Page MenuHomePhabricator
Create Task
Maniphest T127887

Disable ability to log in with old user credentials (pre-SUL finalization)
Closed, ResolvedPublic
Actions

Description

For SUL finalization, a system was put into place that would allow users to log in with old credentials to recover their renamed account. This feature should be removed on or after 15 April 2016, one year after SUL finalization started.

Gerrit changes that put this in place:

I might be missing some, please add.

Details

SubjectRepoBranchLines +/-
Disable $wgCentralAuthCheckSULMigration functionalityoperations/mediawiki-configmaster+0 -3
Customize query in gerrit

Event Timeline

Keegan created this task.Feb 23 2016, 10:23 PM
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptFeb 23 2016, 10:23 PM
Keegan renamed this task from Disable SUL conflicting usernames login screen to Disable ability to log in with old user credentials (pre-SUL finalization).Feb 23 2016, 10:40 PM
Keegan triaged this task as Medium priority.Feb 23 2016, 11:23 PM
Krenair subscribed.Apr 14 2016, 7:48 PM

Do we have any information about how often this is used?

bd808 added subscribers: Legoktm, bd808.Apr 14 2016, 8:52 PM
In T127887#2208109, @Krenair wrote:

Do we have any information about how often this is used?

@Legoktm searched and found:

$ zgrep -c "Coercing user to" CentralAuth.log-201604*
CentralAuth.log-20160401.gz:89
CentralAuth.log-20160402.gz:94
CentralAuth.log-20160403.gz:69
CentralAuth.log-20160404.gz:69
CentralAuth.log-20160405.gz:88
CentralAuth.log-20160406.gz:95
CentralAuth.log-20160407.gz:94
CentralAuth.log-20160408.gz:86
CentralAuth.log-20160409.gz:85
CentralAuth.log-20160410.gz:94
CentralAuth.log-20160411.gz:77
CentralAuth.log-20160412.gz:78
CentralAuth.log-20160413.gz:100
CentralAuth.log-20160414.gz:113

That's pretty low compared to the ~50 logins per minute that happen across the cluster.

Keegan added a comment.Apr 14 2016, 8:57 PM
In T127887#2208360, @bd808 wrote:
In T127887#2208109, @Krenair wrote:

Do we have any information about how often this is used?

@Legoktm searched and found:






...



That's pretty low compared to the ~50 logins per minute that happen across the cluster.



Yup. I don't think we can statistically get much more low-impact than this, so it's time to remove it.
Keegan assigned this task to Legoktm.Apr 14 2016, 8:58 PM
Keegan updated the task description. (Show Details)Apr 15 2016, 12:20 AM
gerritbot subscribed.May 12 2016, 5:34 PM
Change 288435 had a related patch set uploaded (by Legoktm):

Disable $wgCentralAuthCheckSULMigration functionality



https://gerrit.wikimedia.org/r/288435
gerritbot added a project: Patch-For-Review.May 12 2016, 5:34 PM
gerritbot added a comment.May 17 2016, 11:13 PM
Change 288435 merged by jenkins-bot:

Disable $wgCentralAuthCheckSULMigration functionality



https://gerrit.wikimedia.org/r/288435
Stashbot subscribed.May 17 2016, 11:14 PM
Mentioned in SAL [2016-05-17T23:14:23Z] <dereckson@tin> Synchronized wmf-config/CommonSettings.php: Disable $wgCentralAuthCheckSULMigration functionality (T127887) (duration: 00m 25s)
Legoktm closed this task as Resolved.May 17 2016, 11:39 PM
Confirmed by failing to log into my SULF renamed test account.
MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.Dec 15 2016, 4:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL