Commit graph

88 commits

Author SHA1 Message Date
Derick Alangi 6f2fbd1d00 Store: Use the MicroStash store only and drop dead code
In this patch, we can now make use of MicroStash only and
drop dead code.

At this point, we're sure that there are no captchas in the
main stash, freeing up this memory for other requests to use.

Bug: T336004
Change-Id: I6aa69636f2f94e3bd18afc66eac37146d00771d1
2023-12-19 14:45:50 +00:00
Bartosz Dziewoński 2c6fe24521
Move login attempt counting to a separate class
This has nothing to do with CAPTCHA generation, and the only thing it
needs from the SimpleCaptcha class is checking whether a CAPTCHA on
bad login is enabled at all.

Also improve comments in CaptchaPreAuthenticationProvider. I found the
session flag business really difficult to understand.

Change-Id: I8200531718aaa11effcb07539204e1a05ed432e0
2023-12-13 15:18:39 -08:00
Umherirrender 92bc1f3d2f Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statements done manually

Change-Id: Id44f211320e56bc83e4c8f243369dc4eb562cf37
2023-12-11 00:07:55 +01:00
Derick Alangi bb201b86e4
Store: Enable ConfirmEdit to use MicroStash for captcha storage
ConfirmEdit uses MainStash as the backend to write its captchas. We
are migrating this extension to use the MicroStash store instead which
is more suitable.

This patch will store the captcha in MicroStash, read it from there
or fallback to MainStash if lookup was not successful. The code will
then clear both stores once after processing.

Migration plan
==============

step .1: Write to microstash store only, read from it or
         fallback to mainstash store. Then delete from
         both backends.

step .2: Read from microstash store only, delete from the
         microstash store, and remove dead code afterward.

Bug: T336004
Change-Id: Ie7c50a6efe7a0aefc97a712b2ad961e7837cc4cf
2023-11-29 11:35:45 +01:00
jenkins-bot c7c261841a Merge "Migrate from wgWikimediaJenkinsCI to MW_QUIBBLE_CI constant" 2023-09-11 10:13:21 +00:00
Timo Tijhof becb9038ca Migrate from wgWikimediaJenkinsCI to MW_QUIBBLE_CI constant
Details in Ia4df6350f849ca27.

The global variable will still work in most cases, but the way it was
used here (as wgExtensionFunctions callback) will stop working to
allow MW core to run plain `phpunit` (T90875).

Migrate to the MW_QUIBBLE_CI constant instead, which is set in all
the same circumstances

Change-Id: I25acee1e6e88ca745435cbfa0b398041f04c94d6
2023-09-07 20:19:58 +00:00
Bartosz Dziewoński 2dfc290c57 Remove incorrect documentation comment
isBadLoginPerUserTriggered() can never return null. This comment was
added in 2016 in 31c59374a4 and it was
already incorrect then. I don't know where this idea came from.

Change-Id: Ib919999fe83562cb4fa80246ae7c6b4707da775c
2023-08-24 00:12:19 +02:00
gerritbot 4bc5e7ed8f Replace some moved Title class uses, now MediaWiki\Title\Title
Bug: T321681
Change-Id: I639a03a5f828d7036e29a11a8a45d8d1e8923590
2023-08-19 04:14:21 +00:00
Umherirrender 0b0f9e37af Use HookHandlers for core hooks
Bug: T269882
Change-Id: I91df459f696e99bb5cce597739b48cbebbf4a88e
2023-08-15 12:21:21 +02:00
Umherirrender 5740fcf8c4 docs: Use IContextSource for EditFilterMergedContent hook handler
Use narrow interface IContextSource instead of class RequestContext

Change-Id: Ibe2c9101f40ac28a0c65eade35af896f9a54c285
2023-08-15 12:20:42 +02:00
Daimona Eaytoy 364b71f3ec Replace deprecated MWException
Also avoid throwing Exception directly and use RuntimeException instead,
not documenting it with @throws as it's unchecked, as per
https://www.mediawiki.org/wiki/Manual:Coding_conventions/PHP#Exception_handling.

Bug: T328220
Change-Id: I19df0e7e66d1e421d038109b9d2db9c0b63c709c
2023-06-07 17:44:23 +02:00
Aaron Schulz 61d8028d69 Use WRITE_BACKGROUND in CaptchaCacheStore and rename "cache" to "store"
This lays some groundwork for migrating from the main stash to a future
stash that resides in the primary datacenter.

Bug: T336004
Change-Id: I70ee88e9371af19890cb9e3da612d2bb7dc335e8
2023-06-06 12:59:42 -07:00
James D. Forrester b2629c909b Hooks: Fix EmailUserHook call documentation to match new signature
Change-Id: I917534c6b1b613793893e514a9116ba0468e272a
2023-05-19 14:14:54 +03:00
gerritbot b8c790cd14 Update moved class EditPage
See T321882. Moved in Ibefc44eb64aed

Bug: T321681
Change-Id: Ifa1c20cd4e6ef6856194d4228dd542a9e2fda43f
2023-05-07 01:08:19 +02:00
Gergő Tisza d0e1c811c7 Restore auth request ID from before namespacing
Bug: T316410
Change-Id: I144af55c368d93326d0ae78a85790e81bc3d9c7f
2022-08-27 00:29:16 +00:00
jenkins-bot 00470e1388 Merge "Run ConfirmEditTriggersCaptchaHook under correct name" 2022-08-04 20:05:44 +00:00
Alexander Vorwerk 16fcb03340 Run ConfirmEditTriggersCaptchaHook under correct name
also fix the var name to match the one in the interface

Bug: T303433
Follow-Up: If48689fe068aa3ec56e51e01b84cf25c63bcbf0b
Change-Id: Ie47b98d08cba5217f8661aa44f6331447575d7ae
2022-08-04 21:45:01 +02:00
Reedy 30cd1d8a23 Namespace base classes
Change-Id: I3fa9747e0ea970c5de39e2da8603e1bba9388a69
2022-07-30 18:13:03 +00:00
Kosta Harlan aca8deafb1
phpunit: Check for MW_PHPUNIT_TEST constant
$wgWikimediaJenkinsCI may not be enabled in LocalSettings.php.

tests/phpunit/phpunit.php reads this global, but vendor/bin/phpunit does
not.

Bug: T90875
Change-Id: I91628f0e63d4f67d1d3060cca3a17b95e0faf826
2022-07-12 18:44:01 +02:00
Alexander Vorwerk 607452ef05 Add new ConfirmEditTriggersCaptchaHook
This allows the dynamic activation of CAPTCHAS triggering without the
need to change the configuration.

This lays the foundation for stewards to later be able to activate
'emergency captchas' via an on-wiki interface.

Bug: T303433
Change-Id: If48689fe068aa3ec56e51e01b84cf25c63bcbf0b
2022-06-30 18:59:45 +00:00
Alexander Vorwerk 54d07d494e Add missing use statement in ConfirmEditHooks
Change-Id: I9f4e1fd82ee569ffb00de334a2ec02df5e166b31
2022-06-13 09:29:56 +02:00
Jon Robson 8b36b3be43 Use Html::warningBox instead of hardcoded class
Bug: T304272
Change-Id: Ic77910718d329401b25f178b50172d1fe7d5c8a3
2022-03-24 11:03:48 -07:00
Reedy bc400cc07e Update documentation for ConfirmEditHooks::onEditPageBeforeEditButtons
Fixes phan issue

Follow-Up: If41d16b473baddd92cc4261cdc2bfbe65fedcb19
Change-Id: I05f1ba79fb557a12c4ffb5709430849847273679
2022-03-11 21:13:18 +00:00
Umherirrender 0beb466cf7 build: Remove unneeded phan suppression
Bug: T290624
Change-Id: Ib7e9801977e6f27189952d23f96eb644a4e289d8
2022-02-12 00:35:22 +01:00
Reedy b24721bb96 Suppress SecurityCheck-DoubleEscaped in ConfirmEditHooks::onAlternateEditPreview
Bug: T295708
Change-Id: If9018f4bc5c2df11a7ac48c3f26a6e0f1b6835e3
2021-11-16 14:51:35 +00:00
libraryupgrader 5a256ffa65 build: Updating composer dependencies
* mediawiki/mediawiki-phan-config: 0.10.6 → 0.11.0
* php-parallel-lint/php-parallel-lint: 1.3.0 → 1.3.1

Change-Id: If86cb3cf74e27abd544aefc15a7579dd554fe419
2021-09-08 23:10:31 +00:00
libraryupgrader 81a524e2e9 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0

npm:
* postcss: 7.0.35 → 7.0.36
  * https://npmjs.com/advisories/1693 (CVE-2021-23368)
* glob-parent: 5.1.0 → 5.1.2
  * https://npmjs.com/advisories/1751 (CVE-2020-28469)
* trim-newlines: 3.0.0 → 3.0.1
  * https://npmjs.com/advisories/1753 (CVE-2021-33623)

Change-Id: I57837ebf8054a2e968d207fecb3f12397c18e2a2
2021-07-22 14:24:25 +00:00
James D. Forrester 4e62a8f53e Update ConfirmEdit hook running to use HookContainer, partially
I've left alone the pass-through hooks into the sub-extensions for now.
That'll be the next patch

Bug: T269882
Change-Id: I62eedd4afc36b4610a138b84b02d2cc48ce0ae2f
2020-12-13 08:52:18 -08:00
libraryupgrader a38c96140e build: Updating mediawiki/mediawiki-phan-config to 0.10.4
Change-Id: Id88999106d58d86395b6d60635c7005a28d16f0b
2020-11-20 03:04:10 +00:00
Ed Sanders bdacb3ab91 Suppress new phan error
Change-Id: I7da42e0fa83228474b6b9fae9e2bd2fe4be1e835
2020-07-01 15:41:55 +01:00
DannyS712 21ec725c5a Update hooks to use PageSaveComplete
Extension requires MW 1.35+, always available

Bug: T250566
Change-Id: I43d76880557dd794540147503c7c94091c7b847a
2020-06-23 19:36:44 +00:00
libraryupgrader e2bfe91518 build: Updating mediawiki/mediawiki-phan-config to 0.10.2
Additional changes:
* Removed phan-taint-check-plugin from extra, now inherited from mediawiki-phan-config.

Change-Id: I72d3324ef9565b6ed8b4ab79ee4451495349499a
2020-06-02 11:15:21 +00:00
Bartosz Dziewoński f786536715 Extract CaptchaInputWidget from VE code for use in other extensions
* ext.confirmEdit.CaptchaInputWidget.js:
  Based on code from ve.init.mw.CaptchaSaveErrorHandler.js

* ext.confirmEdit.CaptchaInputWidget.less:
  Based on code from mw/ext/VE repo in ve.ui.MWSaveDialog.css

* ConfirmEditHooks.php:
  Based on code from mw/ext/VE repo in VisualEditorHooks.php

Change-Id: I6605017fd31a4f96c529dd0beb69e9f4433cebc1
2020-04-15 16:06:58 +02:00
Reedy d648372f7f Fix MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic
Change-Id: Idc03460327095e19438fd9a3a542bf4229db4be2
2020-04-15 00:45:00 +01:00
Reedy 274e6079f8 Fix PSR12.Properties.ConstantVisibility.NotFound
Change-Id: Ib76375fed58fddb1f96728dd2baeec08e222dc83
2020-04-15 00:25:50 +01:00
Reedy e5d3a17263 Drop $ceAllowConfirmedEmail
I think well over 2 years is long enough!

Change-Id: Ia3770fe4d257df30b6dd244405d4943099cf8464
Follows-up: If4daf6f25f0d2b2c0f1e173ee3903063a39978bb
2020-03-08 16:17:30 +00:00
Reedy 035e073ddb Don't use logging reserved word 'ip' as parameter
Bug: T245280
Change-Id: I368724e9e6de85df45fd8734668789e8d524214f
Follows-up: I5f602bc08902b63acbb0752093b418d0ab063493
2020-02-27 15:11:16 +00:00
Brian Wolff bb0a85ea5e log login captchas to "captcha" channel instead of "authevents"
Also makes the log events more useful by including the username
in question and fix logging logins as being account creations.
See also Icde984d27.

Bug: T210817
Change-Id: I5f602bc08902b63acbb0752093b418d0ab063493
2020-02-11 09:04:55 -08:00
jenkins-bot f5f9c0971d Merge "Remove unused return values and reduce code complexity" 2020-02-09 17:27:11 +00:00
Ammar Abdulhamid 07a2824630 Replace deprecated IP class with IP Utilities
* Also bump required MW version to 1.35.0

Bug: T242556
Change-Id: I279e7d83a0dc75414117208ed23f8cc6b729eb19
2020-02-09 08:23:02 +01:00
Thiemo Kreuz 0dfd1f4ed1 Remove unused return values and reduce code complexity
Changes:
* Do not return anything in a method that is not expected to return
  something.
* Inline some previously hard to read code.
* More specific type hints, if possible.

Change-Id: I0e460899eea07d8733f638a11133adc3000f0542
2020-02-03 15:37:32 +01:00
jenkins-bot efadd21e76 Merge "Stop passing objects by reference" 2020-01-19 16:43:11 +00:00
Max Semenik 9380fa050e Stop passing objects by reference
Bug: T193950
Change-Id: I8c4aabe75ffce55f81c7ffb0f76b67155db1f761
2020-01-17 20:08:16 +00:00
libraryupgrader 54f6c6d87e build: Updating mediawiki/mediawiki-codesniffer to 29.0.0
Additional changes:
* Also sorted "composer fix" command to run phpcbf last.

Change-Id: Iba0ed9df5be4a7fbedce377556c87d42bddfb509
2020-01-14 04:33:04 +00:00
libraryupgrader d481d0c8db build: Updating mediawiki/mediawiki-phan-config to 0.9.0
Additional changes:
* Added .eslintcache to .gitignore.
* Fix wrong types

Change-Id: I833b061c62b82f3c88d968c70bae8317641aaa3d
2019-12-27 14:42:40 +00:00
Daimona Eaytoy 7297235b2a Pass correct type to constructor
Although there was no docblock on CaptchaAuthenticationRequest::__construct,
the method is supposed to get a string and an array, as that's how the
class members are documented and used. Trying to access offsets of null
resulted in PHP notices on PHP 7.4, as seen in the experimental job
for various repos.

Bug: T239726
Change-Id: Idd073ebf3d560543ec225479de060e3c198847eb
2019-12-03 19:30:55 +00:00
Daimona Eaytoy 2971bace15 Remove redundant reference from EditPage hook handler
Bug: T234118
Change-Id: I0f6305bf881c7ffb4383568730f24f89388ae897
2019-09-28 13:05:39 +00:00
Derick Alangi 92b41aa481 Avoid usage of deprecated ObjectCache::getMainWANInstance()
Replacement with services made available in 1.28 and this extension
requires 1.31. So, the replacement is good.

Change-Id: Idd5dda1e7cfa34b71ffb13446eb0f9e4f113f678
2019-07-03 13:43:23 +01:00
Florian fe6d078b9f [recaptcha] Remove the ReCaptcha module
It's not supported by Google for a while.

Bug: T223749
Change-Id: I159cdd4882c1de48d6cee359faa153a2e6e0424b
2019-06-22 10:38:39 +01:00
Umherirrender 7f76ef9924 Add phan
Change-Id: If382ed4440aa96dcb32a8aba6726cc7e78f0e0a7
2019-05-28 21:05:39 +02:00