Commit graph

1883 commits

Author SHA1 Message Date
STran 30227231f6 Disallow protected variable access on AbuseFilterViewTestBatch
A filter using a protected variable can be loaded via filter id
using testing tools even though the user might not have the right
to view protected variables. This can potentially leak PII and as
such, testing tools should check for the right before allowing
protected filters to be seen.

- Unload a filter asap if it uses protected variables and the
  requestor doesn't have viewing rights. This:
    + disallows loading of existing protected filters on page load
    + disallows testing against rules that use protected variables
    + disallows subsequent requests for protected filters (via API)

There is a known bug (see T369620) where no user feedback is
provided if an API request for a filter returns no result (typically
when no filter matches the requested id). This commit adds another
pathway to that bug (the filter exists but is protected and not
returned by the API) but does not update this UI/UX.

Bug: T364834
Change-Id: I6a572790edd743596d70c9c4a2ee52b4561e25f3
2024-07-10 05:31:03 -07:00
jenkins-bot 218627233b Merge "Only return filters visible to user in search" 2024-07-09 09:45:55 +00:00
jenkins-bot 98eab47d9b Merge "Simplify FilterEvaluator::getUsedVars using ::checkSyntax" 2024-07-08 12:42:18 +00:00
STran ceaedb8b95 Only return filters visible to user in search
Search is restricted to users with the right to view private variables
but not necessarily the right to view protected variables. Users who
don't have the right to view protected variables shouldn't be able to
search against protected variables, as this might leak the PII.

- Filter out filters using protected variables in search results
  if the user doesn't have the right to view protected variables

Bug: T367390
Change-Id: I7412112c9cc676f29d706b116b779bc17183a952
2024-07-08 02:47:57 -07:00
jenkins-bot 69508bf153 Merge "Add missing permission check to canSeeLogDetailsForFilter" 2024-07-05 10:09:47 +00:00
Matěj Suchánek bf180e0490 Simplify FilterEvaluator::getUsedVars using ::checkSyntax
Alternative approach to fixing the regression proposed by
Daimona in I78d3a2cd7bada962d7ef9b0f2c39d898bf8987ce.

Bug: T368203
Change-Id: I637367c3b3850f7988d890379fef7f4753159953
2024-07-05 11:32:09 +02:00
Daimona Eaytoy 99bb44beb4 Miscellaneous minor fixes
- Rename `$hidden` to `$privacyLevel` in Flags::__construct for
  consistency with other places.
- Rename `shouldProtectFilter` and simplify its return value to always
  be an array, since that's how it's currently used. Rename a variable
  that is assigned the return value of this method.
- Add a missing message key to a list of dynamic message keys.
- Rename a property from 'hidden' to 'privacy' in FilterStoreTest for
  consistency. Add a test for removing the protected flag.
- Update old comment referencing `filterHidden`; the method was removed
  in I40b8c8452d9df.
- Use ISQLPlatform::bitAnd() instead of manual SQL in
  AbuseFilterHistoryPager.
- Update mysterious reference to "formatRow" in SpecialAbuseLog.
- Update other references to the very same method in two other places,
  this time credited as "SpecialAbuseLog".
- Add type hints to a few methods; this not only helps with type safety,
  but it also allows PHPUnit to automatically use the proper type in
  mocks.

Change-Id: Ib0167d993b761271c1e5311808435a616b6576fe
2024-07-03 02:31:38 +02:00
Daimona Eaytoy 6ac574dada Add missing permission check to canSeeLogDetailsForFilter
`canSeeLogDetails` should also be checked when a filter is protected, as
it is the base right for being able to see abuselog entries. With this
in mind, check that immediately at the beginning of the method, instead
of repeating calls. Also merge the conditionals, and return early when a
permission check fails.

Move a test up so that it comes immediately after its data provider, and
add test cases for a few combinations of rights.

Change-Id: Ic3cf58f43803bef8bf2d65566434baff145b3fd5
2024-07-02 22:43:09 +02:00
jenkins-bot bc0ab54e2d Merge "Support more log actions in testing interface" 2024-06-29 21:43:59 +00:00
jenkins-bot 7cca085e24 Merge "Remove modification of wgCheckUserLogAdditionalRights" 2024-06-28 17:05:35 +00:00
Jakob Warkotsch 0bd53dfeb1 Remove unused phan suppressions
Change-Id: Ib42f9b00948506ae2c053f51cb7dfddb0f7eb480
2024-06-28 12:15:49 +02:00
Dreamy Jazz 7254e65665 Remove modification of wgCheckUserLogAdditionalRights
Why:
* The wgCheckUserLogAdditionalRights global is shortly being
  removed as no-longer necessary after T324907 removed the need to
  generate the action text on insert time. As such, the action
  text can be generated on view and therefore respect the rights
  that the viewing user has.
* This means that the config can be removed, as users with the
  'abusefilter-view' right will be able to see the action text
  associated with the entry because the log formatter will check
  for the right on view.

What:
* Remove the modification of wgCheckUserLogAdditionalRights in
  AbuseLogger::insertLocalLogEntries.

Bug: T346022
Change-Id: I7504e4729fde5e51f6a795fc3e60d735152b2eea
2024-06-27 16:43:25 +00:00
Kosta Harlan b93543ef00 ConfirmEditHandler: Use SimpleCaptcha API to invoke CAPTCHA display
Why:

- The previous attempt to integrate AbuseFilter with ConfirmEdit set
  a flag on the request object
  (I110a5f5321649dcf85993a0c209ab70b9886057c) didn't work in WMF
  production because in WMF, we load ConfirmEdit first, followed by
  AbuseFilter. Therefore any flag set in an AbuseFilter hook is ignored
  by ConfirmEdit

What:

- Remove implementation of ConfirmEditTriggersCaptchaHook, as this does
  not work when AbuseFilter is loaded after ConfirmEdit.
- Repurpose onConfirmEditTriggersCaptcha to handle non-edit actions only
- Implement the EditFilterMergedContent hook and call SimpleCaptcha's
  public confirmEditMerged method if CaptchaConsequence has specified
  that a CAPTCHA should be displayed, and if the CAPTCHA has not already
  been solved

Soft-Depends-On: Idc47bdae8007da938f31e1c0f33e9be4813f41d7
Bug: T20110
Change-Id: I7dd3a7c41606dcf5123518c2d3d0f4355f5edfd3
2024-06-26 16:07:40 +00:00
jenkins-bot 788571fb3a Merge "LoadExtensionSchemaUpdates: Remove unused path from 'runMaintenance' action" 2024-06-20 16:29:16 +00:00
jenkins-bot 8dd15bac76 Merge "Fix variable descriptions showing raw "($1)"" 2024-06-20 15:46:12 +00:00
jenkins-bot 72ab79dcd1 Merge "Remove AbuseFilterActorMigration" 2024-06-20 15:44:49 +00:00
Bartosz Dziewoński 29e8b6e13b LoadExtensionSchemaUpdates: Remove unused path from 'runMaintenance' action
MediaWiki has never used this path for running the maintenance
scripts, only the class name provided in the other parameter.
Providing the parameter is no longer needed in MediaWiki 1.43.

Bug: T367918
Change-Id: Ie098fa124039cc1122135cae72c74579d43dc04f
2024-06-19 19:58:17 +02:00
Matěj Suchánek 92334b698b Support more log actions in testing interface
- Allow testing "move_redir" page moves.
- Allow testing "create2" and "byemail" account creations.
- Add remarks in the code that "autocreate" account creations
  cannot be tested since they are not in the recent changes.

Change-Id: Idd38327df1477e1cba4396003a6c0f23cb75d276
2024-06-19 17:35:43 +02:00
jenkins-bot c1961b9d99 Merge "Use expression builder in AbuseFilterView::buildTestConditions" 2024-06-17 19:55:35 +00:00
jenkins-bot bb026443dd Merge "Drop af_user(_text) and afh_user(_text) fields" 2024-06-17 12:25:54 +00:00
Matěj Suchánek 1373bf8d11 Fix variable descriptions showing raw "($1)"
In 1904cf8, "($1)" were appended to the messages, but
the argument was not substituted in the var dump table,
showing literal ($1). Substitute <code>var_name</code>
to keep previous experience.

However, many translations have not been updated yet.
If the variable name was indicated by the message
argument, it would often be missing. Therefore, make
sure the placeholder is always present.

Bug: T360909
Change-Id: I1e4a97210c891c375b0f14c0891c2d25a0a389d1
2024-06-16 22:11:08 +02:00
Matěj Suchánek cb08d684d5 Remove AbuseFilterActorMigration
Bug: T188180
Change-Id: Idcacc9f63075b621bbc858a461dc6fb7ab7a9a39
Depends-On: I7dd5fc0f9d80636b0cdf3d995fe22c1f43a5b68d
Depends-On: Ibdb2b4096f26fc6752456a05f8d70a9a6d9609ad
2024-06-15 09:42:27 +02:00
jenkins-bot 92e1335cc8 Merge "Use ObjectCacheFactory" 2024-06-13 13:45:45 +00:00
jenkins-bot 4e919e4338 Merge "Add protected variable view permission checks" 2024-06-13 13:18:14 +00:00
Wandji69 5336a5ea41 Use ObjectCacheFactory
Bug: T363770
Change-Id: I465e251d4bbccd4ce98eb34ff05d749d3de84c43
2024-06-13 12:34:16 +01:00
STran abe6f1f4ee Add protected variable view permission checks
Some features restrict access when filters are private. These features
should treat protected filters similarly.

If the user doesn't have view rights for protected filters:
  - Disallow viewing of logs generated by protected filters
  - Disallow querying of matches against protected filters

Bug: T363906
Change-Id: Id84bd4ca7c8e0419fccc3ad83afff35067c9bf70
2024-06-13 03:15:04 -07:00
Umherirrender bd52ef6263 Use expression builder in AbuseFilterView::buildTestConditions
Bug: T350968
Change-Id: I2b91a7e5b18ac9bb4f79018014ed60e2f0830487
2024-06-12 20:43:46 +00:00
Umherirrender c3af3157b4 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: I48fcc02c61d423c9c5111ae545634fdc5c5cc710
2024-06-12 20:01:35 +02:00
STran f5d7b68908 Force full evaluation of filter in FilterEvaluator->getUsedVars()
In some cases, evaluation short-circuits when getting a list of
used variables resulting in an incomplete array of variables. This
subsequently causes issues when using those arrays for validation
checks (eg. if protected variables are used).

- Force full evaluation by setting `mAllowShort` to false

Bug: T364485
Change-Id: Idf2112d9ebf63846cde3ce9b8a8ade0ed909505d
2024-06-11 02:43:47 -07:00
Matěj Suchánek 469d643530 Drop af_user(_text) and afh_user(_text) fields
They have been migrated to their respective _actor counterparts.

Bug: T188180
Change-Id: I76ab3a4eeaf93bf009ba3a5d4a0315443b6839ef
2024-06-10 18:48:21 +02:00
jenkins-bot a5afeff49c Merge "Drop $wgAbuseFilterActorTableSchemaMigrationStage" 2024-06-10 13:27:07 +00:00
Matěj Suchánek c2da0d4857 Drop $wgAbuseFilterActorTableSchemaMigrationStage
First patch in a series of dropping the old columns.
Wikis now need to run the maintenance script (e.g., via
update.php) prior to serving this commit.

Wikimedia wikis are already on SCHEMA_COMPAT_NEW stage.

Bug: T188180
Change-Id: I86ec2b816eed17b62bf02bfd085570f132011b3e
2024-06-10 12:08:30 +00:00
jenkins-bot 056bcafe08 Merge "Use expression builder to build where conditions" 2024-06-09 03:45:36 +00:00
jenkins-bot 7bbf55935c Merge "Hide the checkbox for protecting a filter from users without the right" 2024-06-07 10:39:43 +00:00
jenkins-bot 4b9c2e612c Merge "Clarify protected status in filter checkboxes" 2024-06-06 18:00:27 +00:00
Thalia 6428ff9232 Hide the checkbox for protecting a filter from users without the right
Any filter using protected variables must be marked as protected via
the a checkbox on the filter edit form. This checkbox should not be
visible to users without the right to use protected variables.

Bug: T364485
Change-Id: If2c4b8f50f447e951d820798f181839d10501aa3
2024-06-06 17:49:46 +01:00
STran 1c96981117 Clarify protected status in filter checkboxes
The UI/UX for acknowledging a filter will be protected/is protected
could be clearer. The checkbox implemented currently doesn't make
it clear that the acknowledgement is mandatory and filters that are
already protected allow for the checkbox to be unchecked even though
that doesn't reflect that the filter cannot be unprotected.

- Update copy for the protected filter acknowledgement to make it clear
  that it's a mandatory acknowledgement, not an optional one
- Update copy for the error that shows when a filter that should be
  protected doesn't have the acknowledgement checked
- When a filter is already protected, disable the acknowledgement
  checkbox to indicate this is not mutable

Bug: T364485
Change-Id: I667fcca4511dff1ac3ca69930c5b5e5eb5001787
2024-06-06 00:23:39 -07:00
Thalia 8f39ef3b8a Fix permission error shown on history page for protected filter
When a user without the right to see protected filters visits
Special:AbuseFilter/history/<ID>, show the permission error
message for protected filters.

Before this commit, the error message for hidden filters is
used instead, even if the filter is not hidden.

Bug: T364465
Change-Id: If2573fe256a7e29e8184feaf2f0622659706fd56
2024-06-05 15:53:04 +01:00
jenkins-bot 3897096fd7 Merge "Implement 'protected' filter acknowledgement checkbox" 2024-06-05 13:42:33 +00:00
STran 69a28f7f03 Implement 'protected' filter acknowledgement checkbox
- Add a basic checkbox on the filter edit page that must be checked if a
  filter uses a protected variable to ensure that the user is aware that
  their filter will also become protected

Bug: T364485
Change-Id: I7c7652f7d1a81223229b839ff7eee5da4af74c8a
2024-06-05 05:43:25 -07:00
jenkins-bot 4e14afa6fb Merge "Allow variables to be restricted by user right" 2024-06-04 17:20:17 +00:00
STran bf28dbce0e Allow variables to be restricted by user right
Some exposed variables (eg. `user_ip`) used in filters are sensitive
and need to only be available to restricted groups of users.

Back-end changes:
- Add `AbuseFilterProtectedVariables` which defines what variables are
  protected by the new right `abusefilter-access-protected-vars`
- Add the concept of a `protected` variable, the use of which will
  denote the entire filter as protected via a flag on `af_hidden`

New UX features:
- Display changes to the protected status of filters on history and diff
  pages
- Check for protected variables and the right to see them in filter
  validation and don't allow a filter to be saved if it uses a variable
  that the user doesn't have access to
- Check for the right to view protected variables before allowing access
  and edits to existing filters that use them

Bug: T364465
Bug: T363906
Change-Id: I828bbb4015e87040f69a8e10c7888273c4f24dd3
2024-06-04 06:54:53 -07:00
jenkins-bot f9a410a600 Merge "Update documentation of mode argument" 2024-05-31 16:06:59 +00:00
jenkins-bot 10663ed4fd Merge "Convert af_hidden into a bitmask" 2024-05-30 18:11:24 +00:00
Umherirrender 69debb0a22 Use expression builder to build where conditions
Bug: T350968
Change-Id: I8a0fdf868efd403e02a68c5293a4e603d16657e6
2024-05-30 11:35:57 +02:00
Bartosz Dziewoński 94251ca97e Use StatusValue::getMessages() instead of deprecated methods
Added in MediaWiki in Ibc4ce11594cf36ce7b2495d2636ee080d3443b04.

Change-Id: I0b51f1210b9501961586fa25bf1f49bc68bab3d1
2024-05-28 21:04:59 +00:00
STran ca23e9f06b Convert af_hidden into a bitmask
Protected variables will cause the filter using them to become
protected as well. `af_hidden` can be used to track this flag,
as it is a TINYINT and can be converted into a bitmask with no
schema changes.

This is not a backwards-compatible change, as now all checks must
check the `hidden` flag specifically or otherwise will be cast to
true if any flag is set.

To support this change:
- "hidden" is considered a flag set in the `af_hidden`. This is a
  change in concept with no need for updates to the column values,
  as there is currently only one flag in the bitmask.
- `Flag`s store the bitmask as well as the state of single flags
  and can return either.
- Any checks against the `af_hidden` value no longer check a
  boolean value and instead now check the `hidden` flag value.

Bug: T363906
Change-Id: I358205cb1119cf1e4004892c37e36e0c0a864f37
2024-05-28 00:59:08 -07:00
Matěj Suchánek 9986f3016c Update documentation of mode argument
It has thrown exception since 357ddd4.

Change-Id: I07f10de450c599b9930526ef790dd7d23330d78d
2024-05-24 22:20:03 +02:00
jenkins-bot 58c5edce98 Merge "Add user_unnamed_ip variable" 2024-05-23 18:10:52 +00:00
STran fe0b1cb9e9 Add user_unnamed_ip variable
After temporary accounts are enabled, filters that rely on an ip
in the `user_name` will fail (eg. `ip_in_range` and `ip_in_ranges`).
To keep these filters working:

- Expose the IP through another variable, `user_unnamed_ip`, that can be
  used instead of `user_name`.
- The variable is scoped to only reveal the IPs of temporary accounts
  and un-logged in users.
- Wikis that don't have temporary accounts enabled will be able to see
  this variable but it won't provide information that `user_name`
  wasn't already providing
- Introduce the concept of transforming variable values before writing
  to the blob store and after retrieval, as IPs need to be deleted from
  the logs eventually and can't be stored as-is in the amend-only blob
  store

Bug: T357772
Change-Id: I8c11e06ccb9e78b9a991e033fe43f5dded8f7bb2
2024-05-23 07:19:48 -07:00
Umherirrender 1a56a29751 Use IReadableDatabase::expr for complex conditions on Special:AbuseLog
Bug: T350968
Change-Id: I3a86edd3f62d7276e33b5c155f0da1c8ef2a8cb5
2024-05-21 16:56:34 +00:00
jenkins-bot 37dfd7b025 Merge "Fix missing <thead> and <tr> in various places" 2024-05-15 06:49:50 +00:00
thiemowmde fc50073fb5 Fix missing <thead> and <tr> in various places
This removes the last usages of the problematic open/closeElement
from this codebase.

One actual issue gets fixed: Some of the <th> floated around without
a <tr>. That's technically invalid. Luckily the browsers are flexible
and show it correctly. Visually nothing changes.

Similarly <th> should be wrapped in a <thead>. This wasn't done
before.

Change-Id: Ia45096670888173e49f9c25e72f429f0961b75ae
2024-05-14 21:28:32 +00:00
thiemowmde 32bee4950f Remove bogus non-breaking spaces
This issue exists ever since this code was added in 2009. Note how
this element is invisible anyway. The non-breaking space is never
seen. The purpose of this element is to act as a container for a
debug result that will be put into this container via JavaScript.
I confirmed this still works fine without the placeholder character
being there.

The problem here is that this HTML entity is double escaped because
of the element() function. That would need to be a rawElement() call
or we can just remove it.

Change-Id: Id560f392be4cc2106a7ac224309c8b605bec3f6c
2024-05-13 13:15:51 +02:00
jenkins-bot ecf3268789 Merge "Provide integration with ConfirmEdit to show CAPTCHA" 2024-05-13 10:25:44 +00:00
jenkins-bot ea35d6680f Merge "Replace most Xml methods with Html" 2024-05-13 10:24:20 +00:00
jenkins-bot eebcbf5b94 Merge "Replace some deprecated functions" 2024-05-12 14:31:21 +00:00
Kosta Harlan f948c79066
Provide integration with ConfirmEdit to show CAPTCHA
Why:

- We want AbuseFilter to able to require a CAPTCHA if an action
  matches conditions in an AbuseFilter

What:

- Implement the ConfirmEditTriggersCaptcha hook, and check to see if
  the CaptchaConsequence set a global flag that indicates if we
  should show a CAPTCHA

Depends-On: Ie87e3d850541c7dc44aaeb6b30489a32a0c8cc60
Bug: T20110
Change-Id: I110a5f5321649dcf85993a0c209ab70b9886057c
2024-05-10 21:00:47 +02:00
Matěj Suchánek f9dcf46d70 Replace most Xml methods with Html
Xml::buildForm and Xml::fieldset are left.

Change-Id: Iff88869fd002165ec9ee80897d4deb585005b9d1
2024-05-08 13:08:52 +02:00
jenkins-bot 45499268ab Merge "Automatically add operators to description messages" 2024-05-04 14:09:32 +00:00
xtex bc6240fbda
Replace some deprecated functions
Change-Id: I4070a3655f2fac1d7afe1c3a244a64cb55019b9a
2024-05-04 21:32:04 +08:00
Amir E. Aharoni 1904cf8d1b Automatically add operators to description messages
This solves two issues described in bug T360909:
* Usage of unsafe characters that have to be
  manually reviewed in translations.
* Incorect display of some functions and
  operators in RTL UI languages.

It also reduces the translators' need to copy
those operators and functions, which are always
identical to English.

Finally, this patch adds those consistently to all
the messages. Some messages didn't mention them
for an unspecified reason, and now they are mentioned
everywhere.

Bug: T360909
Change-Id: I3283c91b6b1d5fe9b48b1477cd454d9def3a7ded
2024-05-04 07:08:33 +00:00
jenkins-bot afe8d8224c Merge "Remove custom API error code and data for blocked domains" 2024-05-03 17:04:55 +00:00
jenkins-bot f46a5bdff6 Merge "Fix Status combining MessageSpecifier and parameters array" 2024-05-03 16:20:24 +00:00
Bartosz Dziewoński c859f1b526 Remove custom API error code and data for blocked domains
A custom API error code and data similar to those used when an edit is
blocked by a normal AbuseFilter filter were accidentally added when
the feature was introduced. They should not be there, as the blocked
domains feature is not a normal AbuseFilter filter.

Hopefully nobody is relying on the format of this API response yet.

This commit changes the action=edit response for this case from:
{
  "error": {
    "code": "abusefilter-disallowed",
    "info": "The text you wanted to publish was blocked by our filter. The following domain is blocked from being added: example.edu",
    "abusefilter": {
      "id": "blockeddomain",
      "description": "blockeddomain",
      "actions": "disallow"
    }
  }
}
to:
{
  "error": {
    "code": "abusefilter-blocked-domains-attempted",
    "info": "The text you wanted to publish was blocked by our filter. The following domain is blocked from being added: example.edu"
  }
}

Change-Id: I61ccc8f44b63e5cd0f11b1fe9a00ff60104a6249
2024-05-03 16:58:37 +02:00
jenkins-bot a464cb7453 Merge "Simplify computation of derived links variables" 2024-05-03 07:22:40 +00:00
Umherirrender 6dccb17255 Migrate to IReadableDatabase::newSelectQueryBuilder
Also use expression builder to avoid raw sql

Bug: T312420
Change-Id: I83eb39f1c65a698108ae5bb72f633afda37a9f23
2024-04-30 20:45:51 +02:00
Matěj Suchánek 6526a5494b Simplify computation of derived links variables
Instead of having separate methods for each variable,
have one method which can work not only with "_links",
but with any array of strings.

Change-Id: I05f1b1cbd15f283b314c72259f183f7788e4e214
2024-04-27 10:56:58 +02:00
Alexander Vorwerk ce59b52c48 Add afl_var_dump to AbuseLogPager::getQueryInfo
Follow-Up: I08a399f1b6a66442317b151be5386c9d2485f1fb
Bug: T363213
Change-Id: I6cdd59687a7e23d472eb2aa7d5c55714967a77ee
2024-04-23 21:38:23 +02:00
jenkins-bot 0038f18b9b Merge "Migrate to IDatabase::newUpdateQueryBuilder" 2024-04-20 20:40:53 +00:00
Umherirrender 0a601acd6f Replace SELECT * with real list of used fields
It is a common pattern to avoid SELECT * and use the fields used by
the application to avoid loading to much data into memory and maybe use
performance benefits when fields are covered by index.

Change-Id: I08a399f1b6a66442317b151be5386c9d2485f1fb
2024-04-16 21:14:10 +02:00
Umherirrender 3691d773d3 Migrate to IDatabase::newUpdateQueryBuilder
Change-Id: I0b3fd864e5227068114ca7aa9e98361046f393c1
2024-04-15 23:07:44 +02:00
jenkins-bot be54bef5d8 Merge "Clean up injection of DatabaseBlockStore" 2024-04-15 04:01:23 +00:00
jenkins-bot e673b1e585 Merge "BlockedDomainFilter: Always return Status from filter()" 2024-04-14 21:15:31 +00:00
jenkins-bot 5c61521cbb Merge "Migrate to IDatabase::newInsertQueryBuilder/newDeleteQueryBuilder" 2024-04-14 18:28:13 +00:00
Bartosz Dziewoński c458651370 Fix Status combining MessageSpecifier and parameters array
Constructing a Status like this does not make sense (and I want
to deprecate it in I0675e557bb93a1c990fa923c50b9f6ee8a9836c8),
because the parameters are ignored by most Status methods:

  $error = Message::newFromSpecifier( 'abusefilter-blocked-domains-attempted' );
  $status = Status::newFatal( $error, 'blockeddomain', 'blockeddomain' );

But it worked here, because FilteredActionsHandler::getApiStatus()
used a deprecated method that allowed inspecting them.

I feel like this code in BlockedDomainFilter has been added to make
the tests pass without thinking about what it actually does, which is
to output a bunch of useless incorrect data in API errors.

I'm not sure if we can remove that now without breaking API
compatibility, so add the useless data in FilteredActionsHandler
instead, closer to where it's output.

Change-Id: Ic12241bd3029bc1b0e7a0023689a2be35ccd30a8
2024-04-14 00:02:32 +00:00
Bartosz Dziewoński a5e0851dc0 BlockedDomainFilter: Always return Status from filter()
From Status class documentation:
> The recommended pattern for Status objects is to return a Status object
> unconditionally, i.e. both on success and on failure -- so that the
> developer of the calling code is reminded that the function can fail, and
> so that a lack of error-handling will be explicit.

Change-Id: Ie6a55e297a35374fbdef880dd40e65f5cd00b6bf
2024-04-13 01:05:01 +02:00
jenkins-bot 098ff0b880 Merge "Use modern str_starts_with() and [ ... ] syntax" 2024-04-12 09:32:53 +00:00
Matěj Suchánek ad2600b6c0 Clean up injection of DatabaseBlockStore
The static method has already been migrated.

Also rewrite the test cases to avoid non-static provider (T337144).

Change-Id: Ibf98539f442e1ba8a9e9eb510784d40778123f17
2024-04-12 11:01:00 +02:00
thiemowmde c9f8343173 Use modern str_starts_with() and [ ... ] syntax
Change-Id: I2f2182e1e0850d7ebf832b7b8e0630ce56aad88b
2024-04-11 14:07:43 +02:00
Matěj Suchánek 68ff668543 Add new variable for last edit time
Bug: T269769
Change-Id: Ia41ecc2f8e6921ef3d5a16fec58202d584ad0727
2024-04-10 23:12:45 +00:00
Bartosz Dziewoński ac777ee88a Fix new Phan errors
MediaWiki core change Icb8822def9ce56f42ff52a8e469bb08d61d576c6
improved the type hints for OutputPage::addWikiMsg(), resulting in
two new errors:

* AbuseFilterViewEdit.php: False positive, update suppression
  to include new error code.

* SpecialAbuseLog.php: Genuine bug, the return value of
  Status::getErrors() can't be used directly as a message key.
  I have another change pending that introduces a nicer way
  to do this: Ibc4ce11594cf36ce7b2495d2636ee080d3443b04,
  but in the meantime, make do with the available getters.

Change-Id: Iee0e87496e27a5261adccb977361b3ccf4c9ee2c
2024-04-10 23:12:28 +00:00
Umherirrender 2df93d2b0f Migrate to IDatabase::newInsertQueryBuilder/newDeleteQueryBuilder
InsertQueryBuilder does not ignore insert of no rows,
adding some conditions to avoid calling the query builder

Change-Id: I1752b90cc3a7ec3a7f9ee32a1873bf8c82b6e02e
2024-04-02 21:15:40 +02:00
jenkins-bot 5ece43538f Merge "logging: Inject services into AbuseLogHitFormatter" 2024-03-30 01:51:25 +00:00
Timo Tijhof 473b4b1ec4 tests: Remove redundant wgMainCacheType=hash
Introduced in 2019 with 4c8dac4dc6. Redundant since 2020 with
commit c6c62e2c8f in MediaWiki core.

Bug: T139216
Change-Id: I51e9fc3899cf5505917d7899a395350dd86f5c0b
2024-03-29 15:37:58 -07:00
Umherirrender 13cf3eb20a logging: Inject services into AbuseLogHitFormatter
Bug: T356468
Change-Id: I42023b7dcdaf80aeb3367d82068e1de47f8ae424
2024-03-29 21:53:34 +01:00
Matěj Suchánek 4c2b09fa4e Replace deprecated ChangeTags method calls with ChangeTagStore
Bug: T360664
Change-Id: Icd7c38be9a8b54c29da7d33dfa9691e1c94feeb1
2024-03-29 11:08:41 +01:00
Amir E. Aharoni f6eca362e5 Reorder messages that describe operators
Make the order of the messages that describe
operators and functions in the en.json file
identical to their order in
KeywordManager::BUILDER_VALUES, which is also
their order in the actual UI of the filter editor.

This only reorders the mesages in the en.json file.
It's not supposed to change anything in
the end users' experience, but it will change
the order in which translators on translatewiki.net
see them.

This is a cleanup step towards removing
the explicit operators from the messages,
as suggested in T360909, and this reordering
is hopefully useful even without that change,
for general consistency.

Comments about particular messages:
* abusefilter-edit-builder-vars-timestamp-expanded
  is moved to the very end because, despite its key,
  it's not actually used in the filter builder.
* old-text, old-html, and minor-edit are moved towards
  the end because they are outdated. They are listed
  separately from BUILDER_VALUES and they are not used
  in the filter builder UI, but they are used in the logs
  of previous actions. This patch adds a code comment
  for the benefit of developers who touch that code
  in the future.

Bug: T360909
Change-Id: I86ecdca5a6173b9068d5e968e69c57c74a379888
2024-03-26 11:22:46 -04:00
jenkins-bot 430b7f81ad Merge "FilterLookup: Stop using DBAccessObjectUtils::getDBOptions()" 2024-03-25 18:20:52 +00:00
Amir Sarabadani fe0fed1d8f FilterLookup: Stop using DBAccessObjectUtils::getDBOptions()
And more db clean ups:
 - Use QueryBuilders
 - Stop relying on actor migration to simplify query building
 - Using expression builder in one case.
 - Change the default actor migration stage to read new and write both.

Bug: T354194
Depends-On: I7c116cab0c748707d9a9fd17feeffe26e7d188ec
Depends-On: I74002911749335f4323a03fb430d02f936771b7e
Change-Id: Id84d1db7a2991f3cccc2f4f1502ba77643ddef24
2024-03-21 20:22:02 +01:00
jenkins-bot ccd31a4e7d Merge "build: Updating mediawiki/mediawiki-codesniffer to 43.0.0" 2024-03-16 19:21:29 +00:00
libraryupgrader a8c9fab2cc build: Updating mediawiki/mediawiki-codesniffer to 43.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic

Change-Id: I6075c76d53a899aac56af027f9a956a6b9e6a667
2024-03-16 18:53:05 +00:00
Dringsim f0e2af4dd7
Remove wfGetDB from comments
Bug: T357632
Change-Id: I658c2e4cf4b889075e944488501bba1bc197965a
2024-03-17 00:35:04 +08:00
jenkins-bot 2468019359 Merge "Silence warnings related to writes to CheckUser in AbuseLogger" 2024-03-14 13:20:36 +00:00
Umherirrender e2a3c62896 Type hint IReadableDatabase in AbuseFilterExaminePager
Change-Id: I21392e5f7fb0e2e69b6e1d8e0a3c770d5454efad
2024-03-13 22:36:42 +01:00
Dreamy Jazz 8798b20369 Silence warnings related to writes to CheckUser in AbuseLogger
Why:
* The AbuseLogger::insertLocalLogEntries calls the CheckUser
  extension to insert the abuse filter log entries, so that
  checkusers can see these log entries in the results.
* However, these logs can be inserted on GET requests (such as
  when a filter matched a autocreation of an account). This means
  that the TransactionProfiler warns about writes.
* Updating the writes to occur on POSTSEND and also silencing the
  expectations about not performing write queries should prevent
  the logstash spam being caused by the TransactionProfiler related
  to this code.

What:
* Make the call to Hooks::updateCheckUserData occur on POSTSEND
  instead of PRESEND.
* Silence the TransactionProfiler for 'EXPECTATION_REPLICAS_ONLY'
  only for the call to Hooks::updateCheckUserData.

Bug: T359648
Change-Id: I08e1674ff4dca386c046374c77dd31b4b29bb41e
2024-03-12 15:12:58 +00:00
Umherirrender 5ab7282b4a Fix casing of dropdown-related methods
Methods gets renamed to lowercase variant in core (f1d7e68c)

Follow-Up: Ifda13ba9dee316709c424636ec3b285de8d0e9b1
Change-Id: I0ee5602536033268ff49aadf8d14320f8e5d03d2
2024-03-09 15:44:59 +01:00
Dreamy Jazz 85022190e5 Add user_type variable
Why:
* An AbuseFilter variable is needed that allows filters to determine
  what type the current user is. That is, whether the user is an
  IP address, temporary account, named user or external user.
* Currently filters implement this by inspecting the value in
  the 'user_name' variable, but this is likely to break when
  temporary accounts are enabled as IPs would be hidden.
* Giving a dedicated variable that indicates the type of the user
  allows filters to work out this information without having to
  know the specific username of the user before performing the
  check.

What:
* Add the 'user_type' variable which is lazily computed. It can have
  the value 'named', 'temp', 'ip' or 'external' depending on the
  type of the user. If the user does not match any of these, then
  the value is 'unknown'.
* Replace call to deprecated User::newFromIdentity with a use of the
  UserFactory service that is dependency injected.
* Add and update tests to ensure consistent test coverage.

Bug: T357615
Change-Id: Ifffa891879e7e49d2430a0330116b34c5a03049d
2024-03-07 10:38:25 +00:00
Derick Alangi 82d876ada8 Handlers: Drop AutoPromoteGroupsHandler::factory()
This patch solves a pending TODO which is to remove the ::factory()
method from the AutoPromoteGroupsHandler class. If the cache instance
is injected, we'll use it otherwise we'll default to a HashBagOStuff.

Bug: T358346
Change-Id: I2bc414da8733431d1d11025e954282fc7c73aa80
2024-03-06 21:38:12 +00:00
Dreamy Jazz f3c87749b8 Send AbuseFilter logs to CheckUser on PRESEND
Why:
* AbuseFilter can send AbuseFilter logs to CheckUser if they are
  not being sent to Special:RecentChanges.
* However, if this action is indirectly causing the creation of
  an account (such as through temporary account auto-creation),
  the log entry is sent to CheckUser before the temporary account
  actually exists in the 'user' table.
* This causes a CannotCreateActorException, as the performer does
  not exist on the wiki just yet and therefore cannot have an
  actor ID until the temporary account is created.
* This exception can happen if the AbuseFilter filter only creates
  a log entry and does not prevent the edit, so would not be
  necessarily fixed by T334623.
* Sending the logs to CheckUser on PRESEND avoids this, as the
  user will exist by the time that PRESEND is run but still allows
  any failures to cause an exception which can be seen by the user.

What:
* Wrap the call to Hooks::updateCheckUserData in AbuseLogger
  ::insertLocalLogEntries in a DeferredUpdate which is set to run
  on PRESEND.

Bug: T358632
Change-Id: Ia615fce3e26b88d5457ecc01231044b326b79973
2024-02-28 13:09:22 +00:00