Page MenuHomePhabricator
Create Task
Maniphest T328131

oathauth_users schema drift on labtestwiki
Closed, ResolvedPublic
Actions

Description

Labtestwikitech seems to generally work fine, but enable 2fa for a new user fails and logs this message:

[9fc2f6eb-8160-4369-9310-5d46820af000] /wiki/Special:Manage_Two-factor_authentication   Wikimedia\Rdbms\DBQueryError: Error 1364: Field 'scratch_tokens_reset' doesn't have a default value
Function: MediaWiki\Extension\OATHAuth\OATHUserRepository::persist
Query: REPLACE INTO `oathauth_users` (id,module,data) VALUES (20,'totp','{\"keys\":[{\"secret\":\"NWKKNX7L5Z3A5WD6\",\"scratch_tokens\":[\"BHRYM6YYZB4H7UWL\",\"FIQAH2RB2VZVL4XJ\",\"L2IAZ2MGZRSXMKE6\",\"KFGUL5R3KTUJHRVF\",\"CGU6NNQQTYTA2VOS\",\"JSXMLXJZ5TGTKIMN\",\"PRRJIVJFETSBFWX2\",\"3CSRNCLCIX53X5S7\",\"4EOXTD6QDNZPHOQK\",\"A4EOTH43PGW32CHL\"]}]}')

(note that that is not a live token so there's no security concern with this ticket being public)

Amir suggests that this might b related to https://phabricator.wikimedia.org/T326802 but I have already updated grants for the 2023 service user, at least to the best of my knowledge.

I've confirmed that this issue is not present on wikitech, only on labtestwikitech.

Related Objects

Event Timeline

Andrew created this task.Jan 27 2023, 2:00 PM
Restricted Application added a project: cloud-services-team. · View Herald TranscriptJan 27 2023, 2:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
taavi subscribed.Jan 27 2023, 2:06 PM
labswiki
wikiadmin2023@10.64.16.187(labswiki)> show create table oathauth_users\G
*************************** 1. row ***************************
       Table: oathauth_users
Create Table: CREATE TABLE `oathauth_users` (
  `id` int(11) NOT NULL,
  `module` varbinary(255) NOT NULL,
  `data` blob DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=binary
1 row in set (0.000 sec)
labtestwiki
mysql:root@localhost [labtestwiki]> show create table oathauth_users\G
*************************** 1. row ***************************
       Table: oathauth_users
Create Table: CREATE TABLE `oathauth_users` (
  `id` int(11) NOT NULL,
  `secret_reset` varbinary(255) DEFAULT NULL,
  `scratch_tokens_reset` varbinary(512) NOT NULL,
  `is_validated` tinyint(1) NOT NULL,
  `module` varbinary(255) NOT NULL,
  `data` blob DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=binary
1 row in set (0.000 sec)
schema
CREATE TABLE /*_*/oathauth_users (
  id INT NOT NULL,
  module VARCHAR(255) NOT NULL,
  data BLOB DEFAULT NULL,
  PRIMARY KEY(id)
) /*$wgDBTableOptions*/;

So there's some schema drift.. looks like T226826 and some other task removing is_validated that I can't find were never applied to labtestwiki.

Andrew added a comment.Jan 27 2023, 2:08 PM

Thanks for digging, @taavi. I think this might be of interest to Amir because I /did/ run update.php but that doesn't seem to have upgraded that schema. (Or it might be of no interest because maybe I don't know how to do a proper schema upgrade these days)

taavi renamed this task from Cannot enable 2fa on labtestwiki to oathauth_users schema drift on labtestwiki.Jan 27 2023, 2:14 PM
Ladsgroup added a comment.Jan 27 2023, 6:37 PM
In T328131#8564579, @Andrew wrote:

Thanks for digging, @taavi. I think this might be of interest to Amir because I /did/ run update.php but that doesn't seem to have upgraded that schema. (Or it might be of no interest because maybe I don't know how to do a proper schema upgrade these days)

update.php is not perfect:

  • It is buggy, people have forgotten to wire up changes, people removed things by mistake, the check might be wrong in old versions etc.
  • It doesn't take into account drifts caused by other tools. Someone alters the table in production for whatever reason and the software doesn't incorporate for that. The update.php updates are for intentional schema changes
  • It might have been removed as we don't support upgrades from really old versions of MediaWiki (e.g. we are using the new software but we didn't run update.php for long enough time that it got removed)

Anyway, we can take a look next week if it's not urgent.

Andrew added a comment.Jan 27 2023, 9:18 PM

next week is fine!

Ladsgroup added a comment.Jan 30 2023, 9:27 AM

yup, the original drop of those columns happened in 2016: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/804665 and it's the refactor before the refactor you mentioned. The fact that this wiki works at all is baffling to me.

Running this should fix the issues: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/134050/22/sql/mysql/patch-remove_reset.sql Take a backup first because it might be that we need to run some maint scripts or such.

Stashbot added a comment.Feb 4 2023, 1:44 PM

Mentioned in SAL (#wikimedia-cloud) [2023-02-04T13:44:13Z] <taavi> drop old columns from oathauth_users table on labtestwiki T328131

taavi closed this task as Resolved.Feb 4 2023, 1:44 PM
taavi claimed this task.
taavi added a subscriber: Ladsgroup.

Dropped those columns.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits