Page MenuHomePhabricator

Validate global user ID; revisit user schema
Closed, ResolvedPublic


It should be impossible to submit endorsements from an invalid user. Page save validation should test the user string.

Meanwhile, let's look at the user schema again.

20:09 <+halfak> what about "user: {gui: 123}" or "user: {ip: ""}"?
20:09 <+halfak> That looks like the XML dump format to me

Let's do that. In fact, from

<element name="username" type="string" minOccurs="0"/>
<element name="id" type="nonNegativeInteger" minOccurs="0"/>
<element name="ip" type="string" minOccurs="0"/>

It would be even nicer if we support that exact schema for identifying users. Before we can do that, we need to confirm whether the hooks to suppress nasty usernames and handle renames can be integrated with JADE JSON.

Event Timeline

awight created this task.Oct 9 2018, 8:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 9 2018, 8:26 PM

Change 461502 had a related patch set uploaded (by Awight; owner: Awight):
[mediawiki/extensions/JADE@master] Validate global user ID in endorsements

awight added a subscriber: Halfak.Oct 9 2018, 11:06 PM

@Halfak I got some confirmation on IRC that nobody expects our extension to filter or rename users included in the JSON content. The analogous user signatures in wikitext aren't filtered in any special way, at least. This seems to clear our path to allowing usernames…

awight claimed this task.Oct 10 2018, 11:24 PM
awight moved this task from Active to Review on the Machine-Learning-Team (Active Tasks) board.
Harej moved this task from Inbox to Review on the Jade board.Oct 12 2018, 11:08 PM

Change 461502 merged by jenkins-bot:
[mediawiki/extensions/JADE@master] Split user schema into local ID, central ID, and IP

awight closed this task as Resolved.Oct 18 2018, 10:16 PM
awight moved this task from Review to Done on the Machine-Learning-Team (Active Tasks) board.