Page MenuHomePhabricator
Create Task
Maniphest T355210

Investigate: Do we still need to use placeholder temp user for edit permission checks?
Open, Needs TriagePublic
Actions

Description

When making edits as a logged out user who has not yet created a temp account, the placeholder temp user is used for permission checks by EditPage, APIEdit and ApiVisualEditor.

This was originally done so that we could set wgGroupPermissions['*']['edit'] to false. This was to ensure that an IP actor could not accidentally be allowed to do something.

However it was decided that we would instead require wgGroupPermissions['*']['actionThatCreatesATempUser'] to be true and ensure that an IP actor could not accidentally be allowed to do something by throwing an error if MediaWiki tries to create an IP actor.

This task is for:

  • Investigating any advantages/disadvantages with still using the placeholder temp user in these permissions checks
  • Deciding whether we should remove them

Details

SubjectRepoBranchLines +/-
DNM Experimental: Remove unsaved temp user from EditPagemediawiki/coremaster+0 -6
Customize query in gerrit

Related Objects

Event Timeline

Tchanders created this task.Jan 17 2024, 10:42 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 17 2024, 10:42 AM
Tchanders mentioned this in T342880: Decide what the rate limit should be for temporary account creations.Jan 17 2024, 10:43 AM
Tgr subscribed.Feb 16 2024, 3:03 PM

In theory I think you'd still need the temp user as long as temp users might have different permissions from anonymous users (by default they don't but the system does offer the possibility of temp-user-specific permissions).

gerritbot added a comment.Feb 29 2024, 5:08 PM

Change 1007648 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/core@master] DNM Experimental: Remove unsaved temp user from EditPage

https://gerrit.wikimedia.org/r/1007648

gerritbot added a project: Patch-For-Review.Feb 29 2024, 5:08 PM
Tchanders added a comment.Feb 29 2024, 5:13 PM

I wonder (though I'm on the fence still) if we could just make the decision that $wgGroupPermissions['*']['edit'] must be true in order for temp accounts to be created via edit. You could still give temp accounts other additional rights, but an anon user must make a successful edit (or whatever other action you've configured to create a temp user) first.

We're expecting other workflows to do this rather than handle unsaved/placeholder temp users (see our guidance about this).

The unsaved temp user is proving a bit odd, e.g. AbuseFilter logs the name, but it never gets mapped to a real user (T334623#9587082).

Tchanders mentioned this in T334623: How do we log unsuccessful first edits for temporary users?.Feb 29 2024, 5:15 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL