Page MenuHomePhabricator
Create Task
Maniphest T352823

Split user table to multiple tables
Open, Needs TriagePublic
Actions

Description

(this is only an idea, and actually contains multiple things to do)

Purpose:

FieldNew table
user_idkept
user_namekept
user_real_nameuser_properties (see T306248)
user_passworduser_password
user_newpassworduser_password
user_newpass_timeuser_password
user_emailuser_email
user_touchedkept
user_tokenuser_token (optional, potentially with T65354?)
user_email_authenticateduser_email
user_email_tokenuser_email
user_email_token_expiresuser_email
user_registrationkept
user_editcountuser_editcount
user_password_expiresuser_password
user_is_tempkept

This introduces 4 (or 3) new tables: user_password, user_email, user_editcount and (potentially) user_token.

Note:

  • user_password, user_email should never have rows for temporary accounts and system accounts; user_token should never have rows for system accounts.
  • In Wikimedia projects user_password, user_email (and potentially user_token) table should be empty (but potentially contains some rows for non-SUL accounts for now) since passwords and emails should be managed via CentralAuth
  • user_editcount will only have rows for users with edits (so lacking a row implies an edit count of zero). Since 90% of Wikimedia accounts have no edits this table will be significantly smaller than user table. If we have an index of this table it may also solve T344782: New special page to list users by highest edit count.
  • we need to first migrate local emails to CentralAuth
  • currently CentralAuth does not provides an email address confirmation mechanism, and we need to make one
  • optionally I also propose to split the email and password related fields of CentralAuth globaluser to new tables, to reduce the database footprint of temporary users

Related Objects

Event Timeline

Bugreporter created this task.Dec 6 2023, 12:04 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 6 2023, 12:04 AM
Reedy subscribed.Dec 6 2023, 1:38 PM

Potentially allows users to have multiple email addresses registered to an account too... Which can give extra recovery options...

Reedy added a comment.Dec 6 2023, 1:43 PM

I think there's a task somewhere about storing passwords in a different table, if not a completely different database/cluster..

Bugreporter added a comment.Dec 6 2023, 3:22 PM
In T352823#9386684, @Reedy wrote:

I think there's a task somewhere about storing passwords in a different table, if not a completely different database/cluster..

T120484: Create password-authentication service for use by CentralAuth. In my opinion this can be done in several steps:

  1. Introduce new table to store passwords in MediaWiki instances
  2. Migrate remaining local passwords to CentralAuth so in SUL wiki we have an empty password table
  3. Introduce table to store CentralAuth password
  4. Move CentralAuth password storage table to a new cluster
  5. Create a service to handle CentralAuth password (that task)
Tgr subscribed.Jan 4 2024, 4:25 AM
In T352823#9386684, @Reedy wrote:

I think there's a task somewhere about storing passwords in a different table, if not a completely different database/cluster..

T183420: Authentication data should not be available through the normal DB abstraction layer

Bugreporter mentioned this in T21161: Don't autologin if local account doesn't exist (don't autocreate if user doesn't explicitly login).Jan 7 2024, 5:54 PM
Bugreporter mentioned this in T17294: Allow globally blocking of accounts.Feb 20 2024, 12:10 PM
Bugreporter added a comment.Feb 20 2024, 12:19 PM

Note: Currently isSystemUser() checks "A user is considered to exist as a non-system user if it can authenticate, or has an email set, or has a non-invalid token." (https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/user/User.php$2273) and resetting a token simply replacing it with another random valid one, not an invalid one (T17294#9558467). In my task description invalid token does not exist anymore (system user will have no token at all, as are expired temporary accounts) so we can not check system users in this way. Instead I propose to check them via a special username format (T214722#8845922).

kostajh subscribed.Feb 20 2024, 2:01 PM
Tgr mentioned this in T359116: Split up CentralAuth into smaller extensions.Mar 4 2024, 10:10 PM
JayCano added a project: Temporary accounts.Sep 12 2024, 12:57 PM
kostajh moved this task from Inbox to Triaged on the Temporary accounts board.Sep 13 2024, 11:10 AM
Bugreporter mentioned this in T375441: Store expiry date and status of temporary account in database.Sep 24 2024, 12:36 AM
Ladsgroup subscribed.Sep 27 2024, 7:26 PM
Ladsgroup added a comment.Sep 27 2024, 7:48 PM

I really like the idea. We probably need to iron out some details since whatever changes we will be stuck with for a long time. For the start I actually recommend doing user_editcount first since: 1- most users doesn't have edits 2- we should shard per user similar to site_stats to reduce the lock contention caused by bots editing too fast (or cat-a-lot) and 3- this remove large locks on user table since a lot just lock the user row for updating edit count.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits