Page MenuHomePhabricator
Create Task
Maniphest T371091

Wikidata edits by temporary accounts are added to watchlist table
Closed, ResolvedPublic
Actions

Description

Steps to reproduce:

  • Go to a wiki with temporary accounts enabled, e.g. Beta Wikidata
  • Be logged out (e.g. in a private window)
  • Make a Wikidata edit, e.g. create a new item
  • Look at the watchlist table (for Beta Wikidata: SSH to deployment-deploy04.deployment-prep.eqiad1.wikimedia.cloud, then run mwscript mysql wikidatawiki)
MariaDB [wikidatawiki]> SELECT * FROM watchlist WHERE wl_namespace = 0 AND wl_title = 'Q629218';
+---------+---------+--------------+----------+--------------------------+
| wl_id   | wl_user | wl_namespace | wl_title | wl_notificationtimestamp |
+---------+---------+--------------+----------+--------------------------+
| 3806500 |    7903 |            0 | Q629218  | NULL                     |
+---------+---------+--------------+----------+--------------------------+
1 row in set (0.001 sec)

MariaDB [wikidatawiki]> SELECT user_id, user_name, user_is_temp  FROM user WHERE user_id = 7903;
+---------+-------------+--------------+
| user_id | user_name   | user_is_temp |
+---------+-------------+--------------+
|    7903 | ~2024-15416 |            1 |
+---------+-------------+--------------+
1 row in set (0.001 sec)

Expected result: no watchlist row, as temp accounts don’t have a functional watchlist (going to Special:Watchlist just sends you to the login page)

Actual result: a useless watchlist row

This should probably be filtered out in WatchlistManager and/or WatchedItemStore, just like watchlist entries for unregistered users are already silently dropped.

I haven’t been able to reproduce this for normal wikitext edits, by the way – I created this random talk page, and the temporary account for that (id 7905) has no watchlist rows. So there might be some filter in EditPage(?) that could potentially be removed once WatchlistManager/WatchedItemStore do equivalent filtering.

Details

SubjectRepoBranchLines +/-
Check isNamed() before changing watchlistmediawiki/extensions/Wikibasemaster+2 -2
WatchlistManager::setWatch: Exit if the user is a temp accountmediawiki/coremaster+4 -2
Customize query in gerrit

Related Objects

Event Timeline

Lucas_Werkmeister_WMDE created this task.Jul 26 2024, 11:46 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 26 2024, 11:46 AM
Lucas_Werkmeister_WMDE added a comment.Jul 26 2024, 11:49 AM

There’s quite a few rows like this on Beta Wikidata already:

MariaDB [wikidatawiki]> SELECT COUNT(*) FROM watchlist JOIN user ON wl_user = user_id WHERE user_is_temp = 1;
+----------+
| COUNT(*) |
+----------+
|     5116 |
+----------+
1 row in set (0.016 sec)

Also some on dewiki, so I maybe it’s not limited to Wikidata after all? Not sure.

MariaDB [dewiki]> SELECT COUNT(*) FROM watchlist JOIN user ON wl_user = user_id WHERE user_is_temp = 1;
+----------+
| COUNT(*) |
+----------+
|      214 |
+----------+
1 row in set (0.021 sec)
Michael subscribed.Jul 26 2024, 11:58 AM
Jdforrester-WMF subscribed.Jul 26 2024, 1:19 PM

Hmm, WatchlistManager->addWatch() and friends all seem to correctly call $performer->isAllowed( 'editmywatchlist' ); is that wrongly returning true for temp users?

Agabi10 subscribed.Jul 26 2024, 1:25 PM
Lucas_Werkmeister_WMDE added a comment.Jul 26 2024, 2:23 PM
In T371091#10017797, @Jdforrester-WMF wrote:

Hmm, WatchlistManager->addWatch() and friends all seem to correctly call $performer->isAllowed( 'editmywatchlist' ); is that wrongly returning true for temp users?

Doesn’t look like it AFAICT:

$ mwscript shell wikidatawiki
Psy Shell v0.12.3 (PHP 7.4.33 — cli) by Justin Hileman
> MW::srv()->getUserFactory()->newFromId( 7903 )->isAllowed( 'editmywatchlist' )
= false
Lucas_Werkmeister_WMDE added a comment.Jul 26 2024, 2:27 PM

Ah, this would be why:

WikiPageEntityStore::updateWatchlist()
		if (
			$user->isRegistered() &&
			$title &&
			( $watch != $this->watchlistManager->isWatchedIgnoringRights( $user, $title ) )
		) {
			if ( $watch ) {
				// Allow adding to watchlist even if user('s session) lacks 'editmywatchlist'
				// (e.g. due to bot password or OAuth grants)
				$this->watchlistManager->addWatchIgnoringRights( $user, $title );
			} else {
				$this->watchlistManager->removeWatch( $user, $title );
			}
		}

So this one’s pretty clearly our fault, I guess. (Code was introduced in T217144.)

Whereas in EntitySchema we use setWatch(), which unlike addWatch() and removeWatch() doesn’t check the permission, but doesn’t clearly document this either; so in that case I would put the blame closer to WatchlistManager’s interface being confusing, I think ^^

gerritbot added a comment.Jul 26 2024, 2:31 PM

Change #1057220 had a related patch set uploaded (by Lucas Werkmeister (WMDE); author: Lucas Werkmeister (WMDE)):

[mediawiki/extensions/Wikibase@master] Check isNamed() before changing watchlist

https://gerrit.wikimedia.org/r/1057220

gerritbot added a project: Patch-For-Review.Jul 26 2024, 2:31 PM
Lucas_Werkmeister_WMDE added a comment.Jul 26 2024, 2:37 PM

Although, hang on, WatchlistManager::setWatch() has almost the same code anyway – I guess that’s where we copied it from in T217144?

		if ( $changingWatchStatus ) {
			// If the user doesn't have 'editmywatchlist', we still want to
			// allow them to add but not remove items via edits and such.
			if ( $watch ) {
				return $this->addWatchIgnoringRights( $performer->getUser(), $target, $expiry );
			} else {
				return $this->removeWatch( $performer, $target );
			}
		}
Jdforrester-WMF added a comment.Jul 26 2024, 6:11 PM
 			// If the user doesn't have 'editmywatchlist', we still want to
			// allow them to add but not remove items via edits and such.

Hmm. Kunal (in person) says it's for users that have the "add pages I edit to my watchlist" but aren't allowed to edit theirs. We should definitely check that they're isNamed() first, yes.

gerritbot added a comment.Jul 26 2024, 6:14 PM

Change #1057252 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/core@master] WatchlistManager::setWatch: Exit if the user is a temp account

https://gerrit.wikimedia.org/r/1057252

gerritbot added a comment.Jul 27 2024, 8:44 PM

Change #1057252 merged by jenkins-bot:

[mediawiki/core@master] WatchlistManager::setWatch: Exit if the user is a temp account

https://gerrit.wikimedia.org/r/1057252

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.16; 2024-07-30).Jul 27 2024, 9:00 PM
kostajh closed this task as Resolved.Aug 19 2024, 5:34 AM
kostajh claimed this task.
kostajh subscribed.

Thanks for the task & patch, @Lucas_Werkmeister_WMDE!

gerritbot added a comment.Aug 19 2024, 5:50 AM

Change #1057220 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] Check isNamed() before changing watchlist

https://gerrit.wikimedia.org/r/1057220

ReleaseTaggerBot edited projects, added MW-1.43-notes (1.43.0-wmf.19; 2024-08-20); removed MW-1.43-notes (1.43.0-wmf.16; 2024-07-30).Aug 19 2024, 6:00 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits