Page MenuHomePhabricator
Create Task
Maniphest T367968

Remove centralauth-merge user right from Wikimedia wikis
Open, Needs TriagePublic
Actions

Description

https://en.wikipedia.org/wiki/Special:ListGroupRights still lists for all users:
"Merge their account (centralauth-merge)"

As far as I know, centralauth-merge has been irrelevant in all Wikimedia wikis since https://www.mediawiki.org/wiki/SUL_finalisation in 2015. Back then all mergeable accounts were either merged or renamed and no longer mergeable.
The user right entry gives a false impression that users can merge accounts. I suggest the right is removed from Wikimedia wikis, and if possible from other wikis where it's no longer relevant.

I came her after answering a misled user at
https://en.wikipedia.org/w/index.php?title=Wikipedia:Teahouse&oldid=1229913520#Question_about_account_merging

I added a note to the enwiki page they actually saw:
https://en.wikipedia.org/w/index.php?title=Template:User_access_levels&diff=prev&oldid=1229914889

Related Objects

Event Timeline

PrimeHunter created this task.Wed, Jun 19, 12:29 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptWed, Jun 19, 12:29 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Tgr renamed this task from centralauth-merge user right is irrelevant in Wikimedia wikis to Remove centralauth-merge user right from Wikimedia wikis.Wed, Jun 19, 7:37 PM
Tgr edited projects, added Wikimedia-Site-requests; removed MediaWiki-Platform-Team, MediaWiki-extensions-CentralAuth.
Bugreporter subscribed.EditedThu, Jun 20, 3:53 AM

Before doing so in my opinion we need to:

  1. Find all currently unattached accounts and rename or merge them (this is basically doing SUL finalisation again, but in a much smaller scale).
  2. After this, we can treat all accounts as mergable - i.e. local accounts not linked to CentralAuth will be automatically attached to global user (if global user does not exist, one will be created); this will also resolve T275931: Have new MassMessage system users be automatically attached to CentralAuth. Unattached local accounts does not work with SUL3.
  3. Remove code that deals with unattached accounts; and also remove the feature to merge account (since it will be completed automatically).

Note: Currently stewards (and formerly bureaucrats) can rename local users. Currently they will become unattached; After this task, renamed local users will be automatically attached to new global account.

Note 2: When locally renamed users become unattached (which is the current situation), the MergeUser special page and centralauth-merge right is still useful. They should not be removed for now.

Bugreporter mentioned this in T288906: Remove or rewrite CentralAuth SUL migration code.Thu, Jun 20, 4:00 AM
Bugreporter mentioned this in T348388: Use central login wiki for login (SUL3).Thu, Jun 20, 4:09 AM
DannyS712 subscribed.Thu, Jun 20, 4:59 AM
In T367968#9908254, @Bugreporter wrote:

Before doing so in my opinion we need to:

  1. Find all currently unattached accounts and rename or merge them (this is basically doing SUL finalisation again, but in a much smaller scale).

Just going to cross link that not all unattached accounts *can* be attached/merged, c.f. T235446 - I don't know about other people's accounts, but I know that https://meta.wikimedia.org/wiki/Special:CentralAuth/DannyS712_(T235446) was created as an unattached local account because otherwise I was unable to login on that wiki at all

Bugreporter added a comment.EditedThu, Jun 20, 6:19 AM

In https://phabricator.wikimedia.org/diffusion/ECAU/browse/master/includes/CentralAuthPrimaryAuthenticationProvider.php$243, CentralAuth will reject login for central users if the local account is not attached. Since I propose to get rid of "unattached account" concept, we would remove this check completely. In addition the AutoMigrate logic in line 221-241 will also become useless.

Also CentralAuth currently check whether a local account is attached by maintaining a localnames table which stored all (potentially unattached) local user names, and compare it with a localuser table which only store attached users. The localnames table should be removed and any usage should be moved to localusers table.

Note the current usages of localnames table (other than maintanence scripts and tests) are limit to one single class: CentralAuthUser, of which localnames is used 5 times:

  • storeMigrationData: write to localnames can be safely removed
  • doListUnattached: drop the whole function (unattached users will not exist anymore)
  • addLocalName, removeLocalName and updateLocalName: drop the function and all usages.
Bugreporter added a comment.EditedThu, Jun 20, 6:42 AM
In T367968#9908268, @DannyS712 wrote:
In T367968#9908254, @Bugreporter wrote:

Before doing so in my opinion we need to:

  1. Find all currently unattached accounts and rename or merge them (this is basically doing SUL finalisation again, but in a much smaller scale).

Just going to cross link that not all unattached accounts *can* be attached/merged, c.f. T235446 - I don't know about other people's accounts, but I know that https://meta.wikimedia.org/wiki/Special:CentralAuth/DannyS712_(T235446) was created as an unattached local account because otherwise I was unable to login on that wiki at all

For this case, it is more likely that there are somehow no record in localuser table, so CentralAuth treated such user as "unattached". Removing the isAttached check will make login successful, but may cause other problems for codes rely on localuser table. A simple way is attach the account when a CentralAuthUser object is created. I am not sure whether it causes other issues (e.g. CentralAuthUser object may be created on GET request and it may be problematic if we do database write), or whether it will fix data inconsistency for accounts that did not login in normal way after SUL finalization (including T275931). We should guarantee new local users created in any way (including new system user) are connected to SUL though.

Bugreporter mentioned this in T368016: Prevent deletion of non-empty global accounts.Thu, Jun 20, 7:13 AM
Bugreporter mentioned this in T368125: Clean up existing unattached accounts.Fri, Jun 21, 7:03 AM
Bugreporter added a comment.Mon, Jun 24, 3:11 AM

Closing as duplicate for now; but may be reopened if the target task is declined.

Bugreporter closed this task as a duplicate of T368235: Remove support for unattached accounts in CentralAuth.Mon, Jun 24, 3:11 AM
DannyS712 added a comment.EditedMon, Jun 24, 3:25 AM
In T367968#9916294, @Bugreporter wrote:

Closing as duplicate for now; but may be reopened if the target task is declined.

In the future please remember to close the newer task as a duplicate of the older task instead of the other way around

Bugreporter added a comment.Mon, Jun 24, 3:26 AM
In T367968#9916307, @DannyS712 wrote:
In T367968#9916294, @Bugreporter wrote:

Closing as duplicate for now; but may be reopened if the target task is declined.

In the future please close the newer task as a duplicate of the older task instead of the other way around

In the new task I proposed a different solution, so I leave the old (current) one for reference in case the new one got declined.

Pppery reopened this task as Open.Wed, Jun 26, 6:24 PM
Pppery subscribed.

Making a config change to Wikimedia wikis to remove some rights that aren't used in the context of Wikimedia wikis is in no way a duplicate of modifying an extension codebase to remove all references to those rights.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits