Page MenuHomePhabricator
Create Task
Maniphest T352823

Split user table to multiple tables
Open, Needs TriagePublic
Actions

Description

(this is only an idea, and actually contains multiple things to do)

Purpose:

FieldNew table
user_idkept
user_namekept
user_real_nameuser_properties (see T306248)
user_passworduser_password
user_newpassworduser_password
user_newpass_timeuser_password
user_emailuser_email
user_touchedkept
user_tokenuser_token (optional, potentially with T65354?)
user_email_authenticateduser_email
user_email_tokenuser_email
user_email_token_expiresuser_email
user_registrationkept
user_editcountuser_editcount
user_password_expiresuser_password
user_is_tempkept

This introduces 4 new tables: user_password, user_email, user_editcount and user_token.

Note:

  • user_password, user_email should never have rows for temporary accounts and system accounts; user_token should never have rows for system accounts.
  • In Wikimedia projects user_password, user_email and user_token table should be empty (but potentially contains some rows for non-SUL accounts for now) since passwords and emails should be managed via CentralAuth. In the long term they can even be dropped, and we use then from CentralAuth only: see T397367: Drop unneeded empty tables from wikis.
  • user_editcount will only have rows for users with edits (so lacking a row implies an edit count of zero). Since 90% of Wikimedia accounts have no edits this table will be significantly smaller than user table. If we have an index of this table it may also solve T344782: New special page to list users by highest edit count.
  • we need to first migrate local emails to CentralAuth
  • currently CentralAuth does not provides an email address confirmation mechanism, and we need to make one
  • optionally I also propose to split the email and password related fields of CentralAuth globaluser to new tables, to reduce the database footprint of temporary users

See also: T391785: Introduce dedicated tables for CentralAuth passwords, emails and tokens for CentralAuth equivalent

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT352823 Split user table to multiple tables
 OpenNoneT402952 Move user_editcount into its own table, and shard it

Event Timeline

Bugreporter created this task.Dec 6 2023, 12:04 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 6 2023, 12:04 AM
Reedy subscribed.Dec 6 2023, 1:38 PM

Potentially allows users to have multiple email addresses registered to an account too... Which can give extra recovery options...

Reedy added a comment.Dec 6 2023, 1:43 PM

I think there's a task somewhere about storing passwords in a different table, if not a completely different database/cluster..

Bugreporter added a comment.Dec 6 2023, 3:22 PM
In T352823#9386684, @Reedy wrote:

I think there's a task somewhere about storing passwords in a different table, if not a completely different database/cluster..

T120484: Store CentralAuth password hashes outside the main database cluster. In my opinion this can be done in several steps:

  1. Introduce new table to store passwords in MediaWiki instances
  2. Migrate remaining local passwords to CentralAuth so in SUL wiki we have an empty password table
  3. Introduce table to store CentralAuth password
  4. Move CentralAuth password storage table to a new cluster
  5. Create a service to handle CentralAuth password (that task)
Tgr subscribed.Jan 4 2024, 4:25 AM
In T352823#9386684, @Reedy wrote:

I think there's a task somewhere about storing passwords in a different table, if not a completely different database/cluster..

T183420: Authentication data should not be available through the normal DB abstraction layer

Bugreporter mentioned this in T21161: Don't autologin if local account doesn't exist (don't autocreate if user doesn't explicitly login).Jan 7 2024, 5:54 PM
Bugreporter mentioned this in T17294: Allow globally blocking of accounts.Feb 20 2024, 12:10 PM
Bugreporter added a comment.Feb 20 2024, 12:19 PM

Note: Currently isSystemUser() checks "A user is considered to exist as a non-system user if it can authenticate, or has an email set, or has a non-invalid token." (https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/user/User.php$2273) and resetting a token simply replacing it with another random valid one, not an invalid one (T17294#9558467). In my task description invalid token does not exist anymore (system user will have no token at all, as are expired temporary accounts) so we can not check system users in this way. Instead I propose to check them via a special username format (T214722#8845922).

kostajh subscribed.Feb 20 2024, 2:01 PM
Tgr mentioned this in T359116: Split up CentralAuth into smaller extensions.Mar 4 2024, 10:10 PM
JayCano added a project: Temporary accounts.Sep 12 2024, 12:57 PM
kostajh moved this task from Inbox to Backlog on the Temporary accounts board.Sep 13 2024, 11:10 AM
Bugreporter mentioned this in T375441: Store expiry date and status of temporary account in database.Sep 24 2024, 12:36 AM
Ladsgroup subscribed.Sep 27 2024, 7:26 PM
Ladsgroup added a comment.Sep 27 2024, 7:48 PM

I really like the idea. We probably need to iron out some details since whatever changes we will be stuck with for a long time. For the start I actually recommend doing user_editcount first since: 1- most users doesn't have edits 2- we should shard per user similar to site_stats to reduce the lock contention caused by bots editing too fast (or cat-a-lot) and 3- this remove large locks on user table since a lot just lock the user row for updating edit count.

Bugreporter mentioned this in T391785: Introduce dedicated tables for CentralAuth passwords, emails and tokens.Apr 13 2025, 10:02 PM
Alex44019 subscribed.May 20 2025, 1:57 AM
Restricted Application added a project: Trust and Safety Product Team. · View Herald TranscriptMay 20 2025, 1:57 AM
Michael subscribed.May 20 2025, 3:20 PM
Niharika moved this task from Backlog to Needs Other Teams on the Temporary accounts board.Jun 9 2025, 8:20 AM
Dreamy_Jazz moved this task from Inbox to Tracking work by others on the Trust and Safety Product Team board.Aug 11 2025, 2:49 PM
Bugreporter mentioned this in T402854: Add a high-throughput counter system to MediaWiki.Aug 26 2025, 12:35 AM
Bugreporter updated the task description. (Show Details)Aug 26 2025, 12:38 AM
Bugreporter updated the task description. (Show Details)Aug 26 2025, 2:24 AM
Novem_Linguae subscribed.Aug 26 2025, 5:08 PM
Novem_Linguae added a subtask: T402952: Move user_editcount into its own table, and shard it.Aug 26 2025, 5:31 PM
Novem_Linguae mentioned this in T365303: Move update of category members count to CategoryMembershipChangeJob.
OKryva-WMF edited projects, added Product Safety and Integrity; removed Trust and Safety Product Team.Oct 24 2025, 3:15 PM
OKryva-WMF moved this task from Inbox to Triaged (backlog) on the Product Safety and Integrity board.Oct 24 2025, 3:23 PM
Dreamy_Jazz removed a project: Product Safety and Integrity.Jan 7 2026, 8:51 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits