Page MenuHomePhabricator
Create Task
Maniphest T337590

Assert correct wiki for the user identity in UserGroupManager for cross-wiki group changes/reading
Closed, ResolvedPublic
Actions

Description

The UserGroupManager service does not validate that the given UserIdentity instances are for the same wiki as the database the UserGroupManager is set up for.

At the moment all UserIdentity instances given to the UserGroupManager must have the LOCAL wiki id (happens when create UserIdentityValue without the third parameter) or the implementation of UserIdentity::getId does not validate the wiki id (like happens for UserRightsProxy).

The first patch set with assertion (b565ab8) fails on CentralAuth (T337194).

To allow the transition the idea is:

  1. Call UserIdentity::getId with the wiki id of the identity itself (UserIdentity::getId( UserIdentity::getWikiId() )) to avoid breaking the code when caller starts to provide correct identities
  2. Convert the callers to provide correct user identites (only known is CentralAuth)
  3. Replace the code from 1. with a proper call to UserIdentity::assertWiki and use the wiki id of the UserGroupManager for it (as done in the first patch set for assertion).

The UserGroupManager was created in 1.35 (40b88d6), while UserIdentity are wiki aware since 1.36 (5576727)

Details

SubjectRepoBranchLines +/-
user: Assert cross-wiki users in UserGroupManagermediawiki/coremaster+31 -22
User: Pass wikiId to UserIdentityValue instancemediawiki/extensions/CentralAuthmaster+2 -1
user: Avoid exception about cross-wiki users in UserGroupManagermediawiki/coremaster+16 -8
Customize query in gerrit

Related Objects
Search...

Event Timeline

Umherirrender created this task.May 26 2023, 8:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 26 2023, 8:42 PM
Umherirrender added a parent task: T255309: Remove UserRightsProxy and replace its usages with UserGroupManager (remove in 1.42).May 26 2023, 8:42 PM
gerritbot added a comment.May 26 2023, 8:47 PM

Change 923700 had a related patch set uploaded (by Umherirrender; author: Umherirrender):

[mediawiki/core@master] user: Avoid exception about cross-wiki users in UserGroupManager

https://gerrit.wikimedia.org/r/923700

gerritbot added a project: Patch-For-Review.May 26 2023, 8:47 PM

Change 921706 had a related patch set uploaded (by Umherirrender; author: Umherirrender):

[mediawiki/extensions/CentralAuth@master] User: Pass wikiId to UserIdentityValue instance

https://gerrit.wikimedia.org/r/921706

Umherirrender claimed this task.May 26 2023, 8:49 PM
gerritbot added a comment.May 27 2023, 6:13 PM

Change 923747 had a related patch set uploaded (by Umherirrender; author: Umherirrender):

[mediawiki/core@master] user: Assert cross-wiki users in UserGroupManager

https://gerrit.wikimedia.org/r/923747

Zabe subscribed.Jun 7 2023, 9:57 PM
gerritbot added a comment.Jun 7 2023, 10:17 PM

Change 923700 merged by jenkins-bot:

[mediawiki/core@master] user: Avoid exception about cross-wiki users in UserGroupManager

https://gerrit.wikimedia.org/r/923700

ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.13; 2023-06-13).Jun 7 2023, 11:00 PM
gerritbot added a comment.Jun 20 2023, 9:40 PM

Change 921706 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] User: Pass wikiId to UserIdentityValue instance

https://gerrit.wikimedia.org/r/921706

ReleaseTaggerBot edited projects, added MW-1.41-notes (1.41.0-wmf.15; 2023-06-27); removed MW-1.41-notes (1.41.0-wmf.13; 2023-06-13).Jun 20 2023, 10:00 PM
gerritbot added a comment.Jul 13 2023, 8:55 PM

Change 923747 merged by jenkins-bot:

[mediawiki/core@master] user: Assert cross-wiki users in UserGroupManager

https://gerrit.wikimedia.org/r/923747

ReleaseTaggerBot edited projects, added MW-1.41-notes (1.41.0-wmf.18; 2023-07-18); removed MW-1.41-notes (1.41.0-wmf.15; 2023-06-27).Jul 13 2023, 9:00 PM
Umherirrender closed this task as Resolved.Jul 13 2023, 9:07 PM
Umherirrender removed a project: Patch-For-Review.
Umherirrender mentioned this in T342655: Special:Investigate: Wikimedia\Assert\PreconditionException: Expected MediaWiki\User\UserIdentityValue to belong to 'afwiki', but it belongs to the local wiki.Jul 26 2023, 4:42 PM
Umherirrender mentioned this in T307301: Many usages of User only make sense for local users and cannot be trivially converted to UserIdentity.Oct 3 2023, 1:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits