Page MenuHomePhabricator
Create Task
Maniphest T114485

QuickSurveys throws exception on non-HTTPS
Closed, ResolvedPublic
Actions

Description

Spotted in beta:

Exception encountered, of type "InvalidArgumentException"
[23f2ff5a] /wiki/Special:RecentChanges?uselang=qqx InvalidArgumentException from line 71 of /srv/mediawiki/php-master/extensions/QuickSurveys/includes/SurveyFactory.php: The "external example survey" external survey link requires https.
Backtrace:
#0 /srv/mediawiki/php-master/extensions/QuickSurveys/includes/SurveyFactory.php(60): QuickSurveys\SurveyFactory::factoryExternal(array)
#1 [internal function]: QuickSurveys\SurveyFactory::factory(array)
#2 /srv/mediawiki/php-master/extensions/QuickSurveys/includes/QuickSurveys.hooks.php(96): array_map(string, array)
#3 /srv/mediawiki/php-master/extensions/QuickSurveys/includes/QuickSurveys.hooks.php(69): QuickSurveys\Hooks::getEnabledSurveys()
#4 /srv/mediawiki/php-master/includes/Hooks.php(204): QuickSurveys\Hooks::onResourceLoaderRegisterModules(ResourceLoader)
#5 /srv/mediawiki/php-master/includes/resourceloader/ResourceLoader.php(290): Hooks::run(string, array)
#6 /srv/mediawiki/php-master/includes/OutputPage.php(2759): ResourceLoader->__construct(GlobalVarConfig, Monolog\Logger)
#7 /srv/mediawiki/php-master/includes/OutputPage.php(538): OutputPage->getResourceLoader()
#8 /srv/mediawiki/php-master/includes/OutputPage.php(564): OutputPage->filterModules(array, string)
#9 /srv/mediawiki/php-master/includes/OutputPage.php(588): OutputPage->getModules(boolean, string, string)
#10 /srv/mediawiki/php-master/includes/OutputPage.php(3070): OutputPage->getModuleScripts(boolean, string)
#11 /srv/mediawiki/php-master/includes/OutputPage.php(3144): OutputPage->getScriptsForBottomQueue()
#12 /srv/mediawiki/php-master/includes/skins/Skin.php(619): OutputPage->getBottomScripts()
#13 /srv/mediawiki/php-master/includes/skins/SkinTemplate.php(427): Skin->bottomScripts()
#14 /srv/mediawiki/php-master/includes/skins/SkinTemplate.php(240): SkinTemplate->prepareQuickTemplate()
#15 /srv/mediawiki/php-master/includes/OutputPage.php(2314): SkinTemplate->outputPage()
#16 /srv/mediawiki/php-master/includes/MediaWiki.php(698): OutputPage->output()
#17 /srv/mediawiki/php-master/includes/MediaWiki.php(476): MediaWiki->main()
#18 /srv/mediawiki/php-master/index.php(41): MediaWiki->run()
#19 /srv/mediawiki/w/index.php(3): include(string)
#20 {main}

Reproduce with http://en.m.wikipedia.beta.wmflabs.org/w/index.php?title=Special:UserLogin&uselang=qqx

Details

SubjectRepoBranchLines +/-
Send insecure surveys to client but do not allow rendering of them.mediawiki/extensions/QuickSurveysdev+28 -12
Die gracefully when survey throws exceptionmediawiki/extensions/QuickSurveysdev+8 -1
Make HTTPS requirement configurable.mediawiki/extensions/QuickSurveysmaster+0 -0
Release 0.4.0 of QuickSurveysmediawiki/extensions/QuickSurveysmaster+5 -1
Don't require QuickSurveys to use HTTPS links in labsoperations/mediawiki-configmaster+2 -0
Make HTTPS requirement configurable.mediawiki/extensions/QuickSurveysdev+7 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

demon created this task.Oct 2 2015, 3:11 PM
demon raised the priority of this task from to Medium.
demon updated the task description. (Show Details)
demon added projects: Wikimedia-production-error, QuickSurveys.
demon subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 2 2015, 3:11 PM
demon moved this task from Untriaged to Dec2019/1.35.wmf.10+ on the Wikimedia-production-error board.Oct 2 2015, 3:11 PM
demon added a project: Beta-Cluster-Infrastructure.Oct 2 2015, 3:14 PM
Restricted Application added a subscriber: Luke081515. · View Herald TranscriptOct 2 2015, 3:14 PM
hashar updated the task description. (Show Details)Oct 3 2015, 7:51 AM
hashar added a project: I18n.
hashar set Security to None.
hashar added subscribers: hashar, rmoen, Jdlrobson.EditedOct 3 2015, 7:55 AM

Caused by QuickSurveys patch https://gerrit.wikimedia.org/r/#/c/239993/

Rob/Jon, there is no HTTPS on beta cluster. Maybe the $wgQuickSurveys values can instead be validated to be https as a test in operations/mediawiki-config.git ?

