Commit graph

172 commits

Author SHA1 Message Date
Taavi Väänänen 30306fd923 SECURITY: Send original client info on x-wiki requests
Bug: T285116
Change-Id: I0551fe64042676f8a2b35afb82a3b4e9c09ea673
2022-04-04 15:42:18 -05:00
gerritbot 49696ea763 Fix usage of ApiBase::PARAM_* deprecated constants
The ones that are replaced with ParamValidator

Bug: T275455
Change-Id: I6a096fa34fbd543d0ee4354f5487c73b8b3d37c7
2022-04-04 00:14:28 +00:00
gerritbot d9a082373d Replace deprecated ApiBase::PARAM_ with IntegerDef ones
The rest of ApiBase::PARAM_  will be done in separate patches

Bug: T275455
Change-Id: I897f02f9bae8a53b720a5a35e9689679c003c714
2022-04-03 22:14:48 +02:00
Umherirrender 9bf6ceb738 Replace deprecated JobQueueGroup::singleton()
Change-Id: I298d8507f4ec706c235087b726b7b230ed5e9ac6
2022-01-25 22:24:53 +01:00
Alexander Vorwerk ce7532b212 Replace usages of deprecated wfWikiID()
The global function wfWikiID() is deprecated since 1.35 and it's usages
should be replaced with WikiMap::getCurrentWikiId().

Bug: T298059
Change-Id: Ia8cbc992eb80ee6d531cf11bdf2bc06181bce8b0
2021-12-21 02:01:11 +00:00
vladshapik a3c55f6272 Avoid using User::getOption() method
Replace User::getOption() with UserOptionsLookup::getOption() since this method will be hard-deprecated.

Bug: T296083
Change-Id: I0ecdc63b0344bc4c24196cc5edb3d02b6a7ed615
2021-12-10 13:37:45 +01:00
TChin ceeba5efe6 Replace deprecated Title::newFromIDs
Bug: T291288
Change-Id: I259d3f8d4c4fc7cd8ce008f3e63d1208c2b002b7
2021-10-01 16:22:36 -04:00
libraryupgrader 43efb95e8b build: Updating composer dependencies
* mediawiki/mediawiki-phan-config: 0.10.6 → 0.11.0
* php-parallel-lint/php-parallel-lint: 1.3.0 → 1.3.1

Change-Id: If2e235fb97c0d39c3c14ba7c423ef45f5c0013d0
2021-09-08 23:40:19 +00:00
James D. Forrester a47a421696 Alter use of deprecated methods to ones called 'Primary'
This extension already depends on MW 1.37, so all these methods exist.

Bug: T254646
Depends-On: I9a90b4f74eb65cd9e20ae9faa6d1949be96543c0
Change-Id: Iebfdd33d3a967c87fbf87382a010a01da5cd4fc8
2021-09-03 17:46:20 -07:00
Matěj Suchánek 628122e155 Fix camelCase of getUserEnabledEventsBySections
Change-Id: I14b6750f7f3cc5334e3143f0e85ca033681b4e35
2021-08-20 17:03:28 +00:00
Michael Holloway 5eb4c6cd1d Add notifiertypes parameter to ApiEchoNotifications
Previously, ApiEchoNotifications returned only events which were
enabled for the `web` notifier type. With this change, the notifier
type or types to consider can be specified by argument to the new
`notifiertypes` parameter.

This change is required so that the apps can request notification
content from the API for push notifications.

Bug: T287909
Change-Id: I2d1155e113f2defb0f02416a7a659c3ee162d3a6
2021-08-17 10:27:14 -04:00
jenkins-bot 5566f84378 Merge "Turn push notification token list into a circular buffer." 2021-07-30 14:46:10 +00:00
Dmitry Brant 6c5a88107c Turn push notification token list into a circular buffer.
At the moment we support a maximum of 10 tokens per user for subscribing
to push notifications, stored as a basic list that runs out when the
limit is reached.  There may, however, be some edge cases where an app
registers a token and then forgets to unregister it (and repeats this 10
times), after which time it will be unable to register any new token.

This changes the token list to behave more like a circular buffer, by
simply deleting the oldest token before inserting the new one. This way
an app could register a new token even in the rare case of forgetting
the previous ten.

Change-Id: I387de63460882e4e56d1aa6db1f78d73a0495208
2021-07-29 17:22:57 -04:00
DannyS712 f13dd018c7 Enable and fix ReturnTypeDeclaration sniff
Libup decided to disable the sniff, fix the issues instead

Change-Id: Ibac1c3f32af19edff3f428928efe578d97061b07
2021-07-24 04:36:30 +00:00
Petr Pchelko a10b0b07c8 Use CentralIdLookupFactory and pass UserIdentity
Change-Id: I44144df7cf244eb867c1b261c10cc29b020f8409
2021-07-21 19:23:42 -07:00
ZabeMath 3befbe0a69 Avoid using User::setOption()
User::setOption() is deprecated and should be replaced with UserOptionsManager::setOption()

Bug: T277818
Change-Id: I001301fb95635c421a0bbb921fd909c5312dc896
2021-07-17 09:52:53 +00:00
James D. Forrester 4dd2a651e1 phpcs: Auto-fix MediaWiki.Usage.StaticClosure.StaticClosure
Change-Id: I6a02902ffaa8a9b497d60b573a0b8e3dbc207ee5
2021-05-04 09:06:42 -07:00
Jeena Huneidi 596729d852 Make AttributeManager a service
Adds AttributeManager to EchoServices so that dependencies of
AttributeManager can be injected.

Bug: T275148
Change-Id: I4fa5084d72914d16b6d218e7dd3521f5a1919b80
2021-02-26 12:58:23 -08:00
Martin Urbanec 36c65d8fa8 Log ApiEchoUnreadNotificationPages bad responses
ApiEchoUnreadNotificationPages::getUnreadNotificationPagesFromForeign we
sometime erroneous responses from the foreign wiki. We silently ignore
them since d8a4b6ba9, this add logging of the response payload.

Bug: T273479
Signed-off-by: Thiemo Kreuz <thiemo.kreuz@wikimedia.de>
Change-Id: I4dde4e3bb4ff2ea8b7669bb18b2689410e5e7713
2021-02-03 10:47:32 +01:00
Thiemo Kreuz d8a4b6ba91 Add missing isset() check to ApiEchoUnreadNotificationPages
…::getUnreadNotificationPagesFromForeign().

I'm not 100% sure if this fixes the code in a way it is
supposed to work. However, I see that getFromForeign() is
called 3 times in existing code, and 2 of these places
already do an isset() check. It looks like it was just
forgotten here.

Even if there is another issue to fix here, this patch:
a) silences the error, and
b) gives us more useful debug output.

Bug: T273479
Change-Id: I257620f646196c0554b9d86c849a02f5a8b9519c
2021-02-03 06:42:26 +00:00
jenkins-bot 6042d6e389 Merge "Prefer UserIdentity::isRegistered over isAnon" 2020-12-23 08:25:04 +00:00
Thiemo Kreuz c9797db768 Prefer UserIdentity::isRegistered over isAnon
isRegistered is part of the slick UserIdentity interface, i.e.
it's the more "canonical" form. This change makes it a bit
easier to move away from using the huge (4000+ LOC) User class
everywhere, in favor of the UserIdentity interface, where
possible.

This patch is meant as a small step towards this goal. I tried
to replace some usages of User type hints already, but prefer
to go in small, incremental steps.

Change-Id: I039c7a18672dfb6ea9507752bce9ea754babd690
2020-12-23 07:15:30 +00:00
Umherirrender d7556b1d96 Add missing @var and improve documentation
Change-Id: I729d5ff5afd4d45022fa0a4e42d060d35543b567
2020-12-17 20:55:49 +01:00
mbsantos 86d45a66ca push: die with error if providertokens param is empty
Bug: T267263
Change-Id: Icf98189726602dd8e43e1f9daf19e3f73efb91b0
2020-11-10 16:50:37 +01:00
Michael Holloway 3513c642dd Create push subscription manager group/right to clean up dead subs
Creates a new push-subscription-manager group and an associated
right, manage-all-push-subscriptions. The purpose of this is to
allow privileged accounts to purge expired subscriptions from the
database on behalf of other users. A user with this right will be
permitted to delete any subscription from the DB based on the token
alone. For all other users, deletion requests will be limited to
those associated with the requesting user's central ID.

This right will be granted to a bot account on Metawiki associated
with the Wikimedia push notifications service, and the push
notifications service account will make push subscription delete
requests to the API for subscriptions for which vendor APIs return bad
subscription responses.

Additionally, the providertoken parameter to ApiPushSubscriptionDelete
is updated to allow multiple providertoken values.

Bug: T259148
Change-Id: Ia6c17588ee94e6be74e5e3a75eb33e38f172fc93
2020-08-20 17:08:48 -04:00
Mateus Santos c188dac23f push: send apns topic when present
1) send apns topic when present in subscription metadata
2) check if subscription metadata is a valid JSON string
3) make epp_id column at echo_push_provider table auto_increment,
otherwise it will fail when trying to add a second row in the table

Bug: T259394
Change-Id: I785435e9f2d4ba9c14977d431d271f0fa2d0c795
2020-08-18 13:21:20 +00:00
DannyS712 d24df030a3 Remove legacy ApiBase::getTokenSalt() overrides
Method was removed in 1.24, extension requires MW 1.35+,
so overrides aren't used

Change-Id: Ia543a06c3fcefce3429c0031b813b742feee76f1
2020-08-15 05:30:58 +00:00
jenkins-bot aa1f1801e4 Merge "Create and enforce a config setting for max subscriptions per user" 2020-08-13 17:03:05 +00:00
Thiemo Kreuz e5fead8b42 Use more canonical (object)[] instead of new stdClass
Both styles create the exact same object. Casting an array to an
object creates an stdClass object as well. The main benefit of this
syntax is that there is much less repetition. Everything is one
token instead of individual lines, where each line might contain a
typo.

Change-Id: Id43fa2c4b6bd5d9dbc60008427d4a9e14ae3811c
2020-08-13 09:58:14 +00:00
Thiemo Kreuz 9474b9c942 Remove Phan exceptions reported as unused
Change-Id: I89fa328e8878d64887518a3f49145b19ea599676
2020-08-13 09:25:05 +00:00
Michael Holloway 15d48278be Create and enforce a config setting for max subscriptions per user
Creates a EchoPushMaxSubscriptionsPerUser config setting (default: 0)
that controls the maximum number of subscriptions a user may associate
with the user's central user ID.

The setting is enforced in EchoPush\SubscriptionManager::create().

To allow creating push subscriptions for development, set
$wgEchoPushMaxSubscriptionsPerUser to a positive integer value in
LocalSettings.php:

 $wgEchoPushMaxSubscriptionsPerUser = 10;

Bug: T259150
Change-Id: Ib97b6b6cbb8161dd75dad92c54b4fe4fff80c421
2020-08-12 17:58:11 -04:00
Umherirrender 3c53d6acb9 phpcs: Break long lines
Use the codesniffer default of length = 120

Change-Id: Ifbfd56b20432e54805d3a9bce22cda888c1fc74d
2020-06-27 12:05:03 +02:00
Gergő Tisza 153db72ec4 Ensure an array is passed to ApiEchoMute::lookupIds()
The nicer approach would be setting the parameter default to [],
but that breaks ApiSandbox.

Bug: T254699
Change-Id: I6c553e27248ff7d6c696f116cb34eb238dade440
2020-06-10 13:47:05 +00:00
Michael Holloway c9a826190d Remove overbroad DB error catching in ApiEchoPushSubscriptionsCreate
Rather than catching all DB errors (and assuming they are duplicate
entry errors), ignore duplicate entry errors and use affectedRows() to
determine whether the subscription already existed.

Change-Id: I4d50cb8222e52cc1a4e1f0fb3f596f36cb565dbb
2020-06-09 23:48:12 -04:00
Michael Holloway a3674974f1 Add push subscription management
Adds DB tables for storing push subscriptions, some DB interaction code
for retrieving them within MediaWiki, and a set of API modules for
managing them from the outside world.

When testing this patch, be sure to run maintenance/update.php to create
the new tables, and set $wgEchoEnablePush = true in LocalSettings.php
to enable the API new API module.

N.B. The current DB schema is centered on app push subscriptions. Web
push subscriptions require slightly different handling, since they are
provided by browsers as a JSON blob rather than a token string. How to
handle web push subscriptions is a question we can defer until the time
comes to add web push support.

Subscription data is stored in the echo_push_subscription table, with
provider names normalized into the echo_push_provider table. We expect to
be looking up subscriptions by central user ID, so that column is indexed.
The subscription data also includes a column to store SHA256 digests of
the subscriber tokens. This is for use as a unique key constraint, since
we expect every push token to be univerally unique, and the token values
themselves may be too large to reasonably index in MySQL.

Bug: T252899
Change-Id: I3928761b3fba12e54ff4850e9a05c68ec7772f62
2020-06-02 13:40:00 -04:00
Roan Kattouw 28f432b150
Add dynamic secondary action to mute/unmute page-linked notifications
Also adds an API module for muting and unmuting pages (and users).

Bug: T46787
Bug: T115264
Change-Id: Icf4e4bfa9fd7fa27b4c40892e3d5ce000eb22d5a
2020-05-27 15:20:08 +02:00
libraryupgrader cbc50bd4fe build: Updating composer dependencies
* mediawiki/minus-x: 0.3.2 → 1.0.0
* mediawiki/mediawiki-phan-config: 0.9.0 → 0.9.2

Change-Id: I384e3624fadebd736a3ea465df79df6bf9dd5a74
2020-02-19 20:20:29 +00:00
Roan Kattouw b2f816d0af Use GET rather than POST for action=markseen
This seems strange, because markseen sounds like a write action, but it
writes to the seentime cache rather than the database. For multi-DC
support, we need writes to the seentime cache to happen in the local
data center, and the easiest way to do that is to make it a GET request
rather than a POST request.

It would be nice if marking as seen could be consolidated into the GET
request for fetching notifications, but I didn't do that because the
code for those fetches is pretty complicated, and some fetches (like
polling) should not mark as seen.

Bug: T222851
Change-Id: If4c504a9dc562b1d4e626e155fba8ebb5cdb0579
2020-01-10 16:12:18 -08:00
libraryupgrader ef3d2b886d build: Updating mediawiki/mediawiki-phan-config to 0.9.0
Change-Id: I03333636654eff80d4fe7fa543ac9e6c321af891
2019-12-29 11:59:32 +00:00
Umherirrender f62ab66363 build: Updating mediawiki/mediawiki-phan-config to 0.8.0
Bug: T235049
Change-Id: I93844dc6fae8a3dca3ced591d43caa2f994ba2f1
2019-11-18 20:03:13 +01:00
Thiemo Kreuz 0efef4faf3 Add strict "array" type hints to code expecting arrays
I found candidates for this by looking for parameters names that end
with a plural "s".

Change-Id: I61c706eb4dfbdadceb0129afd724e6ce1eb4f4a8
2019-10-24 15:18:58 +00:00
DannyS712 0b237983b8 Use Special:MyLanguage in API help links
Bug: T231269
Change-Id: I76e1e257616d8e2a43bcbe9efadead71a09bb058
2019-08-27 06:14:51 +00:00
Derick Alangi f402ecd31f Echo: Fix case mismatch for function/method calls
PHP doesn't care much about the name (in terms of case sensitivity)
but I think we should make sure the names of the method should be as
they're in their definition.

Change-Id: I6e38d8be64efaec4200471f2d3007275d7ddecec
2019-06-11 22:46:24 +01:00
James D. Forrester 980e67d338 build: Upgrade mediawiki/mediawiki-phan-config from 0.5.0 to 0.6.0 and make pass
Change-Id: Ifc83427ccdcfc34d33a667ffde5e0cec98a0a609
2019-05-19 13:33:12 +02:00
Stephane Bisson f5f59a503b Use wikiId both server and client side
When creating the various notification sources,
the server was indexing them with wfWikiID() but
the client was using wgDBname to find which one
is local and which are remote. On some wikis,
like TWN, wfWikiID() includes a db suffix so
the JS app on Special:Notifications is failing to
find the local source and errors.

Bug: T167336
Change-Id: Id60f723b615fb7db54a6f17b1c1be20dfe98e36c
2019-05-08 09:03:28 -04:00
Stephane Bisson 1017054b88 Cleanup transition flags
$wgEchoSectionTransition was introduced when we moved some notification
types between sections (alert, message).

$wgEchoBundleTransition was introduced when we made bundles dynamic
and expandable.

Both flags have been OFF for years and are not needed anymore.
This patch removes all traces of them.

Bug: T140710
Change-Id: I16a5d54b09e71997f80208db6f4fbdb040d03ab1
2019-04-17 22:07:14 -07:00
Daimona Eaytoy e21e3b4a8d Add phan
Change-Id: I65ae6adc10941c05a2646e551b1baa829e4e8654
2019-04-10 18:51:59 +02:00
Umherirrender c3d0760405 Use php null coalesce operator ??
Change-Id: Icb7d61b0b9040ee08caedef90b4dd2b65d403540
2019-03-12 21:04:00 +01:00
Roan Kattouw 91465ef753 Remove notification_bundle_display_hash
Also remove fetchNewestByUserBundleHash() because it's now unused,
and remove the echo_notification_user_hash_timestamp index which
existed specifically to support that function's DB query.

Bug: T143763
Change-Id: I74be8f156bc14d0e189d328953d17dc26cdb697b
2019-03-06 10:29:05 -08:00
Roan Kattouw ae75a8118a Remove notification_bundle_base
No longer used in the new bundling system.
Also removes indexes that contain bundle_base.

Bug: T143763
Bug: T131415
Change-Id: Ibf94cdc471a11cb14995fee6a55af0d227b50aa5
2019-03-04 13:22:17 -08:00