registration: Perform extra validation for mediawiki.org URLs

If the "url" field in extension.json is pointing to mediawiki.org,
perform some extra validation steps:
* Require HTTPS
* Require the `www.mediawiki.org` canonical domain

Change-Id: I3371443d3f6c76f53437adf90a700969bba7d0e7

diff --git a/includes/registration/ExtensionJsonValidator.php b/includes/registration/ExtensionJsonValidator.php
index 7e3afaa..564ea6b 100644 (file)
--- a/includes/registration/ExtensionJsonValidator.php
+++ b/includes/registration/ExtensionJsonValidator.php
@@ -89,20 +89,34 @@ class ExtensionJsonValidator {
                        );
                }
 
-               $licenseError = false;
+               $extraErrors = [];
                // Check if it's a string, if not, schema validation will display an error
                if ( isset( $data->{'license-name'} ) && is_string( $data->{'license-name'} ) ) {
                        $licenses = new SpdxLicenses();
                        $valid = $licenses->validate( $data->{'license-name'} );
                        if ( !$valid ) {
-                               $licenseError = '[license-name] Invalid SPDX license identifier, '
+                               $extraErrors[] = '[license-name] Invalid SPDX license identifier, '
                                        . 'see <https://spdx.org/licenses/>';
                        }
                }
+               if ( isset( $data->url ) && is_string( $data->url ) ) {
+                       $parsed = wfParseUrl( $data->url );
+                       $mwoUrl = false;
+                       if ( $parsed['host'] === 'www.mediawiki.org' ) {
+                               $mwoUrl = true;
+                       } elseif ( $parsed['host'] === 'mediawiki.org' ) {
+                               $mwoUrl = true;
+                               $extraErrors[] = '[url] Should use www.mediawiki.org domain';
+                       }
+
+                       if ( $mwoUrl && $parsed['scheme'] !== 'https' ) {
+                               $extraErrors[] = '[url] Should use HTTPS for www.mediawiki.org URLs';
+                       }
+               }
 
                $validator = new Validator;
                $validator->check( $data, (object)[ '$ref' => 'file://' . $schemaPath ] );
-               if ( $validator->isValid() && !$licenseError ) {
+               if ( $validator->isValid() && !$extraErrors ) {
                        // All good.
                        return true;
                } else {
@@ -110,8 +124,8 @@ class ExtensionJsonValidator {
                        foreach ( $validator->getErrors() as $error ) {
                                $out .= "[{$error['property']}] {$error['message']}\n";
                        }
-                       if ( $licenseError ) {
-                               $out .= "$licenseError\n";
+                       if ( $extraErrors ) {
+                               $out .= implode( "\n", $extraErrors ) . "\n";
                        }
                        throw new ExtensionJsonValidationError( $out );
                }

diff --git a/tests/phpunit/data/registration/bad_url.json b/tests/phpunit/data/registration/bad_url.json
new file mode 100644 (file)
index 0000000..ee0f4b9
--- /dev/null
+++ b/tests/phpunit/data/registration/bad_url.json
@@ -0,0 +1,5 @@
+{
+       "name": "Test",
+       "url": "http://www.mediawiki.org/",
+       "manifest_version": 1
+}

diff --git a/tests/phpunit/data/registration/bad_url2.json b/tests/phpunit/data/registration/bad_url2.json
new file mode 100644 (file)
index 0000000..813e9d6
--- /dev/null
+++ b/tests/phpunit/data/registration/bad_url2.json
@@ -0,0 +1,5 @@
+{
+       "name": "Test",
+       "url": "http://mediawiki.org/",
+       "manifest_version": 1
+}

diff --git a/tests/phpunit/includes/registration/ExtensionJsonValidatorTest.php b/tests/phpunit/includes/registration/ExtensionJsonValidatorTest.php
index d69ad59..355f4ef 100644 (file)
--- a/tests/phpunit/includes/registration/ExtensionJsonValidatorTest.php
+++ b/tests/phpunit/includes/registration/ExtensionJsonValidatorTest.php
@@ -78,6 +78,15 @@ class ExtensionJsonValidatorTest extends MediaWikiTestCase {
                                'good.json',
                                true
                        ],
+                       [
+                               'bad_url.json', 'bad_url.json did not pass validation.
+[url] Should use HTTPS for www.mediawiki.org URLs'
+                       ],
+                       [
+                               'bad_url2.json', 'bad_url2.json did not pass validation.
+[url] Should use www.mediawiki.org domain
+[url] Should use HTTPS for www.mediawiki.org URLs'
+                       ]
                ];
        }