Page MenuHomePhabricator
Create Task
Maniphest T359116

Split up CentralAuth into smaller extensions
Open, Needs TriagePublic
Actions

Description

CentralAuth is large, hard to maintain, and extremely specific to Wikimedia wikis, even though many of its pieces aren't. Splitting it up into smaller extensions would have several advantages:

  • better maintainability (e.g. many of these extensions would be very simple to install, while the current extension aren't)
  • clearer scope (e.g. different WMF teams would want to make decisions about authentication techniques vs. anti-abuse features)
  • reusability (while the concept of merging users with the same name on different wikis is fairly WMF-specific, global permissions or global rename are very generic and could easily be reused with different authentication extensions)

This has been discussed at many places (e.g. User:Taavi/CentralAuth, T252244#6339170, T358979#9596007) and I think there is more or less a silent consensus that this should be the long-term trajectory of the extension, so let's try to turn that that into an explicit consensus.

Usually the fragments proposed look something like this:

  • The central user database stays in CentralAuth and becomes the single purpose of the extension. (Possibly better integrated into core via something like T352823, but it's not necessary.) It continues to handle login and registration, the globaluserinfo and globalallusers APIs, and related complications with SUL migration phases (or maybe that gets dropped per T288906).
  • The central session and the centralauthtoken API (ie. the SSO functionality) becomes a new extension.
  • Global groups and wikisets become a new extension. T355381: Split global group and wiki set to a new extension
  • Global account suppression and locking can go into GlobalBlocking (with locking maybe converted into regular blocks). T17294: Allow blocking of global accounts (and various related tasks)
  • Global rename becomes its own extension. T343984: Split global rename requests/queue to a separate extension
  • Find a home for the various smaller bits like global password policies, global edit count, Special:CentralAuth.

The glue between the various extensions would be the CentralIdLookup service in core; plus in a few cases an explicit assumption that the same user is called the same name over various wikis (global rename at least wouldn't really make sense without that assumption).

Related Objects
Search...

Event Timeline

Tgr created this task.Mar 4 2024, 10:10 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptMar 4 2024, 10:10 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Tgr mentioned this in T358979: Show global block information on Special:CentralAuth/<username>.Mar 4 2024, 10:10 PM
Tgr updated the task description. (Show Details)
Bugreporter added a comment.Mar 5 2024, 12:39 AM

with user rename from MediaWiki core maybe also moved there

We just done T27482: Merge RenameUser into core and since 1. most MediaWiki installations are single and 2. we merged it because there are maintanence script using the rename feature, there are no reason to split it again.

Mainframe98 subscribed.Mar 5 2024, 9:48 AM
Tgr updated the task description. (Show Details)Mar 5 2024, 12:02 PM
In T359116#9598873, @Bugreporter wrote:

with user rename from MediaWiki core maybe also moved there

We just done T27482: Merge RenameUser into core and since 1. most MediaWiki installations are single and 2. we merged it because there are maintanence script using the rename feature, there are no reason to split it again.

I guess I just don't see user rename as core functionality. Either way, doesn't affect this task much.

ArielGlenn subscribed.Mar 6 2024, 9:05 AM
pmiazga moved this task from Inbox, needs triage to Within 2 Qs on the MediaWiki-Platform-Team board.Mar 11 2024, 4:12 PM
pmiazga added subscribers: Bmueller, pmiazga.

@Bmueller please check if we could fit that into next fiscal year.

Tgr mentioned this in T161859: Make Wikitech an SUL wiki.Mar 11 2024, 9:02 PM
Tgr added a comment.Sun, Apr 21, 9:10 AM

There is a GlobalUserrights extension, maybe it would make sense to reuse that for the global groups part.

Tgr mentioned this in T355376: Replace $wgSharedDb with virtual domains.Sun, Apr 21, 9:17 AM
Tgr added a subtask: T343984: Split global rename requests/queue to a separate extension.
Tgr added a subtask: T355381: Split global group and wiki set to a new extension.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL