Page MenuHomePhabricator
Create Task
Maniphest T343963

CentralAuthUser::getInstanceByName (and similar) should normalize the user name
Closed, ResolvedPublic
Actions

Description

If getInstanceByName is called with a non-canonical username, that non-canonical name will also be used in any database queries which can create subtle bugs like T343958.

Details

SubjectRepoBranchLines +/-
User: Normalize username of user if in non-canonical formmediawiki/extensions/CentralAuthmaster+39 -18
logging: Fix LogFormatterTestCase from throwing with CheckUsermediawiki/coremaster+2 -0
[EXP] tests: Properly mock external users to track contributionsmediawiki/extensions/AbuseFiltermaster+1 -1
CentralAuthUser: Don't expose `::setInstanceByName()` directlymediawiki/extensions/CentralAuthmaster+5 -11
Customize query in gerrit

Related Objects

Event Timeline

taavi created this task.Aug 10 2023, 10:20 AM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptAug 10 2023, 10:20 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
taavi mentioned this in T343958: Renaming one account multiple times creates duplicate global accounts.Aug 10 2023, 10:51 AM
Krinkle edited projects, added MediaWiki-Platform-Team (Radar); removed MediaWiki-Platform-Team.Aug 21 2023, 1:05 PM
Tgr moved this task from Radar to Within 2 Qs on the MediaWiki-Platform-Team board.Dec 4 2023, 10:02 PM
Tgr edited projects, added MediaWiki-Platform-Team; removed MediaWiki-Platform-Team (Radar).
gerritbot added a comment.Jan 8 2024, 10:41 AM

Change 988450 had a related patch set uploaded (by D3r1ck01; author: Derick Alangi):

[mediawiki/extensions/CentralAuth@master] Normalize username of user if in non-canonical form

https://gerrit.wikimedia.org/r/988450

gerritbot added a project: Patch-For-Review.Jan 8 2024, 10:41 AM
DAlangi_WMF claimed this task.Jan 8 2024, 10:41 AM
DAlangi_WMF moved this task from Within 2 Qs to Current Sprint on the MediaWiki-Platform-Team board.
gerritbot added a comment.Jan 11 2024, 8:34 AM

Change 989647 had a related patch set uploaded (by D3r1ck01; author: Derick Alangi):

[mediawiki/extensions/CentralAuth@master] CentralAuthUser: Don't expose `::setInstanceByName()` directly

https://gerrit.wikimedia.org/r/989647

gerritbot added a comment.Jan 11 2024, 8:36 AM

Change 988450 abandoned by D3r1ck01:

[mediawiki/extensions/CentralAuth@master] Normalize username of user if in non-canonical form

Reason:

Approaching this differently in Ifd9964ff3c0983aaf77d382f8b5fa1fadc2af000

https://gerrit.wikimedia.org/r/988450

larissagaulia moved this task from Current Sprint to Blocked/waiting on the MediaWiki-Platform-Team board.Jan 15 2024, 3:50 PM
larissagaulia moved this task from Blocked/waiting to Current Sprint on the MediaWiki-Platform-Team board.
gerritbot added a comment.Jan 17 2024, 2:36 AM

Change 989647 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] CentralAuthUser: Don't expose `::setInstanceByName()` directly

https://gerrit.wikimedia.org/r/989647

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.15; 2024-01-23).Jan 17 2024, 3:00 AM
Maintenance_bot removed a project: Patch-For-Review.Jan 17 2024, 3:30 AM
gerritbot added a comment.Jan 17 2024, 9:03 AM

Change 988450 restored by D3r1ck01:

[mediawiki/extensions/CentralAuth@master] Normalize username of user if in non-canonical form

https://gerrit.wikimedia.org/r/988450

gerritbot added a project: Patch-For-Review.Jan 17 2024, 9:03 AM
DAlangi_WMF moved this task from Current Sprint to Blocked/waiting on the MediaWiki-Platform-Team board.Jan 29 2024, 2:12 PM
pmiazga moved this task from Blocked/waiting to Current Sprint on the MediaWiki-Platform-Team board.Feb 12 2024, 4:11 PM
gerritbot added a comment.Feb 13 2024, 3:10 PM

Change 1003005 had a related patch set uploaded (by D3r1ck01; author: Derick Alangi):

[mediawiki/extensions/AbuseFilter@master] tests: Fix usernames that seem like invalid usernames

https://gerrit.wikimedia.org/r/1003005

gerritbot added a comment.Feb 15 2024, 12:38 PM

Change 1003005 abandoned by D3r1ck01:

[mediawiki/extensions/AbuseFilter@master] [EXP] tests: Properly mock external users to track contributions

Reason:

https://gerrit.wikimedia.org/r/1003005

gerritbot added a comment.Feb 15 2024, 1:17 PM

Change 1003752 had a related patch set uploaded (by D3r1ck01; author: Derick Alangi):

[mediawiki/core@master] logging: Fix LogFormatterTestCase from throwing with CheckUser

https://gerrit.wikimedia.org/r/1003752

gerritbot added a comment.Feb 15 2024, 3:26 PM

Change 1003752 merged by jenkins-bot:

[mediawiki/core@master] logging: Fix LogFormatterTestCase from throwing with CheckUser

https://gerrit.wikimedia.org/r/1003752

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.19; 2024-02-20); removed MW-1.42-notes (1.42.0-wmf.15; 2024-01-23).Feb 15 2024, 5:00 PM
gerritbot added a comment.Feb 16 2024, 12:23 AM

Change 988450 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] User: Normalize username of user if in non-canonical form

https://gerrit.wikimedia.org/r/988450

DAlangi_WMF closed this task as Resolved.Feb 16 2024, 7:13 AM

With the CA patch merged, I think this is resolved. Please reopen if there is something we're missing.

dom_walden mentioned this in T357746: /wiki/Special:BlockList InvalidArgumentException: Invalid username.Feb 16 2024, 7:41 AM
matmarex mentioned this in T358112: Special:Contributions for IP ranges fails with InvalidArgumentException , due to CentralAuth.Feb 21 2024, 7:32 PM
Umherirrender mentioned this in T358149: InvalidArgumentException: Invalid username: Https//www.cocororo.net/.Feb 21 2024, 9:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL