Page MenuHomePhabricator
Create Task
Maniphest T340468

Throw an error from UserGroupManager::addUserToGroup if called on a temporary user
Closed, ResolvedPublic3 Estimated Story Points
Actions

Assigned To
AGueyte
Authored By
Tchanders
Jun 26 2023, 4:57 PM
Tags
Referenced Files
F37141678: T340468_IPMasking_TempUserRights_CurrentConfig.png
Jul 17 2023, 8:12 PM
F37141676: T340468_IPMasking_TempUserRights_CurrentConfigResult.png
Jul 17 2023, 8:12 PM
F37141682: T340468_IPMasking_TempUserRights_Current.png
Jul 17 2023, 8:12 PM
F37141663: T340468_IPMasking_TempUserRights_Old.png
Jul 17 2023, 8:12 PM
F37126937: specialuserrights_temp.png
Jul 3 2023, 1:02 PM
Subscribers
Aklapper
dom_walden
GMikesell-WMF
Niharika
Tchanders

Description

This is for T330816: [Epic] Temporary users should not be assigned to user groups. See also T330816#8958447.

We're disabling this feature, not because it can't be done, but because we don't want it for the MVP of IP masking (see parent task).

What needs doing

  • Throw an error from UserGroupManager::addUserToGroup if called on a temporary user
  • Don't re-use the existing error for IP users, since it states that the user needs an ID, which a temporary user does have
  • Ensure that nowhere in MediaWiki core is calling UserGroupManager::addUserToGroup with a temporary user

Details

SubjectRepoBranchLines +/-
SpecialUserRights: Check for username to be temporarymediawiki/coremaster+2 -2
SpecialUserRights: Check for username to be temporarymediawiki/corewmf/1.41.0-wmf.18+2 -2
Prevent saving groups to a Temp Usermediawiki/coremaster+17 -0
Revert "Throw an error from UserGroupManager::addUserToGroup if called on a temporary user"mediawiki/coremaster+1 -13
Throw an error from UserGroupManager::addUserToGroup if called on a temporary usermediawiki/coremaster+13 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 ResolvedkostajhT294511 2021 Security Team wikireplicas audit
 DeclinedNoneT284948 Raw IPs of logged-out users disclosed in wiki-replicas
 In ProgressNiharikaT324492 Temporary accounts - MVP
 OpenNoneT326816 [Epic] Update features for temporary accounts
 OpenTchandersT326869 Update TSP-owned products that may be affected by IP Masking
 OpenNoneT307060 [Epic] Temporary account AbuseFilter support
 ResolvedSTranT331653 Investigate: Update AbuseFilter for IP Masking
 ResolvedUmherirrenderT328311 Special:AbuseLog is missing the `mw-tempuserlink` class from temporary account user links
 Resolved AGueyteT335062 Update AbuseFilter with the right user verification
 Duplicate AGueyteT335064 Investigate AbuseFilter Hook with CheckUser
 ResolvedSTranT334623 How do we log unsuccessful first edits for temporary users?
 ResolvedDreamy_JazzT357615 Create filters to distinguish anonymous/temporary/registered users
 ResolvedSTranT357772 Investigate: How will `ip_in_range` and `ip_in_ranges` function when temporary accounts are enabled
 ResolvedSTranT364833 Add `user_unnamed_ip` variable
 ResolvedSTranT363906 [Epic] Ensure filters that use PII-sensitive variables are protected
 ResolvedSTranT364465 Display changes to protected status and flags on AbuseFilter history and diff pages
 ResolvedSTranT364485 Alert a filter editor that a filter must be protected if it is saved with a protected variable
 ResolvedkostajhT365049 Investigate what to do about the AbuseFilter log revealing someone's IP address via historical logs
 ResolvedSTranT365743 Log when AbuseFilter user sees IP address associated with temp account via user_unnamed_ip variable trigger
 ResolvedTchandersT364902 How should access to IPs of temporary accounts be logged?
 ResolvedSTranT367390 Add granular query restrictions for AbuseFilter filter search
 ResolvedSTranT364834 Ensure testing tools that use `user_unnamed_ip` don't reveal it to users without the view right
 ResolvedSTranT369610 Give the `abusefilter-access-protected-vars` right to global maintainers
 OpensgrabarczukT369611 Coordinate the updates of IP-using AbuseFilter filters to use `user_unnamed_ip`
 ResolvedSTranT357774 Investigate: What to do with existing filters that temporary accounts will break
 ResolvedBUG REPORTDreamy_JazzT358632 CannotCreateActorException when creating a temporary account on an edit which causes an abuse filter log
 OpenSTranT365740 Document the changes introduced for temporary accounts
 Resolved TThoabalaT331718 Undeploy SimilarEditors from Beta
 Resolved TThoabalaT331749 Investigate: Update AntiSpoof for IP Masking
 Resolved TThoabalaT336196 Don't store temporary user names in AntiSpoof's spoofuser table
 Resolved AGueyteT331750 Investigate: Update SecurePoll for IP Masking
 ResolvedBUG REPORT AGueyteT334421 BUG FIX: Display of SecurePoll logs
 ResolvedBUG REPORT AGueyteT334490 SecurePoll Vote Details returns SQL Error
 Resolved AGueyteT334597 Update User access to polls on SecurePoll
 Resolved AGueyteT331751 Investigate: Update GlobalBlocking for IP Masking
 ResolvedCyndymediawiksimT331752 Investigate: Update CheckUser for IP Masking
 DuplicateNoneT332821 Should temporary users be treated as possible initiators of a check for the CheckUserLog
 OpenNoneT331637 Update features in MediaWiki core for IP Masking
 ResolvedTchandersT330816 [Epic] Temporary users should not be assigned to user groups
 ResolvedReleasedancyT340246 1.41.0-wmf.18 deployment blockers
 ResolvedPRODUCTION ERRORZabeT342322 Unable to use interwiki Special:UserRights
 Resolved AGueyteT340468 Throw an error from UserGroupManager::addUserToGroup if called on a temporary user

Event Timeline

Tchanders created this task.Jun 26 2023, 4:57 PM
JJMC89 added a project: MediaWiki-User-management.Jun 26 2023, 5:18 PM
AGueyte claimed this task.Jun 27 2023, 11:39 AM
AGueyte moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
AGueyte set the point value for this task to 3.
gerritbot added a comment.Jun 27 2023, 4:28 PM

Change 932820 had a related patch set uploaded (by AGueyte; author: AGueyte):

[mediawiki/core@master] Throw an error from UserGroupManager::addUserToGroup if called on a temporary user

https://gerrit.wikimedia.org/r/932820

gerritbot added a project: Patch-For-Review.Jun 27 2023, 4:28 PM
AGueyte moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jun 27 2023, 4:55 PM
TThoabala moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jun 29 2023, 10:49 PM
gerritbot added a comment.Jun 29 2023, 11:06 PM

Change 932820 merged by jenkins-bot:

[mediawiki/core@master] Throw an error from UserGroupManager::addUserToGroup if called on a temporary user

https://gerrit.wikimedia.org/r/932820

Maintenance_bot removed a project: Patch-For-Review.Jun 29 2023, 11:10 PM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.16; 2023-07-04).Jun 30 2023, 2:00 AM
dom_walden moved this task from QA/Testing 🐞 to Done Q1 2023-2024 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jul 3 2023, 1:02 PM
dom_walden subscribed.

When trying to view Special:UserRights for a temporary user you see a message Temporary users cannot be added into groups.

specialuserrights_temp.png (415×697 px, 27 KB)

When trying to add or remove a group from a user via the API (e.g. https://de.wikipedia.beta.wmflabs.org/wiki/Spezial:ApiSandbox#action=userrights&format=json&user=*Unregistered%201062&remove=autoreview):

{
    "error": {
        "code": "userrights-no-tempuser",
        "info": "Temporary users cannot be added into groups.",
        ...
}

As the change is to throw an exception in the addUserToGroup function, which already throws exceptions in other circumstances, I assume that other places which call this function are already setup to handle exceptions being thrown from this function.

Test environment: https://de.wikipedia.beta.wmflabs.org MediaWiki 1.41.0-alpha (9a384e7) 13:21, 3 July 2023.

dom_walden mentioned this in T340462: Special:UserRights should not list autopromote groups for temporary users.Jul 3 2023, 1:44 PM
gerritbot added a comment.Jul 3 2023, 2:56 PM

Change 935106 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/core@master] Revert "Throw an error from UserGroupManager::addUserToGroup if called on a temporary user"

https://gerrit.wikimedia.org/r/935106

gerritbot added a project: Patch-For-Review.Jul 3 2023, 2:56 PM
Tchanders added a comment.Jul 3 2023, 3:04 PM

As the change is to throw an exception in the addUserToGroup function, which already throws exceptions in other circumstances, I assume that other places which call this function are already setup to handle exceptions being thrown from this function.

Thanks for pointing this out. It seems not to be the case, e.g. I got this error when attempting to assign a group to a temporary user from Special:UserRights.

I've reverted the commit for this reason.

We should keep working on this and make sure that we address this, from the acceptance criteria:

  • Ensure that nowhere in MediaWiki core is calling UserGroupManager::addUserToGroup with a temporary user
Tchanders moved this task from Done Q1 2023-2024 to In Progress 💪 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jul 3 2023, 3:11 PM
gerritbot added a comment.Jul 3 2023, 3:17 PM

Change 935106 merged by jenkins-bot:

[mediawiki/core@master] Revert "Throw an error from UserGroupManager::addUserToGroup if called on a temporary user"

https://gerrit.wikimedia.org/r/935106

Maintenance_bot removed a project: Patch-For-Review.Jul 3 2023, 3:30 PM
gerritbot added a comment.Jul 5 2023, 2:35 PM

Change 935143 had a related patch set uploaded (by AGueyte; author: AGueyte):

[mediawiki/core@master] Prevent Special:UserRights to add temp users into groups

https://gerrit.wikimedia.org/r/935143

gerritbot added a project: Patch-For-Review.Jul 5 2023, 2:35 PM
AGueyte added a comment.EditedJul 5 2023, 6:37 PM

What has been done to complete this task:

  • Remove groups form when viewing a Temp Users from Special:UserRights When requesting to see rights for a temporary user, only a list of the actual rights of the user will be shown, but no longer the form with the possibility to add groups.
  • Add a fatal error when trying to save groups for a temp user from Special:UserRights The previous point prevents the case of adding groups to a temp user, but for safety reasons, an error will be thrown if a group is added to a temporary user from Special:UserRights
  • The API for special user rights also depends on the functions mentioned above, and a task to prevent these functions to be called from the API has been covered in T340458
  • Creating an exemption from UserGroupManager when attempting to save groups to a temp user The original function adding groups to a user from UserGroupManager is now throwing an exception if trying to add groups to a temp user.

To avoid throwing an exception, I have searched the codebase for this function UserGroupManager::addUserToGroup

Where is UserGroupManager::addUserToGroup called from

SpecialUserRights.php is calling UserGroupManager::addUserToGroup

Work done as explained above.

includes/installer/Installer.php

From this file, the function is called to create the first user account, and grant it sysop, bureaucrat, and interface-admin rights. Therefore, I believe no changes are needed.

includes/user/User.php

User::addGroup calls UserGroupManager::addUserToGroup but has been deprecated.
It is now replaced with UserRightsProxy::addGroup which isn't being used on core.
Therefore, I believe no changes are needed.

The following files are maintenance files that use the UserGroupManager::addUserToGroup to add the bot group to a system user, Therefore, I believe no changes are needed.

maintenance/cleanupSpam.php
maintenance/deleteDefaultMessages.php
maintenance/deleteEqualMessages.php
tests/phpunit/includes/api/ApiStashEditTest.php

The following files are test files that use the UserGroupManager::addUserToGroup. They test the functions that actually add groups to users. They do not save in the database.
Therefore and with the work done previously to prevent temp users to save groups and use certain functionality, I believe no changes are needed.

tests/phpunit/includes/upload/UploadFromUrlTest.php
tests/phpunit/includes/user/UserGroupManagerTest.php
tests/phpunit/integration/includes/user/UserRightsProxyTest.php
AGueyte moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jul 5 2023, 7:19 PM
AGueyte mentioned this in T341684: Temp Users should not show up on the dropdown in Special:UserRights.Jul 12 2023, 12:20 PM
gerritbot added a comment.Jul 13 2023, 5:37 PM

Change 935143 merged by jenkins-bot:

[mediawiki/core@master] Prevent saving groups to a Temp User

https://gerrit.wikimedia.org/r/935143

ReleaseTaggerBot edited projects, added MW-1.41-notes (1.41.0-wmf.18; 2023-07-18); removed MW-1.41-notes (1.41.0-wmf.16; 2023-07-04).Jul 13 2023, 6:00 PM
Maintenance_bot removed a project: Patch-For-Review.Jul 13 2023, 6:10 PM
Dreamy_Jazz moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jul 13 2023, 6:50 PM
GMikesell-WMF subscribed.Jul 17 2023, 8:12 PM

@AGueyte Tested the following and I cannot add/remove rights on temp users as seen in the screenshots below, which all resulted in "Temporary users do not have groups.". I will move this to Done, thanks for all your work!

Userrights added/removed: bot, bureaucrat, checkuser, checksuer-temporary-account, electionadmin, interface-admin, no-ipinfo, steward, suppress, sysop, upwizcampeditors
Environment: Local
Old patch- 1bb83857973c5bc9cf0fdb0841baa9c45e1e1384
Current patch- 6853d8b390c3b12aa554e5f6dcbf65b3adc492e7

Special:UserRights -w/temp user

OldPatchCurrenPatch
T340468_IPMasking_TempUserRights_Old.png (988×3 px, 267 KB)
T340468_IPMasking_TempUserRights_Current.png (610×3 px, 157 KB)

APISandBox -w/temp user
Result

T340468_IPMasking_TempUserRights_CurrentConfigResult.png (771×3 px, 247 KB)

Sample Config
T340468_IPMasking_TempUserRights_CurrentConfig.png (1×3 px, 272 KB)

GMikesell-WMF moved this task from QA/Testing 🐞 to Done Q1 2023-2024 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jul 17 2023, 8:14 PM
gerritbot added a comment.Jul 20 2023, 11:32 AM

Change 940043 had a related patch set uploaded (by Thiemo Kreuz (WMDE); author: Zabe):

[mediawiki/core@master] SpecialUserRights: Check for username to be temporary

https://gerrit.wikimedia.org/r/940043

gerritbot added a project: Patch-For-Review.Jul 20 2023, 11:32 AM
thiemowmde added a parent task: T342322: Unable to use interwiki Special:UserRights.Jul 20 2023, 11:32 AM
gerritbot added a comment.Jul 20 2023, 11:50 AM

Change 940126 had a related patch set uploaded (by Dreamy Jazz; author: Zabe):

[mediawiki/core@wmf/1.41.0-wmf.18] SpecialUserRights: Check for username to be temporary

https://gerrit.wikimedia.org/r/940126

gerritbot added a comment.Jul 20 2023, 11:56 AM

Change 940043 merged by jenkins-bot:

[mediawiki/core@master] SpecialUserRights: Check for username to be temporary

https://gerrit.wikimedia.org/r/940043

gerritbot added a comment.Jul 20 2023, 12:11 PM

Change 940126 merged by jenkins-bot:

[mediawiki/core@wmf/1.41.0-wmf.18] SpecialUserRights: Check for username to be temporary

https://gerrit.wikimedia.org/r/940126

Stashbot added a comment.Jul 20 2023, 12:12 PM

Mentioned in SAL (#wikimedia-operations) [2023-07-20T12:12:13Z] <zabe@deploy1002> Started scap: Backport for [[gerrit:940126|SpecialUserRights: Check for username to be temporary (T340468 T342322)]]

Stashbot mentioned this in T342322: Unable to use interwiki Special:UserRights.Jul 20 2023, 12:12 PM

Mentioned in SAL (#wikimedia-operations) [2023-07-20T12:13:49Z] <zabe@deploy1002> zabe and dreamyjazz: Backport for [[gerrit:940126|SpecialUserRights: Check for username to be temporary (T340468 T342322)]] synced to the testservers mwdebug2002.codfw.wmnet, mwdebug2001.codfw.wmnet, mwdebug1001.eqiad.wmnet, mwdebug1002.eqiad.wmnet, and mw-debug kubernetes deployment (accessible via k8s-experimental XWD option)

Stashbot added a comment.Jul 20 2023, 12:20 PM

Mentioned in SAL (#wikimedia-operations) [2023-07-20T12:20:35Z] <zabe@deploy1002> Finished scap: Backport for [[gerrit:940126|SpecialUserRights: Check for username to be temporary (T340468 T342322)]] (duration: 08m 22s)

Maintenance_bot removed a project: Patch-For-Review.Jul 20 2023, 12:30 PM
Tchanders mentioned this in T340458: Throw an error from API Userrights explaining that temporary users do not have groups.Jul 26 2023, 9:29 AM
Tchanders closed this task as Resolved.Aug 14 2023, 10:19 AM
Tchanders removed a subtask: T341684: Temp Users should not show up on the dropdown in Special:UserRights.Feb 7 2024, 9:48 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits