Commit graph

37 commits

Author SHA1 Message Date
thiemowmde 7e3d73c11b More specific type hints and type declarations
Most notably:
* Use the much more narrow UserIdentity interface where possible.
* Make array type hints in PHPDocs as specific as possible.

Change-Id: Id189da4028b7874909277881dcf6539169dd13b6
2024-05-16 10:32:19 +02:00
Umherirrender a0ca1d89c6 Use namespaced classes
Changes to the use statements done automatically via script
Addition of missing use statements done manually

Change-Id: Iad87245bf8082193be72f7e482f29e9f1bad11fc
2023-12-11 16:39:00 +01:00
Bartosz Dziewoński 18ed307c39 ForeignWikiRequest: Ensure fetching CSRF tokens uses unique CentralAuth tokens
getCsrfToken() previously did the requests to every wiki with the same
'centralauthtoken'. Luckily this wasn't causing any bugs in practice,
because all users of ForeignWikiRequest that need CSRF tokens always
use it with a single wiki.

Change-Id: Ib1c0b9c13a34e38f85faed519c46cabd3b77e61e
2023-09-04 23:39:40 +02:00
Bartosz Dziewoński c3c3aed4dc ForeignWikiRequest: Specify formatversion, errorformat
Otherwise the parameters are copied from the local API request.
That mostly works fine, but browsing the errors logged for T342201
is a bit confusing when they're in different formats.

Change-Id: I5c361d6c0f7d635d3063290dec25f18bc6417e08
2023-09-04 23:39:30 +02:00
Reedy 8f44150300 And a few more namespaced classes...
Change-Id: I57b56d285bac4b41e81f656f3c1ddceee4620fb5
2023-08-18 22:27:18 +01:00
gerritbot f3da9368e8 Update moved class FauxRequest
See T321882. Moved in I832b133aaf61ee

Bug: T321681
Change-Id: Ie2e1ff04178e3f502f90336e68ab012636b46fb5
2023-05-19 10:24:07 +00:00
gerritbot fd6bdf95af Update moved class WikiMap
See T321882. Moved in I60cf4b9ef02b9d5

Bug: T321681
Change-Id: Icf209fddd9367540352d935557881d7e6e5a1e4c
2023-04-25 09:53:21 +00:00
Gergő Tisza 79ee292ca4
Fix logging of cross-wiki API errors
Error messages included a non-existent 'code' parameter; use the
curl error message instead. Also log the error status (which is
there somewhere in 'response' but logstash doesn't manipulate JSON
fields well).

Bug: T328128
Change-Id: If295d7a3b397b22301986a226a54df908c2ccf4d
2023-03-19 16:48:10 -07:00
Taavi Väänänen 30306fd923 SECURITY: Send original client info on x-wiki requests
Bug: T285116
Change-Id: I0551fe64042676f8a2b35afb82a3b4e9c09ea673
2022-04-04 15:42:18 -05:00
Alexander Vorwerk ce7532b212 Replace usages of deprecated wfWikiID()
The global function wfWikiID() is deprecated since 1.35 and it's usages
should be replaced with WikiMap::getCurrentWikiId().

Bug: T298059
Change-Id: Ia8cbc992eb80ee6d531cf11bdf2bc06181bce8b0
2021-12-21 02:01:11 +00:00
Cole White fea3813907 Pass entire response object to response attribute
Fixes mapper parsing errors in Logstash because most other producers
generate the response field as an object.

Bug: T239458
Change-Id: I95436dce23efde7f4aa460007187a7544cc36462
2021-12-01 01:31:53 +00:00
Urbanecm 055ee16c1c Revert "Use namespaced CentralAuthSessionProvider"
This reverts commit 393aace621.

Reason for revert: namespacing reverted in I1d358d178a3999e82e7a25e17851c3cf60d7ddaa.

