Page MenuHomePhabricator

Beta cluster: CAS update failed on gu_cas_token for user X
Closed, ResolvedPublic

Description

This started appearing on beta at 14:50 UTC and 3872ec40c77f57298fe8faa141d814041800ff79 was merged at 14:36 so probably related.

/srv/mediawiki/php-master/extensions/CentralAuth/includes/CentralAuthUser.php:2584
CAS update failed on gu_cas_token for user ID '21654' (read from master); the version of the user to be saved is older than the current version.
  #0 /srv/mediawiki/php-master/extensions/CentralAuth/includes/CentralAuthUser.php(2533): CentralAuthUser->saveSettings()
  #1 /srv/mediawiki/php-master/extensions/CentralAuth/includes/session/CentralAuthSessionProvider.php(377): CentralAuthUser->resetAuthToken()
  #2 /srv/mediawiki/php-master/includes/session/SessionManager.php(314): CentralAuthSessionProvider->invalidateSessionsForUser(User)
  #3 /srv/mediawiki/php-master/includes/auth/AuthManager.php(2336): MediaWiki\Session\SessionManager->invalidateSessionsForUser(User)
  #4 /srv/mediawiki/php-master/includes/auth/AuthManager.php(1653): MediaWiki\Auth\AuthManager->setDefaultUserOptions(User, boolean)
  #5 /srv/mediawiki/php-master/extensions/CentralAuth/includes/CentralAuthUtils.php(141): MediaWiki\Auth\AuthManager->autoCreateUser(User, string, boolean)
  #6 /srv/mediawiki/php-master/extensions/CentralAuth/includes/CreateLocalAccountJob.php(56): CentralAuthUtils::autoCreateUser(User)
  #7 /srv/mediawiki/php-master/includes/jobqueue/JobRunner.php(265): CentralAuthCreateLocalAccountJob->run()
  #8 /srv/mediawiki/php-master/includes/jobqueue/JobRunner.php(179): JobRunner->executeJob(CentralAuthCreateLocalAccountJob, BufferingStatsdDataFactory, integer)
  #9 /srv/mediawiki/rpc/RunJobs.php(47): JobRunner->run(array)

Event Timeline

We do lots of CA token resets on autocreation (one on UserSaveSettings, and one on invalidateSessionsForUser for the session and the token provider each), I wonder if there is a way to skip those. What's the point of invalidating sessions in AuthManager::setDefaultUserOptions?

That said, CA just logs an exception on CAS error, does not actually throw it, so this seems to be harmless apart from the log spam and not the cause of any CA login issue.

What's the point of invalidating sessions in AuthManager::setDefaultUserOptions?

It's wrong, and I'm about to submit a fix for that. I was overzealous in changing $user->setToken() calls in If89d2483 PS160.

Tgr claimed this task.

The warnings went away after merging the patch.