James D. Forrester [Thu, 19 May 2016 15:05:31 +0000 (16:05 +0100)]
build: Enforce stylelints on spacing around declarations
* A space before but not after a 'bang' (' !important' not '! important')
* A space after but not before a colon ('display: block' not 'display :block')
Change-Id: Ice36c2034e94e62377bac8a110ff4b16b7187e85
James D. Forrester [Thu, 19 May 2016 14:58:34 +0000 (15:58 +0100)]
build: Enforce the rest of the colour-related stylelints
* Hex colours must be in short form where possible ('fff' not 'ffffff')
* Hex colours must be used over named colours ('fff' not 'white')
* Hex colours must be valid ('fff' not 'ffq')
Change-Id: I2ba04cc3ad9898c17fee3c65bb3bead834c3a1fd
James D. Forrester [Thu, 19 May 2016 14:43:37 +0000 (15:43 +0100)]
build: Bump grunt-karma and related tools to 1.0.x
Change-Id: I3d8ad9fbd3b6950c13bf400790eb97fe4e94f849
James D. Forrester [Thu, 19 May 2016 14:43:19 +0000 (15:43 +0100)]
mediawiki.special.search.css: Fix chmod
Change-Id: Ib26b4e882ef33fb291df656214ef0fa244603557
James D. Forrester [Thu, 19 May 2016 14:41:15 +0000 (15:41 +0100)]
build: Introduce stylelint
Initially, with just a single rule to make this a smaller change that we can
incrementally extend up to the full Wikimedia coding conventions preset; namely,
forcing hex references to colours to be in lower-case.
Note the odd src definition to avoid referring to mediawiki.less the directory in
the glob.
Change-Id: I34f0c8e3c8280e3fce0aa22d7537100b850cbb8d
jenkins-bot [Thu, 19 May 2016 12:45:16 +0000 (12:45 +0000)]
Merge "Allow resources to be salvaged across service resets."
daniel [Thu, 14 Apr 2016 19:02:31 +0000 (21:02 +0200)]
Allow resources to be salvaged across service resets.
NOTE: This also changes the semantics of MediaWikiServices::resetGlobalInstance
to only reset services instances, not service wiring. The wiring will be copied
from the old global MediaWikiServices instance to the new one.
Bug: T132707
Change-Id: Ie2ca3ff99aa74fffa9eb6c8faccab857dc0874f7
jenkins-bot [Thu, 19 May 2016 10:24:59 +0000 (10:24 +0000)]
Merge "Fix resetServiceForTesting() param type in comment"
jenkins-bot [Thu, 19 May 2016 09:17:51 +0000 (09:17 +0000)]
Merge "Disable Cucumber scenarios that are broken in daily Jenkins jobs"
jenkins-bot [Thu, 19 May 2016 04:44:45 +0000 (04:44 +0000)]
Merge "tests: Remove duplicate unit tests in HtmlTest.php"
jenkins-bot [Wed, 18 May 2016 22:35:47 +0000 (22:35 +0000)]
Merge "Make LinksUpdate only wait on the DB with the link tables"
Aaron Schulz [Wed, 18 May 2016 22:05:11 +0000 (15:05 -0700)]
Make LinksUpdate only wait on the DB with the link tables
Bug: T135690
Change-Id: If79ca385884f422e5ed11e77b29033c8cabf494c
Chad Horohoe [Wed, 18 May 2016 17:38:08 +0000 (10:38 -0700)]
RecompressTracked: Remove useless member variable
It's only checked once and has no external users
Change-Id: I6951b799759f1d8b0063a3059bec5c1c64a35815
jenkins-bot [Wed, 18 May 2016 20:33:54 +0000 (20:33 +0000)]
Merge "Don't use deprecated User::checkPassword() in TestUser"
jenkins-bot [Wed, 18 May 2016 20:16:09 +0000 (20:16 +0000)]
Merge "Allow to chaining calls in setSubmitDestructive and setSubmitProgressive."
Timo Tijhof [Wed, 18 May 2016 19:54:49 +0000 (20:54 +0100)]
tests: Remove duplicate unit tests in HtmlTest.php
Follows-up
ee4d5c6ee ("Remove support for $wgWellFormedXml = false")
Remove now-redundant duplicate tests that were previously there
to test the same thing again with $wgWellFormedXml set to false.
Change-Id: I91623a8c10e5108ffae13f67328aece2cf33c719
Translation updater bot [Wed, 18 May 2016 19:53:47 +0000 (21:53 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I8f24e94f2d29d5befd905c8e4cb5fa89002ecd38
Aaron Schulz [Wed, 18 May 2016 19:36:05 +0000 (12:36 -0700)]
Fix resetServiceForTesting() param type in comment
Change-Id: I05ba45a812a6d6aa7e9c90ea17b5a24b606e815c
Ori Livneh [Wed, 18 May 2016 19:17:34 +0000 (12:17 -0700)]
Fix-up for I52c511be04: call parent setup / teardown methods
Change-Id: Ic66fa5ae61f1d1822d7cc20eafa6c01a2bdb6e37
jenkins-bot [Wed, 18 May 2016 19:06:24 +0000 (19:06 +0000)]
Merge "Revert "Make an empty "?action=" parameter default to "view"""
jenkins-bot [Wed, 18 May 2016 19:03:40 +0000 (19:03 +0000)]
Merge "In MediaWikiTestCase::stashMwGlobals(), prefer shallow copies"
Krinkle [Wed, 18 May 2016 18:54:50 +0000 (18:54 +0000)]
Revert "Make an empty "?action=" parameter default to "view""
This reverts commit
b287ec2cc649a96bb19c893c46f88734c6392204.
Change-Id: I59e996dfe627e8a978ed849a8e82ad4e0b165d7f
jenkins-bot [Wed, 18 May 2016 18:40:17 +0000 (18:40 +0000)]
Merge "Use WIS::getNotificationTimestampsBatch in ApiSetNotifTimestamp"
jenkins-bot [Wed, 18 May 2016 18:40:13 +0000 (18:40 +0000)]
Merge "Add ApiSetNotificationTimestampIntegrationTest"
jenkins-bot [Wed, 18 May 2016 18:15:12 +0000 (18:15 +0000)]
Merge "Increase BotPasswordSessionProvider's default priority"
jenkins-bot [Wed, 18 May 2016 17:59:02 +0000 (17:59 +0000)]
Merge "Fix unstyled updatedmarker"
jenkins-bot [Wed, 18 May 2016 17:41:05 +0000 (17:41 +0000)]
Merge "Add actual documentation for ContentHandler::getActionOverrides"
Ori Livneh [Wed, 11 May 2016 11:12:46 +0000 (04:12 -0700)]
In MediaWikiTestCase::stashMwGlobals(), prefer shallow copies
MediaWikiTestCase::stashMwGlobals() performs a deep copy of globals by
serializing and then unserializing them. This is actually unwarranted in the
common case of simple scalar values and flat arrays -- and it's expensive, too.
So before attempting a deep copy, first check if a shallow copy will do.
Change-Id: Iaba1c8e1f6bae9de0a7a1fb411cac94f7e4dfb23
Brad Jorsch [Wed, 18 May 2016 16:54:18 +0000 (12:54 -0400)]
Don't use deprecated User::checkPassword() in TestUser
I423f09f added this call in an attempt to speed things up. However,
User::checkPassword() was deprecated in I2c736ad7, and the call causes
some tests to fail when $wgDisableAuthManager is false.
Since this is trying to determine whether the user_password column in
the user table needs updating for the unit test, let's test that
directly instead of the much-more-complicated User::checkPassword().
Change-Id: I410de706f9074edea3f3988769a3e99231d8dca3
Sethakill [Wed, 18 May 2016 16:38:16 +0000 (18:38 +0200)]
Allow to chaining calls in setSubmitDestructive
and setSubmitProgressive.
Change-Id: I926fa717edf146c64bb7e5287f9dc051e30f6566
Brad Jorsch [Wed, 18 May 2016 15:48:50 +0000 (11:48 -0400)]
Increase BotPasswordSessionProvider's default priority
CentralAuthSessionProvider is using 50, BotPasswordSessionProvider needs
to be higher than that. Since the current 40 is a bit close to
CookieSessionProvider's 30, let's go higer here instead of lowering
CentralAuth.
Change-Id: I1230d23c53dacc8e01db955507aacba0e98e62d3
Roan Kattouw [Thu, 5 May 2016 03:54:49 +0000 (20:54 -0700)]
Fix unstyled updatedmarker
This is the "changed since your last visit" marker that you'll
see on ?action=history for a page on your watchlist, marking
edits that were made since you last viewed the page.
updatedmarker is styled by some skins, but not all of them.
I figured it's probably better to style it from history-specific
CSS in core than to fix Vector to style it.
Bug: T134515
Change-Id: I123f0b19e3869d3885bb38b7a5609941fcee600b
jenkins-bot [Wed, 18 May 2016 14:14:42 +0000 (14:14 +0000)]
Merge "Title->getContentModel: Get new content model with GAID_FOR_UPDATE"
Thiemo Mättig [Wed, 18 May 2016 13:49:26 +0000 (15:49 +0200)]
Add actual documentation for ContentHandler::getActionOverrides
Change-Id: I7fd803204ad137dd3510ea321ff7e6fa11d910c0
Matthew Flaschen [Tue, 17 May 2016 14:18:58 +0000 (10:18 -0400)]
Title->getContentModel: Get new content model with GAID_FOR_UPDATE
If a new revision has been inserted (e.g. with updateRevisionOn),
the content model may have changed. This happens with e.g. undeletion.
Bug: T122262
Change-Id: Ia0ed86a9c24809256215418673e9ee8e263d1349
jenkins-bot [Wed, 18 May 2016 12:52:05 +0000 (12:52 +0000)]
Merge "MWDebugTest: disable MWDebug on test teardown"
jenkins-bot [Wed, 18 May 2016 12:46:28 +0000 (12:46 +0000)]
Merge "Speed up password-handling in the unit tests"
addshore [Fri, 6 May 2016 09:25:37 +0000 (10:25 +0100)]
Use WIS::getNotificationTimestampsBatch in ApiSetNotifTimestamp
Bug: T134387
Change-Id: I560ae6a29fa27c1e4f1f62aa647e14542b0cc8a9
addshore [Wed, 18 May 2016 11:08:47 +0000 (12:08 +0100)]
Add ApiSetNotificationTimestampIntegrationTest
Change-Id: If0bc1f56533102f54c0031eea548c20d8abe1818
jenkins-bot [Wed, 18 May 2016 10:44:15 +0000 (10:44 +0000)]
Merge "add setNotificationTimestampsForUser to WatchedItemStore"
jenkins-bot [Wed, 18 May 2016 10:14:30 +0000 (10:14 +0000)]
Merge "Factor InterwikiLookup out of Interwiki class."
jenkins-bot [Wed, 18 May 2016 10:08:23 +0000 (10:08 +0000)]
Merge "Make an empty "?action=" parameter default to "view""
daniel [Fri, 30 Oct 2015 22:04:52 +0000 (23:04 +0100)]
Factor InterwikiLookup out of Interwiki class.
This keeps the existing app logic for looking up interwiki information
intact in ClassicInterwikiLookup. The idea is to seamlessly switch to a new
implementation when it becomes available, while also allowing us to
switch back in case of problems.
Change-Id: I7d7424345d0ce3ce90ba284006ee9615e3d99baa
Ori Livneh [Sun, 15 May 2016 05:09:13 +0000 (22:09 -0700)]
MWDebugTest: disable MWDebug on test teardown
MWDebug::init() is currently irreversible -- once MWDebug is enabled, it cannot
be disabled in that execution context. This means that the MWDebug test suite
(which enables MWDebug) has a nasty side-effect -- all the tests that run after
it run with MWDebug enabled. So add an MWDebug::deinit(), and call it on test
teardown.
Ostensibly this is a great use-case for services and dependency injection. The
reason I am not going that route is that it's not entirely clear to me what the
MWDebug class is supposed to represent. If I were going to spend any
substantial amount of time on this, I would be trying to move it out of core
and into an extension, not converting it into a service.
