Page MenuHomePhabricator

Undeploy DisableAccount extension
Closed, ResolvedPublic

Description

This eventually needs to be done (DisableAccount is a bad hack and it's not easy to reactivate disabled account) but we need to resolve T54453: Accounts blocked on wikis with wgBlockDisablesLogin enabled should not continue to receive email notifications first

Details

Related Gerrit Patches:

Related Objects

Event Timeline

Bugreporter raised the priority of this task from to Needs Triage.
Bugreporter updated the task description. (Show Details)
Bugreporter added a subscriber: Bugreporter.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptJul 16 2015, 5:50 PM

I don't think foundationwiki wants this.

Glaisher triaged this task as Lowest priority.Jul 16 2015, 5:52 PM

See InitialiseSettings.php:
DO NOT DISABLE WITHOUT CONTACTING PHILIPPE / LEGAL!
Installed by Andrew, 2011-04-26

Bugreporter added a subscriber: werdna.

I don't think foundationwiki wants this.

Actually this extension is not installed on foundationwiki.

I don't think foundationwiki wants this.

Actually this extension is not installed on foundationwiki.

Aye, these are on a couple specific highly confidential private wikis (currently arbcom_enwiki, checkuserwiki, legalteamwiki, ombudsmenwiki & stewardwiki) and was there mostly because at the time engineering told us that BlockDisablesLogin would not be completely usable (and may have not even existed at the very start) . After T54453 is closed then most of those issues may be gone and we can reevaluate.

I'd quite like for us to figure out what is needed to get rid of this now, to add to the list with T54453.

As an user on two WMF wikis which do use this tool, I can say that this is hardly used; thankfully. This was designed as aditional security for compromised accounts and other situations where we really wanted to remove access to a wiki. However mistakes using this tool require sysadmin intervention. Perhaps, if we worry about wrong unblocks and users regaining access to information they ain't cleared no more to view, with the fix of T54453, we can think about granting the 'unblock' rights on those wikis to the bureaucrats? Meanwhile and as @Jalexander say, better to keep this for now IMHO; but if we want to get rid of this extension $wgBlockDisablesLogin needs to work as block + disable and totally remove access from blocked accounts.

Glaisher set Security to None.

This was designed as aditional security for compromised accounts and other situations where we really wanted to remove access to a wiki.

Sure, $wgBlockDisablesLogin should do this.

However mistakes using this tool require sysadmin intervention.

And presumably ordinary reverts? But still, ugh.

we can think about granting the 'unblock' rights on those wikis to the bureaucrats?

We don't have a separate 'unblock' right... I don't understand why you would want to do that anyway?

Meanwhile and as @Jalexander say, better to keep this for now IMHO

Yes, there is one known issue preventing us from getting rid of it right now, it's the email task marked as a blocker

if we want to get rid of this extension $wgBlockDisablesLogin needs to work as block + disable and totally remove access from blocked accounts.

It should do that already other than the aforementioned email issue.

The patch for T54453 (the email blocker bug here) is being merged now.
I think we also need a blocker about writing (and then running) a script to migrate current users who have been disabled via DisableAccount to blocks.

Trijnstel added a comment.EditedDec 18 2015, 12:33 PM

we can think about granting the 'unblock' rights on those wikis to the bureaucrats?

We don't have a separate 'unblock' right... I don't understand why you would want to do that anyway?

But there is a block right and actually, I support MarcoAurelio's idea... On the Checkuser wiki accounts are being maintained by the CU-l list admins. They are the only ones with bureaucrat rights, and thus the only ones to create accounts there. It seems logical to make the bureaucrats the only ones with the ability to block accounts as well.

On the steward wiki every steward has bureaucrat rights, so it's not a problem there either. Maybe on the other private wikis, but I doubt that, to be honest. @Jalexander: can you shed some light here?

Restricted Application added a subscriber: JEumerus. · View Herald TranscriptApr 14 2016, 1:00 AM
ZhouZ moved this task from Backlog to Assigned on the WMF-Legal board.Apr 14 2016, 1:00 AM

Can/Should the 'inactive' user group go as well? If so it should be removed
from the accounts that have it first.

Also, is the maintenance script (T141954) ready?

Reedy removed a subscriber: Philippe-WMF.

Change 338792 had a related patch set uploaded (by Reedy):
Disable DisableAccount on two wikis were no disabled users

https://gerrit.wikimedia.org/r/338792

Reedy added a subscriber: Reedy.Feb 20 2017, 4:35 PM

Both legalteamwiki and ombudsmenwiki have no users in the inactive group. So proposing we disable the extension there in the first instance

As for everywhere else...

wikiusers to migrate
arbcom_enwiki69
checkuserwiki193
stewardwiki54

@Reedy Our internal tracking page on stewardwiki differs on the number of people whose accounts were removed using DisableAccount. Is that count correct? I'd be surprised that it were. If so, is it possible to know who did it? Thanks.

Reedy added a comment.Feb 20 2017, 6:04 PM

@Reedy Our internal tracking page on stewardwiki differs on the number of people whose accounts were removed using DisableAccount. Is that count correct? I'd be surprised that it were. If so, is it possible to know who did it? Thanks.

I did it, just before posting them (and that's what I used to decide where to disable the extension now)... Based on who is in the 'inactive' user group... Which is what the migration script in T141954 uses for working out who needs migrating

select count(*) from user_groups where ug_group = 'inactive';

At least, for stewardwiki, that is not correct @Reedy. We have been adding the 'inactive' flag to all blocked accounts manually. You should check who in those private wikis do not have an email and password: those will be the ones really in need to be migrated.

Reedy added a comment.EditedFeb 20 2017, 6:24 PM

At least, for stewardwiki, that is not correct @Reedy. We have been adding the 'inactive' flag to all blocked accounts manually. You should check who in those private wikis do not have an email and password: those will be the ones really in need to be migrated.

Based on that...

Also, is the maintenance script (T141954) ready?

The answer to that is no then, based on your comment above?

Any accounts already blocked etc, will just be reblocked if in that group. So no harm done in those cases

mysql:wikiadmin@db1078 [stewardwiki]> select count(*) from user where user_password = "" OR user_email = "";
+----------+
| count(*) |
+----------+
|        6 |
+----------+
1 row in set (0.00 sec)

My on-wiki count is 2. Can you run it with AND user_email instead of OR?

Reedy added a comment.Feb 20 2017, 6:33 PM
mysql:wikiadmin@db1078 [stewardwiki]> select count(*) from user where user_password = "" AND user_email = "";
+----------+
| count(*) |
+----------+
|        4 |
+----------+
1 row in set (0.00 sec)

Change 338792 merged by jenkins-bot:
[operations/mediawiki-config@master] Disable DisableAccount on wikis where there are no disabled users

https://gerrit.wikimedia.org/r/338792

@MarcoAurelio is your on-wiki count still at two, or has it changed?

Reedy removed a subscriber: ZhouZ.

Change 452181 had a related patch set uploaded (by Amire80; owner: Amire80):
[translatewiki@master] Move DisableAccount and RelatedSites to the Legacy group

https://gerrit.wikimedia.org/r/452181

Change 452181 merged by jenkins-bot:
[translatewiki@master] Move DisableAccount and RelatedSites to the Legacy group

https://gerrit.wikimedia.org/r/452181

Change 461726 had a related patch set uploaded (by Reedy; owner: Reedy):
[operations/mediawiki-config@master] Disable DisableAccount on all wikis

https://gerrit.wikimedia.org/r/461726

Change 461726 merged by jenkins-bot:
[operations/mediawiki-config@master] Disable DisableAccount on all wikis

https://gerrit.wikimedia.org/r/461726

Change 461731 had a related patch set uploaded (by Reedy; owner: Reedy):
[operations/mediawiki-config@master] Remove DisableAccount from CommonSettings.php

https://gerrit.wikimedia.org/r/461731

Change 461732 had a related patch set uploaded (by Reedy; owner: Reedy):
[operations/mediawiki-config@master] Remove DisableAccount from InitialiseSettings.php and extension-list

https://gerrit.wikimedia.org/r/461732

Mentioned in SAL (#wikimedia-operations) [2018-09-20T19:57:49Z] <reedy@deploy1001> Synchronized wmf-config/InitialiseSettings.php: Disable DisableAccount T106067 (duration: 00m 51s)

Change 461733 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/tools/release@master] Stop branching DisableAccount

https://gerrit.wikimedia.org/r/461733

Change 461731 merged by jenkins-bot:
[operations/mediawiki-config@master] Remove DisableAccount from CommonSettings.php

https://gerrit.wikimedia.org/r/461731

Mentioned in SAL (#wikimedia-operations) [2018-09-24T22:43:16Z] <reedy@deploy1001> Synchronized wmf-config/CommonSettings.php: Bye bye DisableAccount T106067 (duration: 00m 51s)

Change 461732 merged by jenkins-bot:
[operations/mediawiki-config@master] Remove DisableAccount from InitialiseSettings.php and extension-list

https://gerrit.wikimedia.org/r/461732

Reedy closed this task as Resolved.Sep 24 2018, 11:34 PM
Reedy claimed this task.
Reedy removed a project: Patch-For-Review.

Extension is undeployed... T158594 doesn't block it, that's only in wmf-config, and isn't particularly dependant on the extnesion

Extension is undeployed... T158594 doesn't block it, that's only in wmf-config, and isn't particularly dependant on the extnesion

I removed {{OnWikimedia}} from https://www.mediawiki.org/wiki/Extension:DisableAccount and removed the entry from https://www.mediawiki.org/wiki/Developers/Maintainers#MediaWiki_extensions_deployed_by_WMF

Thanks Andre! :)

Change 461733 merged by jenkins-bot:
[mediawiki/tools/release@master] Stop branching DisableAccount

https://gerrit.wikimedia.org/r/461733