Page MenuHomePhabricator

Global account lock is not fully effective?
Open, Needs TriagePublic

Description

Looking at this account information:
https://meta.wikimedia.org/wiki/Special:CentralAuth/%D0%A4%D1%83%D1%8D%D1%80%D0%B4%D0%B0%D0%B9_%D0%B2%D0%B0%D0%BD%D0%B4%D0%B0%D0%BB
I noticed that the user was able to create accounts on some wikis after being globally blocked (exactly 5'46" later).

This should not be possible. Is global block really effective?

Or the timings provided there are false?

Event Timeline

Ankry created this task.Jan 14 2019, 9:54 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 14 2019, 9:54 PM

Curious indeed. Locking an account immediatelly kicks the user out of the session and makes their password not to work anymore (unless unlocked). And while accounts at loginwiki, metawiki and mediawikiwiki are created automatically regardless of where you initially create an account, I am not sure why CentralAuth marks them as created several minutes before the lock. Looking at the local log the account seems to be created several minutes after the lock as well. I guess some busy JobQueue/DB?

MarcoAurelio renamed this task from global block is not fully effective? to Global account lock is not fully effective?.Jan 15 2019, 11:28 AM
Rxy added a subscriber: Rxy.Jan 15 2019, 12:14 PM

When an account created at somewhere, CentralAuth does add Job to each wikis defined by $wgCentralAuthAutoCreateWikis. if lagged or JobQueue is busy, I guess may account creation is lagged .

ref: rECAU /includes/CentralAuthUtils.php$262 , /includes/CreateLocalAccountJob.php

I think @Rxy answered then:

I guess some busy JobQueue/DB?

Who can fetch the logs to have a confirmation?