[MediaWiki-commits] [Gerrit] Clean up token handling - change (mediawiki...Translate)
jenkins-bot has submitted this change and it was merged. Change subject: Clean up token handling .. Clean up token handling Use csrf (alias edit for MW 1.24 and 1.25 compatibility) token everywhere. Converted some tokens delivered via html to use mediawiki.Api.postWithToken instead. Any clients using the removed custom tokens (none I am aware of) must be updated to use the new token. Bug: T117797 Change-Id: Idf49025f84cbc9c07c75ff37cab46630bb04224f --- M Translate.php M TranslateUtils.php M api/ApiAggregateGroups.php M api/ApiGroupReview.php M api/ApiTranslateSandbox.php M api/ApiTranslationReview.php M api/ApiTranslationStash.php M resources/js/ext.translate.editor.helpers.js M resources/js/ext.translate.messagetable.js M resources/js/ext.translate.proofread.js M resources/js/ext.translate.special.aggregategroups.js M resources/js/ext.translate.special.managetranslatorsandbox.js M resources/js/ext.translate.special.pagemigration.js M resources/js/ext.translate.special.pagepreparation.js M resources/js/ext.translate.storage.js M resources/js/ext.translate.translationstashstorage.js M resources/js/ext.translate.workflowselector.js M specials/SpecialAggregateGroups.php D tests/phpunit/api/ApiTokensTest.php M utils/MessageTable.php 20 files changed, 80 insertions(+), 265 deletions(-) Approvals: Krinkle: Looks good to me, approved jenkins-bot: Verified diff --git a/Translate.php b/Translate.php index 9afeb5f..3d4f559 100644 --- a/Translate.php +++ b/Translate.php @@ -98,11 +98,6 @@ $wgAPIModules['translationstash'] = 'ApiTranslationStash'; $wgAPIModules['ttmserver'] = 'ApiTTMServer'; $wgAPIModules['searchtranslations'] = 'ApiSearchTranslations'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiTranslationReview::injectTokenFunction'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiGroupReview::injectTokenFunction'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiAggregateGroups::injectTokenFunction'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiTranslateSandbox::injectTokenFunction'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiTranslationStash::injectTokenFunction'; // Register hooks. $wgHooks['EditPage::showEditForm:initial'][] = 'TranslateEditAddons::addTools'; diff --git a/TranslateUtils.php b/TranslateUtils.php index feca1ea..cfb39a9 100644 --- a/TranslateUtils.php +++ b/TranslateUtils.php @@ -368,7 +368,8 @@ * @since 2012-05-03 */ public static function getTokenAction( $token ) { - return "action=tokens=$token"; + // Remove this function when support for MW 1.24 is dropped. + return "action=query=tokens=csrf"; } /** diff --git a/api/ApiAggregateGroups.php b/api/ApiAggregateGroups.php index b8c5922..ca18b14 100644 --- a/api/ApiAggregateGroups.php +++ b/api/ApiAggregateGroups.php @@ -17,7 +17,6 @@ */ class ApiAggregateGroups extends ApiBase { protected static $right = 'translate-manage'; - protected static $salt = 'translate-manage'; public function execute() { if ( !$this->getUser()->isAllowed( self::$right ) ) { @@ -186,19 +185,8 @@ return true; } - public function getTokenSalt() { - return self::$salt; - } - public function needsToken() { return 'csrf'; - } - - // This function maintains backwards compatibility with self::getToken() - // below. If salt is removed from self::getToken() and nothing else (e.g. - // JS) generates the token directly, this could probably be removed. - protected function getWebUITokenSalt( array $params ) { - return self::$salt; } public function getAllowedParams() { @@ -222,7 +210,7 @@ ), 'token' => array( ApiBase::PARAM_TYPE => 'string', - ApiBase::PARAM_REQUIRED => false, + ApiBase::PARAM_REQUIRED => true, ), ); } @@ -280,26 +268,5 @@ } return $pages; - } - - // These two functions implement pre-1.24 token fetching via the - // ApiTokensGetTokenTypes hook, kept for backwards compatibility. - public static function getToken() { - $user = RequestContext::getMain()->getUser(); - if ( !$user->isAllowed( self::$right ) ) { - return false; - } - - return $user->getEditToken( self::$salt ); - } - - public static function injectTokenFunction( &$list ) { - $list['aggregategroups'] = array( __CLASS__, 'getToken' ); - - return true; // Hooks must return bool - } - - public static function getRight() { - return self::$right; } } diff --git
[MediaWiki-commits] [Gerrit] Clean up token handling - change (mediawiki...Translate)
Nikerabbit has uploaded a new change for review. https://gerrit.wikimedia.org/r/251697 Change subject: Clean up token handling .. Clean up token handling Use csrf (alias edit for MW 1.24 and 1.25 compatibility) token everywhere. Converted some tokens delivered via html to use mediawiki.Api.postWithToken instead. Any clients using the removed custom tokens (none I am aware of) must be updated to use the new token. Bug: T117797 Change-Id: Idf49025f84cbc9c07c75ff37cab46630bb04224f --- M Translate.php M TranslateUtils.php M api/ApiAggregateGroups.php M api/ApiGroupReview.php M api/ApiTranslateSandbox.php M api/ApiTranslationReview.php M api/ApiTranslationStash.php M resources/js/ext.translate.editor.helpers.js M resources/js/ext.translate.messagetable.js M resources/js/ext.translate.proofread.js M resources/js/ext.translate.special.aggregategroups.js M resources/js/ext.translate.special.managetranslatorsandbox.js M resources/js/ext.translate.special.pagemigration.js M resources/js/ext.translate.special.pagepreparation.js M resources/js/ext.translate.storage.js M resources/js/ext.translate.translationstashstorage.js M resources/js/ext.translate.workflowselector.js M specials/SpecialAggregateGroups.php D tests/phpunit/api/ApiTokensTest.php M utils/MessageTable.php 20 files changed, 80 insertions(+), 265 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Translate refs/changes/97/251697/1 diff --git a/Translate.php b/Translate.php index 9afeb5f..3d4f559 100644 --- a/Translate.php +++ b/Translate.php @@ -98,11 +98,6 @@ $wgAPIModules['translationstash'] = 'ApiTranslationStash'; $wgAPIModules['ttmserver'] = 'ApiTTMServer'; $wgAPIModules['searchtranslations'] = 'ApiSearchTranslations'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiTranslationReview::injectTokenFunction'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiGroupReview::injectTokenFunction'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiAggregateGroups::injectTokenFunction'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiTranslateSandbox::injectTokenFunction'; -$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiTranslationStash::injectTokenFunction'; // Register hooks. $wgHooks['EditPage::showEditForm:initial'][] = 'TranslateEditAddons::addTools'; diff --git a/TranslateUtils.php b/TranslateUtils.php index feca1ea..cfb39a9 100644 --- a/TranslateUtils.php +++ b/TranslateUtils.php @@ -368,7 +368,8 @@ * @since 2012-05-03 */ public static function getTokenAction( $token ) { - return "action=tokens=$token"; + // Remove this function when support for MW 1.24 is dropped. + return "action=query=tokens=csrf"; } /** diff --git a/api/ApiAggregateGroups.php b/api/ApiAggregateGroups.php index b8c5922..ca18b14 100644 --- a/api/ApiAggregateGroups.php +++ b/api/ApiAggregateGroups.php @@ -17,7 +17,6 @@ */ class ApiAggregateGroups extends ApiBase { protected static $right = 'translate-manage'; - protected static $salt = 'translate-manage'; public function execute() { if ( !$this->getUser()->isAllowed( self::$right ) ) { @@ -186,19 +185,8 @@ return true; } - public function getTokenSalt() { - return self::$salt; - } - public function needsToken() { return 'csrf'; - } - - // This function maintains backwards compatibility with self::getToken() - // below. If salt is removed from self::getToken() and nothing else (e.g. - // JS) generates the token directly, this could probably be removed. - protected function getWebUITokenSalt( array $params ) { - return self::$salt; } public function getAllowedParams() { @@ -222,7 +210,7 @@ ), 'token' => array( ApiBase::PARAM_TYPE => 'string', - ApiBase::PARAM_REQUIRED => false, + ApiBase::PARAM_REQUIRED => true, ), ); } @@ -280,26 +268,5 @@ } return $pages; - } - - // These two functions implement pre-1.24 token fetching via the - // ApiTokensGetTokenTypes hook, kept for backwards compatibility. - public static function getToken() { - $user = RequestContext::getMain()->getUser(); - if ( !$user->isAllowed( self::$right ) ) { - return false; - } - - return $user->getEditToken( self::$salt ); - } - - public static function injectTokenFunction( &$list ) { - $list['aggregategroups'] = array( __CLASS__, 'getToken' ); - - return true; // Hooks must return bool - } - - public static function getRight() { -