Page MenuHomePhabricator
Create Task
Maniphest T332030

Update user name widgets config to accept or deny temporary user names
Closed, ResolvedPublic
Actions

Description

Background

There are several widgets that accept user name input. These are currently configurable to accept existing user names, IP addresses and/or IP ranges.

Currently, if these widgets accept existing user names, this includes temporary user names.

We may need to specify temporary user names separately from named users.

Affected widgets
  • UserInputWidget
  • UsersMultiselectWidget
  • HTMLUserTextField

Note that due to inheritance, it may not be necessary to make changes to all widgets.

Details

Other Assignee
kostajh
SubjectRepoBranchLines +/-
Update user name widgets config to accept or deny temporary user namesmediawiki/coremaster+54 -2
Update user name widgets config to accept or deny temporary user namesmediawiki/extensions/CentralAuthmaster+70 -2
Update user widgets to support named and temp account exclusionmediawiki/coremaster+284 -14
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tchanders created this task.Mar 14 2023, 3:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 14 2023, 3:33 PM
Tchanders mentioned this in T331058: Make Special:Mute only usable for named users.Mar 22 2023, 5:03 PM
Tgr subscribed.Mar 30 2023, 8:29 AM

Basically the user-related form fields need two extra optional boolean paramaters onlynamed / onlytemp (or something like that) which

  • apply an extra validation check to the users on submit, and rejects the appropriate user type
  • onlytemp adds an extra auprefix=* parameter to the list=allusers API call for the autocomplete search
  • onlynamed skips the autocomplete when the typed text starts with *

(Alternatively, temp/named filtering could be added to the list=allusers API and the form could make use of that. That's nicer in general but has an ugly edge case which is not relevant for the form fields: when iterating through users with onlynamed=1 and no auprefix, you'd end up with a query like SELECT * FROM user WHERE user_name >= $offset AND user_name NOT LIKE '*%' LIMIT $limit and that query will perform catastrophically poorly when iteration reaches to usernames starting with *.)

Tgr mentioned this in T330509: [IP Masking] Make Echo Notifications available to temporary users.Mar 30 2023, 8:31 AM
Tchanders added a project: Anti-Harassment (AHaT Sprint 32 - Baseball Cap).Jul 24 2023, 3:41 PM
Tchanders mentioned this in T341684: Temp Users should not show up on the dropdown in Special:UserRights.Jul 24 2023, 3:45 PM
TThoabala claimed this task.Jul 26 2023, 12:59 PM
TThoabala moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
gerritbot added a comment.Aug 9 2023, 2:10 PM

Change 947359 had a related patch set uploaded (by TsepoThoabala; author: TsepoThoabala):

[mediawiki/core@master] Update user name widgets config to accept or deny temporary user names

https://gerrit.wikimedia.org/r/947359

gerritbot added a project: Patch-For-Review.Aug 9 2023, 2:10 PM
TThoabala moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 16 2023, 4:00 PM
Tchanders added a comment.Aug 17 2023, 2:58 PM

@TThoabala Thanks for the patch! This seems like good advice, but I notice the patch only does the first one:

In T332030#8740886, @Tgr wrote:

Basically the user-related form fields need two extra optional boolean paramaters onlynamed / onlytemp (or something like that) which

  • apply an extra validation check to the users on submit, and rejects the appropriate user type
  • onlytemp adds an extra auprefix=* parameter to the list=allusers API call for the autocomplete search
  • onlynamed skips the autocomplete when the typed text starts with *

Just wondered if there was a reason behind this?

TThoabala moved this task from Code Review 🔍 to In Progress 💪 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 18 2023, 9:10 AM
TThoabala moved this task from In Progress 💪 to Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 23 2023, 9:30 AM
AGueyte moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Sep 5 2023, 3:40 PM
AGueyte moved this task from Code Review 🔍 to Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
Tchanders edited projects, added Trust and Safety Tools Team Backlog; removed Anti-Harassment (AHaT Sprint 32 - Baseball Cap).Oct 19 2023, 2:46 PM
Tchanders edited projects, added Anti-Harassment (AHaT Sprint 32 - Baseball Cap); removed Trust and Safety Tools Team Backlog.Oct 19 2023, 2:58 PM
Tchanders edited projects, added Trust and Safety Product Team; removed Anti-Harassment (AHaT Sprint 32 - Baseball Cap).Oct 27 2023, 11:59 AM

Moving to the backlog while other work is prioritised

Tchanders mentioned this in T353561: Disallow entering a temporary user name for mute email preferences.Dec 15 2023, 10:10 PM
Tchanders added a parent task: T353561: Disallow entering a temporary user name for mute email preferences.
Tchanders mentioned this in T344647: Named users should be able to Mute a temp account .
Dreamy_Jazz removed TThoabala as the assignee of this task.Feb 5 2024, 11:44 AM
Dreamy_Jazz added a subscriber: TThoabala.
Tchanders added a parent task: T341684: Temp Users should not show up on the dropdown in Special:UserRights.Feb 7 2024, 9:48 AM
Amdrel claimed this task.Jul 10 2024, 8:20 PM
gerritbot added a comment.Jul 18 2024, 12:11 AM

Change #1054960 had a related patch set uploaded (by Amdrel; author: Amdrel):

[mediawiki/extensions/CentralAuth@master] Update user name widgets config to accept or deny temporary user names

https://gerrit.wikimedia.org/r/1054960

gerritbot added a comment.Jul 18 2024, 12:11 AM

Change #1054961 had a related patch set uploaded (by Amdrel; author: Amdrel):

[mediawiki/core@master] Update user name widgets config to accept or deny temporary user names

https://gerrit.wikimedia.org/r/1054961

Amdrel changed the task status from Open to In Progress.Jul 19 2024, 8:05 PM
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Erhu (August 5th - August 16th)); removed Trust and Safety Product Team.Aug 5 2024, 5:15 PM
Tchanders moved this task from Priority Backlog to Needs Review on the Trust and Safety Product Sprint (Sprint Erhu (August 5th - August 16th)) board.
Dreamy_Jazz moved this task from Sprint Erhu (August 5th - August 16th) to Sprint Theremin (Aug 26 - Sept. 6) on the Trust and Safety Product Sprint board.Aug 27 2024, 12:29 PM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)); removed Trust and Safety Product Sprint (Sprint Erhu (August 5th - August 16th)).
Dreamy_Jazz moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)) board.
kostajh moved this task from Inbox to Ready on the Temporary accounts board.Sep 10 2024, 1:54 PM
kostajh mentioned this in T345019: [minor] Special:ClaimMentee - improvements for handling invalid input .Sep 13 2024, 11:16 AM
Dreamy_Jazz moved this task from Sprint Theremin (Aug 26 - Sept. 6) to Sprint Beatboxing (Sept 16-27) on the Trust and Safety Product Sprint board.Sep 16 2024, 10:11 AM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)); removed Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)).
Dreamy_Jazz moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.
kostajh updated Other Assignee, added: kostajh.Sep 16 2024, 10:37 AM
kostajh removed a subscriber: TThoabala.
gerritbot added a comment.Sep 19 2024, 10:07 AM

Change #1054961 merged by jenkins-bot:

[mediawiki/core@master] Update user widgets to support named and temp account exclusion

https://gerrit.wikimedia.org/r/1054961

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.24; 2024-09-24).Sep 19 2024, 11:00 AM
gerritbot added a comment.Sep 19 2024, 7:23 PM

Change #947359 abandoned by Kosta Harlan:

[mediawiki/core@master] Update user name widgets config to accept or deny temporary user names

Reason:

I6563ae610017fd1cd35c36ba65906041f7f68c4b

https://gerrit.wikimedia.org/r/947359

kostajh moved this task from Needs review to Needs QA on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.Sep 19 2024, 7:30 PM
kostajh subscribed.

Is GlobalUserInputWidget (PHP and JS widget from CentralAuth) used anywhere?

gerritbot added a comment.Sep 19 2024, 7:41 PM

Change #1054960 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Update user name widgets config to accept or deny temporary user names

https://gerrit.wikimedia.org/r/1054960

Maintenance_bot removed a project: Patch-For-Review.Sep 19 2024, 8:31 PM
Amdrel added a comment.Sep 19 2024, 11:04 PM
In T332030#10162502, @kostajh wrote:

Is GlobalUserInputWidget (PHP and JS widget from CentralAuth) used anywhere?

Yeah it is. It's used by HTMLGlobalUserTextField->getInputWidget, and HTMLGlobalUserTextField is used in the form field descriptors in the following special pages:

  • Special:CentralAuth
  • Special:CreateLocalAccount
  • Special:GlobalGroupMembership
  • Special:GlobalRenameUser
kostajh moved this task from Ready to Update MediaWiki Core to introduce temp accounts on the Temporary accounts board.Sep 29 2024, 2:59 PM
kostajh edited projects, added Temporary accounts (Update MediaWiki Core to introduce temp accounts); removed Temporary accounts.
Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.Oct 3 2024, 6:03 AM
Djackson-ctr subscribed.

QA has been completed, and the new code changes are functioning as expected for the affected widgets (API for 'globalallusers' allows filtering of accounts using the parameters 'excludetemp' and 'excludenamed').

kostajh closed this task as Resolved.Oct 7 2024, 5:33 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits