Commit graph

1706 commits

Author SHA1 Message Date
jenkins-bot ffe3b0cbc4 Merge "Clean up AbuseFilterViewHistory and AbuseFilterHistoryPager" 2021-04-19 14:37:00 +00:00
jenkins-bot ec804600c6 Merge "Stop using legacy ActorMigration fields" 2021-04-19 14:36:58 +00:00
Tim Starling 04f298c82c Stop using legacy ActorMigration fields
Migration was completed in MW 1.34, so it's no longer necessary to
call ActorMigration.

Bug: T278917
Change-Id: I26ad45b6d26756c3074c44f0192ceb04fb2698ae
2021-04-19 15:18:47 +10:00
DannyS712 0fa804ff3a QueryAbuseLog: remove duplicate setting $conds = []
Change-Id: I50ffe91656c9c74111a3ecd4808b8a1d2cd79504
2021-04-19 01:22:57 +00:00
Matěj Suchánek 644b7aa288 Clean up AbuseFilterViewHistory and AbuseFilterHistoryPager
- Untangle circular dependency.
- Inject dependencies.
- Declare class properties as private.

Change-Id: I7b9892c85d168024d6b44d182af9443fdfee45cc
2021-04-18 18:31:17 +02:00
jenkins-bot 0dc93136d6 Merge "Improve test coverage of API modules" 2021-04-18 16:03:25 +00:00
jenkins-bot 4332a20c34 Merge "Clean up (Global)AbuseFilterPager" 2021-04-18 16:02:30 +00:00
jenkins-bot 19bc3dcf9b Merge "Api: inject more abuse filter services" 2021-04-18 09:15:17 +00:00
Matěj Suchánek a2ee8c41e2 Improve test coverage of API modules
Also solve one a TODO.

Change-Id: I61a38f3c741274f00ad0ad4789106a943daef222
2021-04-18 10:37:38 +02:00
Matěj Suchánek 7ed7b97369 Clean up (Global)AbuseFilterPager
- Inject dependencies.
- Make class variables private or protected and rename them.

Untangling the circular dependency is left for a future patch.

Change-Id: I5d625e30171bfbf60d9f5a94fa50475fdfe853dd
2021-04-17 21:02:07 +02:00
jenkins-bot 5cd39a51fa Merge "Remove the old parser" 2021-04-17 15:21:54 +00:00
jenkins-bot 8a7511c5d2 Merge "Drop database patches for MW < 1.27" 2021-04-17 15:00:26 +00:00
jenkins-bot f869c74bb6 Merge "Remove deprecated $wgAbuseFilterCustomActionsHandlers" 2021-04-17 14:58:53 +00:00
jenkins-bot 5f65899b55 Merge "SECURITY: Use an anonymous user as creator for autocreations" 2021-04-17 10:50:02 +00:00
Daimona Eaytoy ddb06aa783 SECURITY: Use an anonymous user as creator for autocreations
This is saner, and allows consequences such as blocks to go through.

Bug: T272244
Change-Id: Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48
2021-04-16 14:34:16 -05:00
Daimona Eaytoy 25547c47ee SECURITY: Don't leak IPs when blocking anon account creations
The block log entry will be automatically suppressed, until we can
implement a better solution.

Bug: T152394
Change-Id: I8bae477ad7e4d0190335363ac2decf28e4313da1
2021-04-16 14:26:14 -05:00
Daimona Eaytoy 91d9e2e0d3 Give MySQL indexes explicit names, align MySQL and SQLite
Bug: T251613
Change-Id: I574bda15f0f5c92a7d97a6e3150981b8f97ee7fc
2021-04-15 11:30:30 +02:00
Daimona Eaytoy 560d6fe7b5 Drop database patches for MW < 1.27
Bug: T280012
Change-Id: I4ba68f1c7784f7f8b4cf661fe5e0918103c9dc15
2021-04-13 14:12:05 +02:00
James D. Forrester 6849817cf0 Make default wgAbuseFilterAflFilterMigrationStage SCHEMA_COMPAT_NEW
The only user we were worried about has now migrated to this; it auto-
ran in other installs just fine, so let's proceed.

Bug: T269712
Depends-On: I2b905f1e13ec13ec94d33527803c91c04b491eb2
Change-Id: Ie7d6bc95ebc871b0effee069e2146f2750d5f408
2021-04-12 15:29:00 -07:00
Daimona Eaytoy f67c2d5434 Remove deprecated $wgAbuseFilterCustomActionsHandlers
Extensions should now specify custom actions using the
AbuseFilterCustomActions hook.

Change-Id: Id21640d406b18c627eedff39d3f246cf21e042b3
2021-04-11 14:49:50 +00:00
Daimona Eaytoy f8438a4647 Remove the old parser
All methods were moved to the new parser. Tests and other pieces were
adjusted to expect just a single parser. There are still some TODOs
(remove AFPTransitionBase, remove $this->mCur), but these are left for
another commit.

Note that the new parser was not renamed: this is because the names are
wrong anyway (CachingParser is more of an Evaluator than a Parser, and
AFPTreeParser is the real parser, and should be renamed as well).

NOTE to reviewers: this patch looks quite big, but if you diff the old
parser with the new version of the CachingParser, you'll notice that the
diff is actually small, since everything was basically copied verbatim.

Bug: T239990
Change-Id: Ie914ef64c70503a201b4d2dec698ca2fa8e69b10
2021-04-09 13:23:07 +00:00
Daimona Eaytoy 3e2153b86b Update userCanViewRev to use Authority
Change-Id: Ia10acf499ce33af03eeea45e34779a00e6628fe1
2021-04-07 13:55:10 +02:00
DannyS712 6da2eaef01 Api: inject more abuse filter services
Bug: T259960
Change-Id: I50565bdc8669f233ac68589a203104bf1632d637
2021-04-04 19:23:33 +00:00
Matěj Suchánek edc347aee2 Clean up AbuseFilterViewRevert
- mark properties as private (unused outside)
  and rename them to avoid legacy naming
- do result filtering server-side
- order query by timestamp

Change-Id: If2d714753a2b040c5cefa8f8126f82a3c08dab44
2021-04-02 19:29:12 +02:00
jenkins-bot 69c2b2ca79 Merge "Api: inject AbuseFilterPermissionManager where needed" 2021-04-02 16:20:14 +00:00
Umherirrender b849e5daea Move documentation from hooks.txt to hook interfaces
The new system allows to have documentation directly at the interfaces

Change-Id: I3e8afb3605dea80db95e314b3dd42087e9bc1b06
2021-03-31 21:50:30 +02:00
DannyS712 1bd0b02441 Api: inject AbuseFilterPermissionManager where needed
Some of these api modules still retrieve other services
statically, this patch is focused just on injecting the
permission manager and setting up DI

Bug: T259960
Change-Id: Ic5196f230d68604fdf321f705377a1e6e1e2efca
2021-03-28 15:22:59 +00:00
DannyS712 db8d373a87 LazyVariableComputer: update parseNonEditWikitext documentation
Article::prepareContentForEdit is deprecated and being removed,
refer to WikiPage::prepareContentForEdit instead

Plus remove an extra line

Change-Id: Ie4438c710639a16557816b53510ce230d15d641c
2021-03-24 17:32:31 +00:00
Daimona Eaytoy 8b81df4d16 Fix fatal when computing user_editcount for anons
UserEditTracker checks that the user is not anonymous, whereas
User::getEditCount() would just return null. This was not spotted by
tests because UserEditTracker is mocked.

Bug: T277859
Follow-up: I8a55bd5cb17bbc259ec36c40261058e0b46ee4a6
Change-Id: I05fb6cc780c80b72b3278e6dc670ed2025628ffb
2021-03-19 13:09:03 +01:00
jenkins-bot fa8358ce0c Merge "Replace RecentChange::getPerformer with RecentChange::getPerformerIdentity" 2021-03-18 14:15:11 +00:00
jenkins-bot b23278d5a8 Merge "Apply proper visibility checks for recentchanges queries" 2021-03-18 10:03:54 +00:00
Vadim Kovalenko 85be3c57bc Replace RecentChange::getPerformer with RecentChange::getPerformerIdentity
Bug: T276412
Change-Id: I8a55bd5cb17bbc259ec36c40261058e0b46ee4a6
2021-03-15 16:57:40 +02:00
jenkins-bot 1c5e5eb1e2 Merge "Create distinct builders for plain and ace editor" 2021-03-13 13:36:53 +00:00
Daimona Eaytoy 3413d15b68 Apply proper visibility checks for recentchanges queries
Follow-up: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2

Bug: T274152
Bug: T274158
Change-Id: I71a6d521bd12931ce60eec4d2dc35af19146000f
2021-03-11 11:52:48 +01:00
jenkins-bot 12f230b94b Merge "SECURITY: Remove deleted rows from /examine and /test" 2021-03-09 23:03:42 +00:00
jenkins-bot 577aa83309 Merge "SECURITY: Avoid deleted usernames leak in page_recent_contributors" 2021-03-09 22:50:20 +00:00
jenkins-bot 01d9cb2a89 Merge "SECURITY: Skip deleted RCs in /test if we're only showing matches" 2021-03-09 22:50:17 +00:00
jenkins-bot ecd84180c7 Merge "SECURITY: Avoid info leaks in ApiAbuseFilterCheckMatch" 2021-03-09 22:41:37 +00:00
jenkins-bot b9bd4b9492 Merge "SECURITY: Don't filter suppressions" 2021-03-09 22:41:35 +00:00
Daimona Eaytoy 33445addff SECURITY: Remove deleted rows from /examine and /test
This is kind of a nuclear option, if anything in a row is hidden, we
hide the whole row. This is just to keep this patch slim. A public
follow-up will adjust the visibility

Bug: T274152
Change-Id: I6063c02fa261c4cc0e6dbbb2db4e111eb85912c2
2021-03-09 16:10:16 -06:00
Daimona Eaytoy f25c96f472 SECURITY: Avoid deleted usernames leak in page_recent_contributors
Bug: T71367
Change-Id: I8d5ed9ca84282ee50832035af86123633fc88293
2021-03-09 15:56:09 -06:00
Daimona Eaytoy 18f439053e SECURITY: Skip deleted RCs in /test if we're only showing matches
Otherwise we'd be telling whether the filter matches or not the edit. If
we're showing all edits regardless of whether they match the filter, we
can keep showing the row: it will be redacted (and the filter result
hidden) by AbuseFilterChangesList.

Bug: T223654
Change-Id: I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d
2021-03-09 15:46:21 -06:00
sbassett 64f3f7e6c5 SECURITY: Avoid info leaks in ApiAbuseFilterCheckMatch
There are various info leaks for both deleted rc rows, and suppressed
AbuseLog entries.

Bug: T223654
Change-Id: I4900b1be73323599d74e3164447f81eded094d75
2021-03-09 15:41:31 -06:00
Daimona Eaytoy 59e45409a6 SECURITY: Don't filter suppressions
Bug: T71617
Change-Id: I38a0a24fa32ca7a052b6940864a32b3856e84553
2021-03-09 15:38:55 -06:00
Daimona Eaytoy c5d19577a4 Fix method names of hook interfaces
The hook names contain a dash, which is mapped to an underscore by the
hook runner (see Ie8c8fb603b33ff95c8f8d52f392227f147c528d8), and the
previous method names weren't matching this.

Follow-up: Ic5c82a367e34135bbc0f00ece5aeef4f2d92881b

Change-Id: Ie80b62c49b2f4aaea49d5a1883f513348689d16a
2021-03-09 17:03:14 +00:00
jenkins-bot 5c355d3acb Merge "Use Language::userTimeAndDate" 2021-03-09 12:22:38 +00:00
Umherirrender 5e12102b6d Use Language::userTimeAndDate
Avoid use of global user

Change-Id: Ic30cfe705dfe39fca7dd45c6c2e1248dd37f08ff
2021-03-09 00:54:03 +01:00
Daimona Eaytoy 25d1abde0b Fix hook name
Dashes are mapped to underscores, but following the "modern" convention,
the hook name should be pure PascalCase.

Bug: T275798
Change-Id: I77909b3ee772b983c7933f3b82230476772bd3b5
2021-03-08 16:15:23 +00:00
Daimona Eaytoy 6ba8e93537 Create distinct builders for plain and ace editor
Change-Id: I9d2b7572fed6e0b3660d3b0d5dad324d6b75fde9
2021-03-08 09:44:58 +00:00
Daimona Eaytoy 92ecccbdc7 Simplify AbuseFilterBlockTest
Requires injecting a temporary block factory, and excluding
ManualLogEntry::insert from the test, but it's now much cleaner and
quicker.

It still cannot be a unit test due to the usage of User.

Change-Id: Iba9732d6d79733b31b45eb4d0187b1c8a82499dc
2021-03-05 14:18:01 +00:00
jenkins-bot 50334c27ce Merge "Use a different message for unprivileged users" 2021-02-28 14:05:08 +00:00
jenkins-bot ef4a5c4115 Merge "Make FilterProfiler independent of DeferredUpdate" 2021-02-28 13:18:51 +00:00
Matěj Suchánek 709803eb46 Make FilterProfiler independent of DeferredUpdate
Schedule the deferred update from FilterRunner, just like
we do with EmergencyCache.

Change-Id: I121211bb02a77c191001d11d4af3796e8572967e
2021-02-28 12:03:05 +01:00
Daimona Eaytoy 3365a648f2 Reject filters with invalid groups
It is currently possible to save a filter with an invalid group, if you
manually change the form data. So prevent this by validating the group
before saving.

Change-Id: I03f80b8c6ab583a357273f7b2679a424ac784db7
2021-02-27 16:01:09 +00:00
Matěj Suchánek b8ac52c51c Use independent stats for emergency disable
Bug: T264629
Change-Id: I64b611243b6a4c136b82b09f2ccf588d1c3e3426
2021-02-26 18:10:49 +01:00
jenkins-bot 1f3597f925 Merge "Update hit counts in a DeferredUpdate" 2021-02-23 06:34:17 +00:00
jenkins-bot 1b6e209ce6 Merge "Create a new method for authorizing access to test tools" 2021-02-22 18:00:06 +00:00
jenkins-bot 63a9c86607 Merge "Improve test coverage metrics" 2021-02-22 17:00:23 +00:00
jenkins-bot 54c56139a9 Merge "Avoid using User ::getCanonicalName" 2021-02-22 16:56:12 +00:00
jenkins-bot ea6a6ab4fc Merge "Fix StatsdDataFactory injection" 2021-02-22 16:56:09 +00:00
Matěj Suchánek 569c02f3ae Fix StatsdDataFactory injection
This was an obvious mistake and contradiction to
what the above comment stated.

Bug: T275369
Change-Id: Idf0c012151738fd842101586ab5c3e2656a86db2
2021-02-22 12:08:50 +01:00
vladshapik dcd038e613 Avoid using User ::getCanonicalName
Remove using of User::getCanonicalName since this method will be hard-deprecated. Now it is soft-deprecated

Bug: T275030
Change-Id: I3ce1199f18276096279ce3c80f63e53d023a0f5a
2021-02-21 23:16:40 +02:00
Matěj Suchánek c2376efddc Improve test coverage metrics
Change-Id: I1618883e3ade7dde538242fb51a36c22999df76d
2021-02-21 09:59:52 +01:00
jenkins-bot b050e36843 Merge "Align arg counting between the parsers" 2021-02-21 03:37:52 +00:00
Daimona Eaytoy 2470bea0d9 Update hit counts in a DeferredUpdate
Bug: T274455
Change-Id: Iadd383f150c5f9b736e37bfd8bdad56298f3d8d5
2021-02-21 03:15:16 +00:00
Matěj Suchánek 4f1a63107d Use a different message for unprivileged users
Everyone can examine generated variables but not everyone
can test filters. Concerns Special:AbuseFilter/examine.

Change-Id: I9c205a0f1d9a7fdf15c4998d43983b9fa37f4694
2021-02-20 17:55:09 +01:00
Matěj Suchánek 5d4025d8c9 Create a new method for authorizing access to test tools
This commit doesn't change any permissions for anybody.
It's the first step to achieve what the task asks for.

Bug: T242821
Change-Id: I8060ca926e6769b11d470fe4037854cda496000d
2021-02-20 17:54:35 +01:00
jenkins-bot b02594a8aa Merge "Avoid using Title in addNavigationLinks" 2021-02-20 14:52:51 +00:00
jenkins-bot 8575201ab2 Merge "Do not serialize RunnerData to array in FilterRunner" 2021-02-20 14:47:15 +00:00
Daimona Eaytoy 2bb5c3c7b5 Align arg counting between the parsers
1 - Change the structure of if/elseif for readability
2 - In the old parser, if there's an empty argument, never add it (the
new parser was already doing that).

Bug: T156095
Bug: T156096
Change-Id: I4237b1a0ba01e7ce04dcc945f7daf34612fcf07d
2021-02-20 14:33:56 +00:00
Matěj Suchánek ca806b46b7 Avoid using Title in addNavigationLinks
Simple TitleValue object will do the same job.
I verified LinkRenderer localizes the targets.

Change-Id: Ia25659947da1d2d7e5557884b2ab9153c9c1bc43
2021-02-19 19:00:01 +01:00
Daimona Eaytoy e64049c30b Create dedicated types of parser exceptions
Introduce a clear distinction between internal exceptions and
user-visible exceptions, leaving AFPException as base abstract class.

Later, it should be possible to narrow some types around, e.g. in
ParserStatus (that might work with user-visible exceptions only).

Also a future TODO is putting all the exceptions in their own namespace
(probably ...\Parser\Exception).

Change-Id: I4e33a45117f0a3e73af03cc1e3f2734beaf2b5e1
2021-02-12 13:56:02 +00:00
Matěj Suchánek c18e4a4a5f Do not serialize RunnerData to array in FilterRunner
Change-Id: Ia803042224959e516bc14bdc034421b8e80390a8
2021-02-12 14:03:50 +01:00
jenkins-bot 431226ac39 Merge "Serialize all data for edit stash" 2021-02-12 13:01:10 +00:00
Reedy e197161c79 Use updated CheckUser Hooks class
Depends-On: I3f66b660f9d59c0e88b182c9b06ee8cec994348e
Change-Id: Ia488ce647c5dbd0ab83d2782e76d8c6a35f53bfb
2021-02-11 19:27:06 +00:00
Matěj Suchánek a51b9bf903 Serialize all data for edit stash
Thanks to this, we will be able to provide more information
to consequences and watchers, which will open door for new
features and possibly cleaner code.

Change-Id: I7135509823ea84b2a2923d2c1831ce293b98a9f9
2021-02-11 15:09:50 +01:00
jenkins-bot 64cf6e2e7a Merge "Allow testing Flow edits" 2021-02-10 16:56:08 +00:00
Daimona Eaytoy 4067f54351 Allow testing Flow edits
Bug: T115128
Depends-On: Ia736596d0e65904b62233e7625868c9988ffa9ff
Change-Id: Ifc014f190298bfcb17f3e9b6c2f630e027cb4116
2021-02-10 15:04:00 +00:00
Matěj Suchánek 2b3af752ef Get rid of hitCondLimit parameter and field
As the todo says, move the check to the callers.

Change-Id: I5c5fbf772ca57758c901a1ae8068a0f119b4f26f
2021-02-08 15:48:59 +00:00
Matěj Suchánek 1a0a702641 Create RunnerData class to store data about filter runtime and results
Get rid of the $profilingData property.

Change-Id: I608e7b9bcf9e91d9afaadfb8cd191e60d47f9db7
2021-02-08 16:06:25 +01:00
Matěj Suchánek 0eff5a3fa0 Separate loose and backwards compatible code
Small refactoring. Create checkAllFiltersInternal and process
its return value in checkAllFilters to ensure compatibility.

Also fix some annotations.

Change-Id: If9d296de48f08d719f1700f88870002b814c5b31
2021-02-08 11:18:53 +01:00
Matěj Suchánek 865b7023e4 Make FilterRunner::checkFilter return ParserStatus
This is a small refactoring. The method is protected,
so we only take care of compatibility of ::checkAllFilters.

This might be also be useful if we decide to work on T174554.

Change-Id: I83cd58ec325972264e86d7a73366c0affed0a37e
2021-02-07 12:28:45 +01:00
jenkins-bot a7b24b1dee Merge "Clean up EditStashCache and test" 2021-02-07 01:32:26 +00:00
Daimona Eaytoy a5d79f426c Clean up EditStashCache and test
Change-Id: I952b7bb32d8697c89988f4e0eda8d3177cb30972
2021-02-06 23:16:32 +00:00
jenkins-bot 27c0130d53 Merge "Skip regexp validation if the regex is (partly) unknown" 2021-02-06 21:50:35 +00:00
jenkins-bot d7204eaf73 Merge "Use a different message prefix for parser warnings" 2021-02-06 19:19:19 +00:00
jenkins-bot 3ea76b04ef Merge "Move all "secondary" hooks away from AbuseFilterHooks" 2021-02-06 18:46:01 +00:00
Daimona Eaytoy 4dbde4dcf0 Use a different message prefix for parser warnings
The abusefilter-warning prefix is reserved for filter warnings. Pointed
out by Matěj.

Change-Id: I169e4c3d29b08c7f5af2136a683fc4427f8e93f5
2021-02-06 15:42:33 +00:00
jenkins-bot 2de19b61d2 Merge "Introduce EditStashCache" 2021-02-06 15:36:52 +00:00
Matěj Suchánek 6bb44fd088 Introduce EditStashCache
This class is responsible for interaction with edit stash.

Bug: T271520
Change-Id: I7cc32de0494e76cd9ba12220235c1cdb6b1d5ee1
2021-02-06 12:43:34 +01:00
jenkins-bot c81f791804 Merge "Add a hook to allow computing variables from different types of RC rows" 2021-02-05 16:43:48 +00:00
Daimona Eaytoy 1893120748 Fix doc of AbuseFilterParser::evaluateExpression
It was changed to use AFPData::toNative, so it no longer returns a
string. Instead, it can return any PHP native type.

Change-Id: I92eba03a5fa1149860634a97318b5b15807eb5a5
2021-02-05 16:23:37 +01:00
jenkins-bot 707450c01c Merge "Add debug logging for edits presumably prevented by other extensions" 2021-02-05 11:20:29 +00:00
Daimona Eaytoy 634742324e Add debug logging for edits presumably prevented by other extensions
Bug: T211680
Change-Id: I0c9ac09044122521f67ffaf38a92e42b20f3ea43
2021-02-04 23:18:49 +00:00
jenkins-bot 07612675f4 Merge "Use Authority in TextExtractor" 2021-02-04 17:53:52 +00:00
jenkins-bot 38772b193d Merge "Partial integration of EditBoxBuilder with HTMLForm" 2021-02-04 17:41:29 +00:00
Daimona Eaytoy 28bd23f38d Skip regexp validation if the regex is (partly) unknown
Bug: T273809
Change-Id: Ib8ab29ad69088baf5b826d9cdada0ded29a58871
2021-02-04 15:16:22 +00:00
Daimona Eaytoy b0058c0f1b Use Authority in TextExtractor
And make its test a pure unit test, as per TODO comment.

Change-Id: Ia3ca38702ea61c5e551a581248d2b9471ef881fb
2021-02-02 00:43:01 +00:00
Daimona Eaytoy da6165b3dd Move all "secondary" hooks away from AbuseFilterHooks
Every hook that is not directly responsible for filtering an action is
now moved to its own handler class. Some of these are still static
methods because the respective hooks still use the old system.

Bug: T261067
Change-Id: I157169f968a7d6a4d1bcfde09358e5a66a3353bf
2021-02-01 17:29:26 +01:00
Daimona Eaytoy bf9142a644 Partial integration of EditBoxBuilder with HTMLForm
This patch adds a transparent HTMLForm field that can be used to insert
the edit box inside an HTMLForm, and updates /test and /tools to use
that. The field class, together with the other editbox-related classes,
is now in a dedicated namespace. A future TODO is making it a real
HTMLForm field.

Also improve a bit the form in /test: add section labels and
avoid reusing the same label message used on Special:AbuseFilter.

Bug: T261584
Change-Id: Ib74bb5fdba4f8476169b754030fce6d4f72ce65a
2021-02-01 16:23:42 +00:00
Daimona Eaytoy db09ad81e0 Add a hook to allow computing variables from different types of RC rows
Bug: T115128
Change-Id: Ia6de35b70f491591ea6eb699106ba97c94510091
2021-02-01 14:57:10 +00:00
Daimona Eaytoy a4a0503174 Mixed improvements for AbuseFilter pages and forms
- Clarify the label of the search form on Special:AbuseFilter
- Move introductory paragraphs to the very beginning of the page:
-- Before the profiling data on Special:AbuseFilter
-- Before the search form on Special:AbuseLog
- Make the search form on Special:AbuseFilter collapsible, and collapsed
  by default
- Make a few buttons primary+progressive, specifically those that take
  the user to a different page or act as submit-like buttons

Bug: T261584
Change-Id: I54517b01a9ea81d276283140e5cfafef575c3e2b
2021-02-01 15:51:43 +01:00
Aaron Schulz dddfcd6f0f Consolidate the per-filter deferred profiling updates into one deferred update
This makes debug logs easier to follow without all of the update spam

Change-Id: I6fb0b3b16a05e35b086edc0a50e20c5265ee2a3a
2021-01-27 15:11:58 -08:00
jenkins-bot d96f0ea3f2 Merge "Introduce an EditRevUpdater service" 2021-01-27 00:33:29 +00:00
Daimona Eaytoy a04a601240 Introduce an EditRevUpdater service
This service allows linking the EditFilterMergedContent and
PageSaveComplete hooks for the same edit, so we can update rev IDs in
the abuse_filter_log table. Having such a services also avoids two hacky
static props, and should allow separating the hook handlers easily.

Change-Id: I622d15225ee3af202cb5730a7112652aef8ca71a
2021-01-27 00:24:39 +01:00
Daimona Eaytoy 5c43c0ab35 Allow single IPs in ip_in_range
Also add a bunch of tests for this function.

REMINDER: Change the docs on mw.org when this will be merged.

Bug: T218074
Depends-On: I155024341e8e6b13240e37b30c31b95dc83a47e0
Change-Id: I979e45110bc0e76b499679184993085062ffcac5
2021-01-26 04:37:51 +00:00
Daimona Eaytoy 44dd0f6c96 Catch FilterNotFoundException in ApiQueryAbuseLog
And report an invalid ID in this case. Also, assume that the filter is
hidden if the global DB is not available, for consistency with the UI.

Bug: T272593
Change-Id: Ic08023161d95be5cadc8837d3aaaf941cacd89bd
2021-01-22 01:54:40 +00:00
jenkins-bot 4f9676677c Merge "Don't return the status of doBlockInternal when processing block actions" 2021-01-21 10:25:46 +00:00
jenkins-bot 825537c232 Merge "Catch CentralDBNotAvailableException in ViewExamine" 2021-01-21 10:24:01 +00:00
Daimona Eaytoy 2c9f2faa9f Catch ClosestFilterVersionNotFoundException in ViewDiff
Use null if no version can be found, like the previous code.
Follow-up: I747216df65c2f34f7167612e90506890bc61880a

Bug: T272505
Change-Id: Ie574523fb8a779dda495b05ed6d56fd3f4086f1d
2021-01-20 17:25:47 +01:00
Daimona Eaytoy 0a45c0abc8 Don't return the status of doBlockInternal when processing block actions
This will not be correct if the target already has a partial block
applied (which is very rare BTW). Leaving a TODO because this is low
priority.

Also keep returning the status in tests, because it makes tests easier
to write.

Change-Id: Ifac795125927d584a31d95e1b4c4241eef860fa1
2021-01-19 22:38:20 +00:00
Daimona Eaytoy 7800c3fdcf Catch CentralDBNotAvailableException in ViewExamine
Bug: T272361
Change-Id: Ic7e5b5a4c55264fe340fec88be4cef1461d4de42
2021-01-19 14:54:18 +01:00
jenkins-bot daaf9a6bbe Merge "Increase coverage for more classes" 2021-01-18 00:07:28 +00:00
Daimona Eaytoy bebc7b40de Bump cache key version of FilterLookup::getAllActiveFiltersInGroup
The DB lookup was changed to return ExistingFilter objects, not Filter,
and FilterRunner also requires ExistingFilter's. So update the version
to avoid fatals due to cached data.

Bug: T272248
Change-Id: I1076f65df5b6d030cea40beb2266c9ec54fa675f
2021-01-17 23:55:11 +01:00
Daimona Eaytoy 005cc83642 Increase coverage for more classes
Change-Id: Iae6a24291f821fda77a45d8c1584de010af6a834
2021-01-17 17:38:58 +00:00
jenkins-bot 3306c341fc Merge "Make User::get* calls explicit in LazyVariableComputer" 2021-01-17 02:49:20 +00:00
Daimona Eaytoy bae4d8f20d Use FilterLookup in HistoryPager to retrieve the previous version
Change-Id: I6d8548b4e5171b4ccbc42dd0d57079c3bda40a03
2021-01-17 00:47:38 +00:00
Daimona Eaytoy 22b408d9e6 Use Filter objects in ViewDiff
And cleanup weird spacing, conditionals, etc.

Change-Id: I747216df65c2f34f7167612e90506890bc61880a
2021-01-17 00:47:33 +00:00
Daimona Eaytoy 8639e0c368 Introduce subclasses of Filter with specific use cases
In particular, this brings stronger typing for getID(), and we can get
rid of many phan suppressions.

Change-Id: Icbf3a6f7db8105082646ec227f62c09449fb165d
2021-01-17 00:47:29 +00:00
Daimona Eaytoy ed49f86b74 Make User::get* calls explicit in LazyVariableComputer
With explicit calls it's easier to see what method is being used,
whether it's deprecated, etc. Some methods here are in fact deprecated
or already have a proper replacement, but this is left for a follow-up.

Change-Id: Iee3154855f86c76aab98e7c14250c14e8b9ee939
2021-01-17 00:35:40 +00:00
jenkins-bot 64eb1c2688 Merge "Improve coverage for several classes" 2021-01-16 23:40:52 +00:00
Daimona Eaytoy a4d3548d47 Remove dead code
Change-Id: I4f4065aeaf5b015679c28808be430f8af99d1294
2021-01-16 16:59:42 +01:00
Daimona Eaytoy 5fcc5ef357 Improve coverage for several classes
Change-Id: I257524dd22a5617ac47a3565a5b8fe4855aa67c7
2021-01-16 15:01:40 +00:00
jenkins-bot 76ae26d51e Merge "Add unit tests for load-first-author method" 2021-01-15 18:02:15 +00:00
jenkins-bot e35ab7c3e7 Merge "Improve coverage of parser-related classes" 2021-01-15 16:45:10 +00:00
jenkins-bot b12778316a Merge "Improve coverage for hooks" 2021-01-15 03:43:52 +00:00
Daimona Eaytoy a9722868ab Improve coverage of parser-related classes
Change-Id: I229c528505f0208b34f37d8c969450731e5a08a3
2021-01-15 03:16:48 +00:00
jenkins-bot 504e807b5f Merge "Misc coverage improvements" 2021-01-15 02:15:42 +00:00
jenkins-bot 7d6d0f9b8a Merge "Improve coverage around consequences" 2021-01-15 02:12:18 +00:00
Daimona Eaytoy 159046fc5a Misc coverage improvements
Change-Id: I656d9c9eedf4e8b8dfb7a13513d699e5ced22423
2021-01-15 00:51:16 +00:00
Daimona Eaytoy ab2ad164ff Improve coverage around consequences
Add a lot more unit tests, improve code testability, remove duplicated
integration tests.

Change-Id: Id8c9266ae107217047f267296070f26f575889d1
2021-01-15 00:51:04 +00:00
Daimona Eaytoy 66928eda89 Remove deprecated param
Depends-On: Ie6abd2df5cf1b09c35f0a9e53b0d559e887de09b
Depends-On: Id99b94806095a974a65dd892b2200e59c475802f
Change-Id: I9a33cadb9903461038aa1095be18b68a60dd726d
2021-01-14 23:43:51 +01:00
Daimona Eaytoy 10c7a11077 Improve coverage for hooks
- Exclude a couple of classes from coverage reports
- Add tests for all handlers
- Add tests for the runner, copied from core
- Make AbuseFilterRunner a real service

Change-Id: I7a0fe3cd8300faef5ef72d7f986b1734c324d8d1
2021-01-14 22:49:24 +01:00
jenkins-bot 192fb15e4d Merge "Refactor VariableGenerator and LazyVariableComputer tests" 2021-01-14 21:47:13 +00:00
Daimona Eaytoy 8646db7573 Add unit tests for load-first-author method
This is using core methods, so it can be unit tested. The same isn't
true for load-recent-authors, which performs a custom DB query and whose
test is probably the slowest AbuseFilter test. Simplify it for now,
until the method is moved to MW core.

Change-Id: Ifbdae1a06aabca996eeac151a6d029fd991ad64d
2021-01-14 17:23:54 +01:00
Daimona Eaytoy bfbdd13c2e Restore hide link when viewing single AbuseLog entries
Partial revert of I13f476d8126f81b0417e7509784c83d4f21cf348

Bug: T271667
Change-Id: I58f162c7ed72c42b24b214d3857590bfd66e8f82
2021-01-12 11:56:19 +01:00
jenkins-bot 57fbeddbd0 Merge "Add pure unit tests for FilterRunner" 2021-01-09 13:56:24 +00:00
Daimona Eaytoy 9afc968523 Refactor VariableGenerator and LazyVariableComputer tests
Additionally, avoid building Title objects in LazyVariableComputer, it
just adds a dependency on TitleFactory and creating mocks is more
complicated, but it's pointless because the caller already has a Title
object.

And also stop using Title::getEarliestRevTime(), since the replacement
is easy (we already have a RevisionLookup).

Note for reviewers about renames:
- Code VariableGeneratorDBTest was moved to LazyVariableComputerDBTest,
  RCVariableGeneratorTest, and AbuseFilterVariableGeneratorTest
- AbuseFilterVariableGenerator test was moved into a dedicated
  directory, methods were changed not to test the var values

Change-Id: I3dff8739a9b79f33321d836449b082c3ce63f277
2021-01-09 11:26:24 +00:00
jenkins-bot 208d64dc07 Merge "Don't show checkbox for hiding AbuseLog entries when showing details" 2021-01-08 09:30:46 +00:00
Daimona Eaytoy 5eee6f6e5d Don't show checkbox for hiding AbuseLog entries when showing details
The checkbox should only appear on Special:AbuseLog, not when deleting
items (checked with $this->hideEntries), AND not when viewing details of
a single entry, which is check with $isListItem.

Change-Id: Id2db07641bf98992b4838e4e7439ac3ee4b1ad8e
2021-01-07 16:25:59 +00:00
Daimona Eaytoy b8efb924f3 Fix a bunch of fatal errors seen in production
Mostly uncaught exceptions, that appeared in places where the previous
code was silently using DWIM-style booleans.
Also a TypeError due to ViewDiff not using filter objects.

Copy the fix from Ic8032592799756521a59ee23c0e76cb03a510b94 to another
place as well.

Bug: T271430
Bug: T271431
Bug: T271432
Bug: T271433
Change-Id: Ica4b82024c57482656cf6bca95bf37641c09cb9a
2021-01-07 17:17:43 +01:00
Daimona Eaytoy 72a23b4e5c Add pure unit tests for FilterRunner
Mainly constructor and conditions limit, which can be removed from
ConsequencesTest (where it was very slow).

Additionally, inject globals into FilterRunner.

Change-Id: I56ca67de6878dbc2185038faae3eb2b04fb56be9
2021-01-07 12:15:11 +00:00
Daimona Eaytoy 4c0690b4b1 Move getFirstFilterChange to FilterLookup
Additionally:
- Add typehints for stronger typing, and use strict comparison in the
  callers
- Use MIN instead of sorting, as the former is optimized by the DBMS;
  sorting was also happening on the wrong key, i.e. afh_timestamp, as
  opposed to afh_id

Change-Id: I631772fdfeb510b0bc8b582b84bcf2533d7bc097
2021-01-04 14:52:42 -08:00
jenkins-bot 6a153096ad Merge "Make HookRunner parameter mandatory in VariableGenerator" 2021-01-04 21:08:51 +00:00
jenkins-bot 93ec5951e2 Merge "Move remaining classes to own namespace" 2021-01-04 21:08:01 +00:00
jenkins-bot d0a7e7ec91 Merge "Move maintenance scripts to a separate namespace" 2021-01-04 21:07:56 +00:00
jenkins-bot 33a095efc6 Merge "Check for non-existing version in ViewDiff" 2021-01-04 21:01:25 +00:00
Daimona Eaytoy a5eab82204 Add a bunch of tests
Code change: in buildVarDumpTable remove special-cased null value. This
was used to avoid passing null to Html::element, but is no longer
necessary, since we now pretty-print the value.

Change-Id: I6180f6c53448d2a8c8c6066f222e9fd9df577554
2021-01-04 15:54:54 +01:00
Daimona Eaytoy b83d532830 Check for non-existing version in ViewDiff
Bug: T271069
Change-Id: I775061098bb5674b7842bce03e9da7a6e5555664
2021-01-04 14:17:25 +01:00
Daimona Eaytoy 4cc608e320 Make HookRunner parameter mandatory in VariableGenerator
Depends-On: Icae3c7cd00bd9be62a46f9e85c311e46157ccabf
Depends-On: Ie5031528593ea28f3cdc3169336aa0e4337306f7
Depends-On: I7ff2f90d890a74fa14f40535c4a567fb3124920e
Change-Id: I4d629e26e31517aa06e6215499cc3422f0fe6c72
2021-01-04 12:47:26 +01:00
Daimona Eaytoy 45f0a66616 Move remaining classes to own namespace
So everything can be loaded using PSR-4. These classes weren't renamed,
nor the alias for the AbuseFilter class was deprecated, because they
should be refactored first.

Change-Id: Ia328db58eb326968edf5591daac9bacf8c2f75da
2021-01-04 12:11:58 +01:00
Daimona Eaytoy d2fa65673c Move maintenance scripts to a separate namespace
Depends-On: Iaf3c218abd5578d604a89634c38d9156bb19a0d2
Change-Id: Ifcc2bff9e400fde564179fe6b96496ceae6b8623
2021-01-04 12:09:00 +01:00
jenkins-bot f7fb9ec57e Merge "Remove deprecated VariableHolder::getVar" 2021-01-03 23:10:14 +00:00
jenkins-bot 21890a7bea Merge "Introduce a VariableGeneratorFactory service" 2021-01-03 22:59:47 +00:00
jenkins-bot 1c67a5b223 Merge "Make VariableHolder param optional in VariableGenerator" 2021-01-03 22:17:12 +00:00
Daimona Eaytoy 496e5baaa5 Remove deprecated VariableHolder::getVar
Bug: T261069
Depends-On: I3468fa5339873efbbef1eaa22f4f654b4e9e166d
Change-Id: I46d69b0c43a45549ceddd837f2b37c76fec2e469
2021-01-03 19:14:13 +00:00
Daimona Eaytoy 6081bf90c4 Introduce a VariableGeneratorFactory service
So we can use DI in all generators. Some improvements were deliberately
omitted, e.g. injecting more services and relaxing User/Title to
UserIdentity/LinkTarget, and they'll be included in a subsequent commit.

Depends-On: I1f351071ef2b0b7c80e91407a9c3bb17be293044
Depends-On: Ie71740fac35a86f8fe03023080ae8ca08671243d
Depends-On: I589a0e1c2c5891070ab82cd5adfd9cedec19e67d
Change-Id: I92ef0abd5e45b672e6f297a71b3c2c345d56f136
2021-01-03 14:17:39 +01:00
jenkins-bot b0e8a76b2e Merge "DI for AbuseFilterSpecialPage" 2021-01-03 12:40:04 +00:00
Daimona Eaytoy 1beb405bc7 Make VariableHolder param optional in VariableGenerator
So we can remove it from callers and then use DI in this class.

Change-Id: I9055f54397279870740a7ff9567635ee4f17e4d2
2021-01-03 13:25:59 +01:00
Daimona Eaytoy 6e27a9ddb3 Cleanup variables-related classes
Change-Id: I20a7fe1a40255043ed0d125dee61ea6052dda69c
2021-01-02 18:19:38 +01:00
Daimona Eaytoy 762d71c51d Create a dedicated namespace for variables-related classes
Some cleanup is left for later to keep the diff easier to read.

Change-Id: Ife445b5e47e707ab77ec867ac3b005866aa74ef2
2021-01-02 18:16:48 +01:00
Daimona Eaytoy d3b330b6d4 Create a VariablesManager service
This makes VariableHolder a true value object, and introduces a
stateless service, VariableManager, to operate on it.

Note, in theory, this new service is still cyclically coupled with
LazyVariableComputed. However, it's now two stateless service being
coupled, not two smart/god value objects, so we've still earned
something. For now, the dependency is hidden by using a callback. Some
alternatives for that are mentioned in a code comment.

Bug: T261069
Change-Id: I2f2c84c8e91472ba36084a8bbb4a923f6e04354b
2021-01-02 17:15:31 +00:00
Daimona Eaytoy 3d33891ab1 Inherit hooks documentations in AbuseFilterHookRunner
Documentation is already in hooks.txt and in every hook interface, let's
not have to maintain it in a third place.

Change-Id: I8cc5e52b6bc164d9512d22283700966d4c51b943
2021-01-02 15:03:15 +01:00
jenkins-bot aaf8722a96 Merge "Harmonize HookAborterConsequence::getMessage implementations" 2021-01-02 13:42:13 +00:00
Matěj Suchánek 85a3e230e6 Harmonize HookAborterConsequence::getMessage implementations
I think either all or none should consider global filters.
Are there any backwards compatibility concerns?

Change-Id: I22b664e9752588edc195dc4e4f5369392f91ad23
2021-01-02 13:07:57 +01:00
Matěj Suchánek de5b7ee8ea DI for AbuseFilterSpecialPage
Change-Id: I5c702990398e0adb5fa73be54638cb8b6b268beb
2021-01-02 11:13:41 +01:00
Matěj Suchánek f5b18a36bf Move special page classes to own namespace
Change-Id: Ic2d13518924e77b1be96d1a7489abcd07e6d1dab
2021-01-02 10:54:13 +01:00
jenkins-bot d2884049be Merge "Add a TextExtractor service" 2021-01-01 19:36:42 +00:00
jenkins-bot b43fc2387c Merge "Inject the condition limit into AbuseFilterParser" 2021-01-01 19:20:57 +00:00
jenkins-bot 80e6e582e4 Merge "Make tests pass on SQLite" 2021-01-01 18:08:58 +00:00
Daimona Eaytoy aafd3bcfcd Inject the condition limit into AbuseFilterParser
Change-Id: I487ba25ca3f3ac4b84c3afaf88b35678944cdb4d
2021-01-01 18:27:06 +01:00
Daimona Eaytoy fad9a11f7a Add a TextExtractor service
This is an important step towards removing the AbuseFilter class. Note:
proposals for the name of the new service are welcome.

Change-Id: Ib4632173f728b1bdafadef96e01645a833bfceaa
2021-01-01 18:25:32 +01:00
Daimona Eaytoy b85f464530 Introduce a VariablesFormatter service
Moves more methods away from the AbuseFilter class. Testing
buildVarDumpTable is not easy because we'd have to parse the generated HTML.

Change-Id: I073a537201de150ba9dd7bf15a99f3a009dc6ba1
2021-01-01 15:45:52 +01:00
jenkins-bot 544911a78d Merge "Add a LazyVariableComputer service" 2021-01-01 00:18:32 +00:00
Daimona Eaytoy a6176399b1 Make tests pass on SQLite
Skip a test that fails with
  Wikimedia\Rdbms\DBQueryError: Error 5: database is locked
  Function: Wikimedia\Rdbms\Database::beginIfImplied (MediaWiki\Extension\AbuseFilter\FilterLookup::getAllActiveFiltersInGroupFromDB)
  
Probably due to some concurrency issue caused by the duplicate connection, and also with

  Wikimedia\Rdbms\DBQueryError: Error 1: no such table: unittest_external_abuse_filter
  Function: MediaWiki\Extension\AbuseFilter\FilterLookup::getAllActiveFiltersInGroupFromDB
  
for unknown reasons.

Move the mwGlobals override inside the test to avoid the same "database is locked" error
on every other test in that class.

Bug: T251967
Change-Id: I552a8d1fa532941f630fd734e590993e7462aeb0
2020-12-31 20:11:10 +00:00
Matěj Suchánek 2793e7f1cf Reversible consequences
Introduce ReversibleConsequence interface for Consequence classes
whose potentially destructive actions can be reverted using
Special:AbuseFilter/revert. This allows moving reverting logic from
AbuseFilterViewRevert to individual Consequence classes and testing.

Unfortunately, the code is definitely not very clean now.

Change-Id: I558da711f1645ccf64792c6102cf743827171320
2020-12-31 14:43:32 +01:00
Daimona Eaytoy c7f06750d6 Add a LazyVariableComputer service
See task for a description of the plan. Also note that
AFComputedVariable should be renamed and its properties made private.

This commit includes some adjustments for taint-check in
AbuseFilter::buildVarDumpTable and ::revisionToString.

There's some space for improvement in the new LazyVariableComputer, but
that's left for another commit.

Bug: T261069
Change-Id: Ia44f6e079d39f44cf0122dec5ddb5513ab54f0c6
2020-12-31 14:05:52 +01:00
Umherirrender 18094772c7 Replace compact() with real array
Easier to read

Change-Id: I5eb35b27399d7a4524fcfdf864d38e70a0f3a4ae
2020-12-29 23:00:44 +01:00
jenkins-bot 534ad9cfe6 Merge "Add a service to format filter specs" 2020-12-20 10:21:39 +00:00
jenkins-bot 16ef710ee3 Merge "Test some Consequence classes and clean up" 2020-12-20 09:25:39 +00:00
jenkins-bot 7be26dcb27 Merge "Improve code coverage" 2020-12-20 09:13:20 +00:00
jenkins-bot 3aafce35d2 Merge "build: Updating mediawiki/mediawiki-phan-config to 0.10.6" 2020-12-19 22:52:07 +00:00
Matěj Suchánek 63b950e5b6 Test some Consequence classes and clean up
Sadly, these are not unit tests.

Bug: T201193
Change-Id: I4c977ab14b273b02803a63f0a7b152a581a838b2
2020-12-19 16:31:22 +01:00
Matěj Suchánek 352a207c70 Improve code coverage
Bug: T201193
Change-Id: Ie086fd525bec19c63c13f8710a27897229cc33c8
2020-12-19 16:28:34 +01:00
jenkins-bot 4ef41d3844 Merge "Avoid 'finally' clause in AbuseFilterParser::parseDetailed" 2020-12-19 15:13:13 +00:00
Daimona Eaytoy 7bcb5ec2d5 Add a service to format filter specs
This requires a MessageLocalizer, which currently means providing the
main RequestContext. This is the only alternative right now, until core
provides a proper MessageLocalizer service (see T247127).

Change-Id: I8c93e2ae7e7bd4fc561c5e8490ed2feb1ef0edc2
2020-12-19 14:22:08 +01:00
libraryupgrader 682b6136e7 build: Updating mediawiki/mediawiki-phan-config to 0.10.6
Change-Id: I910c56e32829cea54a16105253004901e00a1885
2020-12-19 13:09:09 +00:00
Daimona Eaytoy 5d4b2fde27 Avoid 'finally' clause in AbuseFilterParser::parseDetailed
Bug: T270514
Change-Id: I1e3e6675ec8c3bfd435797cb044b85b3d2a34450
2020-12-19 11:17:58 +00:00
Matěj Suchánek dc7509811a Notify of a throttled filter
Use Echo for delivering the notification to the last
user who edited the filter.

Much boilerplate.

Change-Id: I7a46a03b4f15de20902ec70c62fb4fe750096842
Depends-On: If585b14a6dd6fb8c7d2c3bee1f20d9d08eaac706
2020-12-19 10:31:29 +01:00
jenkins-bot d386633103 Merge "Create a dedicated namespace for all consequences-related classes" 2020-12-18 22:57:00 +00:00
Daimona Eaytoy b394956c22 Create a dedicated namespace for all consequences-related classes
Change-Id: Ibc39593e34da36e57b640af0b5bbf2145f725e92
2020-12-18 19:27:33 +00:00
Daimona Eaytoy 7c1d1c6d7d Return warnings from the parser, add warning for catch-all regexps
This commit introduces some boilerplate for emitting warnings from the
AbuseFilter parser, and also code for showing these warnings in the ace
editor. Adding new warnings should be as simple as appending to
AbuseFilterParser::warnings (and adding the relevant i18n).

Bug: T264768
Bug: T269770
Change-Id: Ic11021b379f997a89f59c8c0572338d957e089a6
2020-12-18 18:22:41 +01:00
jenkins-bot e1a7acf55f Merge "Implement GetAutoPromoteGroupsHook" 2020-12-18 13:41:28 +00:00
James D. Forrester 7109c954a2 Use User->isRegistered(), not deprecated isLoggedIn()
Bug: T270450
Change-Id: I6ebf2f8040b6ac53025b5ccf503e5e221341eb09
2020-12-17 18:37:14 -08:00
Matěj Suchánek 2da4cb4321 Implement GetAutoPromoteGroupsHook
Test coverage included.

Bug: T261067
Change-Id: Iba49f0518d2c1a72405498b2743e5ef300dd6d61
2020-12-15 18:01:04 +01:00
Daimona Eaytoy 3f7dd25fbf Create FilterRunnerFactory
Next step is splitting the Runner into various subclasses.

Change-Id: I766555f31b425cee52fd262c5bfb1c73f3f170d2
2020-12-15 12:47:34 +00:00
Daimona Eaytoy 68adaa5cb1 Introduce ConsequencesExecutor
This is the last big step towards moving Consequences-related things away from
AbuseFilterRunner. There's still some cleanup to do (+ write proper tests), but
this should really be the last important code change.

Change-Id: I347795fe93ba496c43b1d5cfc9ba6e1326842c06
2020-12-15 13:47:21 +01:00
jenkins-bot f430cd211a Merge "Add a VariablesBlobStore service" 2020-12-15 12:43:28 +00:00
jenkins-bot e4023defd0 Merge "Use a BlobStore for storing var dumps" 2020-12-15 02:58:49 +00:00
jenkins-bot dc28fba015 Merge "build: Remove unneeded phan suppression" 2020-12-15 02:51:43 +00:00
Daimona Eaytoy c52ef337d7 Add a VariablesBlobStore service
Change-Id: If0c1eab2391819f8b4c801d12275d9ec14490f7a
2020-12-15 02:35:15 +00:00
daniel dfeff89317 Use a BlobStore for storing var dumps
AbuseFilter emulates the storage mechanism also used for page content.
Instead of duplicating the relevant code, AbuseFilter should use the
same BlobStore service also used by RevisionStore.

Note that this change is not strictly needed to resolve T198341, but is
needed to unblock T183490

Bug: T261889
Bug: T198341
Bug: T183490
Change-Id: I3fc8475dd8d50d73d705b706ff597a130267e990
2020-12-15 02:35:05 +00:00
jenkins-bot a7e965bbad Merge "Overhaul the interface for hiding AbuseLog entries" 2020-12-15 02:33:33 +00:00
jenkins-bot 3668ac1bd9 Merge "Simplify page handling in AFComputedVariable" 2020-12-13 19:31:18 +00:00
Daimona Eaytoy 9d288478fe Remove a bunch of deprecated methods
These are all unused.

Depends-On: Id99da02a98bb392cafed370768edcc8ac3d712ab
Change-Id: I9ff17714f94e1fbbd52da32ebf4f054a551edc1f
2020-12-13 18:31:27 +00:00
Umherirrender 90254368fc build: Remove unneeded phan suppression
Depends-On: Iab770702fd3a1d20f25f54057770dc03e28f1b0e
Change-Id: I3ce1816abb0f64843e9c8e3f866a6ef84c66285f
2020-12-13 00:37:20 +01:00
Daimona Eaytoy 5e609eb537 Add GlobalNameUtils class
This is just a temporary location for these two methods. Since they're
used a lot, having them in the AbuseFilter class means that the
dependency graph is unnecessarily complicated. Thus, since these methods
aren't doing much, they were moved to a dedicated class. Future todo is
finding an appropriate location, that might be either as part of another
service, or keep them in a Utilities class, perhaps a single class with
all util methods, rather than a specific class.

Change-Id: I52cc47a6b9a387cd1e68c5127f6598a4c43ca428
2020-12-12 17:49:48 +00:00
Daimona Eaytoy 2e703bdbb7 Simplify page handling in AFComputedVariable
Change-Id: I8a992a67222928e3a412470d1cb31653da4d172a
2020-12-12 17:17:10 +00:00
jenkins-bot f7f34924d1 Merge "Partly decouple SpecialAbuseLog and AbuseLogPager" 2020-12-11 21:17:57 +00:00
jenkins-bot c992529f3d Merge "Create a separate view for hiding AbuseLog entries" 2020-12-11 21:15:47 +00:00
Daimona Eaytoy 21d7c08aa7 Overhaul the interface for hiding AbuseLog entries
The main change is the addition of checkboxes to hide/show multiple
entries at the same time. Also, tweaked some i18n and made the process
return more useful success/error messages.

This patch introduces some technical debt, caused by SpecialAbuseLog and
AbuseLogPager being tightly coupled (which is a pre-existing problem,
but it got worse here).

Bug: T260904
Bug: T144096
Bug: T206945
Bug: T206938
Change-Id: I13f476d8126f81b0417e7509784c83d4f21cf348
2020-12-11 20:55:08 +00:00
Daimona Eaytoy 86f308c6f0 Partly decouple SpecialAbuseLog and AbuseLogPager
Move to the latter some methods that make more sense in there. Inject
some more services, don't require a SpecialAbuseLog to be passed in the
constructor.

There are still a couple of static calls, but fixing those would require
factoring more classes out of SpecialAbuseLog (e.g. a service to
determine visibility of AbuseLog entries).

Change-Id: I1b3012ca85bf049a07e0433fc0b357f502c355ad
2020-12-11 20:53:53 +00:00
Daimona Eaytoy 7243dd6cf9 Create a separate view for hiding AbuseLog entries
This is moving code away from SpecialAbuseLog, which is already too big
and has too many purposes. As such, the behaviour is not changed,
including for now bugs that were already present in the old version.

Change-Id: Idc13f7f746ada2e425662c6948c32aa744edac61
2020-12-11 20:34:52 +00:00
jenkins-bot 6f848578ea Merge "Allow the parsers to return extra info" 2020-12-11 16:35:25 +00:00
Daimona Eaytoy 3e0c30ff92 Allow the parsers to return extra info
This is achieved by creating a new ParserStatus class. Aside from the
result of parse(), it contains whether the cache was warm. This can be
used to differentiate profiling data as part of T231112.

Another use case is returning non-fatal warnings (T269770).

Change-Id: Ifcbda861ce1a44bbe9bffba5b83cd9ef338a8dba
2020-12-11 15:03:23 +00:00
jenkins-bot 4e5b97b6d2 Merge "build: Updating mediawiki/mediawiki-phan-config to 0.10.5" 2020-12-11 00:29:04 +00:00
libraryupgrader 281eec8e4d build: Updating mediawiki/mediawiki-phan-config to 0.10.5
Change-Id: Ie3fcfdf733885aac2ef0ee07cc1a8d4f3fedb7d7
2020-12-10 18:28:54 +00:00
jenkins-bot 8c4265b4a0 Merge "Write afl_filter_id and afl_global by default" 2020-12-10 17:36:33 +00:00
jenkins-bot 93c477d4b8 Merge "Move parser classes to a dedicated namespace" 2020-12-09 10:48:36 +00:00
Daimona Eaytoy 8b21c994fd Remove more BC code
Bug: T187153
Change-Id: I0c74b855893c7da8ab531e67a0aac298aed32c2c
2020-12-09 02:40:55 +01:00
Daimona Eaytoy da1c71ec4c Move parser classes to a dedicated namespace
Names were kept for now.

Change-Id: Ib2eb5d7b523a64f2a0f72fdcdde2043a76cc9a37
2020-12-09 01:30:20 +00:00
Daimona Eaytoy f41fe76df7 Kill $wgUser
Depends-On: Iadbce7501e42971901f6d9efcb2810ae42be51d8
Depends-On: I624610cb2372db200995c8d01d62b1d74efca19e
Change-Id: I51d99c30fbc0e87c038013bf5b8c27b1c735e977
2020-12-08 23:23:13 +00:00
Daimona Eaytoy ca3f652cd7 Almost kill the last use of wgUser
This is the last use, and it was a bit harder to remove because it was
buried inside AFComputedVariable. Starting with
I4444cada720ab62d187f2dd0c4760697e465f2ff, we can freely change the
parameters to AFComputedVariable without breaking old log entries.

Note, we still need a fallback for other extensions calling this
method...

Bug: T246733
Depends-On: I4444cada720ab62d187f2dd0c4760697e465f2ff
Change-Id: I5d786a518ef88fad9c8d9c25ef4553a0bf30b2b2
2020-12-08 23:28:24 +01:00
Daimona Eaytoy bcbfa66fe8 Write afl_filter_id and afl_global by default
The schema was introduced in 1.34, so there should be no issue in
starting off with writing the new columns.

Bug: T220791
Change-Id: I8f956d4a27692a33368a413fbf4a8eb5da20afe1
2020-12-08 23:06:03 +01:00
jenkins-bot 5de037dea6 Merge "Simplify User handling in AFComputedVariable" 2020-12-08 20:58:30 +00:00
Daimona Eaytoy 815ef6051c Split afl_filter in afl_filter_id and afl_global
Add a script to migrate the columns (which can also
be executed in dry run), and a config option with the migration stage
(defaults to SCHEMA_COMPAT_OLD).
Some of the script-related code is stolen from
Ic755526d5f989c4a66b1d37527cda235f61cb437.

Bug: T220791
Change-Id: I7460a2d63f60c2933b36f8383a8abdbba8649e12
2020-12-08 18:31:27 +00:00
Daimona Eaytoy e91ab70175 Simplify User handling in AFComputedVariable
This is some more back-compat code that we can get rid of after cleaning
old entries.

Change-Id: I374fc4496c27cf50e6960a9ab07b9c80431b4a3a
2020-12-08 17:51:08 +00:00
Daimona Eaytoy 1c625eeae4 Drop back-compat code
This should be merged once T246539 is done.

Bug: T213006
Change-Id: I4444cada720ab62d187f2dd0c4760697e465f2ff
2020-12-08 17:15:47 +00:00
Matěj Suchánek 08db320afe Fix Special:AbuseLog not to throw when global filters are not available anymore
There is a try-catch block but the same call was also done
unconditionally after it, making it throw when global filters
are disabled.

Change-Id: Ic8032592799756521a59ee23c0e76cb03a510b94
2020-12-07 20:12:06 +01:00
Daimona Eaytoy 600f1735f2 Add a hook for extensions to add custom actions
The global is now deprecated, and it will be removed soon.

Bug: T265794
Change-Id: I4e6c9b143744cb72c441017921bac9cd1960609c
2020-12-04 16:10:44 +00:00
jenkins-bot 1c8eb3963e Merge "Always take into account custom actions" 2020-12-04 14:07:09 +00:00
jenkins-bot edd998f532 Merge "Move API modules to separate namespace and rename them" 2020-12-04 12:33:05 +00:00
Daimona Eaytoy af8c237559 Move API modules to separate namespace and rename them
Change-Id: I436e8fed4a1cbe4f1b36a16b213ede7976e871ba
2020-12-03 22:11:09 +00:00
Daimona Eaytoy d351d7150b Always take into account custom actions
$wgAbuseFilterActions shouldn't be used normally, as it excludes actions
registered by other extensions.

Note: mw:Extension:AbuseFilter#Integration_with_other_extensions should
be updated after merging.

Bug: T239348
Change-Id: I89b3f0228eacdf145e8f2dd2a5602d0c7ce75a86
2020-12-03 21:39:35 +00:00
Daimona Eaytoy c786c4adc6 Add ConsequencesRegistry
Change-Id: I91f4f28e09fa46b9ab2457b2a241b6f105320bdd
2020-12-03 22:39:25 +01:00
jenkins-bot a7670f2bb5 Merge "Move pagers to their own namespace" 2020-12-03 20:26:59 +00:00
jenkins-bot c560217865 Merge "Use 'default' as default group when reading filters from history" 2020-12-03 18:04:34 +00:00
jenkins-bot d02b10db97 Merge "Improve type safety of filter ids" 2020-12-03 17:50:31 +00:00
jenkins-bot 6f7a9965a0 Merge "Add UpdateHitCountWatcher" 2020-12-03 17:46:37 +00:00
Thiemo Kreuz e45ce1f5bd Mark two private methods as such
Not used anywhere else:
https://codesearch.wmcloud.org/search/?q=stringifyActions
https://codesearch.wmcloud.org/search/?q=normalizeBlocks

This patch also moves that [ '' ] fallback out of a method
where it was misplaced. That fallback is very specific for
the diff algorithm, but not something one would expect from
a method called "stringifyActions".

Change-Id: I458eef61c6b6741bbd433ea26a012aaeb01cea3f
2020-12-03 16:52:17 +01:00
Thiemo Kreuz 34968d783e Simplify a few pieces of code
… mostly by inlining pieces, instead of assigning them to
a variable first.

Change-Id: Ibc432ed05f7b853a44fc1a301ef820984facb067
2020-12-03 16:50:55 +01:00
DannyS712 0fb033775f Use 'default' as default group when reading filters from history
This was NULL for old entries, because no default was added
in I758795f01eaf3ff56c5720d660cd989ef95764a7 (see T263324)

Bug: T269314
Change-Id: I5af8b0d3a9d7b6d2570cf79bbbe8b5b170ba1230
2020-12-03 15:16:17 +00:00
Daimona Eaytoy 1a3bd4b2b3 Move pagers to their own namespace
Change-Id: I5d3da5e51bbc54179c0618f1877f2eabb8302542
2020-12-03 14:17:09 +00:00
Matěj Suchánek de997fe98e Improve type safety of filter ids
Also fix a bug in FilterProfiler. It would attempt to reset
stats for global filters but we do not record them (yet?).

Change-Id: I0228d8c85dab146deb877dfce506f1e8e7711a9f
2020-12-03 14:58:51 +01:00
Daimona Eaytoy ed1195ea23 Add UpdateHitCountWatcher
Change-Id: I61c40312022c1037abb03819d06e5e220dd07e15
2020-12-03 13:47:10 +00:00
Daimona Eaytoy 22dc4af459 Create an AbuseLogger service
For now this is just moving code around.

Change-Id: Ie61a1c122b4e93a74b465eb781f9cbf49f0b32e6
2020-12-03 14:46:57 +01:00
Matěj Suchánek 0f062fca06 Move AbuseFilterView classes to separate namespace
Change-Id: I569281b13ec81d9f35038c7ef17a2d98f16f9b5c
2020-12-03 13:06:53 +01:00
Matěj Suchánek a1ba43f586 DI for AbuseFilterView and subclasses
Also add a test to ensure all views can be instantiated without problem.

Change-Id: Iedd7a5dca240efab1077fa51a3522c983b0ba4fa
2020-12-03 13:04:35 +01:00
Thiemo Kreuz 7047dba1f1 Update a few unspecific PHPDoc comments
Change-Id: I363d7f854c550654c5d4345f381e3731de6f2d3c
2020-12-03 09:50:09 +01:00
jenkins-bot 753a0dc482 Merge "Add ConsequencesLookup" 2020-12-02 15:49:33 +00:00
DannyS712 ace8a613a4 Consequences cleanup, should be a no-op
Reduce use of User objects in favor of UserIdentity
Use `use` statements

Change-Id: Icdd1b8be2d1345a8dd48b8d5d3af8781c6658c7c
2020-11-30 01:12:25 +00:00
Reedy 95d8278b58 Clean up SchemaChangeHandler
* Move all SQL files into db_patches (or below)
** Remove db type from filename
* Remove a lot of duplicated code and simplify

Change-Id: If22f2a2c46a59ac24c89ce612c74d169f053ab26
2020-11-29 19:14:24 +00:00
Matěj Suchánek db87a68260 Remove unused variable and comment
Change-Id: I76f1d08aadda89dc9ba22eb35469c33cf9c86a33
2020-11-29 11:11:39 +01:00
Reedy f11bbe1c9b Use ::class rather than stringified class name
Change-Id: I5695f40627122b76d792a3a05c97c42d921a5536
2020-11-28 11:19:51 +00:00
DannyS712 66a43948f3 EditBoxBuilder: Minor cleanup for readability
Add use statements for OOUI classes,
clean up line breaks
Should be a no-op

Change-Id: I7e83a41a138557f99fadcef38e992bfc1bff7f7f
2020-11-27 23:33:11 +00:00
Daimona Eaytoy c957188866 Add ConsequencesLookup
The class is used to retrieve consequences from the Database.

Change-Id: I46b3925aac47554723649c076eff64707a2ea2e6
2020-11-27 16:43:44 +01:00
Matěj Suchánek d76affb1db Move ChangeTags stuff to separate namespace
Change-Id: I6d7bed0e62f001f82c00a3528cc0018388c9c70e
2020-11-27 15:13:34 +00:00
jenkins-bot a6e96ed915 Merge "Introduce ChangeTagValidator service" 2020-11-27 15:13:06 +00:00
Matěj Suchánek 872b6118f4 Introduce ChangeTagValidator service
Just moving code around. Without a unit test because DI
coverage of change tags in core isn't available yet.

Change-Id: Iac861e1e24dae13581b8d9173357a1d6c94be88a
2020-11-27 15:11:48 +01:00
Matěj Suchánek 1ad77dc9fb Introduce EditBoxBuilderFactory service and EditBoxBuilder
It makes sense to look at this and Iedd7a5dca24 together,
as this patch itself doesn't really fix anything.

Change-Id: Ifef5266b1803d1a96489789b08d9beed044d908f
2020-11-26 14:49:04 +01:00
Daimona Eaytoy 904d9cddbb Represent Consequences with command objects
The consequence-taking logic is moved away from AbuseFilterRunner, to
dedicated classes. There's now one class per consequence, encapsulating
everything it needs to take the consequence.

Several interfaces allow customizing different types of consequences.
Every "special check" in AbuseFilter was generalized to use these
interfaces, rather than knowing how to handle each consequence.

Adding more consequences from other extensions will also be easier, and
it should happen via a hook (not a global), returning a class that
implements Consequence. The BCConsequence class was temporarily added
for legacy custom consequences.

A ConsequenceFactory class is added to instantiate consequences; this
would possibly benefit from using ObjectFactory, but it doesn't because
it would also reduce readability (although we might do that in the
future).

These classes are still not covered by unit tests, and this is left to
do for later. The new unit tests should mostly replace
AbuseFilterConsequencesTest. @covers tag were added to keep the status
quo (i.e. code that was considered covered while in AbuseFilterRunner
will still be considered covered), although we'll have to adjust them.

Change-Id: Ia1a9a8bbf55ddd875dfd5bbc55fcd612cff568ef
2020-11-25 17:35:36 +00:00
jenkins-bot 26d3abfab4 Merge "Introduce a service for saving filters" 2020-11-25 14:47:21 +00:00
Daimona Eaytoy c368575af0 Create a base interface for watchers
This will ease adding new watchers, for instance to send Echo
notifications (see T179495 and T100892).

For now, this is just boilerplate, and converting EmergencyWatcher to
the new interface.

Change-Id: I18d62aba53471202b709cdb19033b1729c5c25b4
2020-11-20 23:34:20 +01:00
Daimona Eaytoy 9595bd9da5 Introduce a service for saving filters
Change-Id: I6b7d16ad7ea1124989ed67c74413979cfd0275c4
2020-11-20 22:33:21 +01:00
jenkins-bot ca54f0b2e3 Merge "EmergencyWatcher: update data for all filters at the same time" 2020-11-20 07:04:58 +00:00
jenkins-bot a16cca0ecb Merge "Adjust code coverage" 2020-11-20 06:48:12 +00:00
jenkins-bot b6b90c07cb Merge "Remove AbuseFilter::getFilter" 2020-11-20 06:46:01 +00:00
Daimona Eaytoy cdbe9260c7 EmergencyWatcher: update data for all filters at the same time
This will avoid unneeded queries, in theory. In practice, it will
almost never happen to have more than one filter to throttle.

Change-Id: I5b8df51215463ce4464f6a2d0390f58612a5a213
2020-11-20 06:41:56 +00:00
Daimona Eaytoy 3f7fff56e8 Adjust code coverage
-Exclude methods and classes that cannot be meaningfully covered
-Add a simple test for AbuseFilterServices
-Exclude ServiceWiring because there's no way to tell PHPUnit it's
covered

Change-Id: I4c67b0d3fea68c7a3b3cbe01b5608f87e1b492db
2020-11-19 22:40:26 +00:00
libraryupgrader e5c9bf119d build: Updating mediawiki/mediawiki-phan-config to 0.10.4
Change-Id: I8309c5ed36536f5304e1429c4c24553b456ddc8e
2020-11-19 20:33:25 +00:00
Matěj Suchánek 83c2ccb1b3 Optimize EmergencyWatcher
Avoid queries for profiler data when the filter hasn't
been changed recently.

Change-Id: I691d3922436e80264403f9c5b8b822be729e1d94
2020-11-19 18:20:16 +01:00
Daimona Eaytoy a71ea3aa38 Remove AbuseFilter::getFilter
Needs the patch in ContentTranslation first.

Depends-On: I0b74db70ad4e9768e4dcb84b9decb9c737e942e5
Change-Id: Id186ea99fcf69aa4348e404677ce5da998d83170
2020-11-19 15:11:32 +00:00
jenkins-bot 97019239bc Merge "FilterProfiler: allow searching for slow global filters" 2020-11-18 23:43:20 +00:00
jenkins-bot 31f4607790 Merge "Handle DUNDEFINED in array offsets" 2020-11-18 23:30:58 +00:00
DannyS712 09c3a9df05 FilterProfiler: allow searching for slow global filters
The slow filter hits are logged for the target wiki, but
the fix would be on meta, so make it possible to filter
for those

Change-Id: I6e02866479e77d707f4fa951ec909c325b944158
2020-11-18 23:20:30 +00:00
jenkins-bot 8f47259285 Merge "Add an interface for exporting/importing filters" 2020-11-18 23:13:53 +00:00
Daimona Eaytoy 3fc30021d2 Handle DUNDEFINED in array offsets
The behaviour is:
- When assigning to an undefined offset, delete the whole array and turn
it into another DUNDEFINED
- When retrieving from an undefined offset, just return DUNDEFINED.

Bug: T237214
Change-Id: I621ee7a16c90bb86a57be04e7ce0a748ecdbfcc7
2020-11-18 14:20:49 -08:00
Daimona Eaytoy 210cf29658 Add an interface for exporting/importing filters
The main benefit of having a dedicated interface is that we can easily
change the output format. So we're now using a custom array without
references to the DB schema, thus making the import/export process
completely independent from the schema.

Change-Id: I4c0de41d914baf1e9a0e588bd31f95b3524a424b
2020-11-18 22:06:09 +00:00
Daimona Eaytoy 7a24c94d6e Evaluate left-to-right when adding elements to array
Bug: T237090
Change-Id: I5fb72dec0ea12240b6563e66b69e399edc4c72d6
2020-11-18 21:25:45 +00:00
Daimona Eaytoy b5ae7360bc AbuseLog: Use a radio button not checkbox for suppressing entries
Add a radio to select between "hide" and "show" instead of a single,
cryptic checkbox which doesn't really explain what it does.
Also wrap the list in a form which will later be used to mass-delete
entries.

Depends-On: I1bb45e47c3b42c01388b99778ce833e4e44419e1
Change-Id: Ie2d019fad5af7c626d722dc348f40eb0db21e527
2020-11-18 20:57:39 +00:00
jenkins-bot cc10f76bfa Merge "Use a WikiPage object when filtering edits on a non-existing Title" 2020-11-18 20:52:53 +00:00
Daimona Eaytoy 6305746de3 Use a WikiPage object when filtering edits on a non-existing Title
Remove $title->exists() from the check, so we have the following
changes:
 - The AbuseLog will add a diff link for page creations
 - Searching the AbuseLog for impact:saved will include page creations
 - We don't have to recreate the WikiPage again in RunVariableGenerator

Also remove an old reference to "bug 31656": that comment was added in
rEABFefecf8b2441ae2f31f924ff33103f5affe5d1d62, which changed
Article::getContent() to Article::getRevision()->getRawText(). Nowadays
we don't even use Article anymore, and that conditional isn't even for
retrieving the page content, so the comment is wrong.

Add logging for when the Title object cannot exist, as this should never
happen in the context of the EditFilterMergedContent hook, and always
create a WikiPage. Some signatures were changed to require a WikiPage
object now, and every caller updated to provide it.

Bug: T263104
Bug: T62179
Depends-On: Ic238eaa529ef6bfba06b4dd03924a8e0111d8259
Change-Id: Ibf3bf4f68328ba4a5616ab8f26a8b44d27a25cd7
2020-11-18 20:13:46 +00:00
Daimona Eaytoy df017d478c Factor out another method from AbuseFilterRunner::getFilteredConsequences
This is a no-op, moving code around, introducing another distinction re
"filtering actions", which now happens in 2 steps:

 - The first step only uses "generic" information available by looking
   at enabled actions as a "group". This includes keeping only the
   longest block, and removing 'disallow' if other blocking actions are
   enabled.
 - The second step uses information that is only available after having
   "partly executed" (named "pre-checked") a consequence. For instance,
   we need to pre-check 'throttle' to see if the throttle was hit, and
   remove any other actions if not.

Change-Id: I7be5cfaa61e942a06f97ed52f50e9c8c70a120e8
2020-11-18 16:49:26 +00:00
Daimona Eaytoy ef9e828fbe Filter out actions to execute before actually executing them
This way we don't have special cases in executeFilterActions, and instead, we execute
all actions in the same place. In turn, this is going to ease the
transition to a new consequences system: next step is refactoring this
code into a service with proper DI etc.

Bug: T204447
Change-Id: I8134ecc41fbecdbed99faf406e9e3ca91b6123b9
2020-11-18 16:49:01 +00:00
Matěj Suchánek e7813fbafb Introduce EmergencyWatcher service
Change-Id: I45477ca84a99f620d182ef95e5627d421d38f077
2020-11-18 14:20:18 +00:00
Daimona Eaytoy ae29451ab8 Introduce a FilterCompare service
The scope is still quite limited, but as noted in a todo, we might want
to make this completely independent from the database, and add the use
case of ViewDiff.

Change-Id: Ie980fff0983b3e86037265e85da04444c809a6e8
2020-11-18 11:52:44 +00:00
jenkins-bot 914f0f4a13 Merge "Remove AbuseFilter::filterHidden and ::getGlobalFilterDescription" 2020-11-18 09:36:03 +00:00
jenkins-bot 3158a7ebc7 Merge "Remove temporary parameter" 2020-11-18 09:09:02 +00:00
Daimona Eaytoy 6376394713 Remove AbuseFilter::filterHidden and ::getGlobalFilterDescription
They've been replaced by getters in the Filter class.

Note, the Lookup is not injected in this patch because some places would
need careful thought, so it's left to do later.

Change-Id: I40b8c8452d9df741217d7fa090a5e746a2f46994
2020-11-18 08:43:22 +00:00
jenkins-bot de67c30d96 Merge "Don't show form for reverting filter actions when no actions were found" 2020-11-18 02:06:34 +00:00
Matěj Suchánek 8955c55dc7 Don't show form for reverting filter actions when no actions were found
Change-Id: I779a318a9daaf6d3a17335914a7fd85877765625
2020-11-18 01:42:38 +00:00
Daimona Eaytoy 1bcfdc3b13 Introduce a FilterValidator
This moves a lot of things away from the AbuseFilter class. There's a
nasty static dependency on ChangeTags, but it's very limited anyway, and
it's going to be fixed once T245964 is resolved.

Change-Id: Ia7df4b4d3289c2722323f59ceecf3fdd38277785
2020-11-18 01:41:31 +00:00
Daimona Eaytoy 725ec052ed Add a FilterLookup service
Some pieces of code were updated to use Filter objects, while other
places are still to be updated. We also need to change the history part
to exclude actions somehow, cleanup the ViewEdit, reduce direct DB
access or anything mentioning DB fields outside of FilterLookup, etc.

Change-Id: I42b7ded685db76eddd45e4b1336f9828cba811ce
2020-11-18 01:17:47 +00:00
Daimona Eaytoy bad5a9a29c Make AbuseFilterViewEdit work with Filter objects
This requires adjusting some methods to work with Filter objects. Some
methods and tests are left in an inconsistent/suboptimal state, plus some todos
were added, but all of this is going to be remediated in another commit.

Change-Id: Id063ee73d97c7aef56323e1457d99704f77ab943
2020-11-18 00:52:37 +00:00
Daimona Eaytoy 555383a5c6 Unbreak master build
Phan is failing on master with

  includes/Views/AbuseFilterViewEdit.php:506 PhanTypeMismatchArgument Argument 1 ($salt) is ['abusefilter',$filter] of type array{0:'abusefilter',1:?int} but \User::getEditToken() takes string|string[] defined at ../../includes/user/User.php:3735

due to a documentation change in core.

Change-Id: Ibc01332c67224e3efc7922d1be882615c2de5d9a
2020-11-18 00:15:54 +00:00
jenkins-bot 524555c400 Merge "Add value objects to represent filters" 2020-11-05 15:08:53 +00:00
Daimona Eaytoy e8947970ce Remove temporary parameter
The only usage outside of AbuseFilter (in ContentTranslation) was fixed with
Ifc9ede277791398290786cdb6743137004b5c713.

Change-Id: I22cf9c76ef3b007502045a02c82255ba6c9fd0f2
2020-11-04 15:06:32 +00:00
jenkins-bot 1d06f5fc4c Merge "Use HTMLForm features instead of mSubmit" 2020-11-04 13:07:47 +00:00
Daimona Eaytoy 71a61c2089 Add value objects to represent filters
This is just a start; next step is adding a factory/store method to
get/store these objects. And then use these value objects whenever
applicable.

Note: the actions-related code is still not fully implemented. This is
going to happen as part of the FilterLookup.

Change-Id: I5f33227887c035e301313bbe24d1c1fefb75bc6a
2020-11-04 12:56:14 +01:00
Daimona Eaytoy 0f17e47d88 Use HTMLForm features instead of mSubmit
Rely on modern HTMLForm features instead of using a dedicated class
property. The form identifiers are necessary, because these forms are
GET forms, and HTMLForm will always think that the form was submitted,
if it doesn't have an identifier (see T238467 and related
tasks/patches).

Additionally, make the first form on ViewRevert a GET form, like on
Special:AbuseLog.

Bug: T263627
Change-Id: Ia6ca45896732742ef73e401b09663728b9e7dda2
2020-11-04 11:51:27 +00:00
jenkins-bot 3b9a79cabc Merge "Introduce AbuseFilterParserFactory service" 2020-11-04 10:34:43 +00:00
jenkins-bot 648c2f8001 Merge "Divide AbuseFilterPermissionManager::canSeeLogDetails" 2020-11-04 10:32:46 +00:00
jenkins-bot 94ef2b3ad4 Merge "Resolve/remove a few todos in AbuseFilterRunner" 2020-11-04 10:00:33 +00:00
jenkins-bot 16c6cba1f5 Merge "Remove exclusions for new PHPCS rules, bump PHPCS to 33.0.0" 2020-11-03 19:53:16 +00:00
Daimona Eaytoy 4cc3934a73 Remove exclusions for new PHPCS rules, bump PHPCS to 33.0.0
Change-Id: I346c5e41b76322c4bcbc6b2402f1316e73c45681
2020-11-03 19:26:11 +00:00
Huji 9c9d2885a4 Correct the documentation of publishEntry() method
The publish() method that it resembles is not a method defined in
the LogEntry class, and not even in LogEntryBase class. It is
defined in the ManualLogEntry class. Let's reference it correctly.

Change-Id: I60cfceac7c19047e299cf9f704dda8d8ef2f2ba6
2020-11-02 15:53:55 -05:00
jenkins-bot 8946ba54a2 Merge "Remove dead line of code from AbuseFilterExaminePager" 2020-11-01 14:44:12 +00:00
Daimona Eaytoy c1c3daa031 Resolve/remove a few todos in AbuseFilterRunner
Some were outdated/not doable, others were resolved.

Change-Id: Ice524a4d31f8d90ab507801562787b946c59d651
2020-11-01 14:08:25 +01:00
Daimona Eaytoy be75cf1c40 Introduce AbuseFilterParserFactory service
TODO For the future: the final directory for Parser-related classes
should be "Parser", not "ParserNS". However, moving all classes now
would make it harder to rebase changes etc.

Change-Id: Ice335f4723e74f4e5fbe8dcc76ff8ea16310962c
2020-10-31 21:19:00 +01:00
Matěj Suchánek 5efbf80034 Remove dead line of code from AbuseFilterExaminePager
Ordering is done by in IndexPager::buildQueryInfo. In fact,
this key is unconditionally overridden there and the query
is sorted by rc_id (specified in ::getIndexField). It would
probably deserve some performance analysis because
the ordering and filtering don't seem to use matching indices.

Change-Id: I9e73d44d868ddf5beba6dc6e4550e851a6df5119
2020-10-31 18:00:03 +01:00
jenkins-bot bec7c44d12 Merge "Move mCounter property from AbuseFilterViewExamine to AbuseFilterExaminePager" 2020-10-31 16:27:12 +00:00
Matěj Suchánek 3e8a4b63ab Move mCounter property from AbuseFilterViewExamine to AbuseFilterExaminePager
It is only used there. Reduce coupling.

Change-Id: I1fad101c4cd971914a031b08f10114cd7278cc66
2020-10-31 15:31:23 +00:00
Daimona Eaytoy 1f8df50cb3 Add a service to retrieve the central DB
This is a thin wrapper around LBFactory and the global variable, that
can be injected in classes requiring it (no real class right now, but
that's going to change soon).

Also, remove some DWIM-style returns which made the code harder to
understand.

Change-Id: I1d28ad4a67f914103f3a17cda5f61b28070c7f1c
2020-10-31 12:32:46 +00:00
jenkins-bot 6a081ade68 Merge "Little cleanup for AbuseFilterRunner" 2020-10-31 11:42:31 +00:00
jenkins-bot 4f30f4e188 Merge "Process 'throttle' action if object caching is disabled" 2020-10-30 22:24:02 +00:00
Daimona Eaytoy 04451d7bde Little cleanup for AbuseFilterRunner
Remove outdated/pointless comments, use already defined variables, etc.

Additionally, make it possible to disable throttling locally.

Change-Id: I98fd5f3eb47b32fc1013360e462a57d932174a95
2020-10-30 21:42:54 +00:00
jenkins-bot f0962ccd51 Merge "Use MainObjectStash for generating throttle keys" 2020-10-30 20:06:37 +00:00
Daimona Eaytoy 91f2cf9439 Process 'throttle' action if object caching is disabled
See a longer explanation on phabricator.

Bug: T265216
Change-Id: I8e0054ba523f993aeb48a7e1533bbb913b46c435
2020-10-30 20:20:58 +01:00
Matěj Suchánek 59f507b16c Use MainObjectStash for generating throttle keys
Keys should be generated for a cache that will use
them.

Change-Id: Ic634410e2521b02c1b50c798a7f2d5b96705af8c
2020-10-30 18:41:45 +01:00
Daimona Eaytoy d73a94ad30 Create helper methods for the 'warn' action
Change-Id: I62e752e0dbed4f723cc6f600085a1689f3962bd3
2020-10-29 11:10:47 +00:00
Daimona Eaytoy 7dd10ff348 Split checking vs setting throttle
This is still not very useful, but it's going to come up handy when
we'll be refactoring this code.

Additionally, fix a shortcircuit issue which caused additional throttle
types to not be processed if a type was already triggered.

Change-Id: Ied44d9300b3fa2ad00fe95c9c3da3c3f8faa650b
2020-10-29 10:17:43 +00:00
jenkins-bot ec5b9bef44 Merge "Add a service to retrieve the filter user" 2020-10-29 09:52:56 +00:00
Matěj Suchánek 77f6ecce13 Cleanup FilterProfiler API
Make FilterProfiler::getFilterProfile return stats unchanged,
in a structured way. Move computations to AbuseFilterViewEdit,
as they are only useful there. Don't return false on cache
misses, return arrays with zero values instead.

Bug: T266531
Change-Id: I8718cc31a5004340bf742315c7075e10a61fcbfd
2020-10-28 12:48:30 +00:00
jenkins-bot 5f38ddd5cf Merge "Add typehints to hook handlers" 2020-10-28 12:43:10 +00:00
Daimona Eaytoy be4ef544c4 Merge "Simplify ViewEdit, last round" 2020-10-28 10:38:15 +00:00
Daimona Eaytoy ccf8afe75b Add typehints to hook handlers
Needed after core change I95bb47104ad3dc0a69c812c627ffa631c5dc6ace to
make phan pass on master.

Change-Id: I6202212493340064945a559799e248130f418d6e
2020-10-28 11:37:07 +01:00
Daimona Eaytoy e0b187a546 Divide AbuseFilterPermissionManager::canSeeLogDetails
This commit splits this method into a version that doesn't need a
filter, and another version which requires one. This latter version has
a single mandatory parameter, $filterHidden, and it's up to the callers
to retrieve the value to pass in.

As mentioned in a TODO, this should eventually be changed to take a
Filter object (still under review as
I5f33227887c035e301313bbe24d1c1fefb75bc6a), which is also why
AbuseFilter::filterHidden is not being used here.

Change-Id: Id47a80131e12a5f7e1e93676299641dbf1e2b0ad
2020-10-27 19:51:01 +00:00
Matěj Suchánek be0268f200 Unbreak EmergencyDisable
FilterProfiler::getFilterProfile returns data in a different
format than the data is really stored.

Bug: T266531
Change-Id: I0d961a1ae67769da61f841df2462d47f81849972
2020-10-27 10:07:15 +01:00
Daimona Eaytoy 916234598d Simplify ViewEdit, last round
This deals with data inconsistencies in buildFilterEditor. Every
property of $row was tested in all 5 scenarios (also using Selenium) to
check when it's set. The result is in the normalizeRow method, which
aims to remove any inconsistencies, so that buildFilterEditor always
receives a "complete" row with all defaults set.

The code in buildFilterEditor is now cleaner (because there are no
isset() checks), and it gives us a unique place where we can set
defaults (rather than partly doing that in
loadRequest/loadFilterData/loadImport, and partly relying on isset).

This will be especially useful when introducing value objects to
represent filters, because now you just have to look at normalizeRow()
to tell which properties are allowed to be missing, and thus what "kind"
of filter object you need (see
I5f33227887c035e301313bbe24d1c1fefb75bc6a).

Additionally, reduce the properties that get passed around during
export/import, and make the selenium test try a roundtrip, rather than
relying on hardcoded data that may get outdated. A future patch will
refactor the import/export code.

Change-Id: Id52c466baaf6da18e2981f27a81ffdad3a509e78
2020-10-26 13:07:29 +00:00
Daimona Eaytoy cbea88f818 Add a service to retrieve the filter user
Unfortunately, this isn't using DI completely, because of the
User::newSystemUser call. I'm not even sure if we really need to call it
or we can just stick to new UserIdentityValue, but leaving like this for
now.
Also, the types were weakened to UserIdentity, so the transition is
going to be easy anyway.

Change-Id: I08f8fae0fcc622ff0ac3f86771476d06d1c18549
2020-10-26 14:06:53 +01:00
jenkins-bot 711f949b95 Merge "Cleanup for AbuseFilter class" 2020-10-26 11:25:01 +00:00
Daimona Eaytoy 0d751dde04 Cleanup for AbuseFilter class
Remove unused property, move to AbuseFilterView a method that's only
used there.

Change-Id: I16658521e32eeaafc1d601528d52bef17e1bf3b5
2020-10-25 15:55:21 +01:00
Daimona Eaytoy 6c9fc516aa ViewRevert: avoid needless query
The previous code would call getUserGroups again once creating the log
entry, but this was slightly flawed: we're updating groups on master,
but the read happens on a replica that might be outdated, hence
resulting in broken logging. Instead of reading from master, we can just
keep a list of the groups that were actually added, and use that
afterwards.

Change-Id: I7cc282e15561de3a3d3e183808a65991aa27d2bb
2020-10-25 10:29:59 +01:00
jenkins-bot 8fe9902af3 Merge "Use UserGroupManager when reverting degroup action" 2020-10-25 09:24:15 +00:00
jenkins-bot 50ae561641 Merge "Simplify ViewEdit, round 2" 2020-10-25 09:10:11 +00:00
Matěj Suchánek 6d81fca76b Improve FilterProfiler coverage
Also improve documentation of some FilterProfiler methods.

Change-Id: I08198c643a7d2dac10e928914e8a5c7413f2543d
2020-10-24 16:23:47 +02:00
jenkins-bot d7770ad520 Merge "Introduce BlockAutopromoteStore service" 2020-10-24 13:16:57 +00:00
jenkins-bot ba9e461ed0 Merge "Deduplicate cache keys used to check blockautopromote" 2020-10-24 12:57:11 +00:00
Matěj Suchánek 1445d5962a Introduce BlockAutopromoteStore service
This service is responsible for the blockautopromote feature:
(un)block autopromotion and check status.

The patch mostly moves code from static methods to the new class
and relaxes type hints (e.g. from User to UserIdentity).

Change-Id: I79a72377881cf06717931cd09af12f3b8e5f3e3f
2020-10-24 12:31:44 +00:00
jenkins-bot dfc9cc2a19 Merge "Code cleanup for FilterProfiler" 2020-10-23 14:43:26 +00:00
Daimona Eaytoy 5890dea4ff Deduplicate cache keys used to check blockautopromote
Previously, AbuseFilterHooks would proxy the data from a slower backend
(db-replicated) to a faster one (hash) reusing the same key. This change
makes it use a dedicated key, so that the "main" key can be kept
internal inside the upcoming BlockAutopromoteStore.

Change-Id: Id46a66991d0e994ee0a83b83b9c95e8951f3041c
2020-10-23 16:43:24 +02:00
Daimona Eaytoy 416dcd9ba3 Simplify ViewEdit, round 2
- Add a helper method to output an unrecoverable error, comprising a
   button to go back to the filters list;
- Move the token check to attemptSave, so to make the conditionals
  easier to read, and group errors together
- Make buildFilterEditor take an HTML parameter for the error, so the
  caller can specify whether it's error or warning
- Move the check for non-existing filters out of buildFilterEditor
- Add a bunch of typehints
- Don't set af_throttled and af_hit_count in the empty row template, but
  set af_deleted (these are only used in buildFilterEditor)
- Make AbuseFilter::translateFromHistory consistently include the af_global
  property (previously it would only be set for global filters; this error
  was introduced when first implementing global filters)
- The only user-facing change is that, when trying to use a custom
  warning/disallow message on a global filter, this is now considered a
  non-fatal error, so we now show the editing interface (and not just an
  unrecoverable error).

The next step is resolving the @todo in buildFilterEditor about null
checks.

Change-Id: I9d217dcac3f4cc0b26e53eca735cc327d5efc76d
2020-10-23 13:00:43 +00:00
Daimona Eaytoy 4de4ef358b Use UserGroupManager when reverting degroup action
This commit avoids direct queries on the DB, which is already an
improvement. It also adds some TODO comments for future improvements,
mostly things that depend on core changes.

Bug: T265224
Change-Id: I8eb76a0c463751976c2c5deedb3570305f1ab4f0
2020-10-23 12:07:45 +00:00
jenkins-bot cc7763f760 Merge "Add dedicated classes for more hook handlers" 2020-10-23 11:38:20 +00:00
Daimona Eaytoy 6724227182 Flatten the array returned by getConsequencesForFilters
There's no point in repeating the action name, because it's already used
as key. We can then flatten the array and just keep the parameters in
the third nesting level.

Change-Id: I54abcc49322f432cedd361abeedb72e067d3de41
2020-10-22 16:36:11 +00:00
Daimona Eaytoy b309c804fc Add dedicated classes for more hook handlers
The schema changes hook was chosen because the handler is very long. The
test ones were chosen to keep test things away from actual code.

Bug: T261067
Change-Id: Ie06bf62399f6353e3e268cccb3fe4b41bbf951c5
2020-10-22 18:23:09 +02:00
Matěj Suchánek 6b1b879da8 Code cleanup for FilterProfiler
Follows up Ib66c42ac220731f4e1da9ee6cfb5290759dd6494.

Apply DannyS712's suggestions from that patch.

Change-Id: Ib9f19969a888bd29f9f46e90fb52b49ce883c667
2020-10-22 15:39:00 +02:00
Daimona Eaytoy 4c06dd52c8 Replace $wgAbuseFilterRestrictions with more specific variables
So that sysadmins can further customize the extension. It was also wrong
to use the same variable for many different things.

Note that there's no associated patch in wmf-config because we use the
defaults. However, before merging this patch, please recheck that
AbuseFilterRestrictions and AbuseFilterDisallowGlobalLocalBlocks aren't
used there (https://codesearch.wmflabs.org/operations/?q=AbuseFilterDisallowGlobalLocalBlocks%7CAbuseFilterRestrictions&i=nope&files=&repos=)

Bug: T175221
Change-Id: I7581b3ee6d9d11a6cf1599b8ff874e8c3d54adf4
2020-10-22 13:38:59 +00:00
jenkins-bot 1c10edb80f Merge "Migrate change tags hooks to DI" 2020-10-21 18:04:20 +00:00
jenkins-bot 1c1b40f322 Merge "Inject ChangeTagsManager to ChangeTagger" 2020-10-21 17:21:23 +00:00