Change-Id: If4f7ddf51cbd63dc782e61b389b3f45effc13299
2021-10-07 19:29:20 +00:00
Alexander Vorwerk 393aace621 Use namespaced CentralAuthSessionProvider
Change-Id: I56fbd065cbb4f1f0c882759e8a5d6d0ffb4dcec1
2021-09-29 22:28:47 +02:00
Petr Pchelko a10b0b07c8 Use CentralIdLookupFactory and pass UserIdentity
Change-Id: I44144df7cf244eb867c1b261c10cc29b020f8409
2021-07-21 19:23:42 -07:00
DannyS712 3269afae8e Remove use of global $wgUser
This partially reverts commit 83a181ce9c
and fully reverts 82896eff62

To avoid regressing to the errors from T139665, check if the user
retrieved from RequestContext::getMain()->getUser() is safe to load
instead of $wgUser, still in addition to the other checks that
EchoForeignWikiRequest::$user is safe to load.

Bug: T243732
Change-Id: I22c4918fc7e8b3d1364a95de3958c055059971b8
2021-07-14 04:57:34 +00:00
Kosta Harlan 294ed3c2cb ForeignWikiRequest: Guard against bad response
See also I4dde4e3bb4ff2ea8b7669bb18b2689410e5e7713

Bug: T274408
Change-Id: I3ab7d0a4b58a150fe940bc8441b5fb127142ad9f
2021-02-17 10:11:10 +01:00
Umherirrender d7556b1d96 Add missing @var and improve documentation
Change-Id: I729d5ff5afd4d45022fa0a4e42d060d35543b567
2020-12-17 20:55:49 +01:00
Reedy 82896eff62 Ignore usage of $wgUser
Bug: T262110
Change-Id: Ia4a24d0216ce33d3ae915c12619c149d54d321b2
2020-09-05 03:16:37 +00:00
Tim Starling 5252624729 Use HttpRequestFactory::createMultiClient()
Use the globally configured request timeout instead of MultiHttpClient's
hard-coded default. This means that the request timeout for
ForeignWikiRequest will typically be reduced from 900s to 25s.

Bug: T245170
Depends-On: I8252f6c854b98059f4916d5460ea71cf4b580149
Change-Id: I1c3d96720709253ad15bb8528cdd132571de2e4e
2020-05-21 14:23:28 +10:00
Umherirrender f62ab66363 build: Updating mediawiki/mediawiki-phan-config to 0.8.0
Bug: T235049
Change-Id: I93844dc6fae8a3dca3ced591d43caa2f994ba2f1
2019-11-18 20:03:13 +01:00
Daimona Eaytoy e21e3b4a8d Add phan
Change-Id: I65ae6adc10941c05a2646e551b1baa829e4e8654
2019-04-10 18:51:59 +02:00
Derick Alangi 3971e32f1b Code improvements for includes/ **only** directory
This code improvements seeks to improve on code readability, consistency,
maintainability and efficiency.

Change-Id: I4f07886044e9a75824f9e7ddad039f3112b1c4a1
2019-03-05 18:58:52 +01:00
Umherirrender fdc2b42b2b Declare class properties in Formatter and WikiRequest
Change-Id: Iaf4c2f7bb75896d3daafbb445f7b5f6341543f8e
2019-02-18 19:25:56 +00:00
Roan Kattouw 55a5823d45 Add cross-wiki proxying to the action=markasread API
Add support for POST requests and tokens to EchoForeignRequest
and ApiCrossWiki, and add the ApiCrossWiki trait to ApiEchoMarkRead.

Change-Id: Idadaacd0d0c4a957bf2499049fc105a60c73bc52
2018-09-03 08:07:39 -07:00
Umherirrender 2cd8d9d0eb Split long lines over 140 chars
This makes the code easier to read even on big screens

Change-Id: I14bfb97b2986f389ad11a6ddc97ba61468774782
2018-08-25 12:51:14 +02:00
Thiemo Kreuz c1c3c7b672 Make "@… array" type hints more specific
There are about 200 of such generic "array" type hints in this code base,
the majority in @param tags. I started with what I found most relevant:
@var and @return tags. I might continue working on this later, but
wanted to stop for now to keep this patch moderately small.

Change-Id: Iff0d9590a794ae0f885466ef6bb336b0b42a6cd3
2018-08-13 09:27:37 +02:00
Thiemo Kreuz 75a55b80ee Remove some non-helpful lines of documentation
Explaining that a variable named "$username" contains a "username" is
not helpful. One have to read this comment first to understand that it
does not add anything to what's already obvious from the variable name
and the type.

Change-Id: I9a43866498d0c94422caf16233f502320a8e36c9
2018-07-06 15:14:44 +00:00
libraryupgrader d1ef3a9514 build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
Change-Id: I69d6907eadd607cbeaef63d813ef79aea4e7983c
2018-05-26 02:15:41 +00:00
Kunal Mehta aaf061c725 build: Updating mediawiki/mediawiki-codesniffer to 0.9.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.ExtraParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
* MediaWiki.Commenting.FunctionComment.WrongStyle
* MediaWiki.FunctionComment.Missing.Protected
* MediaWiki.FunctionComment.Missing.Public
* MediaWiki.NamingConventions.LowerCamelFunctionsName.FunctionName
* MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment

Change-Id: I8401abf121a7413fa191d7bc535e0ddd6cf8c3f7
2017-06-22 14:13:28 +00:00
James D. Forrester 8c810dff48 build: Update mediawiki/mediawiki-codesniffer to 0.7.1
Also added "composer fix" command.

Change-Id: I25cb61b3b92798f1259d1575a336e2b056d5764f
2016-12-05 15:54:30 -08:00
Matthew Flaschen c1365be90d Fix typo (canUseCentralAuthl -> canUseCentralAuth)
Change-Id: Ic27240df0744c6025e7b1922d31250377f0a2bc4
2016-07-19 10:16:57 -07:00
Roan Kattouw 83a181ce9c ForeignWikiRequest: Also check User::isSafeToLoad()
Check it for both $wgUser and $this->user because they
could theoretically be different.

Bug: T139665
Change-Id: I59cb4f0122a9fccb32ca165fda065dee2467b1da
2016-07-18 14:49:43 -07:00
Matthew Flaschen 8f7499286d getCentralAuthToken back to protected.
This was for testing, I didn't mean to commit it.

Follow up 03262edf24

Change-Id: Ia5e8ec482d5b32891de67fe3da6e8c52cca099e9
2016-07-12 18:45:31 -04:00
Matthew Flaschen e578bb4ab4 CentralAuth: Bail if not fully initialized
Bug: T140144
Change-Id: I2bc242e98f864af50af5545424a4da318abc360f
2016-07-12 16:31:53 -04:00
Matthew Flaschen 03262edf24 Troubleshoot why Echo is still triggering CA failures
If we have a central ID, in theory it should not trigger
CA failures when getting a token.  However, it is, so maybe:

* This is the wrong way of checking attached-ness.
* It is somehow losing the central ID later.

or something else is going on.

Bug: T140144
Bug: T119736
Change-Id: I71c6f121a728e503aa9d62778e64c650cd8d46af
2016-07-12 15:07:01 -04:00
Roan Kattouw e63b8799a4 ForeignWikiRequest: Bail early for non-global users
Attempting to get a CentralAuth token for an unattached
user (or a user mid-attachment) throws an exception.

Bug: T119736
Change-Id: I2a34754f55b952f5bcd4da6c6f89a32ebc29ecf1
2016-07-12 09:05:30 +02:00
Roan Kattouw 05e531c7b6 Factor out cross-wiki API request code
Change-Id: Id926a607b99103d4489d1b734e00d104b7e80233
2016-06-08 22:35:57 +02:00