Page MenuHomePhabricator

Get rid of FauxRequest support in AuthManager
Closed, ResolvedPublic


AuthManager (T91699) is forced to do an ugly hack (see the usingGlobalSession() calls here) to support the use case where one temporarily replaces the real session (that corresponds with actual request) with an artificial one, e.g. call RequestContext::importScopedSession() with a FauxRequest and then call User::loadFromSession(). It would be nice to get rid of that.


Event Timeline

Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added a subscriber: Tgr.

Change 243223 had a related patch set uploaded (by Gergő Tisza):
WIP: Add SessionManager

Change 243223 had a related patch set uploaded (by Anomie):
WIP: Add SessionManager

Using RequestContext::importScopedSession() to actually import the session is long since deprecated (the main user was for uploads but changed to use the "main stash"). It's really just for the IP/agent/User aspects of the "logical session" but not the actual PHP session. It might be easier to just audit callers and confirm that the session parts can just be removed to avoid the hassle.

Ugh, UploadFromUrlJob should be rewritten to use the getMainStashInstance() for the temp results and API status checks instead of the sessions (which are reused in the jobs by the runners).

Anomie claimed this task.
Anomie added a subscriber: Anomie.

SessionManager handles this now, the AuthManager rebase I'm working kills this hack.

Change 243223 merged by jenkins-bot:
Add SessionManager

There should be a developer notice about SessionManager being deployed next week (unexpected login errors etc), I didn't find a better task to flag for it.