jenkins-bot has submitted this change and it was merged.
Change subject: API: Fixes for AuthManager
......................................................................
API: Fixes for AuthManager
* Set API response metadata on the AuthenticationRequest metadata so it
is output as an assoc generally.
* Remove the 'image' field in AuthenticationRequest::getFieldInfo()'s
response, since we ended up not using it anywhere.
* Make it so meta=authmanagerinfo can be used on private wikis without
logging in, so action=clientlogin can be used to log in.
** This generalizes the exception for meta=tokens that was added in
I83dafb030.
* ApiAuthManagerInfo needs the "messageformat" parameter.
* ApiAuthManagerInfo shouldn't be publically cached, since the responses
vary depending on session state.
Change-Id: Iea5ddb4ef9febed18f16a7ae8314968026f39148
---
M includes/api/ApiAuthManagerHelper.php
M includes/api/ApiQuery.php
M includes/api/ApiQueryAuthManagerInfo.php
M includes/auth/AuthenticationRequest.php
4 files changed, 26 insertions(+), 18 deletions(-)
Approvals:
Gergő Tisza: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/api/ApiAuthManagerHelper.php
b/includes/api/ApiAuthManagerHelper.php
index 2997405..e30f22b 100644
--- a/includes/api/ApiAuthManagerHelper.php
+++ b/includes/api/ApiAuthManagerHelper.php
@@ -244,7 +244,7 @@
$describe = $req->describeCredentials();
$reqInfo = [
'id' => $req->getUniqueId(),
- 'metadata' => $req->getMetadata(),
+ 'metadata' => $req->getMetadata() + [
ApiResult::META_TYPE => 'assoc' ],
];
switch ( $req->required ) {
case AuthenticationRequest::OPTIONAL:
@@ -283,7 +283,6 @@
private function formatFields( array $fields ) {
static $copy = [
'type' => true,
- 'image' => true,
'value' => true,
];
diff --git a/includes/api/ApiQuery.php b/includes/api/ApiQuery.php
index 3ca4c08..ed4d373 100644
--- a/includes/api/ApiQuery.php
+++ b/includes/api/ApiQuery.php
@@ -554,23 +554,34 @@
}
public function isReadMode() {
- // We need to make an exception for ApiQueryTokens so login
tokens can
- // be fetched on private wikis. Restrict that exception as much
as
- // possible: no other modules allowed, and no pageset parameters
- // either. We do allow the 'rawcontinue' and 'indexpageids'
parameters
- // since frameworks might add these unconditionally and they
can't
- // expose anything here.
+ // We need to make an exception for certain meta modules that
should be
+ // accessible even without the 'read' right. Restrict the
exception as
+ // much as possible: no other modules allowed, and no pageset
+ // parameters either. We do allow the 'rawcontinue' and
'indexpageids'
+ // parameters since frameworks might add these unconditionally
and they
+ // can't expose anything here.
+ $this->mParams = $this->extractRequestParams();
$params = array_filter(
array_diff_key(
- $this->extractRequestParams() +
$this->getPageSet()->extractRequestParams(),
+ $this->mParams +
$this->getPageSet()->extractRequestParams(),
[ 'rawcontinue' => 1, 'indexpageids' => 1 ]
)
);
- if ( $params === [ 'meta' => [ 'tokens' ] ] ) {
- return false;
+ if ( array_keys( $params ) !== [ 'meta' ] ) {
+ return true;
}
- return true;
+ // Ask each module if it requires read mode. Any true => this
returns
+ // true.
+ $modules = [];
+ $this->instantiateModules( $modules, 'meta' );
+ foreach ( $modules as $module ) {
+ if ( $module->isReadMode() ) {
+ return true;
+ }
+ }
+
+ return false;
}
protected function getExamplesMessages() {
diff --git a/includes/api/ApiQueryAuthManagerInfo.php
b/includes/api/ApiQueryAuthManagerInfo.php
index b591f9c..e2229cb 100644
--- a/includes/api/ApiQueryAuthManagerInfo.php
+++ b/includes/api/ApiQueryAuthManagerInfo.php
@@ -75,8 +75,8 @@
$this->getResult()->addValue( [ 'query' ],
$this->getModuleName(), $ret );
}
- public function getCacheMode( $params ) {
- return 'public';
+ public function isReadMode() {
+ return false;
}
public function getAllowedParams() {
@@ -95,7 +95,7 @@
AuthManager::ACTION_UNLINK,
],
],
- ] + ApiAuthManagerHelper::getStandardParams( '',
'mergerequestfields' );
+ ] + ApiAuthManagerHelper::getStandardParams( '',
'mergerequestfields', 'messageformat' );
}
protected function getExamplesMessages() {
diff --git a/includes/auth/AuthenticationRequest.php
b/includes/auth/AuthenticationRequest.php
index 3c19b87..8303435 100644
--- a/includes/auth/AuthenticationRequest.php
+++ b/includes/auth/AuthenticationRequest.php
@@ -92,14 +92,12 @@
* - select: <select>
* - checkbox: <input type="checkbox">
* - multiselect: More a grid of checkboxes than <select multi>
- * - button: <input type="image"> if 'image' is set, otherwise
<input type="submit">
- * (uses 'label' as button text)
+ * - button: <input type="submit"> (uses 'label' as button text)
* - hidden: Not visible to the user, but needs to be preserved for
the next request
* - null: No widget, just display the 'label' message.
* - options: (array) Maps option values to Messages for the
* 'select' and 'multiselect' types.
* - value: (string) Value (for 'null' and 'hidden') or default value
(for other types).
- * - image: (string) URL of an image to use in connection with the
input
* - label: (Message) Text suitable for a label in an HTML form
* - help: (Message) Text suitable as a description of what the field
is
* - optional: (bool) If set and truthy, the field may be left empty
--
To view, visit https://gerrit.wikimedia.org/r/290507
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iea5ddb4ef9febed18f16a7ae8314968026f39148
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: Gergő Tisza <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
