Commit graph

48 commits

Author SHA1 Message Date
Umherirrender 6dccb17255 Migrate to IReadableDatabase::newSelectQueryBuilder
Also use expression builder to avoid raw sql

Bug: T312420
Change-Id: I83eb39f1c65a698108ae5bb72f633afda37a9f23
2024-04-30 20:45:51 +02:00
Matěj Suchánek ad2600b6c0 Clean up injection of DatabaseBlockStore
The static method has already been migrated.

Also rewrite the test cases to avoid non-static provider (T337144).

Change-Id: Ibf98539f442e1ba8a9e9eb510784d40778123f17
2024-04-12 11:01:00 +02:00
libraryupgrader a8c9fab2cc build: Updating mediawiki/mediawiki-codesniffer to 43.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic

Change-Id: I6075c76d53a899aac56af027f9a956a6b9e6a667
2024-03-16 18:53:05 +00:00
Umherirrender bd84a6514c Use namespaced classes
This requires 1.42 for some new names

Changes to the use statements done automatically via script
Addition of missing use statements and changes to docs done manually

Change-Id: Ic1e2c9a0c891382744e4792bba1effece48e53f3
2023-12-10 23:03:12 +01:00
Matěj Suchánek 9beeca3752 Fix various typos and documentation issues
Change-Id: I1e9d297f665282d251343598e102e1d342488965
2023-09-04 12:55:17 +02:00
Umherirrender cd7e9d31a7 Use namespaced Title
Bug: T321681
Change-Id: I66fd9b70a5de06ac3c81bdf6a2a5bca64ed094c2
2023-08-19 19:49:36 +02:00
AnaïsGueyte 2efd6d9ac9 Replace userNameUtils with UserIdentityUtils
Where UserIdentity is available and where it's necessary to check ::isNamed

Bug: T342741
Change-Id: I5b52686f1c072282e76874f3863962345ca8097e
2023-07-27 10:29:31 -03:00
Abijeet b1e404fc79 ConsequencesFactory: Avoid creating Session object during service wiring
Service wiring should only depend on config, not on request state.

Creating a session object during service wiring causes issues with entry
points such as opensearch_desc.php that disable the session.

Bug: T340113
Change-Id: I2450b0b6821ff0b097e283ff660a0b8aeea9590a
2023-06-27 20:11:38 +05:30
thiemowmde b63d5c138e Use much more narrow IReadableDatabase and related where possible
Much more narrow interfaces. This code doesn't need more.

Change-Id: Iab0f1da27968246333a4a555b02bfb750cf9eedb
2023-06-14 19:42:01 +00:00
Thalia 573838efc5 Degroup: Return early if user is a temporary user
Treat temporary users the same as IP users. Neither has user groups,
so return early for both.

Bug: T335062
Change-Id: I20b48608cf6ba5f8e8e36a378d66c603d84b032f
2023-06-06 14:10:21 +01:00
AnaïsGueyte d42b7335d5 Update user type checks to handle temporary users
* Set the same block expiry for temp and anon users
* Don't block autopromote for temp users; they can't be autopromoted
* Bail early from CheckUserHandler if the user is temporary

Bug: T335062
Change-Id: I6b72537f568c4c70a0b86f1825ea30b767f5634a
2023-05-25 17:26:58 -02:30
Matěj Suchánek 8f6a428f02 Replace deprecated database object access methods
Use the very new getPrimaryDatabase and getReplicaDatabase.
We skip FilterLookup and CentralDBManager in this patch.

Change-Id: I22c6f8fa60be90599ee177a4ac4a97e1547f79be
2023-03-08 16:50:56 +01:00
Matěj Suchánek 396d892c60 Use ActionSpecifier to load the IP address
To avoid access to the global request context.

Change-Id: I4d97dbe8b693f1fcd5a4e84f2376752d8e954c18
2022-12-17 22:52:24 +01:00
Matěj Suchánek 52dcd4624f Use ActionSpecifier throughout the code
The motivation is to have a single immutable object providing
information about the action. It can represent the current
action being filtered, but also a past action stored in the
abuse log. It will hopefully help us get rid of passing
User(Identity) and Title/LinkTarget objects around together.

Change-Id: I52fa3a7ea14c98d33607d4260acfed3d3ba60f65
2022-12-16 22:52:03 +00:00
Daimona Eaytoy 6a48423861 Avoid phan suppression
Document the parameter as non-empty instead.

Change-Id: Ia0f6b231fd05da82c1967e6b4e22bdd258435bba
2022-10-09 13:57:39 +02:00
libraryupgrader 380f7b010a
build: Updating dependencies
composer:
* mediawiki/mediawiki-phan-config: 0.11.1 → 0.12.0

npm:
* stylelint-config-wikimedia: 0.13.0 → 0.13.1

Change-Id: I424244de96b2da894d781047a1e336514cb7707c
2022-10-07 21:05:41 +03:00
Matěj Suchánek 86c2695557 Treat consequences params less aggressively and consistently
In theory, it's possible that some consequences could use "0"
as one of their parameters. At least change tags, see T296642.
But PHP treats "0" as false.
Also make the code on all places consistent.

Change-Id: I5255dfb26878ceb4f78c4d8277521edbb4821d7d
2022-08-02 11:57:48 +02:00
Matěj Suchánek 93acf0d80b Delimit namespace and title text in warning keys
Bug: T311543
Change-Id: I20f42d27d35390dcba96cc26bcc245cbeeff59f5
2022-06-29 19:39:24 +02:00
Umherirrender 20fd8f7b07 Use LinkTarget in ConsequencesExecutor
The Parameters class already only needs a LinkTarget

Change-Id: I4e8e1d7c92f41502a084be3359b97e0d434f08c0
2022-06-28 19:46:50 +02:00
Umherirrender 30fefb75bf Use UserIdentity in ConsequencesExecutor
Change-Id: I281a30610595ed3e984f43aa747eff37abe72939
2022-06-27 22:05:18 +02:00
Matěj Suchánek 40564ca635 Remove $info argument from ReversibleConsequence::revert
It was a temporary catch-all variable, but we can replace it
(and probably won't need it).

Change-Id: Ie1a64455c47445050bd83c853b3cafd283d5d020
2022-06-08 11:59:18 +02:00
Daimona Eaytoy 2de5fce177 Refactor ConsequencesExecutor to process consequences in more steps
Introduce shorter methods, one for each steps, so that it's easier to
understand what the code is doing and figure out if the order makes
sense. The ConsequencesExecutor test is now a proper unit test. Also
simplify AbuseFilterConsequencesTest, removing old/wrong logic and
fixing two expected values that were actually wrong (but worked because
of the aforementioned wrong logic).

The only functional changes should be:
 - We pick the longest block *after* checking the ConsequenceDisabler
   consequences, so e.g. if a filter has a long block + warn and another
   filter has a shorter block, we still keep the second one if warn will
   disable the block.
 - Remove disallow in presence of dangerous actions after checking
   ConsequenceDisabler's and deduplicating blocks. Otherwise we may
   remove disallow for filters where block (etc.) doesn't end up being
   disabled. We may also want to consider not removing disallow at all,
   now that messages are customizable.

Bug: T303059
Change-Id: If00adbf2056758222eaaea70b16d3b4f89502c20
2022-03-19 15:49:36 +00:00
jenkins-bot 894b94bf7d Merge "Add logging when the 'block' action fails" 2022-03-07 09:26:42 +00:00
Daimona Eaytoy 4b6fff36e1 Move throttle range sizes to class constants
Change-Id: Iac436578f94022762b7f67959af894261c59fc66
2022-03-06 16:37:11 +01:00
Daimona Eaytoy a0fd0bae01 Overhaul throttle identifiers
- Use a /64 range for IPv6 instead of /16.
- Fix a curious and serious bug for IPv6, where grouping by range
  would only use the first (!) number of the IP address, due to the
  'v6-' prefix returned by IP::toHex.
- Fail hard if the identifier is unknown -- it's not something that's
  supposed to happen.
- Include the type name in each identifier, instead of prefixing all
  type names to all identifiers. This makes it easier to understand the
  parts of the key.
- Test the whole lot.

Bug: T211101
Change-Id: I54c4209f2f0d5a4c5e7b81bed240ca3e28a2ded7
2022-03-06 13:31:06 +00:00
Daimona Eaytoy 496c2ee370 Add logging when the 'block' action fails
Also avoid using User, use Authority instead.

Bug: T303059
Change-Id: I419ab3726d95ef600e2aa14dca5fa14066d245e3
2022-03-05 19:12:53 +00:00
Daimona Eaytoy 167f6cb642 Introduce ActionSpecifier
This is a plain value object that represents the action being filtered,
replacing associative arrays that were being used up to this point.

We should now check whether it's possible to make it not require an
accountname (which complicates things), and then use it in related
classes as well, e.g. Parameters.

Change-Id: I9550c14819b600c97c46b632cc1c2d447972d69c
2022-02-18 11:30:56 +00:00
libraryupgrader 2a4860e322 build: Updating mediawiki/mediawiki-phan-config to 0.11.0
Change-Id: I097d051e3c30e61d74a8e329b6110b219c72ec1a
2021-09-07 19:30:42 -07:00
Matěj Suchánek 83794d7cb4 Clean up Throttle::throttleIdentifier
In 1.37, UserEditTracker was changed to allow anonymous users
as well.

Change-Id: I70d9e6db13416b7c017319ecac3e7e604aacd586
2021-07-22 16:56:12 +02:00
libraryupgrader 5377ebe819 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)

Change-Id: I2b382f3bb236fb44eb24c6a257b13b8fd886541c
2021-07-21 18:51:18 +00:00
Matěj Suchánek d7ec0b992c Make phan not complain about Throttle::throttleIdentifier
UserEditTracker::getUserEditCount now allows anonymous users,
but it returns null and phan is aware of this. Suppress this
warning until at least 1.37 is required.

Change-Id: I9962abe08fa31d55421d8bdda23ea0a1c0471a86
2021-06-22 11:37:58 +02:00
Umherirrender 1fa7a83f60 Use static closures where safe to use
Created by I25a17fb22b6b669e817317a0f45051ae9c608208

Change-Id: I533690311ca559685de8a4bf123348c9bcfa5931
2021-04-30 20:55:35 +02:00
jenkins-bot f869c74bb6 Merge "Remove deprecated $wgAbuseFilterCustomActionsHandlers" 2021-04-17 14:58:53 +00:00
Daimona Eaytoy 25547c47ee SECURITY: Don't leak IPs when blocking anon account creations
The block log entry will be automatically suppressed, until we can
implement a better solution.

Bug: T152394
Change-Id: I8bae477ad7e4d0190335363ac2decf28e4313da1
2021-04-16 14:26:14 -05:00
Daimona Eaytoy f67c2d5434 Remove deprecated $wgAbuseFilterCustomActionsHandlers
Extensions should now specify custom actions using the
AbuseFilterCustomActions hook.

Change-Id: Id21640d406b18c627eedff39d3f246cf21e042b3
2021-04-11 14:49:50 +00:00
Daimona Eaytoy 92ecccbdc7 Simplify AbuseFilterBlockTest
Requires injecting a temporary block factory, and excluding
ManualLogEntry::insert from the test, but it's now much cleaner and
quicker.

It still cannot be a unit test due to the usage of User.

Change-Id: Iba9732d6d79733b31b45eb4d0187b1c8a82499dc
2021-03-05 14:18:01 +00:00
Daimona Eaytoy 0a45c0abc8 Don't return the status of doBlockInternal when processing block actions
This will not be correct if the target already has a partial block
applied (which is very rare BTW). Leaving a TODO because this is low
priority.

Also keep returning the status in tests, because it makes tests easier
to write.

Change-Id: Ifac795125927d584a31d95e1b4c4241eef860fa1
2021-01-19 22:38:20 +00:00
Daimona Eaytoy 005cc83642 Increase coverage for more classes
Change-Id: Iae6a24291f821fda77a45d8c1584de010af6a834
2021-01-17 17:38:58 +00:00
Daimona Eaytoy 8639e0c368 Introduce subclasses of Filter with specific use cases
In particular, this brings stronger typing for getID(), and we can get
rid of many phan suppressions.

Change-Id: Icbf3a6f7db8105082646ec227f62c09449fb165d
2021-01-17 00:47:29 +00:00
Daimona Eaytoy ab2ad164ff Improve coverage around consequences
Add a lot more unit tests, improve code testability, remove duplicated
integration tests.

Change-Id: Id8c9266ae107217047f267296070f26f575889d1
2021-01-15 00:51:04 +00:00
Daimona Eaytoy 496e5baaa5 Remove deprecated VariableHolder::getVar
Bug: T261069
Depends-On: I3468fa5339873efbbef1eaa22f4f654b4e9e166d
Change-Id: I46d69b0c43a45549ceddd837f2b37c76fec2e469
2021-01-03 19:14:13 +00:00
Daimona Eaytoy 6e27a9ddb3 Cleanup variables-related classes
Change-Id: I20a7fe1a40255043ed0d125dee61ea6052dda69c
2021-01-02 18:19:38 +01:00
Daimona Eaytoy 762d71c51d Create a dedicated namespace for variables-related classes
Some cleanup is left for later to keep the diff easier to read.

Change-Id: Ife445b5e47e707ab77ec867ac3b005866aa74ef2
2021-01-02 18:16:48 +01:00
Daimona Eaytoy d3b330b6d4 Create a VariablesManager service
This makes VariableHolder a true value object, and introduces a
stateless service, VariableManager, to operate on it.

Note, in theory, this new service is still cyclically coupled with
LazyVariableComputed. However, it's now two stateless service being
coupled, not two smart/god value objects, so we've still earned
something. For now, the dependency is hidden by using a callback. Some
alternatives for that are mentioned in a code comment.

Bug: T261069
Change-Id: I2f2c84c8e91472ba36084a8bbb4a923f6e04354b
2021-01-02 17:15:31 +00:00
Matěj Suchánek 85a3e230e6 Harmonize HookAborterConsequence::getMessage implementations
I think either all or none should consider global filters.
Are there any backwards compatibility concerns?

Change-Id: I22b664e9752588edc195dc4e4f5369392f91ad23
2021-01-02 13:07:57 +01:00
Matěj Suchánek 2793e7f1cf Reversible consequences
Introduce ReversibleConsequence interface for Consequence classes
whose potentially destructive actions can be reverted using
Special:AbuseFilter/revert. This allows moving reverting logic from
AbuseFilterViewRevert to individual Consequence classes and testing.

Unfortunately, the code is definitely not very clean now.

Change-Id: I558da711f1645ccf64792c6102cf743827171320
2020-12-31 14:43:32 +01:00
Matěj Suchánek 63b950e5b6 Test some Consequence classes and clean up
Sadly, these are not unit tests.

Bug: T201193
Change-Id: I4c977ab14b273b02803a63f0a7b152a581a838b2
2020-12-19 16:31:22 +01:00
Daimona Eaytoy b394956c22 Create a dedicated namespace for all consequences-related classes
Change-Id: Ibc39593e34da36e57b640af0b5bbf2145f725e92
2020-12-18 19:27:33 +00:00