Page MenuHomePhabricator
Create Task
Maniphest T227696

OAuth extension uses session object store directly
Closed, ResolvedPublic
Actions

Description

In doing some analysis for making the main stash DC-aware, I came across this code in the OAuth extension:

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/OAuth/+/refs/heads/master/includes/backend/MWOAuthUtils.php#44

It's explicitly getting the session storage using $wgSessionCacheType and using that for writing its own data. This will probably cause some problems with the test roll out.

I think the right fix here is to change it to use its own configuration variable for its storage backend, and fall back to MediaWikiServices::getInstance()->getMainObjectStash();

As far as I can tell, none of the 176 other extensions we use in production use the SessionCacheType config variable explicitly, and it also doesn't appear in unexpected places in MediaWiki core.

Details

SubjectRepoBranchLines +/-
Specify CentralAuth and OAuth session storage separately from per-wiki session storage.operations/mediawiki-configmaster+8 -0
Allow separating OAuth and per-wiki session storage.mediawiki/extensions/OAuthmaster+6 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

EvanProdromou created this task.Jul 10 2019, 6:02 PM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptJul 10 2019, 6:02 PM
BPirkle added a comment.Jul 10 2019, 6:43 PM

Thanks @EvanProdromou , I'm working on a change for this.

EvanProdromou updated the task description. (Show Details)Jul 10 2019, 6:45 PM
gerritbot added a comment.Jul 10 2019, 8:40 PM

Change 521950 had a related patch set uploaded (by BPirkle; owner: BPirkle):
[mediawiki/extensions/OAuth@master] Allow separating OAuth and per-wiki session storage.

https://gerrit.wikimedia.org/r/521950

gerritbot added a project: Patch-For-Review.Jul 10 2019, 8:40 PM
gerritbot added a comment.Jul 10 2019, 8:49 PM

Change 521409 had a related patch set uploaded (by BPirkle; owner: BPirkle):
[operations/mediawiki-config@master] Specify CentralAuth and OAuth session storage separately from per-wiki session storage.

https://gerrit.wikimedia.org/r/521409

BPirkle added a comment.Jul 10 2019, 8:55 PM

OAuth change posted, OAuth configuration added to the existing configuration change.

As with T227097, it does not matter what order these deploy in. If the extension change(s) deploy first, the new variables are optional so they'll just fall back to the existing $wgSessionCacheType variable that they are already using. If the configuration change deploys first, it will simply set new variables that nothing reads. Once they deploy, OAuth and CentralAuth will still point at the same place they are already pointing, so there will be no change in behavior. What we will have accomplished is the ability to move only per-wiki session storage, for first testing then deploying Kask, without affecting CentralAuth or OAuth.

gerritbot added a comment.Jul 11 2019, 8:11 PM

Change 521950 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Allow separating OAuth and per-wiki session storage.

https://gerrit.wikimedia.org/r/521950

BPirkle mentioned this in rEOAUa6ec212b25ee: Allow separating OAuth and per-wiki session storage..Jul 11 2019, 8:11 PM
ReleaseTaggerBot added a project: MW-1.34-notes (1.34.0-wmf.14; 2019-07-16).Jul 11 2019, 9:00 PM
WDoranWMF edited projects, added Platform Engineering (Mainstash Multi-DC); removed Platform Team Workboards (Team 2), Platform Engineering (Session Management Service (CDP2)).Jul 18 2019, 8:27 PM
WDoranWMF subscribed.

@EvanProdromou We should include this under consideration in Main Stash Initiative

WDoranWMF moved this task from Mainstash Multi-DC to mop on the Platform Engineering board.Jul 26 2019, 7:06 PM
WDoranWMF edited projects, added Core Platform Team Initiatives (Mainstash Multi-DC); removed Platform Engineering (Mainstash Multi-DC).
EvanProdromou closed this task as Resolved.Jul 30 2019, 4:48 PM

So, I think this is fixed? I'm going to mark it resolved.

BPirkle reopened this task as Open.Jul 30 2019, 5:06 PM

We still need the config change to be merged/deployed.

gerritbot added a comment.Jul 30 2019, 11:07 PM

Change 521409 merged by jenkins-bot:
[operations/mediawiki-config@master] Specify CentralAuth and OAuth session storage separately from per-wiki session storage.

https://gerrit.wikimedia.org/r/521409

Stashbot mentioned this in T227097: Make sure that we're taking CentralAuth into consideration for staging release.Jul 30 2019, 11:13 PM

Mentioned in SAL (#wikimedia-operations) [2019-07-30T23:13:20Z] <catrope@deploy1001> Synchronized wmf-config/InitialiseSettings.php: Specify CentralAuth and OAuth session storage separately from per-wiki session storage (T227097, T227696) (duration: 00m 47s)

BPirkle closed this task as Resolved.Jul 31 2019, 1:04 PM

The config change has now been merged and deployed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits