[MediaWiki-commits] [Gerrit] Clean up token handling - change (mediawiki...Translate)
jenkins-bot has submitted this change and it was merged.
Change subject: Clean up token handling
..
Clean up token handling
Use csrf (alias edit for MW 1.24 and 1.25 compatibility) token
everywhere. Converted some tokens delivered via html to use
mediawiki.Api.postWithToken instead.
Any clients using the removed custom tokens (none I am aware of)
must be updated to use the new token.
Bug: T117797
Change-Id: Idf49025f84cbc9c07c75ff37cab46630bb04224f
---
M Translate.php
M TranslateUtils.php
M api/ApiAggregateGroups.php
M api/ApiGroupReview.php
M api/ApiTranslateSandbox.php
M api/ApiTranslationReview.php
M api/ApiTranslationStash.php
M resources/js/ext.translate.editor.helpers.js
M resources/js/ext.translate.messagetable.js
M resources/js/ext.translate.proofread.js
M resources/js/ext.translate.special.aggregategroups.js
M resources/js/ext.translate.special.managetranslatorsandbox.js
M resources/js/ext.translate.special.pagemigration.js
M resources/js/ext.translate.special.pagepreparation.js
M resources/js/ext.translate.storage.js
M resources/js/ext.translate.translationstashstorage.js
M resources/js/ext.translate.workflowselector.js
M specials/SpecialAggregateGroups.php
D tests/phpunit/api/ApiTokensTest.php
M utils/MessageTable.php
20 files changed, 80 insertions(+), 265 deletions(-)
Approvals:
Krinkle: Looks good to me, approved
jenkins-bot: Verified
diff --git a/Translate.php b/Translate.php
index 9afeb5f..3d4f559 100644
--- a/Translate.php
+++ b/Translate.php
@@ -98,11 +98,6 @@
$wgAPIModules['translationstash'] = 'ApiTranslationStash';
$wgAPIModules['ttmserver'] = 'ApiTTMServer';
$wgAPIModules['searchtranslations'] = 'ApiSearchTranslations';
-$wgHooks['ApiTokensGetTokenTypes'][] =
'ApiTranslationReview::injectTokenFunction';
-$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiGroupReview::injectTokenFunction';
-$wgHooks['ApiTokensGetTokenTypes'][] =
'ApiAggregateGroups::injectTokenFunction';
-$wgHooks['ApiTokensGetTokenTypes'][] =
'ApiTranslateSandbox::injectTokenFunction';
-$wgHooks['ApiTokensGetTokenTypes'][] =
'ApiTranslationStash::injectTokenFunction';
// Register hooks.
$wgHooks['EditPage::showEditForm:initial'][] = 'TranslateEditAddons::addTools';
diff --git a/TranslateUtils.php b/TranslateUtils.php
index feca1ea..cfb39a9 100644
--- a/TranslateUtils.php
+++ b/TranslateUtils.php
@@ -368,7 +368,8 @@
* @since 2012-05-03
*/
public static function getTokenAction( $token ) {
- return "action=tokens=$token";
+ // Remove this function when support for MW 1.24 is dropped.
+ return "action=query=tokens=csrf";
}
/**
diff --git a/api/ApiAggregateGroups.php b/api/ApiAggregateGroups.php
index b8c5922..ca18b14 100644
--- a/api/ApiAggregateGroups.php
+++ b/api/ApiAggregateGroups.php
@@ -17,7 +17,6 @@
*/
class ApiAggregateGroups extends ApiBase {
protected static $right = 'translate-manage';
- protected static $salt = 'translate-manage';
public function execute() {
if ( !$this->getUser()->isAllowed( self::$right ) ) {
@@ -186,19 +185,8 @@
return true;
}
- public function getTokenSalt() {
- return self::$salt;
- }
-
public function needsToken() {
return 'csrf';
- }
-
- // This function maintains backwards compatibility with self::getToken()
- // below. If salt is removed from self::getToken() and nothing else
(e.g.
- // JS) generates the token directly, this could probably be removed.
- protected function getWebUITokenSalt( array $params ) {
- return self::$salt;
}
public function getAllowedParams() {
@@ -222,7 +210,7 @@
),
'token' => array(
ApiBase::PARAM_TYPE => 'string',
- ApiBase::PARAM_REQUIRED => false,
+ ApiBase::PARAM_REQUIRED => true,
),
);
}
@@ -280,26 +268,5 @@
}
return $pages;
- }
-
- // These two functions implement pre-1.24 token fetching via the
- // ApiTokensGetTokenTypes hook, kept for backwards compatibility.
- public static function getToken() {
- $user = RequestContext::getMain()->getUser();
- if ( !$user->isAllowed( self::$right ) ) {
- return false;
- }
-
- return $user->getEditToken( self::$salt );
- }
-
- public static function injectTokenFunction( &$list ) {
- $list['aggregategroups'] = array( __CLASS__, 'getToken' );
-
- return true; // Hooks must return bool
- }
-
- public static function getRight() {
- return self::$right;
}
}
diff --git
[MediaWiki-commits] [Gerrit] Clean up token handling - change (mediawiki...Translate)
Nikerabbit has uploaded a new change for review.
https://gerrit.wikimedia.org/r/251697
Change subject: Clean up token handling
..
Clean up token handling
Use csrf (alias edit for MW 1.24 and 1.25 compatibility) token
everywhere. Converted some tokens delivered via html to use
mediawiki.Api.postWithToken instead.
Any clients using the removed custom tokens (none I am aware of)
must be updated to use the new token.
Bug: T117797
Change-Id: Idf49025f84cbc9c07c75ff37cab46630bb04224f
---
M Translate.php
M TranslateUtils.php
M api/ApiAggregateGroups.php
M api/ApiGroupReview.php
M api/ApiTranslateSandbox.php
M api/ApiTranslationReview.php
M api/ApiTranslationStash.php
M resources/js/ext.translate.editor.helpers.js
M resources/js/ext.translate.messagetable.js
M resources/js/ext.translate.proofread.js
M resources/js/ext.translate.special.aggregategroups.js
M resources/js/ext.translate.special.managetranslatorsandbox.js
M resources/js/ext.translate.special.pagemigration.js
M resources/js/ext.translate.special.pagepreparation.js
M resources/js/ext.translate.storage.js
M resources/js/ext.translate.translationstashstorage.js
M resources/js/ext.translate.workflowselector.js
M specials/SpecialAggregateGroups.php
D tests/phpunit/api/ApiTokensTest.php
M utils/MessageTable.php
20 files changed, 80 insertions(+), 265 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Translate
refs/changes/97/251697/1
diff --git a/Translate.php b/Translate.php
index 9afeb5f..3d4f559 100644
--- a/Translate.php
+++ b/Translate.php
@@ -98,11 +98,6 @@
$wgAPIModules['translationstash'] = 'ApiTranslationStash';
$wgAPIModules['ttmserver'] = 'ApiTTMServer';
$wgAPIModules['searchtranslations'] = 'ApiSearchTranslations';
-$wgHooks['ApiTokensGetTokenTypes'][] =
'ApiTranslationReview::injectTokenFunction';
-$wgHooks['ApiTokensGetTokenTypes'][] = 'ApiGroupReview::injectTokenFunction';
-$wgHooks['ApiTokensGetTokenTypes'][] =
'ApiAggregateGroups::injectTokenFunction';
-$wgHooks['ApiTokensGetTokenTypes'][] =
'ApiTranslateSandbox::injectTokenFunction';
-$wgHooks['ApiTokensGetTokenTypes'][] =
'ApiTranslationStash::injectTokenFunction';
// Register hooks.
$wgHooks['EditPage::showEditForm:initial'][] = 'TranslateEditAddons::addTools';
diff --git a/TranslateUtils.php b/TranslateUtils.php
index feca1ea..cfb39a9 100644
--- a/TranslateUtils.php
+++ b/TranslateUtils.php
@@ -368,7 +368,8 @@
* @since 2012-05-03
*/
public static function getTokenAction( $token ) {
- return "action=tokens=$token";
+ // Remove this function when support for MW 1.24 is dropped.
+ return "action=query=tokens=csrf";
}
/**
diff --git a/api/ApiAggregateGroups.php b/api/ApiAggregateGroups.php
index b8c5922..ca18b14 100644
--- a/api/ApiAggregateGroups.php
+++ b/api/ApiAggregateGroups.php
@@ -17,7 +17,6 @@
*/
class ApiAggregateGroups extends ApiBase {
protected static $right = 'translate-manage';
- protected static $salt = 'translate-manage';
public function execute() {
if ( !$this->getUser()->isAllowed( self::$right ) ) {
@@ -186,19 +185,8 @@
return true;
}
- public function getTokenSalt() {
- return self::$salt;
- }
-
public function needsToken() {
return 'csrf';
- }
-
- // This function maintains backwards compatibility with self::getToken()
- // below. If salt is removed from self::getToken() and nothing else
(e.g.
- // JS) generates the token directly, this could probably be removed.
- protected function getWebUITokenSalt( array $params ) {
- return self::$salt;
}
public function getAllowedParams() {
@@ -222,7 +210,7 @@
),
'token' => array(
ApiBase::PARAM_TYPE => 'string',
- ApiBase::PARAM_REQUIRED => false,
+ ApiBase::PARAM_REQUIRED => true,
),
);
}
@@ -280,26 +268,5 @@
}
return $pages;
- }
-
- // These two functions implement pre-1.24 token fetching via the
- // ApiTokensGetTokenTypes hook, kept for backwards compatibility.
- public static function getToken() {
- $user = RequestContext::getMain()->getUser();
- if ( !$user->isAllowed( self::$right ) ) {
- return false;
- }
-
- return $user->getEditToken( self::$salt );
- }
-
- public static function injectTokenFunction( &$list ) {
- $list['aggregategroups'] = array( __CLASS__, 'getToken' );
-
- return true; // Hooks must return bool
- }
-
- public static function getRight() {
-
