Page MenuHomePhabricator
Create Task
Maniphest T104615

Some account creations causing exceptions
Closed, ResolvedPublic
Actions

Description

Only 29 in exception.log like this so far, but should get this fixed asap

2015-07-02 19:26:22 mw1074 enwiki exception INFO: [8500a51c] /w/index.php?title=Special:UserLogin&action=submitlogin&type=signup&returnto=Under_Armour_All-America_Game&returntoquery=action%3Dedit%26section%3D13 Exception from line 2130 of /srv/mediawiki/php-1.26wmf12/extensions/CentralAuth/includes/CentralAuthUser.php: Could not find local user data for <XXXXXXX>@enwiki
#0 /srv/mediawiki/php-1.26wmf12/extensions/CentralAuth/includes/CentralAuthUser.php(2070): CentralAuthUser->localUserData()
#1 /srv/mediawiki/php-1.26wmf12/extensions/CentralAuth/includes/CentralAuthUser.php(2030): CentralAuthUser->queryAttached()
#2 /srv/mediawiki/php-1.26wmf12/extensions/CentralAuth/includes/CentralAuthHooks.php(2078): CentralAuthUser->getLocalGroups()
#3 /srv/mediawiki/php-1.26wmf12/includes/Hooks.php(204): CentralAuthHooks::onPasswordPoliciesForUser()
#4 /srv/mediawiki/php-1.26wmf12/includes/password/UserPasswordPolicy.php(107): Hooks::run()
#5 /srv/mediawiki/php-1.26wmf12/includes/password/UserPasswordPolicy.php(74): UserPasswordPolicy->getPoliciesForUser()
#6 /srv/mediawiki/php-1.26wmf12/includes/User.php(859): UserPasswordPolicy->checkUserPassword()
#7 /srv/mediawiki/php-1.26wmf12/includes/specials/SpecialUserlogin.php(548): User->checkPasswordValidity()
#8 /srv/mediawiki/php-1.26wmf12/includes/specials/SpecialUserlogin.php(377): LoginForm->addNewAccountInternal()
#9 /srv/mediawiki/php-1.26wmf12/includes/specials/SpecialUserlogin.php(314): LoginForm->addNewAccount()
#10 /srv/mediawiki/php-1.26wmf12/includes/specialpage/SpecialPage.php(384): LoginForm->execute()
#11 /srv/mediawiki/php-1.26wmf12/includes/specialpage/SpecialPageFactory.php(550): SpecialPage->run()
#12 /srv/mediawiki/php-1.26wmf12/includes/MediaWiki.php(249): SpecialPageFactory::executePath()
#13 /srv/mediawiki/php-1.26wmf12/includes/MediaWiki.php(668): MediaWiki->performRequest()
#14 /srv/mediawiki/php-1.26wmf12/includes/MediaWiki.php(465): MediaWiki->main()
#15 /srv/mediawiki/php-1.26wmf12/index.php(41): MediaWiki->run()
#16 /srv/mediawiki/w/index.php(3): include()
#17 {main} {"private":false}

Details

SubjectRepoBranchLines +/-
Re-add global password policiesmediawiki/extensions/CentralAuthwmf/1.27.0-wmf.5+151 -0
Re-add global password policiesmediawiki/extensions/CentralAuthmaster+151 -0
Add "purpose" to password validity checkmediawiki/coremaster+26 -23
Made the prior user existence check in LoginForm use DB_MASTERmediawiki/coremaster+15 -5
Revert "Add global password policies"mediawiki/extensions/CentralAuthwmf/1.26wmf12+0 -221
Revert "Add global password policies"mediawiki/extensions/CentralAuthmaster+0 -221
Customize query in gerrit

Related Objects

Event Timeline

csteipp created this task.Jul 2 2015, 7:33 PM
csteipp claimed this task.
csteipp raised the priority of this task from to Unbreak Now!.
csteipp updated the task description. (Show Details)
csteipp added a project: Security-Team.
csteipp added subscribers: csteipp, hoo.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 2 2015, 7:33 PM
csteipp added a subscriber: aaron.Jul 2 2015, 8:19 PM

The first part that confused me was how the global user could exist when in onPasswordPoliciesForUser we do

$central = CentralAuthUser::getInstance( $user );
if ( $central->exists() ) {
...

So checking the globaluser table for the user who was in the exception above (timestamp: 2015-07-02 19:26:22), the globaluser table shows gu_registration = 20150702192620. localuser.lu_attached_timestamp = 20150702192620 too. Both 2 seconds before the exception was thrown. But more weird in this case is that on enwiki, the user is in the user table, and user_registration = 20150702192618. 2 seconds before the CentralAuth account.

I'm assuming our db clusters aren't 2 seconds off in their time.

It seems something like,

  1. Account creation is attempted
  2. CentralAuth user is created, and the centralauth transaction finishes
  3. Something happens, and the enwiki transaction isn't finished yet.
  4. Request is retried.
  5. In SpecialUserLogin $u->idForName() is 0
  6. CentralAuthUser for the account does exist, so CentralAuthUser::localUserData is called for the local wiki, exception is thrown.
  7. enwiki transaction finishes, so user is in the user table

@aaron, do you know if that sequence of events is possible?

Legoktm added a project: MediaWiki-extensions-CentralAuth.Jul 3 2015, 1:02 AM
Legoktm set Security to None.
gerritbot subscribed.Jul 3 2015, 1:03 AM

Change 222520 had a related patch set uploaded (by Legoktm):
Revert "Add global password policies"

https://gerrit.wikimedia.org/r/222520

gerritbot added a project: Patch-For-Review.Jul 3 2015, 1:03 AM

Change 222521 had a related patch set uploaded (by CSteipp):
Revert "Add global password policies"

https://gerrit.wikimedia.org/r/222521

gerritbot added a comment.Jul 3 2015, 1:04 AM

Change 222520 merged by jenkins-bot:
Revert "Add global password policies"

https://gerrit.wikimedia.org/r/222520

Diffusion mentioned this in rMEXT2d64d3435897: Updated mediawiki/extensions Project: mediawiki/extensions/CentralAuth….Jul 3 2015, 1:04 AM
Legoktm mentioned this in rECAUc2d1c8b0b86e: Revert "Add global password policies".Jul 3 2015, 1:04 AM
gerritbot added a comment.Jul 3 2015, 1:15 AM

Change 222521 merged by jenkins-bot:
Revert "Add global password policies"

https://gerrit.wikimedia.org/r/222521

csteipp mentioned this in rECAU7f8da7139714: Revert "Add global password policies".Jul 3 2015, 1:15 AM
csteipp mentioned this in rMW3677709d429b: Updated mediawiki/core Project: mediawiki/extensions/CentralAuth….
Forrestbot added projects: WMF-deploy-2015-06-30_(1.26wmf12), WMF-deploy-2015-07-07_(1.26wmf13).Jul 3 2015, 2:00 AM
csteipp added a comment.Jul 3 2015, 2:19 AM

Global checking reverted for now, until we can figure out the issue:

https://gerrit.wikimedia.org/r/#/c/222520/

aaron added a comment.Jul 3 2015, 11:54 PM
In T104615#1422610, @csteipp wrote:

@aaron, do you know if that sequence of events is possible?

That would be my guess. That captcha will slow human retry attempts a bit but I suppose it's possible. Either the local/central transactions were half finished or the local DB had more slave lag.

Do all the exception involve the same wiki? Do any involve some other wiki having a local user row missing while logging into the current wiki?

It's interesting that register() does not use a trx but attach() does (due to https://gerrit.wikimedia.org/r/#/c/154443/). Out of curiosity, I wonder what that ways for. If the local/central DBs both had end-of-request commits there would less time for them to be out of sync.

Btw, queryAttached() seems kind of inefficient, loading all CA/localuser rows for a user and doing a local user query for each one. I don't see too many callers now (not at key use cases), and some of them are just fallbacks for filling a denormalized value (home/editcount). For users on many wikis, it seems like this would slow down login, though perhaps not by too much in regular cases.

gerritbot added a comment.Jul 8 2015, 11:44 PM

Change 223702 had a related patch set uploaded (by CSteipp):
Add global password policies

https://gerrit.wikimedia.org/r/223702

csteipp added a subscriber: Legoktm.Jul 8 2015, 11:57 PM

Do all the exception involve the same wiki? Do any involve some other wiki having a local user row missing while logging into the current wiki?

Lots of different languages and projects. In ever case I've seen, this always happens on the create account form (LoginForm->addNewAccount() is in the backtrace), and the user ends up with,

  • CentralAuth account is created
  • account is attached on exactly 1 wiki, the one where the exception happend
  • the local wiki account has been created in the DB

It's interesting that register() does not use a trx but attach() does (due to https://gerrit.wikimedia.org/r/#/c/154443/). Out of curiosity, I wonder what that ways for. If the local/central DBs both had end-of-request commits there would less time for them to be out of sync.

@Legoktm mentioned attach. I think he added those?

Btw, queryAttached() seems kind of inefficient, loading all CA/localuser rows for a user and doing a local user query for each one. I don't see too many callers now (not at key use cases), and some of them are just fallbacks for filling a denormalized value (home/editcount). For users on many wikis, it seems like this would slow down login, though perhaps not by too much in regular cases.

Yeah, since logins are (relatively) rare, I'm hopeful the impact isn't noticeable. I also want to fix T99007 which needs a call to queryAttached(), so doing the full lookup once on login seems unavoidable, unless we cache local groups in a central location.