Change-Id: I52c511be049bc276d203d07283e3aa0944f22d34
addshore [Wed, 4 May 2016 15:49:27 +0000 (16:49 +0100)]
add setNotificationTimestampsForUser to WatchedItemStore
Bug: T134387
Change-Id: Ia6abe7687b51aabe67e8461375075692db28c9a2
Max Semenik [Tue, 26 Apr 2016 23:41:47 +0000 (16:41 -0700)]
Improve diff docs
Change-Id: I42332051f6f1b94f459b06d6c69625bc2a1fa9cf
Max Semenik [Tue, 26 Apr 2016 22:59:21 +0000 (15:59 -0700)]
Merge Wikidiff3 into DiffEngine
Change-Id: Ib4d083a5200824e4d032de6921c375e455e77fb2
Max Semenik [Tue, 26 Apr 2016 20:57:52 +0000 (13:57 -0700)]
Remove unused stuff from diffs
Change-Id: Ie7d46b9ed290912039c88bbf4548d4c3d97153c9
Max Semenik [Tue, 26 Apr 2016 18:57:44 +0000 (11:57 -0700)]
Refactor diffs
* Merge MappedDiff into WordLevelDiff
* Rename <something insane>WordAccumulator into WordAccumulator and namespace
* Better variable names
Change-Id: I5847f2bb89402d0537b9e99cccd24c547ce4e4e2
Kunal Mehta [Tue, 17 May 2016 20:19:37 +0000 (13:19 -0700)]
LinkerTest: Fix passing test description to $this->assertEquals()
It was being passed to Linker::userLink() by accident.
Change-Id: I13ba5014193e91a467511259a0c7c1659d8bc0e6
Stephan Gambke [Wed, 24 Feb 2016 21:21:07 +0000 (22:21 +0100)]
Remove "Not logged in" from the personal URLs array
The array of personal URLs should only contain links to the personal tools of the
user. "Not logged in" is a status message, not a personal URL, so it should not
appear in that array. The status should instead be indicated to the user by the
skin itself in whatever way seems best for the skin in question.
The following patches depend on this one to reintroduce the message:
* Vector skin: Ic560d3fd
* Monobook skin: I7001e311
Bug: T121793
Bug: T127758
Change-Id: I5cfa9b4e2f4eb420d5fda6b1c6ce28926cb8e738
Translation updater bot [Tue, 17 May 2016 19:55:54 +0000 (21:55 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I170960df4963c50ee00e0f9d3d876061a7f93378
Aaron Schulz [Sat, 14 May 2016 10:54:05 +0000 (03:54 -0700)]
Improve edit stash hit rate for logged-out users
Check whether they made intervening edits just like logged-in users.
Bug: T134620
Change-Id: Id1e0808caee0e474570c4f2e4b1cf845572e17e0
Thiemo Mättig [Tue, 14 Oct 2014 14:31:43 +0000 (16:31 +0200)]
Make an empty "?action=" parameter default to "view"
When no action is given, e.g. in
https://en.wikipedia.org/wiki/URL
the action defaults to "view". Just like you called
https://en.wikipedia.org/wiki/URL?action=view
But when the action is empty, e.g.
https://en.wikipedia.org/wiki/URL?action=
you get an error message telling you that "the action specified"
can not be "recognized". Wait, I did not "specified" an action.
That's why I left the parameter empty. From the users point of
view I expect the empty string to behave like null/undefined.
This is a resubmit of I331924d without the problematic bits.
Change-Id: I07847600bb24ae078276acf98e6eb244039414d7
daniel [Fri, 13 May 2016 19:27:06 +0000 (21:27 +0200)]
Fix installer issues introduces by MediaWikiServices
This fixes three issues with the installer:
1) Make sure LocalizationCache can find the installer's i18n files.
2) Make sure we don't try to use an SqlBagOStuff for caching before we have
a functioning database.
3) Don't try to output HTML when redirecting (this is unrelated to
MediaWikiServices, but came up during testing)
Bug: T135169
Change-Id: I7caa932024cd771d6fa226a3ac6001c3148ecc9c
jenkins-bot [Tue, 17 May 2016 09:33:16 +0000 (09:33 +0000)]
Merge "Let BagOStuff::merge() callbacks override the TTL"
jenkins-bot [Tue, 17 May 2016 09:24:15 +0000 (09:24 +0000)]
Merge "Increase LocalFile lock() timeout and improve error message"
jenkins-bot [Tue, 17 May 2016 08:59:17 +0000 (08:59 +0000)]
Merge "mediawiki.util: Use RegExp.test() instead of String.search()"
Bartosz Dziewoński [Tue, 17 May 2016 02:51:25 +0000 (04:51 +0200)]
Don't override all Moment locales to English
Calling moment.locale() not only defines a locale, it also sets the
current one. The call at the top of moment-locale-overrides.js would
always set it to English.
Follow-up to
c81ab8ae5f89056d23a4b0d36066120b9701d07e.
Bug: T135462
Change-Id: Ie1b70bc410ff0c436bed5bcbfffb8d4433a1923f
jenkins-bot [Tue, 17 May 2016 01:28:01 +0000 (01:28 +0000)]
Merge "Fix Special:Userlogout for $wgAutoloadAttemptLowercase = false"
Gergő Tisza [Tue, 17 May 2016 00:25:47 +0000 (00:25 +0000)]
Fix AuthManager login page breakage
Change-Id: I9b32dd58a4139ebf7483354c63dab7816ef7822e
jdlrobson [Tue, 17 May 2016 00:06:28 +0000 (17:06 -0700)]
Fix Special:Userlogout for $wgAutoloadAttemptLowercase = false
Correct the case of the class name.
Bug: T135460
Change-Id: I50006c2a8396add4ecfc38b4f5a095bbeaca463e
jenkins-bot [Mon, 16 May 2016 20:34:42 +0000 (20:34 +0000)]
Merge "Convert CdnCacheUpdate to event per URL"
Translation updater bot [Mon, 16 May 2016 20:15:59 +0000 (22:15 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I3d5ebd735a385c8b9a6683d996ff54906bece98c
Stanislav Malyshev [Mon, 16 May 2016 19:50:44 +0000 (12:50 -0700)]
Convert CdnCacheUpdate to event per URL
Bug: T134535
Change-Id: I73e22606e86b4db1bc9bf2cb12b9605507ffe2c2
jenkins-bot [Mon, 16 May 2016 20:08:17 +0000 (20:08 +0000)]
Merge "Add Status::getStatusValue()"
jenkins-bot [Mon, 16 May 2016 19:32:46 +0000 (19:32 +0000)]
Merge "mediawiki.jqueryMsg: Implement `<nowiki>` support"
Bartosz Dziewoński [Thu, 5 May 2016 15:20:05 +0000 (11:20 -0400)]
Refactor upload dialog to make it configurable
This aims to solve all the problems and fulfill all the use cases.
It allows the dialog to be configured for Wikimedia Commons without
hardcoding anything, and it should be flexible enough for third-party
use. The default configuration should be sane for any wiki.
The file upload dialog can be configured using $wgUploadDialog.
See DefaultSettings.php for documentation. Example configuration for
Wikimedia Commons: Id56370e2334c8fe34e88180356232b48c244b7c4.
Configuration is loaded using ResourceLoaderUploadDialogModule for
local uploads or using ApiQuerySiteinfo (action=query&meta=siteinfo)
for uploads to a foreign wiki. Custom localisation messages may be
loaded using action=query&meta=allmessages.
Renamed messages:
upload-form-label-own-work-message-local -> upload-form-label-own-work-message-generic-local
upload-form-label-not-own-work-message-local -> upload-form-label-not-own-work-message-generic-local
upload-form-label-not-own-work-local-local -> upload-form-label-not-own-work-local-generic-local
upload-form-label-own-work-message-default -> upload-form-label-own-work-message-generic-foreign
upload-form-label-not-own-work-message-default -> upload-form-label-not-own-work-message-generic-foreign
upload-form-label-not-own-work-local-default -> upload-form-label-not-own-work-local-generic-foreign
Deleted messages, moved to WikimediaMessages in Id2977e19330aeaf854157d4355cd17e5dc72f16a:
upload-form-label-own-work-message-shared
upload-form-label-not-own-work-message-shared
upload-form-label-not-own-work-local-shared
Bug: T118097
Bug: T120998
Bug: T121632
Bug: T121633
Bug: T127895
Change-Id: I3017b8f09c27625deb7a92d6f667895b71cc0637
jenkins-bot [Mon, 16 May 2016 19:12:57 +0000 (19:12 +0000)]
Merge "mediawiki.jqueryMsg: Allow logging errors through mw.track"
jenkins-bot [Mon, 16 May 2016 19:12:15 +0000 (19:12 +0000)]
Merge "Add "mVersion" sanity check to User::loadFromCache()"
jenkins-bot [Mon, 16 May 2016 19:12:07 +0000 (19:12 +0000)]
Merge "AuthManager release notes"
jenkins-bot [Mon, 16 May 2016 19:01:44 +0000 (19:01 +0000)]
Merge "API changes for AuthManager"
jenkins-bot [Mon, 16 May 2016 19:01:34 +0000 (19:01 +0000)]
Merge "Use AuthManager on special pages"
jenkins-bot [Mon, 16 May 2016 17:29:52 +0000 (17:29 +0000)]
Merge "Avoid unstubbing $wgLang in Title::getLocalURL"
Brad Jorsch [Mon, 16 May 2016 16:46:58 +0000 (12:46 -0400)]
Avoid unstubbing $wgLang in Title::getLocalURL
If $query doesn't match the regex, there's no point in unstubbing $wgLang if
that's what happens to be the page language. This also avoids it blowing up if
$wgLang isn't usable due to MW_NO_SESSION.
Bug: T135389
Change-Id: I9a6779c4cc887205215a815db3a765c35f060c42
jenkins-bot [Mon, 16 May 2016 16:33:27 +0000 (16:33 +0000)]
Merge "Add AuthManager"
Željko Filipin [Mon, 16 May 2016 15:11:05 +0000 (17:11 +0200)]
Disable Cucumber scenarios that are broken in daily Jenkins jobs
"Welcome to Wikipedia" popup breaks the scenarios.
Bug: T94150
Change-Id: I921684d1ae683a52a21c4c87c1c9b45b4db7071b
jenkins-bot [Mon, 16 May 2016 15:21:13 +0000 (15:21 +0000)]
Merge "shared.css: Don't center text in .mw_metadata (file metadata table)"
Brad Jorsch [Thu, 7 Apr 2016 16:20:59 +0000 (12:20 -0400)]
AuthManager release notes
Change-Id: I0f28e6493e6e5ff8ce4eeee1d8cc976ad2eb6d0b
Brad Jorsch [Mon, 11 Jan 2016 18:20:22 +0000 (13:20 -0500)]
API changes for AuthManager
Changes here are:
* action=login is deprecated for use other than bot passwords
* list=users will indicate if a missing user name is creatable.
* Added action=query&meta=authmanagerinfo
* Added action=clientlogin is to be used to log into the main account
* action=createaccount is changed in a non-BC manner
* Added action=linkaccount
* Added action=unlinkaccount
* Added action=changeauthenticationdata
* Added action=removeauthenticationdata
* Added action=resetpassword
Bug: T110276
Bug: T110747
Bug: T110751
Bug: T32788
Bug: T67857
Bug: T28597
Bug: T76103
Change-Id: I244fa9b1e0623247d6d9fa30990411c6df94a496
Gergő Tisza [Tue, 22 Sep 2015 22:50:04 +0000 (22:50 +0000)]
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in
9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in
29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
Brad Jorsch [Sun, 22 Nov 2015 20:17:00 +0000 (20:17 +0000)]
Add AuthManager
This implements the AuthManager class and its needed interfaces and
subclasses, and integrates them into the backend portion of MediaWiki.
Integration with frontend portions of MediaWiki (e.g. ApiLogin,
Special:Login) is left for a followup.
Bug: T91699
Bug: T71589
Bug: T111299
Co-Authored-By: Gergő Tisza <gtisza@wikimedia.org>
Change-Id: If89d24838e326fe25fe867d02181eebcfbb0e196
jenkins-bot [Mon, 16 May 2016 14:39:43 +0000 (14:39 +0000)]
Merge "Add SessionProvider::getRememberUserDuration(), fix some durations"
jenkins-bot [Mon, 16 May 2016 12:04:45 +0000 (12:04 +0000)]
Merge "Remove unnecessary annotation"
Gergő Tisza [Mon, 16 May 2016 11:46:07 +0000 (11:46 +0000)]
Remove unnecessary annotation
Since I8a6588209647252a4509078aaa7bf0cb1d9d299a those variables
are not unused anymore.
Change-Id: Id99581083c9194411051050ed70d4bf4d0664e47
Gergő Tisza [Mon, 16 May 2016 09:57:53 +0000 (09:57 +0000)]
Add Status::getStatusValue()
Change-Id: Id8c87373b560a462dcbffe74c9e7c4780c3147f3
jenkins-bot [Mon, 16 May 2016 07:10:54 +0000 (07:10 +0000)]
Merge "Call $job->teardown() even if Job throws an exception."
Brian Wolff [Mon, 16 May 2016 05:26:55 +0000 (01:26 -0400)]
Call $job->teardown() even if Job throws an exception.
teardown() callbacks are primarily used to reset session after
job is done. It seems important to do this, even if exception is
thrown by job.
Change-Id: I0bd449414527321b0ed9063cea268dea5b0766c4
Translation updater bot [Sun, 15 May 2016 19:52:25 +0000 (21:52 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Ie62e31d1dfe9cd21d61c3533d9d28929de41f482
Translation updater bot [Sat, 14 May 2016 20:22:57 +0000 (22:22 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I79cf84152b3696200e8439b31fa851552b687a3a
Gergő Tisza [Fri, 13 May 2016 00:03:20 +0000 (00:03 +0000)]
Add SessionProvider::getRememberUserDuration(), fix some durations
- handle $wgExtendedLoginCookieExpiration = 0, $wgCookieExpiration >0
correctly (as nonsensical as it is)
- honor $wgExtendedLoginCookies for forceHTTPS
- consistently ignore shouldRememberUser in ImmutableSessionProviderWithCookie
Change-Id: I1e8fc632b52694aa6eb34ca1e9eae6d0b57df920
jenkins-bot [Sat, 14 May 2016 11:29:13 +0000 (11:29 +0000)]
Merge "Fix GUI for Special:Tags if a user has deletechangetags permission only"
MGChecker [Fri, 13 May 2016 22:10:24 +0000 (00:10 +0200)]
Fix GUI for Special:Tags if a user has deletechangetags permission only
In the really rare case a user has got the deletechangetags, but not the
managechangetags permission, the links to delete tags aren't displayed (because
the script only built the table column in this case). By API, deletechangetags
already works properly without managechangetags.
Change-Id: I675813ba62e6188d650c5486408dbe56e9290ca6
Aaron Schulz [Sat, 14 May 2016 11:03:39 +0000 (04:03 -0700)]
Add "mVersion" sanity check to User::loadFromCache()
This makes it easier to transition to a newer, versioned key format
while still using Het Deploy as normal.
Change-Id: I732af860ba4ea70cc7d1cc5bf46fc09fc35d7502
jenkins-bot [Sat, 14 May 2016 08:24:00 +0000 (08:24 +0000)]
Merge "@since for User::newSystemUser"
Gergő Tisza [Sat, 14 May 2016 08:06:55 +0000 (08:06 +0000)]
@since for User::newSystemUser
Change-Id: Id67a8fcf2f1616e48268ca9105094a8a66b79d73
jenkins-bot [Sat, 14 May 2016 00:37:31 +0000 (00:37 +0000)]
Merge "Make "presumed-fresh" edit stash case cover when users make intervening edits"
Ori Livneh [Thu, 12 May 2016 10:40:41 +0000 (03:40 -0700)]
Speed up password-handling in the unit tests
* Speed up password generation and verification by setting MWOldPassword as the
default password type. Do this once, in MediaWikiTestCase::makeTestConfig(),
rather than in five different places.
* Rename '$pwhash' to '$passwordHash', for consistency. It's ugly to have both
'$passwordFactory' and '$pwhash' in the same scope.
* Make TestUser::setPasswordForUser() check first whether the desired password
is already set. This is actually the common case, since the password is reset
in the setup code for every test, but only a few tests actually change the
password.
Change-Id: I423f09ff7472b6cbde21cb709ea7c7ef9e298f18
Roan Kattouw [Fri, 13 May 2016 23:01:26 +0000 (16:01 -0700)]
Follow-up
6ce974f: also update the hook call in ApiMain
The fact that ApiMain invokes an OutputPage hook is terrible though.
Change-Id: I76bb9c36ccca365f77c9b7e2a481048da04bd909
jenkins-bot [Fri, 13 May 2016 21:52:23 +0000 (21:52 +0000)]
Merge "Remove support for $wgWellFormedXml=false"
dépôts / lhc / web / wiklou.git / log