In this patch, we can now make use of MicroStash only and
drop dead code.
At this point, we're sure that there are no captchas in the
main stash, freeing up this memory for other requests to use.
Bug: T336004
Change-Id: I6aa69636f2f94e3bd18afc66eac37146d00771d1
This has nothing to do with CAPTCHA generation, and the only thing it
needs from the SimpleCaptcha class is checking whether a CAPTCHA on
bad login is enabled at all.
Also improve comments in CaptchaPreAuthenticationProvider. I found the
session flag business really difficult to understand.
Change-Id: I8200531718aaa11effcb07539204e1a05ed432e0
Changes to the use statements done automatically via script
Addition of missing use statements done manually
Change-Id: Id44f211320e56bc83e4c8f243369dc4eb562cf37
ConfirmEdit uses MainStash as the backend to write its captchas. We
are migrating this extension to use the MicroStash store instead which
is more suitable.
This patch will store the captcha in MicroStash, read it from there
or fallback to MainStash if lookup was not successful. The code will
then clear both stores once after processing.
Migration plan
==============
step .1: Write to microstash store only, read from it or
fallback to mainstash store. Then delete from
both backends.
step .2: Read from microstash store only, delete from the
microstash store, and remove dead code afterward.
Bug: T336004
Change-Id: Ie7c50a6efe7a0aefc97a712b2ad961e7837cc4cf
Details in Ia4df6350f849ca27.
The global variable will still work in most cases, but the way it was
used here (as wgExtensionFunctions callback) will stop working to
allow MW core to run plain `phpunit` (T90875).
Migrate to the MW_QUIBBLE_CI constant instead, which is set in all
the same circumstances
Change-Id: I25acee1e6e88ca745435cbfa0b398041f04c94d6
isBadLoginPerUserTriggered() can never return null. This comment was
added in 2016 in 31c59374a4 and it was
already incorrect then. I don't know where this idea came from.
Change-Id: Ib919999fe83562cb4fa80246ae7c6b4707da775c
This lays some groundwork for migrating from the main stash to a future
stash that resides in the primary datacenter.
Bug: T336004
Change-Id: I70ee88e9371af19890cb9e3da612d2bb7dc335e8
also fix the var name to match the one in the interface
Bug: T303433
Follow-Up: If48689fe068aa3ec56e51e01b84cf25c63bcbf0b
Change-Id: Ie47b98d08cba5217f8661aa44f6331447575d7ae
$wgWikimediaJenkinsCI may not be enabled in LocalSettings.php.
tests/phpunit/phpunit.php reads this global, but vendor/bin/phpunit does
not.
Bug: T90875
Change-Id: I91628f0e63d4f67d1d3060cca3a17b95e0faf826
This allows the dynamic activation of CAPTCHAS triggering without the
need to change the configuration.
This lays the foundation for stewards to later be able to activate
'emergency captchas' via an on-wiki interface.
Bug: T303433
Change-Id: If48689fe068aa3ec56e51e01b84cf25c63bcbf0b
I've left alone the pass-through hooks into the sub-extensions for now.
That'll be the next patch
Bug: T269882
Change-Id: I62eedd4afc36b4610a138b84b02d2cc48ce0ae2f
Additional changes:
* Removed phan-taint-check-plugin from extra, now inherited from mediawiki-phan-config.
Change-Id: I72d3324ef9565b6ed8b4ab79ee4451495349499a
* ext.confirmEdit.CaptchaInputWidget.js:
Based on code from ve.init.mw.CaptchaSaveErrorHandler.js
* ext.confirmEdit.CaptchaInputWidget.less:
Based on code from mw/ext/VE repo in ve.ui.MWSaveDialog.css
* ConfirmEditHooks.php:
Based on code from mw/ext/VE repo in VisualEditorHooks.php
Change-Id: I6605017fd31a4f96c529dd0beb69e9f4433cebc1
Also makes the log events more useful by including the username
in question and fix logging logins as being account creations.
See also Icde984d27.
Bug: T210817
Change-Id: I5f602bc08902b63acbb0752093b418d0ab063493
Changes:
* Do not return anything in a method that is not expected to return
something.
* Inline some previously hard to read code.
* More specific type hints, if possible.
Change-Id: I0e460899eea07d8733f638a11133adc3000f0542
Although there was no docblock on CaptchaAuthenticationRequest::__construct,
the method is supposed to get a string and an array, as that's how the
class members are documented and used. Trying to access offsets of null
resulted in PHP notices on PHP 7.4, as seen in the experimental job
for various repos.
Bug: T239726
Change-Id: Idd073ebf3d560543ec225479de060e3c198847eb
Replacement with services made available in 1.28 and this extension
requires 1.31. So, the replacement is good.
Change-Id: Idd5dda1e7cfa34b71ffb13446eb0f9e4f113f678