Legoktm added a comment.Jul 10 2015, 3:06 AM
In T104615#1426026, @aaron wrote:

It's interesting that register() does not use a trx but attach() does (due to https://gerrit.wikimedia.org/r/#/c/154443/). Out of curiosity, I wonder what that ways for. If the local/central DBs both had end-of-request commits there would less time for them to be out of sync.

It was for T41996. Hoo and I discussed that bug IRL during Wikimania and that one solution ended up working...

aaron added a comment.EditedJul 10 2015, 9:36 PM

I wonder if checkPasswordValidity() had a $purpose argument string (newaccount/newpassword/login), passed down to the hook. If the CA hooks could then avoid calling the attachment state methods for new accounts since you don't care about their privileges. Would that also avoid these problems?

gerritbot added a comment.Jul 10 2015, 11:46 PM

Change 224201 had a related patch set uploaded (by Aaron Schulz):
Made the prior user existence check in LoginForm use DB_MASTER

https://gerrit.wikimedia.org/r/224201

gerritbot added a comment.Jul 11 2015, 12:37 AM

Change 224201 merged by jenkins-bot:
Made the prior user existence check in LoginForm use DB_MASTER

https://gerrit.wikimedia.org/r/224201

aaron mentioned this in rMW08698e48e8cf: Made the prior user existence check in LoginForm use DB_MASTER.Jul 11 2015, 12:37 AM
Forrestbot added projects: MW-1.26-release, WMF-deploy-2015-07-14_(1.26wmf14).Jul 11 2015, 1:00 AM
csteipp added a comment.Jul 14 2015, 4:00 PM

Thanks Aaron.

@Legoktm, https://gerrit.wikimedia.org/r/#/c/223702/ should be ready to merge now if you have a few minutes.

aaron added a comment.Jul 14 2015, 4:06 PM
In T104615#1446462, @aaron wrote:

I wonder if checkPasswordValidity() had a $purpose argument string (newaccount/newpassword/login), passed down to the hook. If the CA hooks could then avoid calling the attachment state methods for new accounts since you don't care about their privileges. Would that also avoid these problems?

I'd still recommend considering this too.

gerritbot added a comment.Jul 14 2015, 7:28 PM

Change 224658 had a related patch set uploaded (by CSteipp):
Add "purpose" to password validity check

https://gerrit.wikimedia.org/r/224658

csteipp added a comment.Jul 14 2015, 7:31 PM
In T104615#1452022, @aaron wrote:
In T104615#1446462, @aaron wrote:

I wonder if checkPasswordValidity() had a $purpose argument string (newaccount/newpassword/login), passed down to the hook. If the CA hooks could then avoid calling the attachment state methods for new accounts since you don't care about their privileges. Would that also avoid these problems?

I'd still recommend considering this too.

Done in https://gerrit.wikimedia.org/r/224658. That simplified the installer a little, although it still feel a little hacky imo.

gerritbot added a comment.Jul 14 2015, 8:25 PM

Change 224658 merged by jenkins-bot:
Add "purpose" to password validity check

https://gerrit.wikimedia.org/r/224658

aaron mentioned this in rMW6a69a4eb733b: Add "purpose" to password validity check.Jul 14 2015, 8:26 PM
Forrestbot added a project: WMF-deploy-2015-07-21_(1.26wmf15).Jul 14 2015, 9:00 PM
Aklapper added a comment.Jul 31 2015, 10:42 AM

All patches mentioned in this task have been merged more than two weeks ago.

@csteipp: What exactly is left to do here, and should this task still be "Unbreak now" priority or can that be lowered?

csteipp closed this task as Resolved.Jul 31 2015, 3:52 PM

Yeah, let's close this, and we can see what happens when I get the centralauth patch that caused this re-merged.

MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.Aug 11 2015, 11:09 AM
TTO mentioned this in T115700: Installer allows creating an admin password which is too short.Oct 29 2015, 12:33 PM
gerritbot added a comment.Nov 4 2015, 5:48 PM

Change 223702 merged by jenkins-bot:
Re-add global password policies

https://gerrit.wikimedia.org/r/223702

ReleaseTaggerBot added a project: MW-1.27-release (WMF-deploy-2015-11-10_(1.27.0-wmf.6)).Nov 4 2015, 6:00 PM
gerritbot added a comment.Nov 4 2015, 6:04 PM

Change 251009 had a related patch set uploaded (by CSteipp):
Re-add global password policies

https://gerrit.wikimedia.org/r/251009

gerritbot added a comment.Nov 16 2015, 5:29 PM

Change 251009 abandoned by CSteipp:
Re-add global password policies

https://gerrit.wikimedia.org/r/251009

sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 7:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL