Page MenuHomePhabricator
Create Task
Maniphest T349806

Clarify and fix QuickStatements configuration
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

Current Situation:
The documentation for QuickStatements, both in the Docker image READMEwe indicate that the user should set WB_PUBLIC_SCHEME_HOST_AND_PORT to "Host and port of Wikibase as seen by the user's browser". However, for QuickStatements OAuth to work this address also needs to be accessible inside the Docker network in a Docker compose environment such as we have provided in our example. Docker service names without an additional tool or special configuration on a user's machine will not be accessible in the "user's browser".

Once an address is configured which is accessible both inside and outside the service in a Docker Compose context, OAuth will work.

Goal:
Make Quickstatements oauth work in example configuration.

Acceptance Criteria:
Determine if there is a way to configure QuickStatements to work with an address which is strictly used internally by requests issued by the service, and one that is only used for links or redirects happening externally in the user's browser:

  • If this is possible, correct the current environment variables usage within the QuickStatements image Docker setup (i.e. Docker/build/QuickStatements/*) to make WIKIBASE_SCHEME_AND_HOST be only used internally, and WB_PUBLIC_SCHEME_HOST_AND_PORT and QS_PUBLIC_SCHEME_HOST_AND_PORT only ever used for things which happen in the user's browser.
  • If this isn't possible. then amend the documentation both on the QuickStatements docker image and in /example to clarify the use of these variables along with a suggestion or two about how to configure an address that is accessible both inside and outside the Docker service.

Notes:

  • The issue may well be with our image instead of the example config

Related Objects
Search...

Event Timeline

lojo_wmde created this task.Oct 26 2023, 9:58 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 26 2023, 9:58 AM
lojo_wmde updated the task description. (Show Details)Oct 26 2023, 9:59 AM
lojo_wmde updated the task description. (Show Details)
lojo_wmde added a project: Initial Setup & Configuration.Oct 26 2023, 2:20 PM
darthmon_wmde moved this task from Inbox to Prioritised + Unrefined on the Wikibase Suite Team board.Nov 14 2023, 12:15 PM
darthmon_wmde added a project: wbSuite Release Pipeline.
darthmon_wmde updated the task description. (Show Details)Nov 14 2023, 2:26 PM
lojo_wmde moved this task from Prioritised + Unrefined to Focus: Initial Setup and Configuration on the Wikibase Suite Team board.Nov 20 2023, 12:05 PM
lojo_wmde updated the task description. (Show Details)Nov 20 2023, 12:23 PM
darthmon_wmde moved this task from Focus: Initial Setup and Configuration to Prioritised + Unrefined on the Wikibase Suite Team board.Nov 22 2023, 11:17 AM
darthmon_wmde updated the task description. (Show Details)Nov 27 2023, 12:45 PM
darthmon_wmde set the point value for this task to 5.
darthmon_wmde moved this task from Prioritised + Unrefined to Prioritised + Refined (ready to be moved into the sprint) on the Wikibase Suite Team board.Nov 27 2023, 1:01 PM
roti_WMDE moved this task from Prioritised + Refined (ready to be moved into the sprint) to Sprint-∞ on the Wikibase Suite Team board.Dec 19 2023, 2:37 PM
roti_WMDE edited projects, added Wikibase Suite Team (Sprint-∞); removed Wikibase Suite Team.
lojo_wmde changed the task status from Open to In Progress.Dec 23 2023, 12:59 PM
lojo_wmde moved this task from To do (prio from top to bottom) to Doing on the Wikibase Suite Team (Sprint-∞) board.
lojo_wmde moved this task from Doing to To do (prio from top to bottom) on the Wikibase Suite Team (Sprint-∞) board.
lojo_wmde moved this task from To do (prio from top to bottom) to Doing on the Wikibase Suite Team (Sprint-∞) board.Dec 27 2023, 8:44 AM
lojo_wmde added a comment.EditedDec 27 2023, 5:16 PM

After googling, trial-and-error, careful line-by-line debugging in the Quickstatements and Magnustools code, and testing against old releases of WBS, I've concluded that Quickstatements OAuth without a URL which can be seen both within Docker and outside of it, has never worked.

I could be still be wrong, but I've certainly never found a way to make it work, and searching into numerous relevant discussions not found a single case where someone said definitely that they ever have seen it work. Furthermore I'm starting to think that it doesn't make sense for it to work due to cross domain issues. The OAuth request is happening from one domain in the Docker world and another with the Public URL. I believe the resulting nonce and/or cookies will not be valid between both domains. There may be some clever and still secure way to handle this, but I don't see it the Quickstatements code, and don't have any great ideas for what that would look like.

Some related conversations:

https://github.com/wmde/wikibase-release-pipeline/issues/282
https://stackoverflow.com/questions/62816363/why-does-the-query-service-in-my-wikibase-installed-through-docker-not-contain-c
https://phabricator.wikimedia.org/T267812
https://phabricator.wikimedia.org/T315916

lojo_wmde mentioned this in T354073: Create a TLD with 127.0.0.1 routing of subdomains for example/distribution (Fixes Quickstatements).Dec 28 2023, 7:11 AM
lojo_wmde moved this task from Doing to In Review on the Wikibase Suite Team (Sprint-∞) board.Jan 1 2024, 10:50 PM
lojo_wmde updated the task description. (Show Details)Jan 3 2024, 10:54 AM
lojo_wmde updated the task description. (Show Details)Jan 3 2024, 12:12 PM
darthmon_wmde mentioned this in T315916: Wikibase: Quick-statements behind reverse proxy.Jan 3 2024, 12:18 PM
lojo_wmde added a comment.Jan 3 2024, 1:45 PM

Basic work completed in:

https://github.com/wmde/wikibase-release-pipeline/pull/564

Additional PRs which brings to Example the reverse proxy service and routable subdomains which are needed to make it work. Also adds example/wbs helper/installer script:

https://github.com/wmde/wikibase-release-pipeline/pull/563
https://github.com/wmde/wikibase-release-pipeline/pull/562

lojo_wmde closed this task as Resolved.Jan 8 2024, 4:21 AM
lojo_wmde claimed this task.
lojo_wmde moved this task from In Review to Done on the Wikibase Suite Team (Sprint-∞) board.
Physikerwelt added a project: NFDI.Jan 9 2024, 9:33 AM
darthmon_wmde moved this task from Sprint-∞ to Archive (closed) on the Wikibase Suite Team board.Jan 12 2024, 11:41 AM
darthmon_wmde edited projects, added Wikibase Suite Team; removed Wikibase Suite Team (Sprint-∞).
roti_WMDE added a parent task: T354646: Release WMDE.15 - (MediaWiki 1.39.6).Jan 22 2024, 12:39 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits