Page MenuHomePhabricator
Create Task
Maniphest T154064

Investigation: What would be the best way to support loginwiki from LoginNotify
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

The LoginNotify extension requires Echo to be useful, but loginwiki doesn't have Echo installed. What would the the best way to support loginwiki from LoginNotify?

Some possible ideas:

  • Install Echo on loginwiki and rely on cross-wiki notifications. (This might be problematic since we don't want people to actually visit loginwiki.)
  • Modify LoginNotify to send notifications to a user's home wiki (as defined by CentralAuth) rather than the local wiki.
  • Modify LoginNotify to send notifications to a configured fall-back wiki (e.g. meta) if Echo isn't available on the local wiki.
  • Disable login at loginwiki

See T153335#2899401 for more discussion.

Details

SubjectRepoBranchLines +/-
Disable logins on loginwiki to support LoginNotifyoperations/mediawiki-configmaster+3 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

kaldari created this task.Dec 24 2016, 12:11 AM
kaldari moved this task from New & TBD Tickets to Older: Team Work on the Community-Tech board.
kaldari edited projects, added MediaWiki-User-login-and-signup; removed All-and-every-Wikisource, IDS-extension.
kaldari edited parent tasks, added: T11838: Send notification to account owner on multiple unsuccessful login attempts; removed: T154044: Epic: Support custom Han characters on Chinese Wikisource.Dec 24 2016, 12:13 AM
kaldari moved this task from Older: Team Work to Needs Discussion on the Community-Tech board.Dec 24 2016, 12:15 AM
Krenair subscribed.Dec 24 2016, 12:26 AM
kaldari mentioned this in T153335: Investigation: Notify on multiple unsuccessful login attempts.Dec 24 2016, 12:39 AM
Tgr subscribed.Dec 24 2016, 12:56 AM

As far as AuthManager is concerned, the login happens on the wiki where you type in your password; on loginwiki a session is created, but that's a different thing from a login. An attacker going to loginwiki and logging in there is a concern, but that can probably be prevented by simply disabling login (that came up in the past but I don't remember the details; maybe @Bawolff does).

One thing to consider is that Echo uses a queue so emails are not sent instantly. An attacker can probably prevent them from being sent by immediately changing email address or Echo preferences.

T128351: Notifications should be in core might eventually make the issue of non-Echo wikis moot.

Billinghurst subscribed.Dec 24 2016, 10:07 AM

Problem with "home" wiki is that for many it is not. That may require the ability to set a "home" wiki

kaldari added a project: MediaWiki-extensions-LoginNotify.Dec 28 2016, 8:05 PM
kaldari updated the task description. (Show Details)
kaldari set the point value for this task to 3.Jan 3 2017, 5:41 PM
kaldari moved this task from Needs Discussion to Up Next (May 6-17) on the Community-Tech board.
DannyH edited projects, added Community-Tech-Sprint; removed Community-Tech.Jan 3 2017, 6:07 PM
Niharika claimed this task.Jan 6 2017, 5:08 PM
Niharika moved this task from Ready to In Development on the Community-Tech-Sprint board.
Niharika added a subscriber: Legoktm.Jan 19 2017, 1:17 PM

@Legoktm Do you have any thoughts about disabling login on loginwiki altogether?

Legoktm added a comment.Jan 20 2017, 11:18 AM

That seems like the best option out of the list IMO.

Niharika added a comment.Jan 23 2017, 6:01 AM
In T154064#2955699, @Legoktm wrote:

That seems like the best option out of the list IMO.

From my understanding, CentralAuth uses loginwiki to centrally login the user. If we disable login on loginwiki, will that be affected? Or is it able to disable the manual logins only?

Legoktm added a comment.Jan 23 2017, 10:31 AM

Going off of what @Tgr said in T154064#2900070, loginwiki just handles the central login aspect, which is separate from the normal login (where you type in your username and password), so theoretically we could disable the normal login without affecting central login.

gerritbot subscribed.Jan 23 2017, 2:50 PM

Change 333653 had a related patch set uploaded (by Niharika29):
Disable logins on loginwiki to support LoginNotify

https://gerrit.wikimedia.org/r/333653

gerritbot added a project: Patch-For-Review.Jan 23 2017, 2:50 PM
Niharika moved this task from In Development to Needs Review/Feedback on the Community-Tech-Sprint board.Jan 23 2017, 2:54 PM
kaldari added a comment.Jan 26 2017, 6:46 PM

From Brad's feedback at https://gerrit.wikimedia.org/r/#/c/333653/ it sounds like disabling login on loginwiki is a bit more complicated than we were expecting. Does that still seem like the best solution?

Tgr added a comment.Jan 26 2017, 7:56 PM

I don't know much about installing Echo on loginwiki; I don't really understand the other two alternatives (how would you send notifications from a wiki where Echo is not installed?). As for disabling login, it's cumbersome but not particularly hard: modify a few config settings ($wgEnableBotPasswords, $wgAPIModules, $wgSessionProviders), add a one-liner PreAuthenticationProvider class to $wgAuthManagerConfig which always fails (probably requires a WikimediaMessages patch as well so it can be translated, or maybe we can just put that provider in core), add a one-liner to $wgHooks['PersonalUrls'] to remove the login link. The PreAuthenticationProvider stops all login attempts (apart from bot passwords / OAuth - how to handle those is probably a wider issue that's problematic on other wikis as well), the rest is just UX polish, so it's reasonably robust. Maybe add a UserLoggedIn hook throwing exceptions for layered defense.

kaldari added a comment.Jan 26 2017, 8:31 PM

@Tgr: Thanks for the feedback. It sounds like disabling login is the best route, so I'll go ahead and create a new task for that.

kaldari mentioned this in T156421: Disable login on loginwiki.Jan 26 2017, 8:45 PM
kaldari closed this task as Resolved.Jan 26 2017, 9:42 PM
kaldari moved this task from Needs Review/Feedback to Q1 2018-19 on the Community-Tech-Sprint board.
DannyH edited projects, added Community-Tech; removed Community-Tech-Sprint.Jan 31 2017, 10:47 PM
DannyH moved this task from Up Next (May 6-17) to Archive on the Community-Tech board.Jan 31 2017, 10:50 PM
kaldari mentioned this in T157105: Enable Echo on loginwiki.Feb 3 2017, 6:33 AM
Mattflaschen-WMF subscribed.Feb 7 2017, 7:17 PM
In T154064#2974070, @kaldari wrote:

@Tgr: Thanks for the feedback. It sounds like disabling login is the best route, so I'll go ahead and create a new task for that.

Follow-up for people reading this ticket: T156421: Disable login on loginwiki was declined, so we're looking at T157105: Enable Echo on loginwiki instead.

Niharika added a comment.Feb 13 2017, 6:21 AM
In T154064#3006690, @Mattflaschen-WMF wrote:

Follow-up for people reading this ticket: T156421: Disable login on loginwiki was declined, so we're looking at T157105: Enable Echo on loginwiki instead.

That task gives me Access denied.

kaldari added a comment.Feb 13 2017, 5:25 PM

@Niharika: Added you as a subscriber.

gerritbot added a comment.Apr 7 2017, 6:19 PM

Change 333653 abandoned by Niharika29:
Disable logins on loginwiki to support LoginNotify

Reason:
Now that loginwiki has echo, we don't need this.

https://gerrit.wikimedia.org/r/333653

MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-LoginNotify board.Aug 28 2017, 8:04 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL