| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Add a REST API hook that allows disabling specific endpoints
or rejecting specific requests, similar to ApiCheckCanExecuteHook.
Bug: T383011
Change-Id: I8518cb1ad7f00594c9f31d7bf934b1ce74f18da9
|
| |
|
|
|
|
|
|
|
| |
And deprecated aliases for the the no namespaced classes.
ReplicatedBagOStuff that already is deprecated isn't moved.
Bug: T353458
Change-Id: Ie01962517e5b53e59b9721e9996d4f1ea95abb51
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This splits RouteFileModule into two classes, ExtraRoutesModule and
SpecBasedModule.
ExtraRoutesModule has no module prefix and supports
only "flat" route definition files and additional routes from
extension.json.
SpecBasedModule represents a single module defined in a definition
file similar to an OpenAPI spec. The idea is that a full OpenAPI spec
can be generated by filling in any missing information based on
information provided by the Handler implementation. In particular, the
definition of parameters and request body schemas will be generated.
A JSON schema for the new file format is added under docs/rest/.
Support for the intermediate format introduced in Iebcde4645d4 is
removed. It was not included in a release and was not being used outside
core tests.
Bug: T366837
Change-Id: I4ce306b0997f80b78a3d901e38bbfa8445bed604
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a "pretty" RestPath is configured for outside requests, we still
need the "ugly" path to work for backwards compatibility and internal
requests.
For example, the REST API could be available through /api/ as
well as /w/rest.php. This is equivalent to supporting page views
at /wiki/ as well as /w/index.php.
We can already set RestPath to /api, but then requests to /w/rest.php would fail. We need a way to support both at once.
Change-Id: I9ff8e7345e88b1a4235b6870ec04a87527ed271f
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I don't think these do anything with the documentation generators
we currently use. Especially not in tests. How are tests part of a
"package" when the code is not?
Note how most of these are simply identical to the namespace. They
are most probably auto-generated by some IDEs but don't actually
mean anything.
Change-Id: I771b5f2041a8e3b077865c79cbebddbe028543d1
|
| |
|
|
|
|
|
| |
Modules group together endpoints by a shared prefix. The idea is that each module has its own version and can generated self-contained self-documentation. This allows clients to have clear expectations about the endpoints of each module, no matter what wiki they are accessing. So far, each wiki may be exposing a different set of endpoints, with no way to provide a spec that describes that set of endpoints in a way that would be consistent across wikis and stable over time.
Bug: T362480
Change-Id: Iebcde4645d472d27eee5a30adb6eee12cc7d046b
|
| |
|
|
| |
Change-Id: I2629cfcb09fde6f18be824779a2c12c013ea0cb5
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 890558f1fa526550128bbfadcef94d72c430d717.
This restores Id584208d9b67d877606a0add1d71c9b1784cdb1b with some fixes.
Bug: T323786
Bug: T352742
Change-Id: Ib31c451ddd75b06c95a544c8a3d2a64b32264126
|
| |
|
|
|
|
|
|
|
| |
This reverts commit bb4b5c5f87f292ef00415aff96c628cfe59c34c1.
Reason for revert: patch breaks CI
Bug: T352742
Change-Id: Iaf57bad945f5cbd01508a513f0d219ec4b510ce8
|
| |
|
|
|
|
|
|
|
|
| |
This is only enabled in development mode for now.
It's intended as a baseline for further development,
the feature is not ready for production.
Bug: T323786
Change-Id: Id584208d9b67d877606a0add1d71c9b1784cdb1b
Co-authored-by: Atieno <pnjira@wikimedia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current signature of the various execute methods only takes a
boolean parameter to determine if the session should be safe against
CSRF, but that does not give callers fine-grained control over the
Session object, including setting a specific token.
Also, do not use createNoOpMock in getSession(), since it implies
strong assertions on what methods are called. This way, getSession
can also be used to get a simple mock session that tests may further
manipulate.
Make $csrfSafe parameter of SessionHelperTestTrait::getSession
mandatory. This way, callers are forced to think what makes sense in
each use case. The various methods in HandlerTestTrait now default to
a session that is safe against CSRF. This assumes that most REST
handlers don't care about the session, and that any handler that does
care about the session and where someone needs to test the behaviour
in case of bad/missing token will explicitly provide a Session that
is NOT safe against CSRF.
Typehint the return value of Session(Backend)::getUser so that PHPUnit
will automatically make it return a mock User object even if the method
is not explicitly mocked. Remove a useless PHPUnit assertion -- setting
the return value to be X and then veryfing that is equal to X is a
tautology, and can only fail if the test itself is flawed (as was the
case, since it was using stdClass as the return type for all
methods). Remove the getUser test case altogether, there's no way to
make it work given the DummySessionBackend, and the test isn't that
helpful anyway. More and more methods will have the same issue as soon
as their return value is typehinted.
Follow-up: I2a9215bf909b83564247ded95ecdb4ead0615150
Change-Id: Ic51dc3e7bf47c81f2ac4705308bb9ecd8275bbaf
|
| |
|
|
|
|
| |
The test cases were mostly ported from tests/api-testing/REST/Transform.js
Change-Id: Ie6b9f28b6e49e44c64f1fa73ca11e21c2b451474
|
|
|
We need a way to determine the URL of routes that are not public,
and should be using $wgInternalServer rather than $wgCanonicalServer.
This patch also refactors some test code to make changes to the
constructor of the Router class less painful.
Bug: T311867
Change-Id: If1878365d019434bb862c643c2350b63479c9844
|