I am also wondering why it triggers with uselang=qqx

hashar moved this task from To Triage to Backlog on the Beta-Cluster-Infrastructure board.Oct 3 2015, 7:56 AM
Krenair subscribed.Oct 3 2015, 12:47 PM

Requiring HTTPS or not should be something you configure as an extension global.

greg mentioned this in T114486: Create #beta-cluster-reproducible tag and rename #beta-cluster to #beta-cluster-infrastructure.Oct 4 2015, 2:59 AM
Jdlrobson added a comment.Oct 5 2015, 4:00 PM

Hopefully this is what is causing T113534 ... and we can finally get that resolved too.

greg edited projects, added Beta-Cluster-reproducible; removed Beta-Cluster-Infrastructure.Oct 5 2015, 4:37 PM
Jdlrobson added a project: Reading-Web-Sprint-57-The Fifth Element.Oct 8 2015, 4:25 PM
Jdlrobson moved this task from Needs Analysis to To Do on the Reading-Web-Sprint-57-The Fifth Element board.Oct 8 2015, 5:10 PM
jhobs claimed this task.Oct 8 2015, 11:04 PM
Jdlrobson added a comment.Oct 8 2015, 11:16 PM

I can replicate on http://en.m.wikipedia.beta.wmflabs.org/wiki/Headings?uselang=qqx&quicksurvey=external-survey-external%20example%20survey

gerritbot subscribed.Oct 8 2015, 11:33 PM

Change 244623 had a related patch set uploaded (by Jhobs):
Die gracefully when survey throws exception

https://gerrit.wikimedia.org/r/244623

gerritbot added a project: Patch-For-Review.Oct 8 2015, 11:33 PM
jhobs moved this task from To Do to Doing on the Reading-Web-Sprint-57-The Fifth Element board.Oct 8 2015, 11:44 PM
jhobs moved this task from Doing to Code Review on the Reading-Web-Sprint-57-The Fifth Element board.
phuedx subscribed.EditedOct 9 2015, 9:16 AM

Requiring HTTPS or not should be something you configure as an extension global.

I agree with @Krenair.

Trapping an exception, discarding it, and then discarding all of the configured surveys doesn't seem graceful. Rather, we could simply drop the HTTPS requirement on the Beta Cluster.

phuedx moved this task from Code Review to -1 (Needs More Work) on the Reading-Web-Sprint-57-The Fifth Element board.Oct 9 2015, 9:16 AM
Jdlrobson added a subscriber: csteipp.Oct 9 2015, 3:20 PM

So this was actually requested by @csteipp during security review - eternal surveys should he https.

The problem is that these URLs come from messages or config variables so anyone editing an interface could bring the whole site down for everyone in production. That's not good at all. The qqx code also renders the message key which is not even a url.

I'm keen to solve issue before this hits production. If we don't die silently what other options do we have?

It seems like we'd want to throw it away and throw a warning so some try catching is necessary...

csteipp added a comment.Oct 9 2015, 3:48 PM

I'd like to prevent non https links in production. If it's a config flag
that is false in beta, that would be fine.

Jdlrobson added a comment.Oct 9 2015, 5:10 PM

@csteipp but how should we treat surveys which have been setup with 'http' would you expect this to fatal, to throw a warning or die silently or other? (in all cases I assume we would not allow the survey)

csteipp added a comment.Oct 9 2015, 5:13 PM

@Jdlrobson, I don't have a strong preference except that, like you say, we
don't allow the survey if it's not over https.

In general, I think gracefully showing a prominent warning would be the
best UX. Not sure if that's worth the dev cost over just throwing an
exception and responding whenever releng bugs you.

demon added a comment.Oct 9 2015, 5:15 PM

What about not configuring surveys for beta? Blank the message?

Jdlrobson added a comment.Oct 9 2015, 5:19 PM

We need surveys configured for browser tests... Right now the only issue we are hitting is qqx code doesn't translate to a URL. We can work around that edge case, but I'm curious what we expect to happen with a badly configured survey whilst we do not have an interface for setting up surveys...

Jdlrobson added a comment.Oct 9 2015, 5:19 PM

My feeling is we should do this on the frontend and log a warning in the JavaScript console when choosing a survey to show. This seems the best thing here. No need to fatal nor do this in PHP.

gerritbot added a comment.Oct 11 2015, 4:04 PM

Change 245105 had a related patch set uploaded (by Alex Monk):
Make HTTPS requirement configurable.

https://gerrit.wikimedia.org/r/245105

gerritbot added a comment.Oct 11 2015, 5:09 PM

Change 245140 had a related patch set uploaded (by Alex Monk):
Make HTTPS requirement configurable.

https://gerrit.wikimedia.org/r/245140

gerritbot added a comment.Oct 11 2015, 5:16 PM

Change 245140 abandoned by Alex Monk:
Make HTTPS requirement configurable.

Reason:
Repo setup here is a bit weird... seems this has to go through the dev branch first

https://gerrit.wikimedia.org/r/245140

gerritbot added a comment.Oct 11 2015, 9:28 PM

Change 245105 merged by jenkins-bot:
Make HTTPS requirement configurable.

https://gerrit.wikimedia.org/r/245105

gerritbot added a comment.Oct 11 2015, 9:33 PM

Change 245140 restored by Alex Monk:
Make HTTPS requirement configurable.

https://gerrit.wikimedia.org/r/245140

gerritbot added a comment.Oct 11 2015, 9:33 PM

Change 245140 had a related patch set uploaded (by Alex Monk):
Make HTTPS requirement configurable.

https://gerrit.wikimedia.org/r/245140

gerritbot added a comment.Oct 11 2015, 9:44 PM

Change 245188 had a related patch set uploaded (by Alex Monk):
Don't require QuickSurveys to use HTTPS links in labs

https://gerrit.wikimedia.org/r/245188

gerritbot added a comment.Oct 12 2015, 9:40 AM

Change 245188 merged by jenkins-bot:
Don't require QuickSurveys to use HTTPS links in labs

https://gerrit.wikimedia.org/r/245188

phuedx moved this task from -1 (Needs More Work) to Ready for Signoff on the Reading-Web-Sprint-57-The Fifth Element board.Oct 12 2015, 9:40 AM

Thanks @Krenair!

phuedx moved this task from Ready for Signoff to Doing on the Reading-Web-Sprint-57-The Fifth Element board.Oct 12 2015, 12:24 PM
gerritbot added a comment.Oct 12 2015, 12:31 PM

Change 245473 had a related patch set uploaded (by Phuedx):
Release 0.4.0 of QuickSurveys

https://gerrit.wikimedia.org/r/245473

phuedx moved this task from Doing to Code Review on the Reading-Web-Sprint-57-The Fifth Element board.Oct 12 2015, 12:42 PM
Jdlrobson removed a project: Patch-For-Review.Oct 12 2015, 3:58 PM

This is only a temporary fix.

This validation should still not be done in PHP and in current form this could blow up production where https surveys are enforced so more work must be done here.

Personally I dislike the config option as beta labs should mirror production as much as possible and in current form it doesn't. When fixing this we should also remove the config option.

Jdlrobson removed jhobs as the assignee of this task.Oct 12 2015, 4:00 PM
Jdlrobson added a parent task: T110661: Deploy QuickSurveys extension to the English Wikipedia.
Jdlrobson moved this task from Code Review to To Do on the Reading-Web-Sprint-57-The Fifth Element board.
Jdlrobson claimed this task.Oct 12 2015, 6:01 PM
Jdlrobson moved this task from To Do to Doing on the Reading-Web-Sprint-57-The Fifth Element board.
gerritbot added a comment.Oct 12 2015, 6:03 PM

Change 245473 merged by jenkins-bot:
Release 0.4.0 of QuickSurveys

https://gerrit.wikimedia.org/r/245473

gerritbot added a comment.Oct 12 2015, 6:16 PM

Change 245510 had a related patch set uploaded (by Jdlrobson):
Assert that external surveys are in https in JavaScript

https://gerrit.wikimedia.org/r/245510

gerritbot added a project: Patch-For-Review.Oct 12 2015, 6:16 PM
Jdlrobson moved this task from Doing to Code Review on the Reading-Web-Sprint-57-The Fifth Element board.Oct 12 2015, 6:16 PM
phuedx mentioned this in T113534: Investigate QuickSurveys browser tests failures.Oct 13 2015, 2:02 PM
KLans_WMF edited projects, added reading-web-sprint-58-The-Sixth-Sense; removed Reading-Web-Sprint-57-The Fifth Element.Oct 13 2015, 5:13 PM
KLans_WMF moved this task from Needs Analysis to Code Review on the reading-web-sprint-58-The-Sixth-Sense board.
phuedx moved this task from Code Review to -1 (Needs More Work) on the reading-web-sprint-58-The-Sixth-Sense board.Oct 14 2015, 3:28 PM
Jdlrobson moved this task from -1 (Needs More Work) to Code Review on the reading-web-sprint-58-The-Sixth-Sense board.Oct 14 2015, 3:49 PM
gerritbot added a comment.Oct 14 2015, 5:32 PM

Change 245140 abandoned by Jdlrobson:
Make HTTPS requirement configurable.

Reason:
Let's continue conversation at https://gerrit.wikimedia.org/r/246251

https://gerrit.wikimedia.org/r/245140

Jdlrobson mentioned this in T113651: One last tweak to survey placement...Oct 14 2015, 9:56 PM
gerritbot added a comment.Oct 22 2015, 6:37 AM

Change 244623 abandoned by Phuedx:
Die gracefully when survey throws exception

Reason:
None from me.

https://gerrit.wikimedia.org/r/244623

Jdlrobson edited projects, added Reading Web Sprint 59 - Amsterdam and the hamsters; removed reading-web-sprint-58-The-Sixth-Sense.Oct 27 2015, 4:04 PM
Jdlrobson moved this task from Needs Analysis to Code Review on the Reading Web Sprint 59 - Amsterdam and the hamsters board.
bmansurov moved this task from Code Review to Ready for Signoff on the Reading Web Sprint 59 - Amsterdam and the hamsters board.Oct 28 2015, 10:22 AM
gerritbot added a comment.Oct 28 2015, 10:28 AM

Change 245510 merged by jenkins-bot:
Send insecure surveys to client but do not allow rendering of them.

https://gerrit.wikimedia.org/r/245510

Jdlrobson closed this task as Resolved.Oct 28 2015, 10:39 PM
demon moved this task from Dec2019/1.35.wmf.10+ to Resolved on the Wikimedia-production-error board.Nov 3 2015, 10:45 PM
Jdlrobson moved this task from Ready for Signoff to Done on the Reading Web Sprint 59 - Amsterdam and the hamsters board.Nov 5 2015, 11:19 PM
Konfused-Kitten mentioned this in rEQSc1f9786177f3: Send insecure surveys to client but do not allow rendering of them..Apr 28 2016, 6:22 AM
Jdlrobson mentioned this in rEQSa21020ca64a5: Make HTTPS requirement configurable..Apr 28 2016, 6:22 AM
Jdlrobson mentioned this in rEQScd019cbb6cd2: Send insecure surveys to client but do not allow rendering of them..
Konfused-Kitten mentioned this in rEQS97c950dc2ff9: Send insecure surveys to client but do not allow rendering of them..Apr 28 2016, 6:22 AM
Konfused-Kitten mentioned this in rEQSfcd3edb4fe67: Assert that external surveys are in https in JavaScript.
Krenair mentioned this in rEQSeb82382f74ac: Make HTTPS requirement configurable..Apr 28 2016, 6:22 AM
Krenair mentioned this in rEQS826c5a4ba07d: Make HTTPS requirement configurable..
Krenair mentioned this in rEQS545df74a1632: Make HTTPS requirement configurable..
Krenair mentioned this in rEQS006dbb18900d: Make HTTPS requirement configurable..
Krenair mentioned this in rEQSef091fec478a: Make HTTPS requirement configurable..
Krenair mentioned this in rEQS5ad7752e3836: Make HTTPS requirement configurable..
jhobs mentioned this in rEQS1c1d9661f469: Die gracefully when survey throws exception.Apr 28 2016, 6:22 AM
jhobs mentioned this in rEQSfe26319f4f23: Die gracefully when survey throws exception.
phuedx mentioned this in rEQSaa541e84f0e9: Update patch set 2.Jun 11 2018, 8:24 PM
jhobs mentioned this in rEQS416f977d9657: Update patch set 2.Jun 11 2018, 8:24 PM
jhobs mentioned this in rEQS2536322cb7d4: Final NoteDb migration updates.
Diffusion mentioned this in rEQS6f8aac4b8144: Final NoteDb migration updates.Jun 11 2018, 8:25 PM
hashar mentioned this in rEQS83d3b827b0da: Update patch set 8.Jun 11 2018, 8:25 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL