Page MenuHomePhabricator
Create Task
Maniphest T307064

[IP Masking] Maintenance script to rename users matching configured TempUser pattern
Closed, ResolvedPublic
Actions

Description

We need a maintenance script to rename all users matching $wgAutoCreateTempUser['matchPattern'], globally including in CentralAuth.

For the benefit of Wikimedia's non-CentralAuth wikis, and for third-party users, it should be possible to perform this operation without CentralAuth integration.

Note that there is also T300265 for the notification component of the migration.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
renameUsersMatchingPattern.php: canonicalize and check for existence of targetmediawiki/coremaster+18 -0
Run the GlobalRenameUserValidator when renaming users with the maintenance scriptmediawiki/extensions/CentralAuthmaster+13 -0
Allow a temp username pattern to be reserved without activating the systemmediawiki/coremaster+99 -11
CentralAuth: Add renameUsersMatchingPattern.phpmediawiki/extensions/CentralAuthmaster+223 -4
Add renameUsersMatchingPattern.phpmediawiki/coremaster+235 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

tstarling created this task.Apr 28 2022, 3:34 AM
Niharika added a comment.Dec 5 2022, 5:36 PM

@tstarling Hi! Is this task something your team will be interested in working on? If so, do you have a plan for informing the community and a timeline in mind?

Tchanders moved this task from Inbox to Needs Other Teams on the Temporary accounts board.Dec 6 2022, 4:26 PM
tstarling claimed this task.Feb 27 2023, 4:15 AM
tstarling added a comment.Feb 28 2023, 12:46 AM
In T307064#8443853, @Niharika wrote:

@tstarling Hi! Is this task something your team will be interested in working on? If so, do you have a plan for informing the community and a timeline in mind?

I plan to write the scripts, this week. I'm not volunteering to manage the migration process at this stage.

Plan:

  • Split reserved pattern and match pattern concepts. Allow a name pattern to be reserved prior to full IP masking deployment. User creation will be disallowed but login allowed.
  • Write a core script specifically for IP masking preparation, which renames users matching either pattern. Skip CentralAuth attached users.
    • Maybe do T27482 so that existing code can be used. Currently CentralAuth depends on Renameuser. The dependency is not declared in extension.json but an exception is thrown from LocalRenameUserJob if Renameuser is not installed. This is an inelegant situation. Core's uppercaseTitlesForUnicodeTransition.php needed user renames for PHP version migration but was forced to just dump the names to a file due to the lack of user renaming support in core.
  • Write a CentralAuth script which renames users matching the pattern. It would be similar to WikimediaMaintenance renameInvalidUsernames.php.
Tchanders mentioned this in T327888: Create a function that checks if a username is a temporary user in JS.Mar 3 2023, 5:26 PM
gerritbot added a comment.Mar 7 2023, 12:07 AM

Change 894749 had a related patch set uploaded (by Tim Starling; author: Tim Starling):

[mediawiki/core@master] Add renameUsersMatchingPattern.php

https://gerrit.wikimedia.org/r/894749

gerritbot added a project: Patch-For-Review.Mar 7 2023, 12:07 AM
gerritbot added a comment.Mar 10 2023, 5:45 AM

Change 896223 had a related patch set uploaded (by Tim Starling; author: Tim Starling):

[mediawiki/extensions/CentralAuth@master] CentralAuth: Add renameUsersMatchingPattern.php

https://gerrit.wikimedia.org/r/896223

gerritbot added a comment.Mar 14 2023, 12:41 AM

Change 894749 merged by jenkins-bot:

[mediawiki/core@master] Add renameUsersMatchingPattern.php

https://gerrit.wikimedia.org/r/894749

gerritbot added a comment.Mar 14 2023, 1:00 AM

Change 896223 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] CentralAuth: Add renameUsersMatchingPattern.php

https://gerrit.wikimedia.org/r/896223

ReleaseTaggerBot added a project: MW-1.40-notes (1.40.0-wmf.27; 2023-03-13).Mar 14 2023, 1:01 AM
Maintenance_bot removed a project: Patch-For-Review.Mar 14 2023, 1:10 AM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.1; 2023-03-20).Mar 14 2023, 2:00 AM
gerritbot added a comment.Mar 14 2023, 5:19 AM

Change 898443 had a related patch set uploaded (by Tim Starling; author: Tim Starling):

[mediawiki/core@master] Allow a temp username pattern to be reserved without activating the system

https://gerrit.wikimedia.org/r/898443

gerritbot added a project: Patch-For-Review.Mar 14 2023, 5:19 AM
tstarling mentioned this in T300265: [IP Masking] Inform username accounts prefixed with "*".Mar 19 2023, 11:27 PM
Krinkle subscribed.Mar 22 2023, 6:42 AM
In T307064#8690255, @gerritbot wrote:

Change 894749 merged by jenkins-bot:

[mediawiki/core@master] Add renameUsersMatchingPattern.php

https://gerrit.wikimedia.org/r/894749

I found a few edge cases in local testing that may be of interest.

My first instinct was to use --from '*$1' --to '$1' because picking a different symbol or a word like "Star" seemed like an outcome least likely to be desired by the account owners. They can request their own rename before or or after the script runs of course, but stripping it seems like a fairly neutral default if it avoids conflicts. However, this can still produce accounts that match the patterns given **Foo to *Foo.

Speaking of conflicts, I noticed with --from '*B$1r' --to '$1dmin' it renamed *Bar to admin and didn't seem to mind that Admin already exists..

Lastly, the log entries and pages created by the rename used a non-canonical lowercased user name. I don't know if that causes problems by itself, but it at least looked off in the logs to see "admin" mentioned and linked as a valid username in Special:Log.

gerritbot added a comment.Mar 23 2023, 2:26 AM

Change 898443 merged by jenkins-bot:

[mediawiki/core@master] Allow a temp username pattern to be reserved without activating the system

https://gerrit.wikimedia.org/r/898443

Maintenance_bot removed a project: Patch-For-Review.Mar 23 2023, 2:30 AM
ReleaseTaggerBot edited projects, added MW-1.41-notes (1.41.0-wmf.2; 2023-03-27); removed MW-1.41-notes (1.41.0-wmf.1; 2023-03-20).Mar 23 2023, 3:00 AM
gerritbot added a comment.May 30 2023, 1:23 AM

Change 924173 had a related patch set uploaded (by Tim Starling; author: Tim Starling):

[mediawiki/core@master] renameUsersMatchingPattern.php: canonicalize and check for existence of target

https://gerrit.wikimedia.org/r/924173

gerritbot added a project: Patch-For-Review.May 30 2023, 1:23 AM
gerritbot added a comment.May 30 2023, 1:44 AM

Change 924175 had a related patch set uploaded (by Tim Starling; author: Tim Starling):

[mediawiki/extensions/CentralAuth@master] Run the GlobalRenameUserValidator when renaming users with the maintenance script

https://gerrit.wikimedia.org/r/924175

tstarling added a comment.May 30 2023, 1:48 AM
In T307064#8717011, @Krinkle wrote:

My first instinct was to use --from '*$1' --to '$1' because picking a different symbol or a word like "Star" seemed like an outcome least likely to be desired by the account owners. They can request their own rename before or or after the script runs of course, but stripping it seems like a fairly neutral default if it avoids conflicts. However, this can still produce accounts that match the patterns given **Foo to *Foo.

That is not a bug. There's a few ways you could deal with that without changing the script.

Speaking of conflicts, I noticed with --from '*B$1r' --to '$1dmin' it renamed *Bar to admin and didn't seem to mind that Admin already exists..

Lastly, the log entries and pages created by the rename used a non-canonical lowercased user name. I don't know if that causes problems by itself, but it at least looked off in the logs to see "admin" mentioned and linked as a valid username in Special:Log.

I fixed these two issues in the patches above.

The CentralAuth script already had canonicalization, but did not check if the target already existed.

gerritbot added a comment.May 31 2023, 7:04 AM

Change 924175 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Run the GlobalRenameUserValidator when renaming users with the maintenance script

https://gerrit.wikimedia.org/r/924175

ReleaseTaggerBot edited projects, added MW-1.41-notes (1.41.0-wmf.12; 2023-06-06); removed MW-1.41-notes (1.41.0-wmf.2; 2023-03-27).May 31 2023, 8:00 AM
gerritbot added a comment.Jun 1 2023, 3:48 PM

Change 924173 merged by jenkins-bot:

[mediawiki/core@master] renameUsersMatchingPattern.php: canonicalize and check for existence of target

https://gerrit.wikimedia.org/r/924173

Maintenance_bot removed a project: Patch-For-Review.Jun 1 2023, 4:10 PM
tstarling closed this task as Resolved.Jul 24 2023, 5:18 AM
tstarling mentioned this in T342475: Define temporary account behavior on Wikimedia wikis which have IP masking disabled.Aug 17 2023, 12:51 AM
Tchanders mentioned this in T349489: Investigate: What would be needed for renaming temporary accounts on beta.Oct 23 2023, 10:17 AM
Tchanders mentioned this in T349507: Rename user accounts starting with ~2.Oct 23 2023, 1:05 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits