Commit graph

74 commits

Author SHA1 Message Date
Reedy da22e2c767 Update code for voice and tone reasons
* Reduces use of whitelist
* Deprecates and provides new $wg to replace $wgCaptchaWhitelistIP and $wgCaptchaWhitelist

Bug: T277936
Change-Id: I9c4a572321bb06e5a1d4208a295e21b73e75b787
2024-12-01 00:36:02 +00:00
Reedy 48a60aa762 Various minor code cleanup
Change-Id: I75f34c66f1c1968cfb9a3e1932068ec2420e0fa6
2024-10-30 01:48:33 +00:00
Reedy a801949300 Remove class_alias calls and cleanup Autoloads
Existed since 1.39 in I3fa9747e0ea970c5de39e2da8603e1bba9388a69

Change-Id: I17a648aaf7644d00cd82966a88dab8f33d2e317f
2024-10-30 01:48:14 +00:00
Reedy 9f2e976f10 Attempt to flatten out PHP files in sub extensions
In an attempt to be able to have easier code coverage...

Bug: T377750
Change-Id: I556f5f2753fae77df4f34b64bccdb7d68f2825b0
2024-10-30 01:48:14 +00:00
Andre Klapper 659cf72b2f Use explicit nullable type on parameter arguments (for PHP 8.4)
Implicitly marking parameter $... as nullable is deprecated in PHP
8.4. The explicit nullable type must be used instead.

Bug: T376276
Change-Id: Ifb189a3fcacc971ff43ff44d5ffc564f068a7da0
2024-10-26 14:58:29 +02:00
Umherirrender 1cfba87b23 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: I60968f9b735b27eaef20e5d42af322a8c2ecd257
2024-10-19 23:34:41 +02:00
jenkins-bot 31c26eaa77 Merge "Fix confusing usages of TestingAccessWrapper" 2024-09-17 23:27:24 +00:00
jenkins-bot bac39ab8fe Merge "Use more trivial HashConfig in CaptchaTest" 2024-09-17 11:13:21 +00:00
thiemowmde 8180e6450d Fix confusing usages of TestingAccessWrapper
Some of this is not necessary at all because all properties are
public anyway.

In other cases only one property needs to use the wrapper, the rest
is public and can be accessed normally.

In other cases we just missed the @var annotation to make the IDE
aware of what's actually going on.

Change-Id: I29b526ee3aad9f0c9671fb133c625b9f14309db9
2024-09-17 08:53:41 +00:00
thiemowmde 7913547820 Use more trivial HashConfig in CaptchaTest
HashConfig is a rather trivial value class with not much behavior.
The complexity of an actual moc is not needed here, it seems.

Change-Id: I80025e67f248889ffff4d7237793e7d83dd269d5
2024-09-17 06:58:43 +00:00
thiemowmde 9639f30ed5 Merge trivial @dataProviders in CaptchaTest
These providers don't really do anything but provide the two possible
booleans. That's it. Why not make the code say that?

Change-Id: I0cbca6222e8130d504494ae86b1a963a92430a61
2024-09-13 13:02:24 +02:00
Fomafix 07646e4a65 Replace setMwGlobals by overrideConfigValue/overrideConfigValues
Change-Id: If63e84d8101f2169f684c4db822f7df907d2deec
2024-07-22 13:33:09 +00:00
Kosta Harlan 3b195090fe SimpleCaptcha: Allow invoking CAPTCHA display from other extensions
Why:

- In the production WMF deployment of AbuseFilter and ConfirmEdit, we
  load ConfirmEdit first, then AbuseFilter. That means that
  ConfirmEdit's onEditFilterMergedContent hook fires before
  AbuseFilter's. The problem is that AbuseFilter uses
  onEditFilterMergedContent to evaluate its rules and consequences, so
  an AbuseFilter rule that defines a "showcaptcha" consequence becomes a
  no-op, as it fires after ConfirmEdit has already decided to show or
  not show a CAPTCHA to a user.
 - All of that is to say: we need a way to tell ConfirmEdit to show a
   CAPTCHA at the time that AbuseFilter's consequences are invoked,
   which could be before or after ConfirmEdit's EditFilterMergedContent
   hook invocation, depending on how the wiki has decided to load the
   extensions

What:

- Define a flag for "shouldForceShowCaptcha", that other extensions can
  set on the SimpleCaptcha base class to indicate that ConfirmEdit must
  show a CAPTCHA (users with "skipcaptcha" right are still exempt)
- Check the isCaptchaSolved() and shouldForShowCaptcha() flags in
  ::triggersCaptcha, and also check if ConfirmEdit's
  EditFilterMergedContent hook already ran
- In CaptchaConsequence, set the forceShowCaptcha property on the
  SimpleCaptcha base class
- [misc] Add getter/setter for the captchaSolved property and the other
  new class properties

Depends-On: I7dd3a7c41606dcf5123518c2d3d0f4355f5edfd3
Bug: T20110
Change-Id: Idc47bdae8007da938f31e1c0f33e9be4813f41d7
2024-06-26 16:07:44 +00:00
Umherirrender 81d0c7bcd4 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statement done manually

Change-Id: I325f5bab163cddf76dbf8d5a6eca35a7ed7b6df7
2024-06-08 23:46:45 +02:00
Kosta Harlan 81e9cb99c0
AbuseFilterHooks: Provide feature flags for AF custom actions
Why:

- There are issues with the current "showcaptcha" action, and we need to
  disable it until the problems are fixed

What:

- Define a feature flag to enable custom actions. For now, nothing is
  enabled.

Bug: T20110
Change-Id: I3484d66298bc9f49dfbe003a0605e2ac1a092e10
2024-05-15 08:42:44 +02:00
Kosta Harlan 10b9276855
Allow showing a CAPTCHA in response to AbuseFilter consequence
Why:

- We want to allow administrators to invoke a CAPTCHA
  if an AbuseFilter is configured to do so.

What:

- Implement the AbuseFilterCustomActions hook and define
  CaptchaConsequence, which will inform AbuseFilter's implementation
  of onConfirmEditTriggersCaptcha that it should show a CAPTCHA
- Deliberately do not register the "showcaptcha" action as a "dangerous
  action", because filters that use this action are aimed at bot
  traffic, and we don't want a bot to be able to get past the
  "showcaptcha" action just by making repeat requests

Soft depends on I110a5f5321649dcf85993a0c209ab70b9886057c

Bug: T20110
Change-Id: Ie87e3d850541c7dc44aaeb6b30489a32a0c8cc60
2024-05-12 16:16:11 +02:00
Timo Tijhof 5c1fc0f2e0 tests: Remove redundant wgMainCacheType=hash
Follows-up 5b3765f7b, which refactored the way this was set.

Introduced in 2016 with 31c59374a, but redundant since 2020 with
commit c6c62e2c8f in MediaWiki core.

Bug: T139216
Change-Id: Iaf0a2f60833797ecf0b74f69dd797ca3c53cc550
2024-03-29 23:03:41 +00:00
Derick Alangi 5b3765f7b5
Fix ConfirmEdit to avoid global state
ConfirmEdit will try to mess with ObjectCache::$instances, clean this
up so that we migrate consumers to go through ObjectCacheFactory.

Bug: T358346
Change-Id: I317a1a17f4f39e99a9b31660eebcd0185adb88f8
2024-03-07 15:05:23 +03:00
Gergő Tisza b52d63ee9d Revert "Drop various class aliases"
This reverts commit 3798d424e2.

Bug: T355198
Change-Id: I99ecee703cdfa06198eeede96e6c3bdda2d457e0
2024-01-17 04:46:58 +00:00
Reedy 3798d424e2 Drop various class aliases
Move manual wgAutoloadClasses entries into TestAutoloadClasses

Change-Id: I4c85a2042ae591732b48bbf872277909a90675b4
2024-01-16 10:49:21 +00:00
Bartosz Dziewoński 2c6fe24521
Move login attempt counting to a separate class
This has nothing to do with CAPTCHA generation, and the only thing it
needs from the SimpleCaptcha class is checking whether a CAPTCHA on
bad login is enabled at all.

Also improve comments in CaptchaPreAuthenticationProvider. I found the
session flag business really difficult to understand.

Change-Id: I8200531718aaa11effcb07539204e1a05ed432e0
2023-12-13 15:18:39 -08:00
Umherirrender 92bc1f3d2f Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statements done manually

Change-Id: Id44f211320e56bc83e4c8f243369dc4eb562cf37
2023-12-11 00:07:55 +01:00
jenkins-bot a31bc1418c Merge "Do not use UTSysop directly in CaptchaPreAuthenticationProviderTest" 2023-09-01 13:42:06 +00:00
gerritbot 4bc5e7ed8f Replace some moved Title class uses, now MediaWiki\Title\Title
Bug: T321681
Change-Id: I639a03a5f828d7036e29a11a8a45d8d1e8923590
2023-08-19 04:14:21 +00:00
Daimona Eaytoy f988b56d53 Do not use UTSysop directly in CaptchaPreAuthenticationProviderTest
The test sysop account, when needed, should be created with
getTestSysop().

Change-Id: Ie25385fe252ff230dd1d65a5972f69ed794b46b8
2023-08-18 16:32:35 +02:00
Daimona Eaytoy d00a84066f Avoid DB access in HTMLFancyCaptchaFieldTest
The test needs the database when the WikimediaMessages extension is
enabled.

Change-Id: I3757a849f522c03194866ac29d9ee132e2bae595
2023-08-04 02:10:41 +02:00
Umherirrender 725f9ee4b5 tests: Add basic test for HookRunner
Add a basic unit test for HookRunner to improve coverage and
validate arguments between hook runner and hook interfaces.

Change-Id: Ib0c1f79fe724c1567081cec62894e2d35d00b812
2023-05-31 23:14:29 +02:00
Umherirrender 1a440848fa tests: Make PHPUnit data providers static
Initally used a new sniff with autofix (T333745)

Bug: T332865
Change-Id: I74e62a477cb8657da93180cd71432a95e70fff4b
2023-05-20 11:59:50 +02:00
Umherirrender 65470a1c77 tests: Use static provider in AuthenticationRequestTest
Shows up a deprecation message

Follow-Up: I5ff35ad0e894f0a27beae00257dc1fc599ad518d
Change-Id: If9787b27c4598711a0e5127385dbee57dab55d66
2023-05-19 22:26:53 +02:00
gerritbot f6bd4eb1aa Update moved class FauxRequest
See T321882. Moved in I832b133aaf61ee

Bug: T321681
Change-Id: Ic7accc3410547a0d1ff9d7a04836a7f6e64872f9
2023-05-19 14:15:24 +03:00
Reedy a0feac27b0 Namespace captchas
Change-Id: I2933639f9cb50db2101c4765ce9d8f9069d253b8
2022-12-13 21:40:30 +00:00
Umherirrender cb6254fe5f tests: Replace assertEmpty with assertSame
assertSame avoids use of loose comparisons and
allows to check the expected type

Change-Id: I4e1efb254365ed551c1240c6ab7a8a270969a1d0
2022-11-24 23:02:46 +01:00
Daimona Eaytoy 32f9cf26a6 Replace assertNotRegExp -> assertDoesNotMatchRegularExpression
Follow-up to I6859b48f7a9084101e981fb48449c1c1dc17a80c.

Bug: T243600
Change-Id: Ifdba0f9e98eb6bce4590b7eb73170c51a697d7c6
2022-10-07 16:52:36 +02:00
Daimona Eaytoy b156d227aa tests: Replace assertRegExp with assertMatchesRegularExpression
The method was renamed in PHPUnit 9.

Done automatically with:
grep -rl assertRegExp tests/ | xargs sed -r -i "s/>assertRegExp\(/>assertMatchesRegularExpression\(/"

Also extend MediaWikiIntegrationTestCase, so that it can use the
forward-compatible assertMatchesRegularExpression method.

Bug: T243600
Change-Id: I6859b48f7a9084101e981fb48449c1c1dc17a80c
2022-10-07 15:31:59 +02:00
Reedy 30cd1d8a23 Namespace base classes
Change-Id: I3fa9747e0ea970c5de39e2da8603e1bba9388a69
2022-07-30 18:13:03 +00:00
Bartosz Dziewoński 5880031d1c tests: Pass context to HTMLForm constructor
Change-Id: I8777b2b2d6a87695f6517f259f31a177356ac8f5
2022-05-15 23:35:03 +02:00
daniel 5770d44639 tests: Remove access to private ExtensionProcessor::globalSettings variable
It's internal, extensions should not rely on it. And now it is being removed.

Needed-By: I85324d04ecde38aad5f827c7aa33d989089e6d33
Change-Id: Id981f5f110789c5b7daa64185ec8ad952914ab48
2022-03-11 21:50:21 +00:00
Alexander Vorwerk 9ee7caa78e MediaWikiTestCase -> MediaWikiIntegrationTestCase
MediaWikiTestCase has been renamed to MediaWikiIntegrationTestCase in 1.34.

Bug: T293043
Change-Id: Iba498b9107753233b4fbb1f8d435663199635507
2021-11-29 19:54:25 +00:00
libraryupgrader 81a524e2e9 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)
* glob-parent: 5.1.0 → 5.1.2
  * https://npmjs.com/advisories/1751 (CVE-2020-28469)
* trim-newlines: 3.0.0 → 3.0.1
  * https://npmjs.com/advisories/1753 (CVE-2021-33623)

Change-Id: I57837ebf8054a2e968d207fecb3f12397c18e2a2
2021-07-22 14:24:25 +00:00
vladshapik 824ef272dd Replace uses of the deprecated setters of AbstractAuthenticationProvider
Since AbstractAuthenticationProvider ::setLogger, ::setManager,
::setConfig, ::setHookContainer methods had been soft deprecated,
so its usages were removed. AuthenticationProviderTestTrait
::initProvider was used in order to initialize
CaptchaPreAuthenticationProvider in the test.
* Also bump required MW version to 1.37.0

Bug: T281993
Change-Id: I9a139433b089597a2a5dfb7e23338fc8f7183b47
2021-05-25 15:34:56 +00:00
libraryupgrader bef3c335b5 build: Updating composer dependencies
* mediawiki/mediawiki-codesniffer: 35.0.0 → 36.0.0
* php-parallel-lint/php-parallel-lint: 1.2.0 → 1.3.0

Change-Id: Ib16a714334088d26d3fbaa88b5c9395fa0ab67a5
2021-05-04 04:14:03 +00:00
Umherirrender 91ecfa4ddd Remove incomplete @param from test function
the @dataProvider should be a enough here

Change-Id: Id9396e8baf734a028eda5dde5caeb8ac98cf1606
2021-01-23 01:36:10 +01:00
Umherirrender 76ff299d8c Use MediaWikiServices::getAuthManager
This required MediaWiki 1.35 (already set in extension.json)

Change-Id: Ic640f25b299dd7be429766f028ec91ab9481c85c
2020-04-04 16:57:51 +02:00
Brad Jorsch 003237ce9c Fix test hooking of 'PingLimiter'
The code was setting $wgHooks['PingLimiter'] to a Closure rather than
an array of callables, which resulted in the hook never actually being
called.

Interesting that that didn't make any of the tests fail. Anyway, let's
switch to using the setTemporaryHook() method now provided by MW's base
test class.

Change-Id: I6ac22b3c43735dcab4920de827bf06e25f9adc04
2020-04-02 15:22:22 -04:00
mainframe98 e95765a45e Don't conditionally set ObjectCache::$instances
The service LocalClusterObjectCache (to be introduced
in I39b03b1078efde3d9bc721d9d0c3694988c53a67) is not yet available.
The change linked above introduces it, but still relies on ObjectCache
because of tests of other extensions. ConfirmEdit's tests therefore
should always set ObjectCache::$instances, regardless of the existance
of the LocalClusterObjectCache service.

Change-Id: Ide340b7295ebe63a4efcfe6ec4381eb6697f8335
2020-01-21 17:28:22 +00:00
Max Semenik 9380fa050e Stop passing objects by reference
Bug: T193950
Change-Id: I8c4aabe75ffce55f81c7ffb0f76b67155db1f761
2020-01-17 20:08:16 +00:00
Max Semenik 8b6b9aaa86 tests: getMock() is deprecated
Bug: T192167
Change-Id: I385dccbcda40c71201ce1f5553cb30dee53a6a33
2019-10-21 22:20:51 -07:00
Daimona Eaytoy f85f9f14f8 Remove PPHUnit 4 bc stuff
Bug: T192167
Change-Id: I825b694550c11942cd9aa352f370894133b12c7b
2019-10-13 11:34:12 +02:00
James D. Forrester 86246f0172 build: Upgrade mediawiki-codesniffer to v28.0.0
Change-Id: I12c3660e74e42937f6cfb31ec4771a67d8651f42
2019-10-09 15:45:51 -07:00
Florian fe6d078b9f [recaptcha] Remove the ReCaptcha module
It's not supported by Google for a while.

Bug: T223749
Change-Id: I159cdd4882c1de48d6cee359faa153a2e6e0424b
2019-06-22 10:38:39 +01:00