Page MenuHomePhabricator
Create Task
Maniphest T141300

Clean up how ConfirmEdit tracks modules associated with CAPTCHA
Closed, ResolvedPublic
Actions

Description

There is a public getForm method that can be used to access the CAPTCHA's HTML. However, there is not a clean way to access the associated modules. Currently, they are added directly to the OutputPage passed in. However, this makes it hard to pull them out, causing issues (see e.g. T140472: Flow: Update to stop using buildCssLinks and for related ConfirmEdit change).

I suggest we should remove the OutputPage parameter. We can use an associative array like https://github.com/wikimedia/mediawiki/blob/master/includes/api/ApiParse.php#L374-L386 (plus a key for the HTML itself).

This would be a breaking change, and require callers to register the modules themselves.

Details

SubjectRepoBranchLines +/-
Remove getForm() and replace by getFormInformation()mediawiki/extensions/ConfirmEditmaster+145 -71
Customize query in gerrit

Related Objects
Search...

Event Timeline

Mattflaschen-WMF created this task.Jul 25 2016, 8:08 PM
Mattflaschen-WMF edited projects, added ConfirmEdit (CAPTCHA extension); removed StructuredDiscussions.
Restricted Application added a subscriber: Florian. · View Herald TranscriptJul 25 2016, 8:09 PM
Florian added a comment.Jul 25 2016, 9:24 PM

It's maybe a good idea to change the registration of modules, removing the OutputPage completely (or the context itself) could lead into problems. ReCaptchaNoCaptcha for example uses the OutputPage object to add a required JS module (which is loaded from Google dierctly buhhhh!!!!), see https://github.com/wikimedia/mediawiki-extensions-ConfirmEdit/blob/master/ReCaptchaNoCaptcha/ReCaptchaNoCaptcha.class.php#L22-L25.

So we should probably just change the return value of getForm to an array and return the HTML and the modules. If we do it as an associative array, instead of a numbered one, we could also be prepared for the future, where probably other information needs to be returned, too :)

Mattflaschen-WMF claimed this task.Jul 25 2016, 10:39 PM
Mattflaschen-WMF added a comment.Jul 25 2016, 10:43 PM
In T141300#2493917, @Florian wrote:

So we should probably just change the return value of getForm to an array and return the HTML and the modules. If we do it as an associative array, instead of a numbered one, we could also be prepared for the future, where probably other information needs to be returned, too :)

We can remove the OutputPage parameter and still support the weird ReCAPTCHA case, using "headitems".

Mattflaschen-WMF added a comment.Jul 26 2016, 12:04 AM

Related (to the headitems): https://gerrit.wikimedia.org/r/#/c/301028/1

Florian added a comment.Jul 26 2016, 3:35 PM

Good argument!

gerritbot subscribed.Jul 26 2016, 4:25 PM

Change 301147 had a related patch set uploaded (by Florianschmidtwelzow):
Deprecate getForm() and replace by getFormInformation()

https://gerrit.wikimedia.org/r/301147

Mattflaschen-WMF reassigned this task from Mattflaschen-WMF to Florian.Jul 26 2016, 8:58 PM

I was working on this and had code.

However, it's basically consistent with yours (except I was leaning towards not doing a getForm shim and will explain why), so I will reassign and review yours.

Mattflaschen-WMF added a comment.EditedJul 27 2016, 2:14 AM

From reviewing https://github.com/search?q=org%3Awikimedia+getForm&type=Code , the only Gerrit-hosted extensions affected are:

I'll fix these, but only the WMF-installed ones absolutely must be merged at the same time (the others would be good so they don't languish, though).

Mattflaschen-WMF mentioned this in T141416: WikiForum: Stop using getForm due to ConfirmEdit changes.Jul 27 2016, 2:22 AM
Mattflaschen-WMF created subtask T141416: WikiForum: Stop using getForm due to ConfirmEdit changes.
Mattflaschen-WMF mentioned this in T141417: ContactPage: Stop using getForm due to ConfirmEdit changes.Jul 27 2016, 2:25 AM
Mattflaschen-WMF created subtask T141417: ContactPage: Stop using getForm due to ConfirmEdit changes.
Mattflaschen-WMF mentioned this in T141418: ConfirmAccount: Stop using getForm due to ConfirmEdit changes.
Mattflaschen-WMF created subtask T141418: ConfirmAccount: Stop using getForm due to ConfirmEdit changes.
Mattflaschen-WMF added a comment.Jul 30 2016, 1:28 AM

@Krinkle Can you check that the ConfirmEdit patch doesn't cause a regression for VisualEditor. Stand-alone VE isn't working for me locally at the moment.

Florian added a comment.Jul 30 2016, 3:39 PM

At least from my testing with VE, there're no differences or problems. But it would be good to have someone, who is more familar with VE, to recheck, as I simply tried to edit and solved the CAPTCHA, once with master and once with the change applied :)

Mattflaschen-WMF moved this task from Untriaged to Code Review Started on the Collab-Team-Q1-July-Sep-2016 board.Aug 1 2016, 9:37 PM
gerritbot added a comment.Aug 4 2016, 2:14 AM

Change 301147 merged by jenkins-bot:
Remove getForm() and replace by getFormInformation()

https://gerrit.wikimedia.org/r/301147

ReleaseTaggerBot added a project: MW-1.28-release (WMF-deploy-2016-08-09_(1.28.0-wmf.14)).Aug 4 2016, 3:00 AM
Mattflaschen-WMF moved this task from Code Review Started to QA Review on the Collab-Team-Q1-July-Sep-2016 board.Aug 5 2016, 12:12 AM
Florian closed subtask T141416: WikiForum: Stop using getForm due to ConfirmEdit changes as Resolved.Aug 5 2016, 5:49 PM
Etonkovidova subscribed.Aug 8 2016, 4:27 PM

Checking in betalabs - cannot trigger Captcha for edits.
Although Special:Version shows that ConfirmEdit is installed in beta. @Mattflaschen-WMF - something should be added/enabled in CommonSettings.php ?
The scenarios that I'd like to check are in
https://www.mediawiki.org/wiki/Extension:ConfirmEdit/Test_Plan

General scenario:

  • as a user that belongs only to Users group, edit a page in VE mode
  • click 'Save page' - Captcha should appear.
Mattflaschen-WMF added a comment.Aug 8 2016, 4:36 PM
In T141300#2533725, @Etonkovidova wrote:

On English Wikipedia on Beta Cluster, we have:

var_export( $wgCaptchaTriggers );
array (
  'edit' => false,
  'create' => false,
  'sendemail' => false,
  'addurl' => true,
  'createaccount' => true,
  'badlogin' => true,
  'badloginperuser' => true,
)

This is the same as production.

You can test:

  • Adding a URL when editing
  • Creating an account
  • Repeatedly getting the login password wrong.

It is not configured to trigger on all edits.

Etonkovidova added a comment.Aug 8 2016, 4:53 PM

Checked Captcha in betalabs for creating accounts/multiple login attmepts - all works as expected.

Etonkovidova moved this task from QA Review to Product Review on the Collab-Team-Q1-July-Sep-2016 board.Aug 8 2016, 6:49 PM
jmatazzoni closed this task as Resolved.Aug 8 2016, 7:38 PM
Krinkle closed subtask T141418: ConfirmAccount: Stop using getForm due to ConfirmEdit changes as Resolved.Aug 8 2016, 8:54 PM
jmatazzoni closed subtask T141417: ContactPage: Stop using getForm due to ConfirmEdit changes as Resolved.Aug 9 2016, 12:18 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits