Page MenuHomePhabricator
Create Task
Maniphest T152450

Correctly report if an user account could potentially exist in single sign on scenarii like CentralAuth
Closed, DeclinedPublic
Actions

Description

Currently, any wiki with single sign on and a provisionning model will create users only when the user tries to log in / provision an account.

For example, on Wikimedia projects, as long as an user doesn't visit de.wikipedia, the account there doesn't exist.

What happens when the account username exists in the reference database, for Wikimedia SUL accounts, but not locally? Currently, it prints the userpage-userdoesnotexist-view message: user does not exist. Technically, this is true, the user doesn't exist locally.

Yet, this information isn't the most valuable and useful information we can give to the user. Worst, this information is misleading, as demonstrated on T152128 where the message was understood as a SUL bug.

Outside Wikimedia, this is interesting for any other authentication extension using unique usernames across sites, ie when the username on the wiki will be some fixed username from an existing database and not chosen by the user.

Suggested plan

  • Add to MediaWiki core in the relevant interface a method to implement by the authentication extension to indicate if the account could exist
  • Implement this in CentralAuth
  • Document for authentication plugins author how they can implement this feature

Suggested temporary solution

Meanwhile it's implemented, for the Wikimedia cluster, we can improve the userpage-userdoesnotexist-view.
@Amqui suggests to add "on this project/wiki" and "check [[Special:CentralAuth]] to know if it's exist or not", I'add add globally.

Related Objects

Event Timeline

Dereckson created this task.Dec 5 2016, 9:06 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 5 2016, 9:06 PM
Dereckson mentioned this in T152128: No SUL login when account is created on ca.wikimedia.org (for specific user?).Dec 5 2016, 9:06 PM
Dereckson moved this task from Backlog to AuthManager Backlog on the MediaWiki-Core-AuthManager board.
Tgr subscribed.Dec 5 2016, 10:17 PM

Works as expected in core:

tgr@terbium:~$ mwscript eval.php --wiki=eowiki
> echo User::newFromName( 'Syletourneau' )->isAnon()
1
> echo \MediaWiki\Auth\AuthManager::singleton()->userExists( 'Syletourneau' )
1
Anomie subscribed.Dec 5 2016, 10:53 PM

I think you need a new plan.

  • Add to MediaWiki core in the relevant interface a method to implement by the authentication extension to indicate if the account could exist

This already exists, see MediaWiki\Auth\AuthManager::userExists().

  • Implement this in CentralAuth

This is already done too.

  • Document for authentication plugins author how they can implement this feature

And this, see documentation for MediaWiki\Auth\PrimaryAuthenticationProvider.

It sounds like you should focus on identifying things that are only checking local user existence.

Aklapper triaged this task as Lowest priority.Jan 25 2017, 6:43 PM
NHarateh_WMF added a project: Product-Infrastructure-Team-Backlog-Deprecated.Apr 25 2017, 12:42 PM
NHarateh_WMF moved this task from Needs triage to Backlog on the Product-Infrastructure-Team-Backlog-Deprecated board.Apr 25 2017, 12:45 PM
Tgr changed the task status from Open to Stalled.May 2 2017, 2:42 PM
Tgr removed projects: Product-Infrastructure-Team-Backlog-Deprecated, Reading-Infrastructure-Team-Old (Don't use).

This task needs to be rewritten to be actionable. Is it about changing the message displayed on user pages where the page does not exist but the user does (centrally)?

Aklapper closed this task as Declined.May 10 2020, 8:55 AM

This task needs to be rewritten to be actionable. Is it about changing the message displayed on user pages where the page does not exist but the user does (centrally)?

Unfortunately closing this Phabricator task as no further information has been provided.

@Dereckson: After you have provided the information asked for and if this still happens, please set the status of this task back to "Open" via the Add Action...Change Status dropdown. Thanks!

MarcoAurelio moved this task from Backlog to Closed on the WikimediaMessages board.May 14 2020, 9:52 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL