Hoo man has submitted this change and it was merged. Change subject: (bug 18057) Add conflict detection for status ......................................................................
(bug 18057) Add conflict detection for status Adds a hash of the current locked and hidden values for a user in the form submission. If another admin has updated the user's status, then the conflict will be detected and the operation aborted. The hash can be optionally passed with an api request, to optionally perform the conflict detection. The MD5 should be easy to calculate in any code using the api. Change-Id: Ia985e152ccabb77454f0eb87bbb78f0e220d5674 --- M CentralAuth.i18n.php M CentralAuthUser.php M api/ApiSetGlobalAccountStatus.php M specials/SpecialCentralAuth.php 4 files changed, 29 insertions(+), 1 deletion(-) Approvals: Hoo man: Verified; Looks good to me, approved diff --git a/CentralAuth.i18n.php b/CentralAuth.i18n.php index a554ad1..cb6bc1c 100644 --- a/CentralAuth.i18n.php +++ b/CentralAuth.i18n.php @@ -186,6 +186,7 @@ 'centralauth-admin-nonexistent' => 'There is no global account for "<nowiki>$1</nowiki>"', 'centralauth-admin-delete-nonexistent' => 'Error: the global account "<nowiki>$1</nowiki>" does not exist.', 'centralauth-token-mismatch' => 'Sorry, we could not process your form submission due to a loss of session data.', + 'centralauth-state-mismatch' => 'Error: An edit conflict for this user was detected. Please verify your change and try again.', 'centralauth-admin-reason' => 'Reason:', 'centralauth-admin-reason-other' => 'Other/additional reason:', 'centralauth-admin-unhide-nonexistent' => 'Error: the global account "<nowiki>$1</nowiki>" does not exist.', @@ -614,6 +615,7 @@ *{{msg-mw|Centralauth-admin-status-hidden-list}} *{{msg-mw|Centralauth-admin-status-hidden-oversight}}', 'centralauth-admin-not-authorized' => "Error message when the user doesn't have permission", + 'centralauth-state-mismatch' => 'Error message when another admin has updated the user, and an edit conflict was detected', 'centralauth-listusers-locked' => "This message is used as user's info: *{{msg-mw|centralauth-listusers-locked}} *{{msg-mw|centralauth-listusers-attached}} diff --git a/CentralAuthUser.php b/CentralAuthUser.php index e07f3d2..f6a1dd7 100644 --- a/CentralAuthUser.php +++ b/CentralAuthUser.php @@ -2354,4 +2354,16 @@ public function attachedOn( $wiki ) { return $this->exists() && in_array( $wiki, $this->mAttachedArray ); } + + /** + * Get a hash representing the user/locked/hidden state of this user, + * used to check for edit conflicts + * + * @param $recache - force a reload of the user from the database + * @return String + */ + public function getStateHash( $recache = false ) { + $this->loadState( $recache ); + return md5( $this->mGlobalId . ':' . $this->mName . ':' . $this->mHidden . ':' . (int) $this->mLocked ); + } } diff --git a/api/ApiSetGlobalAccountStatus.php b/api/ApiSetGlobalAccountStatus.php index 38ce990..0519603 100644 --- a/api/ApiSetGlobalAccountStatus.php +++ b/api/ApiSetGlobalAccountStatus.php @@ -45,8 +45,13 @@ $setLocked = $this->getParameter( 'locked' ) == 'lock'; $setHidden = $this->getParameter( 'hidden' ); $reason = $this->getParameter( 'reason' ); + $stateCheck = $this->getParameter( 'statecheck' ); $isLocked = $globalUser->isLocked(); $oldHiddenLevel = $globalUser->getHiddenLevel(); + + if ( $stateCheck && $stateCheck !== $globalUser->getStateHash( true ) ) { + $this->dieUsage( "Edit conflict detected, Aborting." ); + } if ( $setHidden !== null && // hidden is set @@ -170,6 +175,10 @@ ApiBase::PARAM_TYPE => 'string', ApiBase::PARAM_REQUIRED => true ), + 'statecheck' => array( + ApiBase::PARAM_TYPE => 'string', + ApiBase::PARAM_REQUIRED => false + ), ); } @@ -179,7 +188,8 @@ 'locked' => 'Change whether this user is locked or not.', 'hidden' => 'Change whether this user is not hidden, hidden from lists, or suppressed.', 'reason' => "Reason for changing the user's status.", - 'token' => 'Your edit token.' + 'token' => 'Your edit token.', + 'statecheck' => 'Optional MD5 of the expected current <username>:<hidden>:<locked>, to detect edit conflicts. Set <locked> to 1 for locked, 0 for unlocked.' ); } diff --git a/specials/SpecialCentralAuth.php b/specials/SpecialCentralAuth.php index 6ced080..279de73 100644 --- a/specials/SpecialCentralAuth.php +++ b/specials/SpecialCentralAuth.php @@ -97,6 +97,7 @@ function doSubmit() { $deleted = false; $globalUser = $this->mGlobalUser; + $stateCheck = ( $this->getRequest()->getVal( 'wpUserState' ) === $globalUser->getStateHash( true ) ); if ( !$this->getUser()->matchEditToken( $this->getRequest()->getVal( 'wpEditToken' ) ) ) { $this->showError( 'centralauth-token-mismatch' ); @@ -118,6 +119,8 @@ $deleted = true; $this->logAction( 'delete', $this->mUserName, $this->getRequest()->getVal( 'reason' ) ); } + } elseif ( $this->mMethod == 'set-status' && !$stateCheck ) { + $this->showError( 'centralauth-state-mismatch' ); } elseif ( $this->mMethod == 'set-status' && $this->mCanLock ) { $setLocked = $this->getRequest()->getBool( 'wpStatusLocked' ); $setHidden = $this->getRequest()->getVal( 'wpStatusHidden' ); @@ -605,6 +608,7 @@ $form .= Xml::fieldset( $this->msg( 'centralauth-admin-status' )->text() ); $form .= Html::hidden( 'wpMethod', 'set-status' ); $form .= Html::hidden( 'wpEditToken', $this->getUser()->getEditToken() ); + $form .= Html::hidden( 'wpUserState', $this->mGlobalUser->getStateHash( false ) ); $form .= $this->msg( 'centralauth-admin-status-intro' )->parseAsBlock(); // Radio buttons -- To view, visit https://gerrit.wikimedia.org/r/50034 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ia985e152ccabb77454f0eb87bbb78f0e220d5674 Gerrit-PatchSet: 4 Gerrit-Project: mediawiki/extensions/CentralAuth Gerrit-Branch: master Gerrit-Owner: CSteipp <cste...@wikimedia.org> Gerrit-Reviewer: Hoo man <h...@online.de> Gerrit-Reviewer: Siebrand <siebr...@wikimedia.org> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits