Commit graph

738 commits

Author SHA1 Message Date
James D. Forrester 607ebb965c build: Upgrade eslint-config-wikimedia from 0.25.1 to 0.26.0
LibUp was getting caught out by the false-positive hit to
es-x/no-resizable-and-growable-arraybuffers, so doing a
manual fix to make progress.

Otherwise just whitespace changes.

Change-Id: Ibf20dd2d88613b0a74813c33239e7d0bac682b17
2024-02-06 09:26:59 -05:00
Dreamy Jazz a5b68cf46d Don't attempt to steal or create the FilterUser in CheckUserHandler
Why:
* When CheckUser asks the AbuseFilter extension for modifications
  to rows inserted into the CheckUser tables, the AbuseFilter
  extension attempts to get the Filter user via User::newSystemUser
* User::newSystemUser can deadlock if multiple requests to create
  the system user are being made at once.
* The CheckUserHander does not need to create the abuse filter system
  and instead only needs to know if a given $user is the equal to
  the FilterUser.
* As such the FilterUser service needs to provide a way to check if
  a given $user is equal without creating the FilterUser.

What:
* Add FilterUser::isUserSameAs which returns a boolean value
  indicating whether the Abuse Filter system user is the equal
  to a given UserIdentity in the same way that UserIdentity::equals
  is implemented.
* Refactor ::getUser to get the username for the filter user in
  a separate method, so that the ::isUserSameAs method can also
  use this method. Name this new method ::getFilterUserName.
* Add a test for the FilterUser service to ensure consistent test
  coverage
* Convert the @covers and @coversDefaultClass annotations to be
  a @covers for the class. This is because PHPUnit recommends this in
  https://docs.phpunit.de/en/9.6/annotations.html#appendixes-annotations-covers-tables-annotations

Bug: T356275
Bug: T346967
Change-Id: I8a101781bb47612deabb0f2a06a398ac13e860e6
2024-01-31 19:32:52 +00:00
gerritbot 71c181219a Remove indirect calls to IDBAccessObject::READ_* constants
We are getting rid of the schema of implementing this interface and
calling self::READ_* constants, it's confusing, inconsistent, prone to
clashes and isn't really useful for non-ORM systems (which we are not)

Bug: T354194
Change-Id: I5d7a2c91a49311a6bdf6e56053c08610d4d6d110
2024-01-26 09:25:35 -05:00
Novem Linguae 0d33825853 Remove $this->tablesUsed from PHPUnit tests
Deprecated in T342301 in v1.41. This is now tracked
automatically. The variable can be safely deleted.

Change-Id: I7f42f3bfc58508421f4758089482fd1ed68c42c2
2024-01-14 04:45:29 -08:00
Taavi Väänänen 80a8764c8d
ActionVariablesIntegrationTest: Support JsonContent using tabs
Bug: T326065
Change-Id: I67c87484ea4ec23f703480c8d423b800c74f6518
2024-01-02 23:42:23 +02:00
Umherirrender bd84a6514c Use namespaced classes
This requires 1.42 for some new names

Changes to the use statements done automatically via script
Addition of missing use statements and changes to docs done manually

Change-Id: Ic1e2c9a0c891382744e4792bba1effece48e53f3
2023-12-10 23:03:12 +01:00
jenkins-bot 22435fe600 Merge "Replace BadMethodCallException with LogicException" 2023-11-19 13:03:56 +00:00
thiemowmde 2def63118e Replace BadMethodCallException with LogicException
The BadMethodCallException is documented as "thrown if a callback
refers to an undefined method or if some arguments are missing".
This is not what happens in these places.

Change-Id: Ic95b67acc2e17eea1dd0fa1d72f9ac94a86bcf17
2023-11-16 19:10:50 +00:00
thiemowmde 71170d6db1 Fix typo "Builer" → "Builder"
This luckily doesn't appear anywhere else:
https://codesearch.wmcloud.org/search/?q=EditBoxBuiler

Change-Id: I8238015b10cc729a2df7b56be7e3eb5140f8a070
2023-11-16 20:00:41 +01:00
Timo Tijhof 09438fd015 phpunit: Avoid hardcoding exact mw-parser-output class attribute
Needed by Ib130a055e46764544af0f1a46d2bc2b3a7ee85b7.

Bug: T341244
Change-Id: Icd9c079f5896ee83d86b9c2699636dc81d25a14c
2023-10-19 19:02:21 -07:00
thiemowmde 8565b8d7c4 Use assertStatusGood and such from MediaWiki core
Turns out the MediaWikiIntegrationTestCase base class comes with a
bunch of convenience methods for this. We can even remove the custom
messages because these methods already print a lot of debug info in
case of a failure.

Change-Id: I61fd86f1560c8e3bcf39a30b09fecdb063424613
2023-09-28 12:24:52 +00:00
jenkins-bot 1f1c5e477b Merge "When testing against a page creation in RC, set page_id to 0 as in the real filtering" 2023-09-11 09:28:33 +00:00
Amir Sarabadani ead29fc0fe Re-enable skipped test
Depends-On: I04c1dcf5129df437589149f0f3e284974d7c98fa
Change-Id: Ib071cd62d21090d28088729d2b2850363b750dae
2023-08-25 17:06:15 +02:00
Amir Sarabadani 2745b58451 Mark FilteredActionsHandlerTest::getFilteredActionsHandler skipped
Temporarily as I rename Status class.

Change-Id: I5f89ecf27ce1471a74f31c6018806461781213c3
2023-08-25 14:59:08 +02:00
Derick Alangi 623b9dbea3
Migrate DeferredUpdatesManager to use DeferredUpdates directly
Reverts part of Id9056528a433faf0, to switch to DeferredUpdates in
CirrusSearch back from DeferredUpdatesManager.

Bug: T265749
Change-Id: I8126cc76440724753c356c48ba4e0fcc9be5b41a
2023-08-21 12:59:28 +01:00
Umherirrender 62127964b7 Use namespaced MediaWiki\User\ActorMigrationBase
Bug: T321681
Change-Id: If3940c982d55643a685e2dedccab0540f86b9ae9
2023-08-20 01:08:09 +02:00
jenkins-bot e23b4bf8ef Merge "Use namespaced Title" 2023-08-19 18:33:50 +00:00
Umherirrender cd7e9d31a7 Use namespaced Title
Bug: T321681
Change-Id: I66fd9b70a5de06ac3c81bdf6a2a5bca64ed094c2
2023-08-19 19:49:36 +02:00
Daimona Eaytoy 85f8f90531 Clean up AbuseFilterConsequencesTest a bit
Most notably, make it not use additional DB tables to test global
filters. Instead, just pretend that the local database is not local (via
config) and "hide" local filters with a simple test-only flag in
FilterLookup.

Change-Id: Ib431dbf6c9d84978ee84e7f0671cfcbf8a54d7a2
2023-08-19 15:31:41 +00:00
Daimona Eaytoy a10765baec Use real user ID in EchoNotifierTest
Echo will at some point try to load the user with the given ID, and will
throw an exception if it doesn't exist. The test is currently passing
just because we're not properly cleaning DB tables, and the user with ID
1 happens to exist at that point, but it will fail with core change
Ie2f1809d.

Change-Id: Ie686f4d5c2842e45a6ed564b311bb5d9b0265091
2023-08-18 01:51:09 +02:00
Umherirrender 8e6d820154 Use HookHandlers for UserMerge hook
Bug: T254306
Depends-On: Ib78dae49854863af1a37a00636737c94694776ae
Change-Id: If2bc517fb612199f4d744efbfa261ee5c556b6a5
2023-08-16 09:44:30 +02:00
Umherirrender aef4466d4b tests: Split long line in importingFilters.js
tests\selenium\specs\importingFilters.js
   81:1  warning  This line has a length of 106. Maximum allowed is 100
max-len

Change-Id: Ic8bee37971afb6fe4ba7102d687f0fa212092f4c
2023-08-10 23:53:17 +02:00
jenkins-bot 4f6ff34a26 Merge "tests: Avoid DB access in non-Database tests" 2023-08-07 13:13:27 +00:00
jenkins-bot e566cb1327 Merge "Avoid TestUser in non-database tests" 2023-08-07 13:13:25 +00:00
Daimona Eaytoy dcef8cebc6 tests: Avoid DB access in non-Database tests
These tests were accessing the Database, for mainly 3 reasons:
- User::newSystemUser
- Static methods in ChangeTags
- Echo's Event class

There isn't much we can do about them, so add tests to the Database
group where needed. In some cases, there are already comments that these
tests should be made unit tests once possible.

Bug: T155147
Change-Id: I8a0d52e0a4cae8a4059b62867853a73e60c878a1
2023-08-06 22:19:03 +00:00
Daimona Eaytoy 2a6b7edecb Avoid TestUser in non-database tests
TestUser requires a DB connection, so avoid using it in database-less
tests. Add to the Database group tests that are making DB writes (e.g.,
for log entries).

Change-Id: I211cb60296e5c2446128fcdf2caaadc728a8c272
2023-08-06 22:18:49 +00:00
Amir Sarabadani 049e602b07 BlockedDomains: Move filtering logic to a dedicated class
I'm planning to add support for bypass and regex-based blocking which
means it'll grow a bit. So let's give it a dedicated class.

Bug: T337431
Change-Id: I5a6fe2fd2f1efdebd8cada0ba6c481341f830e27
2023-08-06 16:27:23 +02:00
jenkins-bot a3ffaba341 Merge "Replace userNameUtils with UserIdentityUtils" 2023-08-06 10:00:04 +00:00
gerritbot 806ac5285d Migrate ILB::getConnectionRef() calls to ILB::getConnection()
Deprecated since 1.39 (I6e7544763bd)

Bug: T343277
Change-Id: I1d6d8d8bee8b39a5d364d8bb65f5f9a85194114d
2023-08-03 22:28:51 +00:00
Umherirrender c72b6a20f0 Pass ParserFactory to LazyVariableComputer
Make the init of Parser lazy

Bug: T343070
Change-Id: If0f0ca3c4aa2136c85903289f7f80b95dc5132c8
2023-07-29 14:20:07 +02:00
AnaïsGueyte 2efd6d9ac9 Replace userNameUtils with UserIdentityUtils
Where UserIdentity is available and where it's necessary to check ::isNamed

Bug: T342741
Change-Id: I5b52686f1c072282e76874f3863962345ca8097e
2023-07-27 10:29:31 -03:00
jenkins-bot 78c7334d6a Merge "Split VariableGenerator::addEditVars" 2023-07-17 23:26:53 +00:00
Daimona Eaytoy 2a89b3fb6d Skip CheckUserHandlerTest if CheckUser is not installed
The handler class uses hook interfaces from the CheckUser extension, so
it can't run if CheckUser is not installed.

Change-Id: I5f40366f27cc885e95e1bb93ec421b09c7caa9a6
2023-07-15 22:04:42 +02:00
Amir Sarabadani 85639c857a Re-enable skipped tests with fixes
Depends-On: Ia55cb6cbdb28484e820f9cf3d6aacac00a86ffab
Bug: T341828
Change-Id: Id0aad8aeb7b5380f4d934d9133abf0e12dee29fe
2023-07-13 23:01:22 +02:00
Amir Sarabadani 4eab548a02 Temporarily skip tests being broken in READ NEW of externallinks
Bug: T341828
Change-Id: I2d4ef8fc3bffa43bc611af3eab0494f4900df557
2023-07-13 22:42:47 +02:00
Matěj Suchánek 49edc86a78 Split VariableGenerator::addEditVars
This method actually consists of two: add derived vars, and initialize
content vars. The former part depends on no parameters of this method.
On the other hand, the latter part combines multiple implementations
for some of the content variables using branching.

The branching is a dirty workaround and inferior to the GRASP principle:
"When related alternatives or behaviors vary by type, assign
responsibility for the behavior to the types for which the behavior
varies."
In other words, the callers (extensions) should be responsible for
choosing the initialization strategy themselves, instead of letting
VariableGenerator figure it out.

As the first step, split the former part to a separate method.
For now, it will be implicitly called by ::addEditVars.

Change-Id: I5ff00dbdbf29ec54eabfd95c44a4fd7f713969f5
2023-07-05 14:58:32 +00:00
Abijeet b1e404fc79 ConsequencesFactory: Avoid creating Session object during service wiring
Service wiring should only depend on config, not on request state.

Creating a session object during service wiring causes issues with entry
points such as opensearch_desc.php that disable the session.

Bug: T340113
Change-Id: I2450b0b6821ff0b097e283ff660a0b8aeea9590a
2023-06-27 20:11:38 +05:30
thiemowmde 24888bea15 Mark protected stuff in classes with no subclasses as private
Protected effectively means "public to subclasses" and should be
avoided for the same reasons as marking everything as public should
be avoided.

Change-Id: Iba674b486ce53fd1f94f70163d47824e969abb77
2023-06-23 12:28:06 +02:00
Timo Tijhof 203d54be11 BlockedExternalDomains: Optimize host extraction by using parse_url
Unlike what the 20-year old source comments in UrlUtils.php would
have you believe, parse_url() works fine nowadays, including for
protocol-relative URLs and indeed lots of prod code uses it directly.

The class still has some convenience value for case where you need to
expand or manipulate URLs, but for the common case of extracting a part
of it, you really don't need it.

Test plan:
$ php phpunit.php ../../extensions/AbuseFilter/tests/phpunit/integration/FilteredActionsHandlerTest.php

Bug: T337431
Change-Id: I1e76d2f5aef65365743214530faba656325b965a
2023-06-19 13:36:27 +00:00
jenkins-bot a2524dd966 Merge "Make some non-static providers static" 2023-06-16 19:57:17 +00:00
Matěj Suchánek 1bcc28891f Make some non-static providers static
Or at least one step forward to better isolation.
Some providers were replaced with individual test cases.

Bug: T337144
Change-Id: I5cd8c5e79993260f18c3a17c40b8501a4da3c17f
2023-06-16 20:54:33 +02:00
Amir Sarabadani 8b67de5bc1 blocked domains: Make sure users can't bypass the list by using uppercase
Added tests too

Bug: T337431
Change-Id: Ie3406d0b3c7d82ba44c11865e493375453555664
2023-06-16 01:22:48 +02:00
jenkins-bot 596a36866b Merge "Add missing AbuseFilterServices::getHookRunner()" 2023-06-15 18:06:28 +00:00
thiemowmde 7e6132d4d7 Remove bits of unused code across the codebase
Mostly found with the code inspection tools in PHPStorm.

Change-Id: I7f59dddca0aaab0ddd1093d52c07ec12efd20d6d
2023-06-14 19:41:00 +00:00
Lucas Werkmeister 9bb4b1e5db Add missing AbuseFilterServices::getHookRunner()
And register AbuseFilterRunnerFactory as a service name that’s allowed
to not have a getRunnerFactory() method without the test complaining
(the service was renamed, getFilterRunnerFactory() exists).

Change-Id: Idedb87e64a6df02b0edae8d9e7dbf441752dc480
Needed-By: If5af88e7f70b83d53f66b9617a5ef37daf81830f
2023-06-14 17:35:43 +02:00
Matěj Suchánek 8fb53edfbb Retrieve external links from PreparedUpdate
When forFilter is true and PreparedUpdate is available
(most save operations), retrieve all_links from
PreparedUpdate::getParserOutputForMetaData. Otherwise
do what was done before.

Note that this change probably leaves some dead code. It will be dealt
with later.

NOTE: this changes code potentially executed on every save operation.

Bug: T65632
Bug: T264104
Change-Id: I3628a56e5277846c1b90444fb55983870eb54c1e
2023-06-13 14:30:06 +02:00
Matěj Suchánek d82a716ad0 Make old_links retrieval cleaner
The method for old_links retrieval depends on the "forFilter"
value, which we know in advance. If it's true, old_links should
be retrieved from the database. Make a case in the switch
that does nothing but retrieves links from the database,
and direct the evaluation to it.

This change was split from I3628a56e5 to make its review easier.

NOTE: this changes code potentially executed on every save operation.

Change-Id: I33b688f6be3c58beec403f7bf26407a42e7c18ab
2023-06-13 14:03:21 +02:00
jenkins-bot 54b9cbd6da Merge "BlockedDomains: Use cleaner array building and add tests" 2023-06-12 18:06:38 +00:00
Amir Sarabadani 60cbc3b464 BlockedDomains: Use cleaner array building and add tests
Regarding array building: Instead of adding to array with
$array[] = 'foo' and then doing array_flip(), simply do
$array['foo'] = true;

Regarding tests: I originally wanted to create a unit test but I ended
up mocking so many things that it wasn't worth it and the config variable
is globaly which first we need to clean up after deployment is done.

Bug: T337431
Change-Id: Iac8dca7078668ee3441d19b6aafe499c1aa0d732
2023-06-12 17:46:55 +00:00
thiemowmde 84058c3d96 Make use of the ??= operator and such where it makes sense
We can avoid a bit of code duplication and move code closer together
when it belongs together.

Change-Id: Iffca7e4abfbf03d4663ee909220057bcbd54da75
2023-06-12 10:27:03 +02:00
Amir Sarabadani 0acfe05251 Add abusefilter-bypass-blocked-external-domains right
This is similar to sboverride right in SpamBlacklist. Defaults are also
the same

Bug: T337431
Change-Id: Iaff91c1f9f7aece0787348dd071701ef99e0291d
2023-06-08 22:06:19 +02:00
jenkins-bot d6d8608161 Merge "Replace deprecated MWException" 2023-06-07 23:25:54 +00:00
Daimona Eaytoy caee78c24d Replace deprecated MWException
These are all unchecked.

Bug: T328220
Change-Id: I8d2f098a8b634d4a226b40ddaef31f0303a0789f
2023-06-07 17:41:20 +02:00
Thalia 573838efc5 Degroup: Return early if user is a temporary user
Treat temporary users the same as IP users. Neither has user groups,
so return early for both.

Bug: T335062
Change-Id: I20b48608cf6ba5f8e8e36a378d66c603d84b032f
2023-06-06 14:10:21 +01:00
jenkins-bot 64ed21cff7 Merge "Use new DeferredUpdatesManager service" 2023-06-01 19:00:42 +00:00
Amir Sarabadani 53eb27f086 Introduce Special:BlockedExternalDomains
It is behind a feature flag. Improvements on it can happen in follow
ups. The patch is already quite massive.

Bug: T337431
Bug: T279275
Change-Id: I3df949c4d41ce65bb4afa013da9c691ac05fc760
2023-05-30 20:48:42 +02:00
Daimona Eaytoy 1c0e558c78 Use new DeferredUpdatesManager service
And remove some hacks for unit tests.

Change-Id: I4e9932a003ac7420f307f01b8d12062fd05a3bb8
2023-05-30 12:50:08 +00:00
jenkins-bot 7f4af85ce0 Merge "Add tests for temporary user in CheckUserHandlerTest" 2023-05-27 16:31:04 +00:00
jenkins-bot 17cb8ac514 Merge "Update user type checks to handle temporary users" 2023-05-26 11:56:35 +00:00
Thalia 56c86a761f Add tests for temporary user in CheckUserHandlerTest
Follow-up to d42b7335d5

Change-Id: Ia70377bf03a48e006174d6f658cf11142f1dd624
2023-05-26 14:34:04 +03:00
AnaïsGueyte d42b7335d5 Update user type checks to handle temporary users
* Set the same block expiry for temp and anon users
* Don't block autopromote for temp users; they can't be autopromoted
* Bail early from CheckUserHandler if the user is temporary

Bug: T335062
Change-Id: I6b72537f568c4c70a0b86f1825ea30b767f5634a
2023-05-25 17:26:58 -02:30
Umherirrender faaa5126eb tests: Make some PHPUnit data providers static
Initally used a new sniff with autofix (T333745)

Bug: T332865
Change-Id: I892127a7cf794c52b1106d0239d273476a6113c3
2023-05-20 21:44:55 +02:00
Umherirrender 0c513ba63e tests: Use static provider in AbuseFilterHookRunnerTest
Shows up a deprecation message

Follow-Up: I5ff35ad0e894f0a27beae00257dc1fc599ad518d
Change-Id: I2e74ca48374f1ab5901ae3adf891ea29cd322251
2023-05-19 22:19:48 +02:00
gerritbot 142e4be136 Update moved class FauxRequest
See T321882. Moved in I832b133aaf61ee

Bug: T321681
Change-Id: I0ab062426628bb33d2bbfc686e4befc66ee43f38
2023-05-19 10:23:42 +00:00
Bartosz Dziewoński 0364194d72 API tests: Assert error codes, not error messages
Depends-On: I752f82f29bf5f9405ea117ebf9e5cf70335464ad
Needed-By: Ie17987991d1e9a0d77da97e3a81fe0a21c6d7866
Change-Id: I06c89534be605557ee9b0d90d2748f806fa2ae9e
2023-04-26 13:21:53 +02:00
jenkins-bot d3b5dbb092 Merge "Add tests for extension.json and services" 2023-04-20 00:48:30 +00:00
Jean-Luc Hassec 9369d08773 When testing against a page creation in RC, set page_id to 0 as in the real filtering
Bug: T334617
Change-Id: Id4465cb36131b745d386168e7e158b6bb4d6418c
2023-04-13 08:55:35 +00:00
Jean-Luc Hassec 6c500f8ea9 Clean up unused DEMPTY data type
Bug: T334640
Change-Id: Ie20d760b6e31a9dc97083d3fe4008fb31c990076
2023-04-13 05:27:38 +00:00
Daimona Eaytoy f8bd8cfe27 Temporarily re-disable flaky selenium test
Sigh.

Bug: T334001
Change-Id: Ia21c14f72631e607e0d626408557eacb83529a03
2023-04-04 22:30:06 +02:00
Daimona Eaytoy dd48840019 tests: Improve selenium tests
- Do not try to switch the editor if CodeEditor is not installed
- Make sure that the state before the test runs is known
- Add more specific assertion on error message
- Add missing await to async function call
- Re-enable test disabled in I47b4794c4098a25696ffe42c42d00fd767971b5d.
  Selenium tests were run 100 times in CI in PS2 and they always passed.

Bug: T300790
Change-Id: Id9ca618dcc59396980b1ee38819677583107738c
2023-03-31 17:05:47 +02:00
Kosta Harlan bdebcf4e58
selenium: Disable flaky test
Error in CI:

```
AssertionError [ERR_ASSERTION]: Expected values to be strictly equal:
'' !== 'null\n'
```

Change-Id: I47b4794c4098a25696ffe42c42d00fd767971b5d
2023-03-30 12:16:36 +02:00
jenkins-bot 9c0a285155 Merge "selenium: Refactor WebdriverIO tests from sync to async mode" 2023-03-28 15:36:38 +00:00
Peter Wangai 00ac95decd selenium: Refactor WebdriverIO tests from sync to async mode
WebdriverIO has dropped support of sync mode, hence changed to async.

Update npm packages: @wdio/*, wdio-mediawiki
because async mode needs at least @wdio v7.9.

Remove npm packages: @wdio/dot-reporter and @wdio/sync.

Bug: T300790
Change-Id: Ifcc95a8c7e47ba4513f6910620ecce83e1ead15a
2023-03-28 17:50:18 +03:00
Matěj Suchánek 0628dbdab6 Add tests for extension.json and services
Change-Id: Ie83e4a85a408e1ba1d2cc827c4bf353bdd5500df
2023-03-28 09:35:02 +02:00
jenkins-bot 290dd70bb2 Merge "Replace deprecated database object access methods" 2023-03-27 09:11:46 +00:00
Matěj Suchánek bb78cb0a56 Use actor table in AbuseFilter
This patch migrates abuse_filter and abuse_filter_history tables
to new actor schema.

MigrateActorsAF was copy-pasted from core's
maintenance/includes/MigrateActors.php before removal (ba3155214).

Bug: T188180
Change-Id: Ic755526d5f989c4a66b1d37527cda235f61cb437
2023-03-22 14:01:29 +01:00
Matěj Suchánek 8f6a428f02 Replace deprecated database object access methods
Use the very new getPrimaryDatabase and getReplicaDatabase.
We skip FilterLookup and CentralDBManager in this patch.

Change-Id: I22c6f8fa60be90599ee177a4ac4a97e1547f79be
2023-03-08 16:50:56 +01:00
Matěj Suchánek 86ac5bdb40 Clean up database access in non-deployed code
Change-Id: Ibcc41c2dd7f60a806199eaa2c47628a28dadd143
2023-03-03 18:55:08 +01:00
James D. Forrester ebc2e653b0 build: Upgrade mediawiki/mediawiki-codesniffer from 40.0.1 to 41.0.0
Change-Id: I4489dd3935e28a8cdab0d3612ff869854e995c8b
2023-02-26 00:32:51 +00:00
Dreamy Jazz 8e4a1237f1 Hook on privateEvent and logEvent insert hooks like CuChangesInsert
Hook on to CheckUserInsertPrivateEventRow and CheckUserInsertLogEventRow
to override the IP, XFF and User-Agent string when the user is the
abuse filter user for log events.

These two hooks are being added as log entries are being removed from
cu_changes and added into two new tables. Because the columns and their
names are different for these tables, reusing the same hook won't work
for callers that rely on setting values for a specific column name.

Edits and log entries performed by the abuse filter user need to be
marked as being by the software (and not using the IP, XFF and
User-Agent provided in the main request).

These hooks will not be run until the appropriate config is set to
write to the two new tables. Until that point using the one currently
defined hook will work for all actions.

Bug: T324907
Bug: T44345
Depends-On: I7c7754323ade9a8d96273c1742f30b1b5fbe5828
Follow-Up: Idd77545af94f9f9930d9ff38ab6423a72e680df9
Change-Id: Id78417e9d95220946f110afbe1430df5b3bb4f4f
2023-01-08 13:09:52 +00:00
jenkins-bot 595b0a9969 Merge "Ensure IP, XFF and UA are valid for abuse filter user actions in CheckUser" 2023-01-06 20:51:17 +00:00
jenkins-bot 24d797e6cc Merge "Create real integration test for variables" 2022-12-22 02:07:02 +00:00
Matěj Suchánek 3e0d1b0d38 Set old_content_model & new_content_model for past changes
We might consider adding an in-process cache because there
will be a duplicate database lookup for content model and
wikitext of the same revision.

Bug: T230295
Change-Id: I9723f21069e03a49fa7131bd8f79c6e7e442104b
2022-12-18 16:01:45 +00:00
Matěj Suchánek 396d892c60 Use ActionSpecifier to load the IP address
To avoid access to the global request context.

Change-Id: I4d97dbe8b693f1fcd5a4e84f2376752d8e954c18
2022-12-17 22:52:24 +01:00
Matěj Suchánek 52dcd4624f Use ActionSpecifier throughout the code
The motivation is to have a single immutable object providing
information about the action. It can represent the current
action being filtered, but also a past action stored in the
abuse log. It will hopefully help us get rid of passing
User(Identity) and Title/LinkTarget objects around together.

Change-Id: I52fa3a7ea14c98d33607d4260acfed3d3ba60f65
2022-12-16 22:52:03 +00:00
Matěj Suchánek 702d77e3ce Create real integration test for variables
For fixing bugs like T65632, T105325, or T264104, we will need
to update code in more than one place at once. To prevent
regressions, create an integration test which tests the whole
pipeline, from the request submission to variable evaluation.
Edits are simulated using action=edit API call because the hook
AbuseFilter uses is run from EditPage.

To increase confidence in test coverage, remove some annotations
from AbuseFilterConsequencesTest or make them less greedy.
Ideally, it would only test consequences.

This patch includes refactoring of AbuseFilterCreateAccountTestTrait
which now only inserts the user into the database if it really
should be created.
It also restores test coverage of some other classes.

Change-Id: I661f4e0e2bcac4770e499708fca4e4e153f31fed
2022-11-26 18:51:38 +01:00
Reedy 4f4f01f96d EchoNotifierTest: Use namespaced Event class
Re-enables test

Depends-On: Ib57ea2db947285946f31fa9912b37181044df9d3
Change-Id: I082868f4759a5da14235803ebd8a80e794cfe41c
2022-11-12 06:28:33 +00:00
dreamyjazz 627a73ec5e Ensure IP, XFF and UA are valid for abuse filter user actions in CheckUser
Change the IP to 127.0.0.1 (to indicate an internal IP), and blank
the XFF and UA when the performer of an action being logged by
CheckUser is the abuse filter user. Actions performed by the abuse
filter user can only be initated by the software, and as such should
not use the request's IP, XFF and UA. Also test the newly added
code.

Bug: T44345
Depends-On: I28acaaebd2d0067b700da0930e7b7ba924fa5c1c
Change-Id: Idd77545af94f9f9930d9ff38ab6423a72e680df9
2022-11-11 23:19:22 +00:00
Reedy 97e0f30155 EchoNotifierTest: Temporarily skip testNotifyForFilter
Depends-On: Iddb4a5d4057f9c6ed00f754d2e3cd79cd873f212
Change-Id: Id28792658de950b99a8786f881563476def59eba
2022-11-03 00:28:15 +00:00
Daimona Eaytoy 9f78933426 tests: Replace assertNotRegExp with assertDoesNotMatchRegularExpression
The method was renamed in PHPUnit 9.

Done automatically with:
  grep -rl assertNotRegExp tests/ | xargs sed -r -i "s/>assertNotRegExp\(/>assertDoesNotMatchRegularExpression\(/"

Bug: T243600
Change-Id: If0a7775cb96b3c4eb90b6dfe52d8647c12194ccc
2022-10-07 19:06:21 +02:00
Aaron Schulz 67c0f72474 Use MediaWikiIntegrationTestCase::getDb() instead of the "db" member
Bug: T316841
Depends-On: Ia0f3cf49c79affb7189801852ac7e9ec67933a3c
Change-Id: If808cbab429d41e1f2289683533e4a781a4bdf5e
2022-08-31 15:58:00 -07:00
Umherirrender 4fca77068c Clean up line indent with mixed tabs and whitespaces
Change-Id: Icc418130ad34e5f169bfc51bb13b58a7806bd636
2022-07-31 16:34:07 +02:00
jenkins-bot 0925f0753f Merge "Add regression test for abuse log entries" 2022-07-31 12:54:35 +00:00
Matěj Suchánek cb48a6b3ae Add regression test for abuse log entries
We don't have one, and we will need it for
Ib58193927bc8254d36a8de0fd1b5f9fba68a0cb0.

Change-Id: I55c52df8aa0786f5c73a0c957a06a01f9cb86fcd
2022-07-31 14:33:29 +02:00
jenkins-bot 9b62938507 Merge "Add regression test for RunVariableGenerator" 2022-07-31 12:07:15 +00:00
Umherirrender da4bc8643a Use UserIdentity in VariableGenerator::addEditVars
Change-Id: If0a65d7a86de776e6499d43949bfb217f20d9b07
2022-07-29 12:55:52 +02:00
Matěj Suchánek 62e5509772 Add regression test for RunVariableGenerator
Test that null edits do not trigger filters, but sole
content model change does.

Also do some cleanup in AbuseFilterConsequencesTest.
For better isolation, do not access the service
container and do not initialize objects in
the constructor.

Change-Id: I043ecb312226a69d1f485a8382d558ccb899a270
2022-07-16 11:48:42 +02:00
Matěj Suchánek 6b0a8117b8 Try to unbreak tests on sqlite
Change-Id: I65cf163c8698a7457986ef2354c8fa9e30dc47c5
2022-07-16 07:02:48 +00:00
Umherirrender da7683bcbc tests: Improve tests for postgres
Change-Id: I9720b6c7d096ae8415c00eb0ac1ddc461ea0a8dc
2022-07-09 21:40:27 +00:00
jenkins-bot c3c70f7fa0 Merge "FilterProfiler: use WRStats" 2022-07-06 00:05:15 +00:00