createaccount is a core grant which by default isn't really
sensitive, but TitleBlacklist adds tboverride-account which
can be used for social engineering.
Using MediaWikiServices to change configuration is not great,
but it's the least bad option available today - other hooks run
too late, and the extension registry doesn't support extensions
overriding core values.
Bug: T290790
Depends-On: Ib7a195c167f82e686c4ede45388957f9988bf75d
Change-Id: I2d20190266e4094449b5857b88f962a444c2f9b5
titleblacklist is not part of action=query (since a2f5ccd2 back in 2011)
and should not follow that naming schema.
No class alias as nobody needs to call the class directly
Change-Id: If57e5bd9291a894edf42835fed07d37cd8e8abed
TitleBlacklist compares cache version in app code, meaning that entries
with old versions will still be deserialized.
Bug: T307513
Change-Id: Icea6022fcf5530b2429ce660e2589dd5954577a7
Since AbstractAuthenticationProvider ::setLogger, ::setManager,
::setConfig, ::setHookContainer methods had been soft deprecated,
so its usages were removed. AuthenticationProviderTestTrait
::initProvider was used in order to initialize
TitleBlacklistPreAuthenticationProvider in the test.
* Also bump required MW version to 1.37.0
Bug: T281994
Change-Id: I15b811a8596addad7a50b13d978851ebd86da9a5
Update matchFunction() to match the new format of responses.
Remove custom error message from process(), it's worse than the default.
Bug: T229532
Depends-On: I3b9c4fefc0869ef7999c21cef754434febd852ec
Change-Id: Ibeae79c95557a7af699716c9d921f34c310bee6d
Also, cleanup various legacy behavior of hooks: as they return true. In
addition, objects are passed by reference by default.
I see more room for improvements, but will keep doing them in later change
sets.
Change-Id: I1ff3ec493a1d161cfbcfacf49b1af486a93b1052
This reverts commit ecf9bc4424.
Fixes copy paste fail from Id686d75e0a6b475a79f7f715791d867dc6fb400c,
should've been preauth, not primary
Change-Id: I8c5456af1ca3bf89c4fd1791b113ac3a16350989
* Use only a single error code 'titleblacklist-forbidden'
to allow API users to easily identify TitleBlacklist errors.
* Return the internal code ('message') and the matching entry's text
('line') in machine-readable format, same as action=titleblacklist
(depends on I1334ba21a2862973a9d8ff5be2c9bec06a82698b in MediaWiki).
This bumps the version requirement to 1.27, as older MediaWiki
versions would ignore the error in new format entirely.
Example API output change, for action=edit:
Before:
{
"error": {
"code": "custom-message",
"info": "TitleBlacklist prevents this title from being created",
"*": "See http://localhost/w/api.php for API usage"
}
}
After:
{
"error": {
"code": "titleblacklist-forbidden",
"info": "TitleBlacklist prevents this title from being created",
"message": "custom-message",
"line": ".*test.* <errmsg=custom-message> # test rule",
"*": "See http://localhost/w/api.php for API usage"
}
}
Bug: T115258
Change-Id: I42a0c5b0ea7e61088dd609b764dd7d1396c60cd5
