Commit graph

52 commits

Author SHA1 Message Date
Amir Sarabadani 60cbc3b464 BlockedDomains: Use cleaner array building and add tests
Regarding array building: Instead of adding to array with
$array[] = 'foo' and then doing array_flip(), simply do
$array['foo'] = true;

Regarding tests: I originally wanted to create a unit test but I ended
up mocking so many things that it wasn't worth it and the config variable
is globaly which first we need to clean up after deployment is done.

Bug: T337431
Change-Id: Iac8dca7078668ee3441d19b6aafe499c1aa0d732
2023-06-12 17:46:55 +00:00
Amir Sarabadani 0acfe05251 Add abusefilter-bypass-blocked-external-domains right
This is similar to sboverride right in SpamBlacklist. Defaults are also
the same

Bug: T337431
Change-Id: Iaff91c1f9f7aece0787348dd071701ef99e0291d
2023-06-08 22:06:19 +02:00
Amir Sarabadani 7658885d75 BlockedDomains: Make lookup for domains added in blocked domains faster
We will have a pretty large list of blocked domains that we need to
swift through in each edit for any added domain. In order to cacth
subdomains being added, we have to do all sorts of complicated
operations and string search in large set of strings which is quite
slow. To fix that, let's simply pretend a user who has added
foo.bar.com, also added bar.com and com and do exact match in array of
strings making it much faster.

h/t Krinkle for the idea

Bug: T337431
Change-Id: I96795ed7d1a25f051db0b591dde21b032b138ded
2023-06-08 21:50:43 +02:00
Daimona Eaytoy caee78c24d Replace deprecated MWException
These are all unchecked.

Bug: T328220
Change-Id: I8d2f098a8b634d4a226b40ddaef31f0303a0789f
2023-06-07 17:41:20 +02:00
Amir Sarabadani 462096f523 Allow interface-admins to edit blocked domains json directly
For now, we will revisit this in the future. Specially if the
communities think otherwise.

Bug: T337431
Change-Id: I2847264eba9a3cc4fc47a22eacb523199015f9e7
2023-06-06 23:36:12 +02:00
Siddharth VP 8a22007034 BlockedExternalDomains: validate JSON structure before save
This makes raw page editing safer, and potentially enables opening up
access to less restricted user groups.

Bug: T337431
Change-Id: I14f21003a551f34b6e524e9b229613e79b0e5a70
2023-06-06 23:31:28 +02:00
James D. Forrester fb50c1f019 BlockedExternalDomains: Make this a special right, prohibit direct editing
Bug: T337431
Bug: T279275
Change-Id: I96d1e2c8d8728c26e38515032ef773770e26dda4
2023-06-01 09:20:44 -04:00
Amir Sarabadani adae5b95b5 Minor improvements to blocked domain filtering
See I3df949c4d41ce

Follows-Up: I3df949c4d41ce65bb4afa013da9c691ac05fc760
Change-Id: I81974a8d935838e00b4155454f2fb619f8a6bad9
2023-05-31 21:59:45 +02:00
Amir Sarabadani 53eb27f086 Introduce Special:BlockedExternalDomains
It is behind a feature flag. Improvements on it can happen in follow
ups. The patch is already quite massive.

Bug: T337431
Bug: T279275
Change-Id: I3df949c4d41ce65bb4afa013da9c691ac05fc760
2023-05-30 20:48:42 +02:00
AnaïsGueyte d42b7335d5 Update user type checks to handle temporary users
* Set the same block expiry for temp and anon users
* Don't block autopromote for temp users; they can't be autopromoted
* Bail early from CheckUserHandler if the user is temporary

Bug: T335062
Change-Id: I6b72537f568c4c70a0b86f1825ea30b767f5634a
2023-05-25 17:26:58 -02:30
Umherirrender 6fabca14c8 Use renamed CheckUserInsert*Hook interfaces
Follow-Up: I8d632f2808fde57c977c0ed22531db7b3741beef
Change-Id: I88bee654f80d9c40996ebef75136f310520a496f
2023-04-22 20:06:24 +02:00
jenkins-bot 290dd70bb2 Merge "Replace deprecated database object access methods" 2023-03-27 09:11:46 +00:00
Matěj Suchánek bb78cb0a56 Use actor table in AbuseFilter
This patch migrates abuse_filter and abuse_filter_history tables
to new actor schema.

MigrateActorsAF was copy-pasted from core's
maintenance/includes/MigrateActors.php before removal (ba3155214).

Bug: T188180
Change-Id: Ic755526d5f989c4a66b1d37527cda235f61cb437
2023-03-22 14:01:29 +01:00
Matěj Suchánek 8f6a428f02 Replace deprecated database object access methods
Use the very new getPrimaryDatabase and getReplicaDatabase.
We skip FilterLookup and CentralDBManager in this patch.

Change-Id: I22c6f8fa60be90599ee177a4ac4a97e1547f79be
2023-03-08 16:50:56 +01:00
Taavi Väänänen 7789ce1090
UserRenameHandler: Use core RenameUser classes
Bug: T27482
Change-Id: Ia36cd6d0ae8562101f8bcb0ddbf647097b6a8429
2023-03-08 12:53:43 +02:00
Dreamy Jazz 8e4a1237f1 Hook on privateEvent and logEvent insert hooks like CuChangesInsert
Hook on to CheckUserInsertPrivateEventRow and CheckUserInsertLogEventRow
to override the IP, XFF and User-Agent string when the user is the
abuse filter user for log events.

These two hooks are being added as log entries are being removed from
cu_changes and added into two new tables. Because the columns and their
names are different for these tables, reusing the same hook won't work
for callers that rely on setting values for a specific column name.

Edits and log entries performed by the abuse filter user need to be
marked as being by the software (and not using the IP, XFF and
User-Agent provided in the main request).

These hooks will not be run until the appropriate config is set to
write to the two new tables. Until that point using the one currently
defined hook will work for all actions.

Bug: T324907
Bug: T44345
Depends-On: I7c7754323ade9a8d96273c1742f30b1b5fbe5828
Follow-Up: Idd77545af94f9f9930d9ff38ab6423a72e680df9
Change-Id: Id78417e9d95220946f110afbe1430df5b3bb4f4f
2023-01-08 13:09:52 +00:00
Dreamy Jazz d3d0910bee Add RecentChange as a optional parameter for CheckUser hook
Add RecentChange as a optional parameter to the code that hooks
on CheckUserInsertChangesRow as this hook will soon provide a
RecentChange object if this row was triggered by a RecentChange.
If this row was not triggered by a RecentChange, then this
parameter will be null. This needs to be added before the parameter
is added to the definition of the hook in the CheckUser extension
as the tests will fail if all usages do not already have the new
parameter.

Bug: T324907
Change-Id: I44e54a3fca5558a1cb8d8f06a3990ded863454bc
2023-01-08 13:09:23 +00:00
dreamyjazz 627a73ec5e Ensure IP, XFF and UA are valid for abuse filter user actions in CheckUser
Change the IP to 127.0.0.1 (to indicate an internal IP), and blank
the XFF and UA when the performer of an action being logged by
CheckUser is the abuse filter user. Actions performed by the abuse
filter user can only be initated by the software, and as such should
not use the request's IP, XFF and UA. Also test the newly added
code.

Bug: T44345
Depends-On: I28acaaebd2d0067b700da0930e7b7ba924fa5c1c
Change-Id: Idd77545af94f9f9930d9ff38ab6423a72e680df9
2022-11-11 23:19:22 +00:00
Umherirrender 4fca77068c Clean up line indent with mixed tabs and whitespaces
Change-Id: Icc418130ad34e5f169bfc51bb13b58a7806bd636
2022-07-31 16:34:07 +02:00
jenkins-bot f13f3dcd2c Merge "Call IContextSource::getAuthority instead of IContextSource::getUser" 2022-07-29 10:25:23 +00:00
Umherirrender 11386c312d postgres: Fix changeNullableField calls
Follow-Up: I97cb12e6aa25d75ea24e187174db2fe88e5ce790
Change-Id: I61b8e102fd5041685941d89995f54a23ff5509c8
2022-07-13 22:13:48 +02:00
Umherirrender dc4dd928b7 Call IContextSource::getAuthority instead of IContextSource::getUser
Change to use Authority object where possible
to use the interface instead of implementation

Change-Id: I90ef126b3d799c3fc27467a4ffe671785c446d3e
2022-07-03 16:37:18 +02:00
Umherirrender e18136f269 Convert to abstract schema
Rename index on postgres and fix nullable fields

Bug: T259377
Change-Id: I97cb12e6aa25d75ea24e187174db2fe88e5ce790
2022-06-20 17:19:57 +00:00
TerraCodes 2c0e61a030 Add class to AF log contribs link
Continuation of MW core change 603941

Change-Id: I16ade657179fdce40b8acb7f8be8cde8b9a64949
2022-06-02 09:34:38 +00:00
Daimona Eaytoy 59eb3b70fb Inject dependencies into the authentication provider
- Define it with the extension.json key, instead of using the
  registration callback
- Inject the services it needs
- Replace direct User instantiation with UserFactory
- Move log subtypes to extension.json as well

Change-Id: I86a761c7fa844b1f417b974798373622a15f6411
2022-04-09 18:44:25 +02:00
Alexander Vorwerk 9bc01b4986 Use namespaced Renameuser classes
Change-Id: Ibac446d50a34a26182b801fa15c8a8ddffd2eea0
2022-03-06 17:10:41 +00:00
Daimona Eaytoy 5e95676e99 Rename filter_timestamp index in a different file
Otherwise there might be interferences with the remove-afl_filter patch.

Bug: T291725
Change-Id: If339663d491e1da4a118c13cd667d228365b4864
2021-10-20 15:22:04 +02:00
Daimona Eaytoy f2e2f5ae48 Move renaming of the afl_wiki_timestamp index to its own file
Note that this doesn't have to be applied in WMF prod, since the indexes
are already correct there.

Bug: T291725
Change-Id: I7fcee0581f469e0d7ada43d1f30f31061c5bf5c0
2021-10-16 16:55:52 +00:00
Daimona Eaytoy 020f8a09b4 Remove leftovers of AbuseFilterAflFilterMigrationStage
On second thought, no need to keep the migration script now, since it's
unusable anyway.

Also remove an usage in SpecialAbuseLog, likely a rebase artefact.

Change-Id: I938924b3617ef30046d8317e68a101ed2c1883d3
2021-09-25 03:48:37 +02:00
Daimona Eaytoy dae374aec2 Remove afl_filter entirely
As per T220791, the old schema and the flag can be removed in 1.38.

Bug: T220791
Change-Id: Ic6b1c8a22d17a301faf32d2e23778d90c41c39de
2021-09-18 11:06:10 +00:00
Daimona Eaytoy e9795468c4 Switch filterable actions hooks to the new system
Bug: T261067
Bug: T211680
Change-Id: I0e7e4a48b56c3e5fde56f50693fd0cdc19c30dd0
2021-08-16 14:18:56 +00:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00
Tim Starling 2c939e28a9 Move onUserMergeAccountFields to its own file
Sharing a handler class with UserRenameHandler means that attempting to
merge users fails due to a missing interface if AbuseFilter and MergeUser
are installed but Renameuser is not installed.

Change-Id: I1244ab1c446840ff2648248f943d7fc784b889a7
2021-05-06 11:33:24 +10:00
libraryupgrader 06cdddc9d0 build: Updating composer dependencies
* mediawiki/mediawiki-codesniffer: 35.0.0 → 36.0.0
* php-parallel-lint/php-parallel-lint: 1.2.0 → 1.3.0

Change-Id: I92d6f6d6f817765df24f845103a489624f4290f2
2021-05-02 06:41:54 +00:00
Daimona Eaytoy c091a2f749 Fix MySQL db patches compatibility
Follow-up I574bda15f0f5c92a7d97a6e3150981b8f97ee7fc
Apologies for not noticing before:

If somebody hadn't already added the afl_filter_id column, the
rename-indexes patch would try to rename a non-existing index
(filter_timestamp_full and fail). So put rename-indexes after the other
patch.
Then, for the afl_filter_id patch, check the column and not the index.
We were checking the index because it's the last thing that the DB patch
does (so if the index is found, we can be certain that the patch was
fully applied). However, now that renaming the index happens afterwards,
if somebody had already added afl_filter_id (with the old index name),
running the updater would try adding it again, because the new index
name isn't found (as it's renamed later).

Change-Id: I0250a7c187202facd932c160ace57930db510f64
2021-04-25 11:28:35 +02:00
Daimona Eaytoy 91d9e2e0d3 Give MySQL indexes explicit names, align MySQL and SQLite
Bug: T251613
Change-Id: I574bda15f0f5c92a7d97a6e3150981b8f97ee7fc
2021-04-15 11:30:30 +02:00
Daimona Eaytoy 560d6fe7b5 Drop database patches for MW < 1.27
Bug: T280012
Change-Id: I4ba68f1c7784f7f8b4cf661fe5e0918103c9dc15
2021-04-13 14:12:05 +02:00
James D. Forrester 6849817cf0 Make default wgAbuseFilterAflFilterMigrationStage SCHEMA_COMPAT_NEW
The only user we were worried about has now migrated to this; it auto-
ran in other installs just fine, so let's proceed.

Bug: T269712
Depends-On: I2b905f1e13ec13ec94d33527803c91c04b491eb2
Change-Id: Ie7d6bc95ebc871b0effee069e2146f2750d5f408
2021-04-12 15:29:00 -07:00
Daimona Eaytoy da6165b3dd Move all "secondary" hooks away from AbuseFilterHooks
Every hook that is not directly responsible for filtering an action is
now moved to its own handler class. Some of these are still static
methods because the respective hooks still use the old system.

Bug: T261067
Change-Id: I157169f968a7d6a4d1bcfde09358e5a66a3353bf
2021-02-01 17:29:26 +01:00
Daimona Eaytoy 10c7a11077 Improve coverage for hooks
- Exclude a couple of classes from coverage reports
- Add tests for all handlers
- Add tests for the runner, copied from core
- Make AbuseFilterRunner a real service

Change-Id: I7a0fe3cd8300faef5ef72d7f986b1734c324d8d1
2021-01-14 22:49:24 +01:00
Daimona Eaytoy d2fa65673c Move maintenance scripts to a separate namespace
Depends-On: Iaf3c218abd5578d604a89634c38d9156bb19a0d2
Change-Id: Ifcc2bff9e400fde564179fe6b96496ceae6b8623
2021-01-04 12:09:00 +01:00
Daimona Eaytoy a6176399b1 Make tests pass on SQLite
Skip a test that fails with
  Wikimedia\Rdbms\DBQueryError: Error 5: database is locked
  Function: Wikimedia\Rdbms\Database::beginIfImplied (MediaWiki\Extension\AbuseFilter\FilterLookup::getAllActiveFiltersInGroupFromDB)
  
Probably due to some concurrency issue caused by the duplicate connection, and also with

  Wikimedia\Rdbms\DBQueryError: Error 1: no such table: unittest_external_abuse_filter
  Function: MediaWiki\Extension\AbuseFilter\FilterLookup::getAllActiveFiltersInGroupFromDB
  
for unknown reasons.

Move the mwGlobals override inside the test to avoid the same "database is locked" error
on every other test in that class.

Bug: T251967
Change-Id: I552a8d1fa532941f630fd734e590993e7462aeb0
2020-12-31 20:11:10 +00:00
Daimona Eaytoy b394956c22 Create a dedicated namespace for all consequences-related classes
Change-Id: Ibc39593e34da36e57b640af0b5bbf2145f725e92
2020-12-18 19:27:33 +00:00
Matěj Suchánek 2da4cb4321 Implement GetAutoPromoteGroupsHook
Test coverage included.

Bug: T261067
Change-Id: Iba49f0518d2c1a72405498b2743e5ef300dd6d61
2020-12-15 18:01:04 +01:00
Daimona Eaytoy 815ef6051c Split afl_filter in afl_filter_id and afl_global
Add a script to migrate the columns (which can also
be executed in dry run), and a config option with the migration stage
(defaults to SCHEMA_COMPAT_OLD).
Some of the script-related code is stolen from
Ic755526d5f989c4a66b1d37527cda235f61cb437.

Bug: T220791
Change-Id: I7460a2d63f60c2933b36f8383a8abdbba8649e12
2020-12-08 18:31:27 +00:00
Reedy 95d8278b58 Clean up SchemaChangeHandler
* Move all SQL files into db_patches (or below)
** Remove db type from filename
* Remove a lot of duplicated code and simplify

Change-Id: If22f2a2c46a59ac24c89ce612c74d169f053ab26
2020-11-29 19:14:24 +00:00
Reedy f11bbe1c9b Use ::class rather than stringified class name
Change-Id: I5695f40627122b76d792a3a05c97c42d921a5536
2020-11-28 11:19:51 +00:00
Matěj Suchánek d76affb1db Move ChangeTags stuff to separate namespace
Change-Id: I6d7bed0e62f001f82c00a3528cc0018388c9c70e
2020-11-27 15:13:34 +00:00
Daimona Eaytoy ccf8afe75b Add typehints to hook handlers
Needed after core change I95bb47104ad3dc0a69c812c627ffa631c5dc6ace to
make phan pass on master.

Change-Id: I6202212493340064945a559799e248130f418d6e
2020-10-28 11:37:07 +01:00
Daimona Eaytoy b309c804fc Add dedicated classes for more hook handlers
The schema changes hook was chosen because the handler is very long. The
test ones were chosen to keep test things away from actual code.

Bug: T261067
Change-Id: Ie06bf62399f6353e3e268cccb3fe4b41bbf951c5
2020-10-22 18:23:09 +02:00