Page MenuHomePhabricator

PAWS public-link is lowercase but the paws-public server is case-sensitive
Closed, ResolvedPublic

Description

The current public link button on each notebook points to a lowercase version of the username. The paws-public.wmflabs.org/paws-public/ endpoint, however, will throw a 404 for users that have an uppercase letter that is not the first letter.

For example, my ChicoBot account can have its notebooks accessed via http://paws-public.wmflabs.org/paws-public/User:chicoBot/ or http://paws-public.wmflabs.org/paws-public/User:ChicoBot/ . The button, however, points to http://paws-public.wmflabs.org/paws-public/User:chicobot/ which is not found.

Event Timeline

Edgars2007 triaged this task as High priority.Dec 10 2017, 6:20 AM
Edgars2007 added a subscriber: Edgars2007.

Setting it to high. Because of it many users can't use PAWS

Tbayer added a subscriber: Tbayer.
Chicocvenancio added a subscriber: yuvipanda.EditedJan 23 2018, 9:24 PM

@yuvipanda Adding you here because I can't really figure out how that public link button is created and where I might try to look to fix it. (we could go to something like location ~* on nginx, but it might have performance impacts).

Chicocvenancio added a comment.EditedFeb 5 2018, 7:47 PM

Seeing https://github.com/yuvipanda/nbpawspublic/blob/master/nbpawspublic/static/main.js it seems the public link is a simple replace upon the "private" link. This makes for a weird "technical" possibility of two users having the same link, however, since we have policies against "similar usernames" this isn't a real issue for Wikimedia wikis and PAWS. (eg Chicobot and ChicoBot)

It is likely, however, that the simplest solution is to change nginx on the public links to match the behaviour for private links.

It seems private paws links are unaffected by user input and likely will not create problems for user with cased versions of other users. It does seem like a good idea to set the usernames in these links to their proper case, however. And it would resolve this issue.

Apparently Jupyterhub lowercases every username.

Does anyone know a way to query the mediawiki api for case-insensitive usernames? We could send the public link to the centralid (in the case of a single user for a case insensitive user search, which would be most of them).

At any rate, I'll start an issue upstream to see the reason for that and maybe allow us to use case sensitive names.

Chicocvenancio changed the task status from Open to Stalled.Feb 23 2018, 1:54 AM
Chicocvenancio changed the task status from Stalled to Open.Mar 10 2018, 12:19 AM
Chicocvenancio claimed this task.

The PR I sent there solves this. Confirmed it by overriding the method in paws-beta. I am a bit worried about unintended consequences of changing the usernames for every PAWS user though.

Small tests in paws-beta indicate nothing will change (username will only change if user logs out, keep the directory, no visible adverse effects). To be safe, however, I think it is wise to have a script lookup the case-sensitive version of every user on the database and then updating the db to match it. We'd also need to invalidate every session so users need to login again and "change" their username.

Thanks for your work on this! (speaking as one of the victims, as user HaeB != haeb)
It seems that your upstream pull request has since gotten merged?

Chicocvenancio changed the task status from Open to Stalled.EditedMay 14 2018, 2:56 PM

@Tbayer I was hoping for a release of oauthenticator before using this in production, but we can push it out before. One blocker we do have at this point is that this will involve a lot of db activity, and the current sqlite db is very non-performant. We are waiting for the next jupyterhub release that has a fix for that. Basically T193828 is a blocker for this at this point.

On the good news side, I don't expect this to take more than a month or so.