1.43 compatibility (#3)

* 1.43 compatibility

- Use new HookHandler interface
- Set up forwards-compat class aliases for older MW versions

* Add CI

* Address CI issues

- Use tabs instead of spaces
- Make unit tests use the updated hook interfaces

* Fix tests

phpunit mock methods configured with with() will disallow any parameters
not specified in the with() call, which caused tests to fail when
WebRequest::getVal was called multiple times with different parameters.
Switch to willReturnMap() to properly map certain values to return
values, while returning null for unmapped values.

* Migrate to proper unit test

This requires moving to a unit/ subdirectory to indicate that
we do not need to load MW when running these tests.

Additionally, instead of checking that we call various methods on
OutputPage when denying access, refactor denyAccess to a protected
method and mock it during testing, so that we can ensure denyAccess is
called without running any of its code. The code itself requires the
services container to be instantiated in order for wfMessage()->plain()
to work, which we cannot do during pure unit tests.

We should probably also add some integration tests to verify that
denyAccess() behaves as expected, in addition to tests that exercise
other aspects of the extension.

Author: skizzerz

.github/workflows/ci.yml

@@ -0,0 +1,151 @@
+name: Continuous Integration
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  EXTNAME: CrawlerProtection
+  MW_INSTALL_PATH: ${{ github.workspace }}
+
+jobs:
+  style:
+    name: Code Style
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        php: [ '8.2', '8.3', '8.4' ]
+        mediawiki: [ REL1_43 ]
+        include:
+          - os: ubuntu-latest
+            php: '7.4'
+            mediawiki: REL1_35
+          - os: ubuntu-latest
+            php: '7.4'
+            mediawiki: REL1_39
+          - os: ubuntu-latest
+            php: '8.1'
+            mediawiki: REL1_39
+    steps:
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: mbstring, intl
+          coverage: none
+          tools: composer
+      - name: Setup MediaWiki
+        uses: actions/checkout@v4
+        with:
+          repository: wikimedia/mediawiki
+          ref: ${{ matrix.mediawiki }}
+      - name: Setup Extension
+        uses: actions/checkout@v4
+        with:
+          path: extensions/${{ env.EXTNAME }}
+      - name: Setup Composer
+        run: |
+          echo '{"extra":{"merge-plugin":{"include":["extensions/*/composer.json","skins/*/composer.json"]}}}' > composer.local.json
+          composer update
+          composer update
+      - name: Lint
+        run: ./vendor/bin/parallel-lint --exclude node_modules --exclude vendor extensions/${{ env.EXTNAME }}
+      - name: PHP Code Sniffer
+        run: ./vendor/bin/phpcs -sp --standard=vendor/mediawiki/mediawiki-codesniffer/MediaWiki extensions/${{ env.EXTNAME }}
+
+  security:
+    name: Static Analysis
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        # 1.43 phan is broken on php 8.4
+        php: [ '8.2', '8.3' ]
+        mediawiki: [ REL1_43 ]
+        include:
+          - os: ubuntu-latest
+            php: '7.4'
+            mediawiki: REL1_35
+          - os: ubuntu-latest
+            php: '7.4'
+            mediawiki: REL1_39
+          - os: ubuntu-latest
+            php: '8.1'
+            mediawiki: REL1_39
+    steps:
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: mbstring, intl, ast
+          coverage: none
+          tools: composer
+      - name: Setup MediaWiki
+        uses: actions/checkout@v4
+        with:
+          repository: wikimedia/mediawiki
+          ref: ${{ matrix.mediawiki }}
+      - name: Setup Extension
+        uses: actions/checkout@v4
+        with:
+          path: extensions/${{ env.EXTNAME }}
+      - name: Setup Composer
+        run: |
+          echo '{"extra":{"merge-plugin":{"include":["extensions/*/composer.json","skins/*/composer.json"]}}}' > composer.local.json
+          composer update
+          composer update
+      - name: Phan
+        run: ./vendor/bin/phan -d extensions/${{ env.EXTNAME }} --minimum-target-php-version=7.4 --long-progress-bar
+  phpunit:
+    name: Unit Tests
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        php: [ '8.2', '8.3', '8.4' ]
+        mediawiki: [ REL1_43 ]
+        include:
+          - os: ubuntu-latest
+            php: '7.4'
+            mediawiki: REL1_35
+          - os: ubuntu-latest
+            php: '7.4'
+            mediawiki: REL1_39
+          - os: ubuntu-latest
+            php: '8.2'
+            mediawiki: REL1_39
+    steps:
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: mbstring, intl, ast
+          coverage: none
+          tools: composer
+      - name: Setup MediaWiki
+        uses: actions/checkout@v4
+        with:
+          repository: wikimedia/mediawiki
+          ref: ${{ matrix.mediawiki }}
+      - name: Setup Extension
+        uses: actions/checkout@v4
+        with:
+          path: extensions/${{ env.EXTNAME }}
+      - name: Setup Composer
+        run: |
+          echo '{"extra":{"merge-plugin":{"include":["extensions/*/composer.json","skins/*/composer.json"]}}}' > composer.local.json
+          composer update
+          composer update
+      - name: Install MediaWiki
+        run: php maintenance/install.php --dbtype=sqlite --with-extensions --pass=UnitTestingAdminPassword519 UnitTesting WikiAdmin
+      - name: Phpunit
+        run: ./vendor/bin/phpunit -- extensions/${{ env.EXTNAME }}/tests/phpunit

.phan/config.php

@@ -0,0 +1,15 @@
+<?php
+
+// use phan config shipped with mediawiki core
+$cfg = require __DIR__ . '/../../../vendor/mediawiki/mediawiki-phan-config/src/config.php';
+
+// we suppress things for backwards compat reasons, so suppressions may not apply to all phan test runs
+// as part of dropping support for old versions, old suppressions will be removed
+$cfg['suppress_issue_types'][] = 'UnusedSuppression';
+$cfg['suppress_issue_types'][] = 'UnusedPluginSuppression';
+
+// we make use of class aliases for backwards compat, but phan doesn't honor version checks surrounding them
+$cfg['suppress_issue_types'][] = 'PhanUndeclaredClassAliasOriginal';
+$cfg['suppress_issue_types'][] = 'PhanRedefineClassAlias';
+
+return $cfg;

extension.json

@@ -10,9 +10,15 @@
     "AutoloadNamespaces": {
         "MediaWiki\\Extension\\CrawlerProtection\\": "includes/"
     },
+	"HookHandlers": {
+		"main": {
+			"class": "MediaWiki\\Extension\\CrawlerProtection\\Hooks",
+			"services": []
+		}
+	},
     "Hooks": {
-        "MediaWikiPerformAction": "MediaWiki\\Extension\\CrawlerProtection\\Hooks::onMediaWikiPerformAction",
-        "SpecialPageBeforeExecute": "MediaWiki\\Extension\\CrawlerProtection\\Hooks::onSpecialPageBeforeExecute"
+        "MediaWikiPerformAction": "main",
+        "SpecialPageBeforeExecute": "main"
     },
     "license-name": "MIT",
     "Tests": {

includes/Hooks.php

@@ -2,95 +2,125 @@
 
 namespace MediaWiki\Extension\CrawlerProtection;
 
-use OutputPage;
-use Article;
-use Title;
-use User;
-use WebRequest;
-use MediaWiki;
-use SpecialPage;
-use RequestContext;
+// Class aliases for multi-version compatibility.
+// These need to be in global scope so phan can pick up on them,
+// and before any use statements that make use of the namespaced names.
+if ( version_compare( MW_VERSION, '1.39.4', '<' ) ) {
+	class_alias( '\Title', '\MediaWiki\Title\Title' );
+}
+
+if ( version_compare( MW_VERSION, '1.41', '<' ) ) {
+	class_alias( '\OutputPage', '\MediaWiki\Output\OutputPage' );
+	class_alias( '\SpecialPage', '\MediaWiki\SpecialPage\SpecialPage' );
+	class_alias( '\User', '\MediaWiki\User\User' );
+	class_alias( '\WebRequest', '\MediaWiki\Request\WebRequest' );
+}
+
+if ( version_compare( MW_VERSION, '1.42', '<' ) ) {
+	class_alias( '\MediaWiki', '\MediaWiki\Actions\ActionEntryPoint' );
+}
+
+if ( version_compare( MW_VERSION, '1.44', '<' ) ) {
+	class_alias( '\Article', '\MediaWiki\Page\Article' );
+}
+
+use MediaWiki\Actions\ActionEntryPoint;
+use MediaWiki\Hook\MediaWikiPerformActionHook;
+use MediaWiki\Output\OutputPage;
+use MediaWiki\Page\Article;
+use MediaWiki\Request\WebRequest;
+use MediaWiki\SpecialPage\Hook\SpecialPageBeforeExecuteHook;
+use MediaWiki\SpecialPage\SpecialPage;
+use MediaWiki\Title\Title;
+use MediaWiki\User\User;
+
+class Hooks implements MediaWikiPerformActionHook, SpecialPageBeforeExecuteHook {
+	/**
+	 * Block sensitive page views for anonymous users via MediaWikiPerformAction.
+	 * Handles:
+	 *  - ?type=revision
+	 *  - ?action=history
+	 *  - ?diff=1234
+	 *  - ?oldid=1234
+	 *
+	 * Special pages (e.g. Special:WhatLinksHere) are handled separately.
+	 *
+	 * @param OutputPage $output
+	 * @param Article $article
+	 * @param Title $title
+	 * @param User $user
+	 * @param WebRequest $request
+	 * @param ActionEntryPoint $mediaWiki
+	 * @return bool False to abort further action
+	 */
+	public function onMediaWikiPerformAction(
+		$output,
+		$article,
+		$title,
+		$user,
+		$request,
+		$mediaWiki
+	) {
+		$type   = $request->getVal( 'type' );
+		$action = $request->getVal( 'action' );
+		$diffId = (int)$request->getVal( 'diff' );
+		$oldId  = (int)$request->getVal( 'oldid' );
 
-class Hooks {
-    /**
-     * Block sensitive page views for anonymous users via MediaWikiPerformAction.
-     * Handles:
-     *  - ?type=revision
-     *  - ?action=history
-     *  - ?diff=1234
-     *  - ?oldid=1234
-     *
-     * Special pages (e.g. Special:WhatLinksHere) are handled separately.
-     *
-     * @param OutputPage   $output
-     * @param Article      $article
-     * @param Title        $title
-     * @param User         $user
-     * @param WebRequest   $request
-     * @param MediaWiki    $wiki
-     * @return bool        False to abort further action
-     */
-    public static function onMediaWikiPerformAction(
-        OutputPage $output,
-        Article $article,
-        Title $title,
-        User $user,
-        WebRequest $request,
-        MediaWiki $wiki
-    ) {
-        $type   = $request->getVal( 'type' );
-        $action = $request->getVal( 'action' );
-        $diffId = (int)$request->getVal( 'diff' );
-        $oldId  = (int)$request->getVal( 'oldid' );
+		if (
+			!$user->isRegistered()
+			&& (
+				$type === 'revision'
+				|| $action === 'history'
+				|| $diffId > 0
+				|| $oldId > 0
+			)
+		) {
+			$this->denyAccess( $output );
+			return false;
+		}
 
-        if (
-            !$user->isRegistered()
-            && (
-                $type === 'revision'
-                || $action === 'history'
-                || $diffId > 0
-                || $oldId  > 0
-            )
-        ) {
-            self::denyAccess( $output );
-            return false;
-        }
+		return true;
+	}
 
-        return true;
-    }
+	/**
+	 * Block Special:RecentChangesLinked and Special:WhatLinksHere for anonymous users.
+	 *
+	 * @param SpecialPage $special
+	 * @param string|null $subPage
+	 * @return bool False to abort execution
+	 */
+	public function onSpecialPageBeforeExecute( $special, $subPage ) {
+		$user = $special->getContext()->getUser();
+		if ( $user->isRegistered() ) {
+			// logged-in users: allow
+			return true;
+		}
 
-    /**
-     * Block Special:RecentChangesLinked and Special:WhatLinksHere for anonymous users.
-     *
-     * @param SpecialPage $specialPage
-     * @param string      $subPage
-     * @return bool       False to abort execution
-     */
-    public static function onSpecialPageBeforeExecute( SpecialPage $specialPage, $subPage ) {
-        $user = $specialPage->getContext()->getUser();
-        if ( $user->isRegistered() ) {
-            return true; // logged-in users: allow
-        }
+		$name = strtolower( $special->getName() );
+		if ( in_array( $name, [ 'recentchangeslinked', 'whatlinkshere' ], true ) ) {
+			$out = $special->getContext()->getOutput();
+			$this->denyAccess( $out );
+			return false;
+		}
 
-        $name = strtolower( $specialPage->getName() );
-        if ( in_array( $name, [ 'recentchangeslinked', 'whatlinkshere' ], true ) ) {
-            $out = $specialPage->getContext()->getOutput();
-            self::denyAccess( $out );
-            return false;
-        }
+		return true;
+	}
 
-        return true;
-    }
+	/**
+	 * Helper: output 403 Access Denied page using i18n messages.
+	 *
+	 * @param OutputPage $output
+	 * @return void
+	 */
+	protected function denyAccess( OutputPage $output ): void {
+		$output->setStatusCode( 403 );
+		$output->addWikiTextAsInterface( wfMessage( 'crawlerprotection-accessdenied-text' )->plain() );
 
-    /**
-     * Helper: output 403 Access Denied page using i18n messages.
-     *
-     * @param OutputPage $output
-     * @return void
-     */
-    private static function denyAccess( OutputPage $output ): void {
-        $output->setStatusCode( 403 );
-        $output->setPageTitle( wfMessage( 'crawlerprotection-accessdenied-title' )->text() );
-        $output->addWikiTextAsInterface( wfMessage( 'crawlerprotection-accessdenied-text' )->text() );
-    }
+		if ( version_compare( MW_VERSION, '1.41', '<' ) ) {
+			$output->setPageTitle( wfMessage( 'crawlerprotection-accessdenied-title' ) );
+		} else {
+			// @phan-suppress-next-line PhanUndeclaredMethod Exists in 1.41+
+			$output->setPageTitleMsg( wfMessage( 'crawlerprotection-accessdenied-title' ) );
+		}
+	}
 }