Page MenuHomePhabricator
Create Task
Maniphest T358806

CannotCreateActorException when a logged out user triggers SpamBlacklist log
Open, Needs TriagePublic
Actions

Description

Steps to reproduce
  • Add the config:
    • $wgAutoCreateTempUser['enabled'] = true;
    • wfLoadExtension( 'SpamBlacklist' );
    • $wgLogSpamBlacklistHits = true;
  • As an admin, add the line example.org to MediaWiki:Spam-blacklist
  • Log out and try to add http://example.org/ to an article

This encounters the CannotCreateActorException:

[f6829f9e7a9d7a175bde6390] /mediawiki/core/index.php?title=Flour&action=submit CannotCreateActorException: Cannot create an actor for a usable name that is not an existing user: user_name="*184"

Backtrace:

from /var/www/html/mediawiki/core/includes/user/ActorStore.php(632)
#0 /var/www/html/mediawiki/core/includes/user/ActorStore.php(416): MediaWiki\User\ActorStore->validateActorForInsertion()
#1 /var/www/html/mediawiki/core/includes/logging/ManualLogEntry.php(299): MediaWiki\User\ActorStore->acquireActorId()
#2 /var/www/html/mediawiki/extensions/SpamBlacklist/includes/SpamBlacklist.php(252): ManualLogEntry->insert()
#3 /var/www/html/mediawiki/extensions/SpamBlacklist/includes/SpamBlacklist.php(152): MediaWiki\Extension\SpamBlacklist\SpamBlacklist->logFilterHit()
#4 /var/www/html/mediawiki/extensions/SpamBlacklist/includes/Hooks.php(135): MediaWiki\Extension\SpamBlacklist\SpamBlacklist->filter()
#5 /var/www/html/mediawiki/core/includes/HookContainer/HookContainer.php(159): MediaWiki\Extension\SpamBlacklist\Hooks->onEditFilterMergedContent()
#6 /var/www/html/mediawiki/core/includes/HookContainer/HookRunner.php(1476): MediaWiki\HookContainer\HookContainer->run()
#7 /var/www/html/mediawiki/core/includes/editpage/Constraint/EditFilterMergedContentHookConstraint.php(106): MediaWiki\HookContainer\HookRunner->onEditFilterMergedContent()
#8 /var/www/html/mediawiki/core/includes/editpage/Constraint/EditConstraintRunner.php(88): MediaWiki\EditPage\Constraint\EditFilterMergedContentHookConstraint->checkConstraint()
#9 /var/www/html/mediawiki/core/includes/editpage/EditPage.php(2401): MediaWiki\EditPage\Constraint\EditConstraintRunner->checkConstraints()
#10 /var/www/html/mediawiki/core/includes/editpage/EditPage.php(1785): MediaWiki\EditPage\EditPage->internalAttemptSave()
#11 /var/www/html/mediawiki/core/includes/editpage/EditPage.php(715): MediaWiki\EditPage\EditPage->attemptSave()
#12 /var/www/html/mediawiki/core/includes/actions/EditAction.php(66): MediaWiki\EditPage\EditPage->edit()
#13 /var/www/html/mediawiki/core/includes/actions/SubmitAction.php(38): EditAction->show()
#14 /var/www/html/mediawiki/core/includes/actions/ActionEntryPoint.php(733): SubmitAction->show()
#15 /var/www/html/mediawiki/core/includes/actions/ActionEntryPoint.php(510): MediaWiki\Actions\ActionEntryPoint->performAction()
#16 /var/www/html/mediawiki/core/includes/actions/ActionEntryPoint.php(145): MediaWiki\Actions\ActionEntryPoint->performRequest()
#17 /var/www/html/mediawiki/core/includes/MediaWikiEntryPoint.php(199): MediaWiki\Actions\ActionEntryPoint->execute()
#18 /var/www/html/mediawiki/core/index.php(58): MediaWiki\MediaWikiEntryPoint->run()
#19 {main}
Problem

This is because an unsaved temporary user has been passed to ManualLogEntry::insert, which tries to find the actor ID.

This is similar to T358632 but likely more general, since it is coming from ManualLogEntry. The unsaved temporary user is created by EditPage and checked against several constraints. Any of these that insert a log could have the same problem.

Solution

Logs in general

  • If we log the IP user instead, that would leak the IP address. Restricting the visibility of the logs to users with the IP reveal right would be difficult because it could affect lots of log types. We'd also need to purge those IPs from core.
  • If we make the temp account, that would give access to the IP reveal infrastructure for free, if the action also makes it into the CheckUser tables. Though if it doesn't, we'd lose the IP address information.

SpamBlacklist in particular

SpamBlacklist::logFilterHit logs to CheckUser instead if a log is considered restricted, so we could either:

  • Log the IP actor but only log in CheckUser, if it's OK for only checkusers to see the log; or
  • Make the temp account (with the rate limiting caveats mentioned in T334623#9588779), in which case SpamBlacklist already logs to CheckUser via recent changes.

Related Objects
Search...

Event Timeline

Tchanders created this task.Feb 29 2024, 8:39 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 29 2024, 8:39 PM
Tchanders mentioned this in T334623: How do we log unsuccessful first edits for temporary users?.Feb 29 2024, 8:39 PM
Tchanders mentioned this in T353953: Don't use actor IDs for private CheckUser events when these actions are performed by IP addresses.Feb 29 2024, 8:55 PM
kostajh added a parent task: T359043: Enable temp account creation in DevelopmentSettings.php.Mar 4 2024, 1:36 PM
kostajh mentioned this in T359194: Instrument potential temporary account creations.Mar 5 2024, 4:59 PM
kostajh mentioned this in T359405: Create temporary account early in edit cycle for all edit attempts.Mar 6 2024, 3:03 PM
Daimona mentioned this in T359933: Audit attemptSave, onEditFilter and onEditFilterMergedContent implementations to see which ones check for IP user specifically.Mar 18 2024, 3:31 PM
kostajh claimed this task.Mar 22 2024, 1:18 PM
Tchanders mentioned this in T326929: [SPIKE] Investigate TitleBlacklist extension to see if changes are required for IP Masking.Mar 22 2024, 3:31 PM
Tchanders mentioned this in T360870: How should we represent actors that do something loggable but don't create a temp account?.Mar 25 2024, 9:44 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL