Page MenuHomePhabricator

CentralAuth's group membership is not reliable
Closed, ResolvedPublic

Description

SpecialCentralAuth uses UserGroupMembership::getMembershipForUser, which is given an userid and a database, but the database is ignored, which results in SpecialCentralAuth receiving incorrect results. An example is available at https://en.wikipedia.beta.wmflabs.org/wiki/Special:CentralAuth/Dyolf77_TEST. The acount should have confirmed, oversight, sysop at commons, but that's not true.

A fix: Use UserGroupManagerFactory at https://github.com/wikimedia/mediawiki-extensions-CentralAuth/blob/master/includes/CentralAuthUser.php#L2554, to get the DB-specific UserGroupManager.

Event Timeline

Urbanecm created this task.Jun 8 2020, 9:28 PM
Restricted Application added a project: User-Urbanecm. · View Herald TranscriptJun 8 2020, 9:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Urbanecm triaged this task as Unbreak Now! priority.Jun 8 2020, 9:29 PM

This is going to seriously break Special:CentralAuth in production if train goes forward.

Restricted Application added a subscriber: Liuxinyu970226. · View Herald TranscriptJun 8 2020, 9:29 PM

@Pchelolo see above - if the fix for CentralAuth can't be reviewed in time, we'll probably need to revert https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/545690

Change 603618 had a related patch set uploaded (by Urbanecm; owner: Urbanecm):
[mediawiki/extensions/CentralAuth@master] CentralAuthUser: Stop using depracated UserGroupMembership::getMembershipsForUser

https://gerrit.wikimedia.org/r/603618

Confirmed the patch above works at my local CA instance, hopefully it will work in prod too :).

Change 603618 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] CentralAuthUser: Stop using depracated UserGroupMembership::getMembershipsForUser

https://gerrit.wikimedia.org/r/603618

jeena added a subscriber: jeena.Jun 9 2020, 5:19 PM

@Urbanecm this has been resolved and is no longer a train blocker, correct?

Urbanecm closed this task as Resolved.Jun 9 2020, 5:20 PM

Yes @jeena, this should work properly. Thanks for asking!

jeena added a comment.Jun 9 2020, 5:21 PM

great, thanks!