Page MenuHomePhabricator
Create Task
Maniphest T124861

resetGlobalUserTokens is too slow
Open, Needs TriagePublic
Actions

Description

Currently it takes about a week to drop all sessions (ie. log everyone out) on all Wikimedia wikis. If there is a real danger of account theft, that's not a huge help; the scripts needs to be significantly faster.

See also: T49490: resetUserTokens.php not usable on large wikis

Details

SubjectRepoBranchLines +/-
Speed up ResetGlobalUserTokensmediawiki/extensions/CentralAuthmaster+38 -14
Use $wgAuthenticationTokenVersionmediawiki/extensions/CentralAuthmaster+15 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved demonT125596 MW-1.27.0-wmf.13 deployment blockers
 OpenNoneT124861 resetGlobalUserTokens is too slow

Event Timeline

Tgr created this task.Jan 27 2016, 5:29 AM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added projects: MediaWiki-extensions-CentralAuth, MediaWiki-Core-AuthManager.
Tgr subscribed.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptJan 27 2016, 5:29 AM
Tgr mentioned this in T124440: Invalidate all users sessions.Jan 27 2016, 5:29 AM
Luke081515 subscribed.Jan 27 2016, 6:41 AM
Tgr added a comment.Jan 29 2016, 10:07 PM

The reason for the slowness is that a separate database update is done for every user. Changing it to a multi-row operation is not trivial as it would have to set the token field of each row to a different, cryptographically secure value in a replication-safe way (so using built-in random functions is not an option).

For MySQL that could probably be achieved with something like

SET @token := '';
UPDATE globaluser
SET gu_auth_token = ( @token := sha1( concat( <salt>, @token ) ) )
WHERE gu_id IN (...);

But it would be nicer to have an explicit "invalid" value for tokens, just like it's done for passwords, and just set all fields to that and let the autoupdate the next time a token is needed.

Tgr added a comment.EditedJan 29 2016, 10:08 PM

(duplicate comment removed)

Legoktm subscribed.Jan 30 2016, 8:43 AM

I was also thinking about having some constant $wgSessionVersion = 1, and we just bump that everytime we need to invalidate all sessions.

gerritbot subscribed.Feb 1 2016, 8:48 PM

Change 267735 had a related patch set uploaded (by Anomie):
Use $wgAuthenticationTokenVersion

https://gerrit.wikimedia.org/r/267735

gerritbot added a project: Patch-For-Review.Feb 1 2016, 8:48 PM
gerritbot added a comment.Feb 2 2016, 7:36 PM

Change 267735 merged by jenkins-bot:
Use $wgAuthenticationTokenVersion

https://gerrit.wikimedia.org/r/267735

ReleaseTaggerBot added a project: MW-1.27-release (WMF-deploy-2016-02-09_(1.27.0-wmf.13)).Feb 2 2016, 8:00 PM
greg added a parent task: T125596: MW-1.27.0-wmf.13 deployment blockers.Feb 3 2016, 12:32 AM
greg mentioned this in T49490: resetUserTokens.php not usable on large wikis.
RobLa-WMF awarded a token.Feb 5 2016, 2:00 AM
gerritbot added a comment.Feb 6 2016, 1:24 AM

Change 268850 had a related patch set uploaded (by Gergő Tisza):
Speed up ResetGlobalUserTokens

https://gerrit.wikimedia.org/r/268850

TerraCodes subscribed.Feb 6 2016, 10:15 PM
Tgr updated the task description. (Show Details)Feb 10 2016, 3:08 AM
Tgr set Security to None.
Zabe subscribed.Jul 14 2022, 12:31 PM
Pppery edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Dec 10 2023, 8:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits