Add a way to prevent user from log in and disable a users session when blocking
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Reedy
	May 1 2019, 4:18 PM

Description

In some wikis, if we block a user, we want to kill of their sessions and log them out (because they aren't allowed to edit their talk page, because requesting unblock isn't a rule on the wiki)...

invalidateUserSessions.php can be used to invalidate sessions, but not everyone always has shell access etc

Not sure if this should live in MW core, behind some feature flag... Or somewhere else?

Should be relatively simple to code though

(This user should not be able to log in to the wiki, otherwise they may easily circumvent such action)

See also T369706: Add a way to prevent user from log in and disable a users session when global blocking a user for the GlobalBlocking equivalent.

Details

	Subject	Repo	Branch	Lines +/-
	Disable a user session and log them out when blocking	mediawiki/core	master	+4 -1

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		None	T222281 Add a way to prevent user from log in and disable a users session when blocking
		Open		None	T359060 BlockDisablesLogin should be a block flag

Event Timeline

Reedy created this task.May 1 2019, 4:18 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 1 2019, 4:18 PM

Reedy updated the task description. (Show Details)May 1 2019, 4:18 PM

Paladox subscribed.May 1 2019, 4:19 PM

Reedy mentioned this in T222282: Log users out when they're blocked on wikitech.May 1 2019, 4:19 PM

Reedy added a parent task: T222282: Log users out when they're blocked on wikitech.

Krenair subscribed.May 1 2019, 4:24 PM

Let me try :)

Restricted Application added a project: User-Kizule. · View Herald TranscriptMay 2 2019, 12:51 AM

Change 507732 had a related patch set uploaded (by Zoranzoki21; owner: Zoranzoki21):
[mediawiki/core@master] Disable a user session and log them out when blocking

https://gerrit.wikimedia.org/r/507732

gerritbot added a project: Patch-For-Review.May 2 2019, 1:35 AM

In T222281#5151702, @gerritbot wrote:

Change 507732 had a related patch set uploaded (by Zoranzoki21; owner: Zoranzoki21):
[mediawiki/core@master] Disable a user session and log them out when blocking

https://gerrit.wikimedia.org/r/507732

I made patch and help with improvements is welcome. :)

Copying over the "in-patch" comment for better discussion

I think that this new feature should be behind a flag and/or as another option for the admin to check when creating the block.

Blocks are not always sitewide and logging out a user when creating a partial block (editing or otherwise) doesn't make much sense considering that the user can still perform other actions and/or keep editing other pages/namespaces

A checkbox in SpecialBlock behind a config flag would be the way to go imo. Said checkbox should probably be disabled for partial blocks considering that it doens't make much sense to provide such functionality in that particular case.

dmaza added a project: Anti-Harassment.May 2 2019, 2:05 AM

dmaza added subscribers: dbarratt, Tchanders, Niharika.

Restricted Application added a subscriber: MGChecker. · View Herald TranscriptMay 2 2019, 2:05 AM

Change 507732 abandoned by Zoranzoki21:
Disable a user session and log them out when blocking

Reason:
No, I am not feeling sure and I no want to work on this

https://gerrit.wikimedia.org/r/507732

Kizule removed Kizule as the assignee of this task.May 2 2019, 2:16 AM

Kizule removed projects: Patch-For-Review, User-Kizule.

In T222281#5151753, @dmaza wrote:
Copying over the "in-patch" comment for better discussion
I think that this new feature should be behind a flag and/or as another option for the admin to check when creating the block.

Blocks are not always sitewide and logging out a user when creating a partial block (editing or otherwise) doesn't make much sense considering that the user can still perform other actions and/or keep editing other pages/namespaces
A checkbox in SpecialBlock behind a config flag would be the way to go imo. Said checkbox should probably be disabled for partial blocks considering that it doens't make much sense to provide such functionality in that particular case.

i did say feature flag originally ;)

But yeah, I agree. It has some use for some types of blocks (indef block of everything), and on some types of wikis (like wikitech where blocks are more used for bad actors/spammers etc, rather than things like edit warring). But it definitely shouldn’t just be done unconditionally for all blocks

i did say feature flag originally ;)

You did, sorry I missed it :)

Niharika removed a project: Anti-Harassment.May 7 2019, 10:33 PM

RhinosF1 subscribed.May 11 2019, 5:39 AM

bd808 removed a parent task: T222282: Log users out when they're blocked on wikitech.May 15 2019, 3:28 PM

Tchanders moved this task from Backlog to User blocking on the MediaWiki-User-management board.Jun 5 2019, 8:50 PM

we want to kill of their sessions and log them out
because requesting unblock isn't a rule on the wiki...
because they aren't allowed to edit their talk page,

If you need all these, there's no reason to not use $wgBlockDisablesLogin = true

DannyS712 edited projects, added MediaWiki-Blocks; removed MediaWiki-User-management.Apr 25 2020, 12:10 AM

Restricted Application added a project: MediaWiki-User-management. · View Herald TranscriptApr 25 2020, 12:10 AM

Aklapper removed a project: MediaWiki-User-management.Apr 25 2020, 12:23 PM

Bugreporter merged a task: T35737: wgBlockDisablesLogin - block form checkbox?.May 16 2020, 10:47 PM

Bugreporter updated the task description. (Show Details)

Bugreporter added subscribers: Jasper, Parent5446, • wikibugs-l-list.

Bugreporter renamed this task from Add a way to disable a users session and log them out when blocking to Add a way to prevent user from log in and disable a users session when blocking.May 16 2020, 11:07 PM

TheresNoTime removed a subscriber: RhinosF1.Dec 15 2022, 11:36 PM

Bugreporter mentioned this in T333244: Warn and confirm for self global locks.Oct 7 2023, 10:06 AM

IMO the correct way to do it:

Add Block::isLoginBlocked() which in the default implementation just checks $wgBlockDisablesLogin and whether the block is sitewide.
Replace all outside uses of $wgBlockDisablesLogin with this new method.
Add a "lock" checkbox to the GlobalBlocking block form once T17294: Allow globally blocking of accounts is done. (Maybe the core one too, but it's a feature in search of a use case.) Add a globalblocks.gb_lock field to store it in. Make sure SessionManager::invalidateSessionsForUser() is called when the checkbox is set.
Replace all references to globaluser.gu_locked with globalblocks.gb_lock. This is the hard part; you need a join, need to think about query performance, there might be multiple blocks, partial blocks, blocks that apply via the IP etc. But it's not used much, mostly just to display things. Possibly can be replaced with a standard BlockManager-based lookup.
Murder CentralAuth account locking code with extreme prejudice.

CentralAuth locks are per-user flags, this would be a per-block flag, so the semantics are pretty different, and arguably the per-user one makes more sense (it's unlikely that we'd want to lock someone out with an expiry, for example). But there is so much infrastructure for blocks that would be useful for locking but too much work to recreate, that it's probably a good change even despite that.

For usage in non-CentralAuth sites we may build a feature in MediaWiki core, but this (local) feature should be disabled if CentralAuth is installed (it may no sense to disable login of local SUL accounts).

BTW (not directly related to this task), the hidden and suppressed status of global accounts is stored in gu_hidden_level column (added in T297094) and is a per user flag; while local suppressed status (ipb_deleted) is per block. For the latter, see also T346716: Split user suppression/hiding (ipb_deleted) out of the ipblocks table.

Stang subscribed.Oct 8 2023, 1:58 AM

In T222281#9233326, @Bugreporter wrote:

For usage in non-CentralAuth sites we may build a feature in MediaWiki core

Sure, I just mean, does anybody need that feature?

In T222281#9233386, @Tgr wrote:

In T222281#9233326, @Bugreporter wrote:

For usage in non-CentralAuth sites we may build a feature in MediaWiki core

Sure, I just mean, does anybody need that feature?

Since one usage of lock is to handle compromised accounts, such a feature also useful for 3rd party wikis (as an alternative of invalidate password and session, which requires shell access).

Tgr mentioned this in T326937: Prepare CentralAuth extension for IP Masking.Oct 9 2023, 3:25 PM

Bugreporter mentioned this in T355286: [Epic] Globally blocking a temporary account should prevent further account creations.Jan 19 2024, 1:25 AM

Vermont subscribed.Jan 19 2024, 4:08 AM

Bugreporter mentioned this in T17294: Allow globally blocking of accounts.Feb 9 2024, 2:35 PM

Bugreporter added a subtask: T359060: BlockDisablesLogin should be a block flag.Mar 4 2024, 4:22 PM

dbarratt unsubscribed.Mar 4 2024, 4:30 PM

Tgr mentioned this in T359060: BlockDisablesLogin should be a block flag.Mar 4 2024, 9:03 PM

Bugreporter mentioned this in T369706: Add a way to prevent user from log in and disable a users session when global blocking a user.Jul 10 2024, 11:46 AM

Bugreporter removed a project: GlobalBlocking.

Bugreporter updated the task description. (Show Details)