d946fa9b859e6cd335fa58aececc0d5
|
| |
|
|
|
|
|
|
|
|
| |
- Removed space after cast
- Removed spaces in array index
- Removed double spaces
- Added spaces around string concat
- Fixed mixed tabs and spaces at begin of line
Change-Id: I38e849723f055d2d4c05cba72f5c245a28e8d5da
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Add the $wgExtendedLoginCookies configuration variable, which defines
the set of login cookies that can have their lifetime configured
independently
* Add the $wgExtendedLoginCookieExpiration configuration variable, which
dictates when the extended lifetime login cookies expire
* Default $wgExtendedLoginCookieExpiration to null so that the current
behaviour is unaffected
Bug: T68699
Change-Id: I0cc24524e4d7d9d1d21c9fa8a28c7c76b677b96c
|
| |
|
|
|
|
|
|
|
| |
Make password policies defined in a configurable policy, which is
defined by group. A user's password policy will be the maximum of
each group policy that the user belongs to.
Bug: T94774
Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
|
| |
|
|
|
|
|
|
|
| |
* This should avoid duplicate logging events on races or when
the cache fails to update.
* Also added getDBTouched() method to get user_touched itself.
Bug: T48834
Change-Id: Ib2cd0a2c72629fa4e13dcff4d2d6fbac8e690b32
|
| |
|
|
| |
Change-Id: Ie007d9da47df871f99ca19c4d7364f46f71c255b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent DoS attacks caused by the amount of time
it takes to hash long passwords by setting a limit
on password length.
Slightly restructures the behavior of User::checkPasswordValidity
in order to accommodate for the difference between
passwords the user should be able to log in with and
passwords they should not.
Bug: T64685
Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
|
| |
|
|
|
|
|
|
|
|
| |
* assertEquals takes expected, prior to actual
https://phpunit.de/manual/3.7/en/writing-tests-for-phpunit.html#writing-tests-for-phpunit.assertions.assertEquals
* ' trailing space ' test was failing with wgCapitalLinks false. Since the test is not about that,
I changed it to ' Trailing space '. The alternative would be to force wgCapitalLinks to true
with setMwGlobals or skip the test if it's true.
Change-Id: I677273045bdabb6248ffe2c2f003a3673b3fa51c
|
| |
|
|
| |
Change-Id: I491929e3d77688bf07640db4218ef99d6b888a82
|
| |
|
|
|
|
|
|
|
|
|
| |
Seems stupid omission. Title has one. Why do I need to think how
to determine how to users objects point to the same user. Allows
more expressive code.
Also fixes a bug in multiple places where users "0" and "00" were
considered equal.
Change-Id: I682392e564b332b77ab489f2ad394fa2d28098a5
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Skipped replacements:
* prefered → preferred
* prolly → probably
Skipped files:
* resources/lib/jquery.ui/jquery.ui.mouse.js
* resources/lib/jquery/jquery.form.js
Change-Id: Ib7923f362ddfca1b892bf5d601785d6b5aa5d44c
|
| |
|
|
| |
Change-Id: Ida1a43629853abf648867f29e3bf15bdfd4291a6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although 'added' to the database, the user name was cleared
in User::loadDefaults() and not added correctly to the database.
Then if one has BetaFeatures extension, then the test fails.
Via a hook, BetaFeatures does "User::newFromName( $user->getName() );",
that produces a null object as name is '127.0.0.1' and then
$user->getOption() fails.
loadDefaults() is automatically called by addToDatabase() with correct
parameters, so we can just remove the call.
Bug: 68626
Change-Id: Ibb5c60192eb83b2608f72b59d7705854549a5dac
|
| |
|
|
|
|
| |
They are not actually expected to be preserved, although they might be.
Change-Id: I34e15f3d1e5b9b825e6fc14814c8e9a6ac151ce9
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follows-up b36d883.
By far most data providers are static (and PHPUnit expects them
to be static and calls them that way).
Most of these classes already had their data providers static
but additional commits sloppily introduced non-static ones.
* ResourceLoaderWikiModuleTest, 8968d8787f.
* TitleTest, 545f1d3a73.
Odd unused method 'dataTestIsValidMoveOperation' was introduced
in 550b878e63.
* GlobalVarConfigTest, a3e18c3670.
Change-Id: I5da99f7cd3da68c550ae507ffe1f725d31e7666f
|
| |
|
|
| |
Change-Id: I00097a4706c4ada41a5697470b550c925ae6051d
|
| |
|
|
| |
Change-Id: I4663c37871492c1415152b2af0fda4f6de4f212f
|
| |
|
|
| |
Change-Id: Ifdbb431a6018c514b15ae71cc0c21b653a5e466d
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor the password checks to return a status object, so the function
can handle the entire error message, or return multiple error messages.
This patchset aims to keep the functionality identical. A followup
patchset can further improve the functionality. E.g., although
getPasswordValidity stated it could return an array of messages, it
never did so except from the hook, so most callers expect and handle a
single string.
Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add functionality to expire users' passwords:
* Adds column to the user table to keep a password expiration
* Adds $wgPasswordExpirationDays, which will force users to reset
their passwords after a set number of days. By default, this set
to false, so passwords never expire.
* Adds a default grace period of 7 days, where if the user's password
is expired, they can still login, but are encouraged to reset their
password.
* Adds hook 'LoginPasswordResetMessage' to update reset message, in
case an extension wants to vary the message on a particular reset
event.
* Adds hook 'ResetPasswordExpiration' to allow extensions to change
the expiration date when the user resets their password. E.g., if
an extension wants to vary the expiration based on the user's group.
If the user is in the grace period, they get a password reset form
added to the login successful page. If an extension prevents showing
the login successful page (like CentralAuth), it should be updated to
show a password change form during the grace period. After the grace
period, the user will not be able to login without changing their
password.
Also prevents a successful reset if the user is "changing" their
password to their existing password.
No passwords will expire by default. Sites will have to call
User->expirePassword() from their own maintenance script to trigger a
password reset for a user.
Bug: 54997
Change-Id: I92a9fc63b409b182b1d7b48781d73fc7216f8061
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The hooks are not actually being called multiple times,
since getDefaultOptions caches its return value
(except while unit testing).
However, this change caused a regression due to different
handling of saved values (e.g. false no longer saves
when the default is true).
This reverts commit ff355e87e2f7a41a87c37f43232a44113cb033e0.
Bug: 60653
Change-Id: Ibbd34dde5ec5fafbdf6097337cc0fa94614f0b85
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we only want to save non default user options, we have to strip
out any user option that match the default ones. We did that by calling
User::getDefaultOption( 'some option name' ); on each of the option.
Since the User mOptions property is a merge of the default option, we
end up doing a lot of unneeded processing. The loop roughly looks like:
User::getDefaultOption()
User::getDefaultOptions()
Language->getCode()
SearchEngine::searchableNamespaces()
language->getNamespaces()
wfRunHooks('SearcheableNamespaces')
wfRunHooks('UserGetDefaultOptions')
For EACH of the mOptions.
Instead this patch does an array_diff to strip out from mObjects any
default option. We still skip options whose value is false or null.
Test provided to make sure we only save what we want.
Change-Id: Ie98d3a17edab74401ed32f759ba11f723b56e376
|
| |
|
|
|
|
|
|
|
| |
Other cleanup includes
- Adding method scopes
- Fixing php comments
- Adding todos
Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are needed for OAuth grants.
Note that we don't bother with a 'viewmyoptions' right, since the
majority will be determinable from just observing the interface.
Note that the fact of having a confirmed email address cannot be
reliably hidden, and if the user has 'sendemail' they may be able to
determine the real name and email address by sending an email to another
account that they control.
Change-Id: I3f03dd010020e8d43cc2d3bca7b3ef7196d1c548
|
| |
|
|
|
|
| |
2 of n.
Change-Id: I5406673e99ed53e4e330ed47f022a17177544daa
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix almost all occurences of the following sniffs:
Generic.CodeAnalysis.UselessOverridingMethod.Found
Generic.Formatting.NoSpaceAfterCast.SpaceFound
Generic.Functions.FunctionCallArgumentSpacing.SpaceBeforeComma
Generic.Functions.OpeningFunctionBraceKernighanRitchie.BraceOnNewLine
Generic.PHP.LowerCaseConstant.Found
PSR2.Classes.PropertyDeclaration.ScopeMissing
PSR2.Files.EndFileNewline.TooMany
PSR2.Methods.MethodDeclaration.StaticBeforeVisibility
Change-Id: I96aacef5bafe5a2bca659744fba1380999cfc37d
|
| |
|
|
|
|
|
| |
consistent with WikiPageTest and other places, perform the test
with the Help namespace as a workaround for now.
Change-Id: I2b766c17f35e0e79662b6302c122225a1a33e7be
|
| |
|
|
|
|
|
|
|
|
| |
The bug has actually already been fixed, so this
patch just removes extraneous function calls and code in
User::getOption() and User::setOption(). It also adds
unit tests for user options (including a test for the
case provided in the bug report).
Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
|
| |
|
|
|
|
|
|
|
| |
UserTest::testEditCount did eleven calls to doEdit which is slow when
used with the sqlite backend. I have made to do less edits and also
marked it as '@group medium' which means the timeout will be 10 seconds
instead of 2 seconds.
Change-Id: If2d055075470f837009568d56b1119a57b177ba3
|
| |
|
|
|
|
|
|
|
|
| |
Rather trivial test for User::getEditCount as suggested by
Siebrand in https://gerrit.wikimedia.org/r/26457
This required adding the User in the test to DB, as the data
is written to and read from the DB.
Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit depends on the introduction of
MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4.
Various tests already set their globals, but forgot to restore
them afterwards, or forgot to call the parent setUp, tearDown...
Either way they won't have to anymore with setMwGlobals.
Consistent use of function characteristics:
* protected function setUp
* protected function tearDown
* public static function (provide..)
(Matching the function signature with PHPUnit/Framework/TestCase.php)
Replaces:
* public function (setUp|tearDown)\(
* protected function $1(
* \tfunction (setUp|tearDown)\(
* \tprotected function $1(
* \tfunction (data|provide)\(
* \tpublic static function $1\(
Also renamed a few "data#", "provider#" and "provides#" functions
to "provide#" for consistency. This also removes confusion where
the /media tests had a few private methods called dataFile(),
which were sometimes expected to be data providers.
Fixes:
TimestampTest often failed due to a previous test setting a
different language (it tests "1 hour ago" so need to make sure
it is set to English).
MWNamespaceTest became a lot cleaner now that it executes with
a known context. Though the now-redundant code that was removed
didn't work anyway because wgContentNamespaces isn't keyed by
namespace id, it had them was values...
FileBackendTest:
* Fixed: "PHP Fatal: Using $this when not in object context"
HttpTest
* Added comment about:
"PHP Fatal: Call to protected MWHttpRequest::__construct()"
(too much unrelated code to fix in this commit)
ExternalStoreTest
* Add an assertTrue as well, without it the test is useless
because regardless of whether wgExternalStores is true or false
it only uses it if it is an array.
Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
|
| |
|
|
|
|
|
|
|
|
| |
New test case, which checked, if for all available rights a right-
message exist (Core and Extensions)
Some missing rights added with extra patch sets (need merge/rebasing
before merge of this)
Change-Id: I28957835fb77a01a799439ad7b3d22b96db07204
|
| |
|
|
|
|
|
| |
Clearing another w/c
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/109537
|
| |
|
|
|
|
|
|
|
|
| |
This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller.
The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/105851
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/99470
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/99469
|
| |
|
|
|
|
|
|
|
|
| |
There are many cases this method will fail for non-latin languages,
but not added now since there are bugs reported on that already and results
a rewrite of the method as per UAX 31 standard.
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/99466
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/92589
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false.
* User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces.
* Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan.
* Fix tests that set User::mRights
The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/92364
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/91896
|
|
|
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/91895
|
