Page MenuHomePhabricator
Create Task
Maniphest T206573

Validate global user ID; revisit user schema
Closed, ResolvedPublic
Actions

Description

It should be impossible to submit endorsements from an invalid user. Page save validation should test the user string.

Meanwhile, let's look at the user schema again.

20:09 <+halfak> what about "user: {gui: 123}" or "user: {ip: "123.110.0.1"}"?
20:09 <+halfak> That looks like the XML dump format to me

Let's do that. In fact, from https://www.mediawiki.org/xml/export-0.10.xsd

<element name="username" type="string" minOccurs="0"/>
<element name="id" type="nonNegativeInteger" minOccurs="0"/>
<element name="ip" type="string" minOccurs="0"/>

It would be even nicer if we support that exact schema for identifying users. Before we can do that, we need to confirm whether the hooks to suppress nasty usernames and handle renames can be integrated with JADE JSON.

Details

SubjectRepoBranchLines +/-
Split user schema into local ID, central ID, and IPmediawiki/extensions/JADEmaster+343 -11
Customize query in gerrit

Related Objects

Event Timeline

awight created this task.Oct 9 2018, 8:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 9 2018, 8:26 PM
awight updated the task description. (Show Details)Oct 9 2018, 8:41 PM
awight edited projects, added Machine-Learning-Team (Active Tasks); removed Machine-Learning-Team.
gerritbot subscribed.Oct 9 2018, 9:00 PM

Change 461502 had a related patch set uploaded (by Awight; owner: Awight):
[mediawiki/extensions/JADE@master] Validate global user ID in endorsements

https://gerrit.wikimedia.org/r/461502

gerritbot added a project: Patch-For-Review.Oct 9 2018, 9:00 PM
awight mentioned this in rEJAD0f5db26de500: Validate global user ID in endorsements.Oct 9 2018, 9:03 PM
awight added a subscriber: Halfak.Oct 9 2018, 11:06 PM

@Halfak I got some confirmation on IRC that nobody expects our extension to filter or rename users included in the JSON content. The analogous user signatures in wikitext aren't filtered in any special way, at least. This seems to clear our path to allowing usernames…

awight mentioned this in rEJAD98eb6946cc59: Split user schema into ID, IP, or username; validate.Oct 10 2018, 3:28 PM
awight mentioned this in rEJAD2fe04a735f33: Split user schema into ID or IP; validate.Oct 10 2018, 3:48 PM
awight claimed this task.Oct 10 2018, 11:24 PM
awight moved this task from Parked to Review on the Machine-Learning-Team (Active Tasks) board.
awight mentioned this in rEJAD7aab7eec596b: Split user schema into ID or IP; validate.Oct 11 2018, 10:15 PM
awight mentioned this in rEJAD1c5b979830bf: Split user schema into ID or IP; validate.Oct 12 2018, 7:54 PM
Harej moved this task from Inbox to Review on the Jade board.Oct 12 2018, 11:08 PM
awight mentioned this in rEJAD9ac5480e574e: [WIP] Split user schema into local, global ID, and IP.Oct 15 2018, 10:59 PM
awight mentioned this in rEJAD31386e658e7e: Split user schema into local, global ID, and IP.Oct 16 2018, 4:20 AM
awight mentioned this in rEJADebca6d4a2b1e: Split user schema into local, global ID, and IP.Oct 16 2018, 4:36 AM
awight mentioned this in rEJADe521a238cd91: Split user schema into local, global ID, and IP.Oct 16 2018, 7:58 AM
awight mentioned this in rEJAD31fdb4b2a06c: Split user schema into local ID, central ID, and IP.Oct 16 2018, 4:52 PM
awight mentioned this in rEJADaaf792e032b4: Split user schema into local ID, central ID, and IP.Oct 16 2018, 7:35 PM
awight mentioned this in rEJAD005c33be3316: Split user schema into local ID, central ID, and IP.Oct 16 2018, 10:31 PM
awight mentioned this in rEJAD45c71c502b56: Split user schema into local ID, central ID, and IP.Oct 17 2018, 7:49 PM
awight mentioned this in rEJAD9202a0429d91: Split user schema into local ID, central ID, and IP.Oct 17 2018, 11:49 PM
gerritbot added a comment.Oct 18 2018, 12:03 AM

Change 461502 merged by jenkins-bot:
[mediawiki/extensions/JADE@master] Split user schema into local ID, central ID, and IP

https://gerrit.wikimedia.org/r/461502

ReleaseTaggerBot added a project: MW-1.33-notes (1.33.0-wmf.1; 2018-10-23).Oct 18 2018, 1:01 AM
awight closed this task as Resolved.Oct 18 2018, 10:16 PM
awight moved this task from Review to Completed on the Machine-Learning-Team (Active Tasks) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL