User:NahidSultan has reported that they have begun being spammed by TheWikipediaLibrary extension:
I've received multiple emails (8 in the last hour) in my volunteer email from the Wikipedia library system and all of them read "Congratulations! You are now eligible for The Wikipedia Library."
We hoped we'd prevented this from happening in T256297, it's not clear if this is the same problem or something different.
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Prevent duplicate notifications | mediawiki/extensions/TheWikipediaLibrary | master | +5 -10 |
Nahid has made 8 edits (page moves) to Meta in the last hour, so it looks like he's received a notification for each edit.
I noticed there are groups of contributions all with the same timestamp. I'm wondering if they are all having a race to flag the notification as sent for the user. Are they using some kind of automation to make these changes or just doing things in rapid succession in the browser?
The groups are just one edit (a page move) displaying as two (one to the origin page, one to the destination) - it's one action on Nahid's end.
I think this is what caused those 8 notifications:
15:17, 10 November 2021 NahidSultan talk contribs renamed user FoundationArtAngel (0 edits) to Илиян Кузманов (per request) 15:17, 10 November 2021 NahidSultan talk contribs globally renamed FoundationArtAngel to Илиян Кузманов (per request) 15:17, 10 November 2021 NahidSultan talk contribs renamed user Wilhelm Leonie (0 edits) to WilLeo (per request) 15:17, 10 November 2021 NahidSultan talk contribs globally renamed Wilhelm Leonie to WilLeo (per request) 15:17, 10 November 2021 NahidSultan talk contribs renamed user Dejla Jassim (0 edits) to Random modnar (per request) 15:17, 10 November 2021 NahidSultan talk contribs globally renamed Dejla Jassim to Random modnar (per request) 15:17, 10 November 2021 NahidSultan talk contribs renamed user GCKGROUP (0 edits) to Anh Phong 1988 (per request) 15:17, 10 November 2021 NahidSultan talk contribs globally renamed GCKGROUP to Anh Phong 1988 (per request)
So, I can see now that represents 4 actions on his part. That's one issue. The other question is: did those 4 actions happen simultaneously or in quick succession?
User:Sadads has made multiple edits today and only received the notification once, including before and after marking the original notification as read.
Nahid made quite a large number of renames over the course of that hour - why do you think these 4 were the cause in particular?
They jumped out at me because it was 8 edits with identical timestamps. It would be useful to see the time listed on those notifications, eg. the 'x minutes ago' plus the time viewed so we could tried to get a rough correlation.
If the notifications all came at about the same time, I'd suspect this is a different issue than what we were seeing before. If they were spread out over the hour, then I suspect it's part of the original problem.
I've been testing this in my local vagrant environment by lining up multiple narrow edit windows in a row and clicking submit on all of them as quickly as possible. I've been able to submit about 4 in the same second and haven't been able to reproduce duplicate notifications. This is looking like a race condition, and I have a straightforward patch underway to reduce the likelihood of such a situation. The only cost will be upping the edits required to trigger post install from 1-2 to 2-3.
Change 737972 had a related patch set uploaded (by Jsn.sherman; author: Jsn.sherman):
[mediawiki/extensions/TheWikipediaLibrary@master] Prevent duplicate notifications
Just finished reviewing the patch. It looked good to me, so I went ahead and +2'd it. Waiting for merge to complete to move it to Done. Should we backport the changes that have been made recently?
Change 737972 merged by jenkins-bot:
[mediawiki/extensions/TheWikipediaLibrary@master] Prevent duplicate notifications
I've received 8 notifications in total. Timestamp for each in UTC: 14:25, 14:28, 14:56, 15:04, 15:04, 15:10, 15:15 and 15:16. Interestingly, I've started doing the renames on 14:23 and the recorded last action was on 15:20, if that means anything.
Useful! I think the patch that just got merged is going to help, but I don't believe we are at the bottom of it yet. I'm trying to reproduce this locally either with global renames or some other method in which a single user action triggers multiple edits.
Update: I'm rebuilding my mediawiki-vagrant environment to get it working with the Renameuser extension that the global renames depend upon. I'm probably going to spend the last bit of today on getting this configured properly, and tomorrow is a holiday, so this may sit until Friday.
User:Stryn has also reported receiving the notification three times. They made ~8 edits between the extension deployment and that message, in which time they deleted a few pages and blocked a user (log). They don't appear to have done any renames.
All spam-related changes made it to this week's wmf.9 train.
https://github.com/wikimedia/mediawiki-extensions-TheWikipediaLibrary/tree/wmf/1.38.0-wmf.9
Current versions tracked here:
https://versions.toolforge.org/
Deployment blockers tracked here:
T293950
We think we've resolved this issue, please let us know if you receive any further unexpected notifications.