Vector in consolidated user links mode shows account creation link instead of login link on private wiki
Closed, ResolvedPublic2 Estimated Story PointsBUG REPORT
Actions

Assigned To

Authored By

	Tgr
	Aug 9 2021, 6:04 AM

Description

Compare officewiki on old Vector with officewiki on new Vector (while not logged in). The first has a "Log in" link, the second has a "Create account" link (which of course does not work for a private wiki).

Expected behavior:

Create account link is not displayed
Log in link stays within the user menu

Developer notes

The account creation link is unconditionally added.
It should check if the menu item exists.

Replicate with:

$wgHooks['SkinTemplateNavigation::Universal'][] = function ( $skinTemplate, &$links ) {
	unset( $links['user-menu']['createaccount'] );
};

The use case of extensions calling core or legacy hooks to unset the createaccount link in the personal toolbar is not being considered at this time. See T288428#7303233

Acceptance criteria

Private wikis do not show Create account link for anon users
Public wikis do show Create account link for anon users

QA steps

In LocalSettings.php, add the following config to test whether Create account link shows in the personal menu:

$wgGroupPermissions['*']['createaccount'] = false;

Without above config, the Create account link should be visible.
With above config, the Create account link should not be visible.

QA Results - Beta

AC	Status	Details
1	✅	T288428#7324878
2	✅	T288428#7324878

QA Results - Prod

AC	Status	Details
1	⬜	T288428#7324894
2	✅	T288428#7324894

Details

	Subject	Repo	Branch	Lines +/-
	Do not show create account link for private wikis.	mediawiki/skins/Vector	master	+11 -2
	Add member variable, functions to SkinTemplate	mediawiki/core	master	+22 -0

Customize query in gerrit

Event Timeline

Tgr created this task.Aug 9 2021, 6:04 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 9 2021, 6:04 AM

Tgr edited projects, added Vector (legacy skin); removed Vector (legacy skin) (User links (personal tools)).Aug 9 2021, 6:05 AM

Tgr edited projects, added Vector (legacy skin) (User links (personal tools)), Web-Team-Backlog; removed Vector (legacy skin).Aug 9 2021, 6:19 AM

ovasileva triaged this task as Medium priority.Aug 10 2021, 8:14 PM

ovasileva edited projects, added Web-Team-Backlog (Kanbanana-FY-2021-22); removed Web-Team-Backlog.

Jdlrobson updated the task description. (Show Details)Aug 11 2021, 6:13 PM

Jdlrobson updated the task description. (Show Details)

Jdlrobson moved this task from Needs Analysis to Ready for Development on the Web-Team-Backlog (Kanbanana-FY-2021-22) board.

Jdlrobson moved this task from Ready for Development to Upcoming on the Web-Team-Backlog (Kanbanana-FY-2021-22) board.

ovasileva updated the task description. (Show Details)Aug 16 2021, 5:43 PM

LGoto set the point value for this task to 2.Aug 16 2021, 5:44 PM

LGoto moved this task from Upcoming to Ready for Development on the Web-Team-Backlog (Kanbanana-FY-2021-22) board.

cjming claimed this task.Aug 16 2021, 7:06 PM

cjming moved this task from Ready for Development to Doing on the Web-Team-Backlog (Kanbanana-FY-2021-22) board.

cjming updated the task description. (Show Details)Aug 17 2021, 6:20 PM

Change 713505 had a related patch set uploaded (by Clare Ming; author: Clare Ming):

[mediawiki/skins/Vector@master] Don't show create account link on private wikis

https://gerrit.wikimedia.org/r/713505

gerritbot added a project: Patch-For-Review.Aug 17 2021, 6:25 PM

cjming removed cjming as the assignee of this task.Aug 17 2021, 6:48 PM

cjming moved this task from Doing to Code Review on the Web-Team-Backlog (Kanbanana-FY-2021-22) board.

cjming subscribed.

cjming claimed this task.Aug 18 2021, 11:02 PM

cjming moved this task from Code Review to Needs More Work on the Web-Team-Backlog (Kanbanana-FY-2021-22) board.

Change 714124 had a related patch set uploaded (by Clare Ming; author: Clare Ming):

[mediawiki/core@master] Add member variable, functions to SkinTemplate

https://gerrit.wikimedia.org/r/714124

cjming removed cjming as the assignee of this task.Aug 20 2021, 10:14 PM

cjming moved this task from Needs More Work to Code Review on the Web-Team-Backlog (Kanbanana-FY-2021-22) board.

cjming updated the task description. (Show Details)Aug 20 2021, 10:30 PM

Per discussion on https://gerrit.wikimedia.org/r/c/mediawiki/skins/Vector/+/713505 + https://gerrit.wikimedia.org/r/c/mediawiki/core/+/714124, for now we're going to ignore the possible use case of extensions disabling the Create account link from core hooks (SkinTemplate::runOnSkinTemplateNavigationHooks()).

To address the immediate use case, we'll just check if config disables account creation during Vector's Hooks::onSkinTemplateNavigation().

For future reference, if/when we do need a way for extensions to hook into navigation to disable account creation (i.e. OAuth), we can revisit implementing a generic solution to make private property/methods on SkinTemplate for tracking this and create a new hook (i.e. Hooks::run( 'SkinTemplateCreateAccountAllowed' );). The preliminary proof-of-concept is captured in the following patchsets:

Change 714124 abandoned by Clare Ming:

[mediawiki/core@master] Add member variable, functions to SkinTemplate

Reason:

Generic solution not needed at this time. We can revisit if providing a hook to disable account creation is needed. See https://phabricator.wikimedia.org/T288428#7303233

https://gerrit.wikimedia.org/r/714124

In general, using skin hooks to hide the account creation link seems like a strange thing for an extension to do. Typically they would do something to actually prevent account creation (change permissions, set a custom authentication provider etc) so the important thing to do would be to make sure the link does not show up if anons do not have the createaccount permission or AuthManager::canCreateAccounts() is false - I think those are the only reliable ways to prevent account creation.

@Tgr the use case we found was in the OpenID extension which removes create account link:
https://gerrit.wikimedia.org/g/mediawiki/extensions/OpenID/+/b96f42976effec9094eadafde34b15f1ccfc088c/includes/OpenIDHooks.php#105

As you say I think there are more reliable ways and our plan is no longer to support this.

Some kind of hook might be useful for OpenID to explicitly disable, but it doesn't seem a hardship to simply update its install instructions (and we are not looking into this for now).

cjming updated the task description. (Show Details)Aug 24 2021, 3:50 PM

cjming updated the task description. (Show Details)Aug 24 2021, 3:53 PM

Jdlrobson assigned this task to Edtadros.Aug 24 2021, 5:05 PM

Jdlrobson moved this task from Code Review to QA on the Web-Team-Backlog (Kanbanana-FY-2021-22) board.

IMO the OpenID extension generally has a very legacy approach to authentication (it was written a long time ago), I think if it is updated to use AuthManager it won't need any new way of hiding the link.

What I'd check for compatibility is PluggableAuth which is well-maintained and I think fairly widely used. It doesn't hide the account creation link manually, but it does hide the logout link under certain circumstances so if that's also affected that might be worth a heads-up to the maintainer.

Thanks for the insight @Tgr. Logout is not impacted by this change, only the create account and login links.

Change 713505 merged by jenkins-bot:

[mediawiki/skins/Vector@master] Do not show create account link for private wikis.

https://gerrit.wikimedia.org/r/713505

ReleaseTaggerBot added a project: MW-1.37-notes (1.37.0-wmf.21; 2021-08-30).Aug 25 2021, 10:00 PM

Maintenance_bot removed a project: Patch-For-Review.Aug 25 2021, 10:11 PM

Test Result - Beta

Status: ✅ PASS
Environment: beta (local)
OS: macOS Big Sur
Browser: Chrome
Device: MBP
Emulated Device: NA

Test Artifact(s):

QA Steps

In LocalSettings.php, add the following config to test whether Create account link shows in the personal menu:
$wgGroupPermissions['*']['createaccount'] = false;

✅ AC1: Without above config, the Create account link should be visible.

Screen Shot 2021-09-01 at 6.58.47 AM.png (307×981 px, 63 KB)

✅ AC2: With above config, the Create account link should not be visible.

Screen Shot 2021-09-01 at 7.09.10 AM.png (307×981 px, 62 KB)

Edtadros updated the task description. (Show Details)Sep 1 2021, 2:14 PM

Test Result - Prod

Status: ✅ PASS
Environment: officewiki
OS: macOS Big Sur
Browser: Chrome
Device: MBP
Emulated Device: NA

Test Artifact(s):

QA Steps

In LocalSettings.php, add the following config to test whether Create account link shows in the personal menu:
$wgGroupPermissions['*']['createaccount'] = false;

⬜ AC1: Without above config, the Create account link should be visible.
Not testable
✅ AC2: With above config, the Create account link should not be visible.

Screen Shot 2021-09-01 at 7.18.00 AM.png (503×1 px, 450 KB)

Edtadros updated the task description. (Show Details)Sep 1 2021, 2:19 PM

All done!

	F34627822: Screen Shot 2021-09-01 at 7.18.00 AM.png
	Sep 1 2021, 2:18 PM

	F34627803: Screen Shot 2021-09-01 at 6.58.47 AM.png
	Sep 1 2021, 2:12 PM

	F34627805: Screen Shot 2021-09-01 at 7.09.10 AM.png
	Sep 1 2021, 2:12 PM

Vector in consolidated user links mode shows account creation link instead of login link on private wikiClosed, ResolvedPublic2 Estimated Story PointsBUG REPORTActions

Description

Developer notes

Acceptance criteria

QA steps

QA Results - Beta

QA Results - Prod

Details

Event Timeline

Test Result - Beta

QA Steps

Test Result - Prod

QA Steps

Vector in consolidated user links mode shows account creation link instead of login link on private wiki
Closed, ResolvedPublic2 Estimated Story PointsBUG REPORT
Actions