Page MenuHomePhabricator
Create Task
Maniphest T373021

Write to cuci_user table when CheckUser actions occur
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

Technical background

In T368151 we added a central table, cuci_user, to keep track of which wikis have edited by a given account.

The table records the central ID of the user, wiki and timestamp of the latest action (code).

CheckUser already updates the relevant table whenever an action is saved, via RecentChangeSaveHandler::onRecentChange_save or other handlers (for private events). This is done via service methods in CheckUserInsert.

What needs doing

The service and hook handler can be adapted to update cuci_user. Note that we should follow the relevant advice listed in T368151#9993273. Notably:

  • Do not try to update the timestamp if it was within at least the last minute (to reduce calls)
    • This could also include only performing the update 1/10 times if the timestamp is within the last hour
  • Do not store data for bot accounts
  • Ensure that the writes occur via a job
  • Exclude actions on WMCS IP addresses
  • Just update the timestamp if a row for the same central ID/wiki already exists in the table
  • Refer to the cuci_wiki_map table for the ID of the wiki

Details

SubjectRepoBranchLines +/-
Define wgCheckUserCentralIndexRangesToExclude to exclude WMCSoperations/mediawiki-configmaster+6 -0
Call CheckUserCentralIndexManager in CheckUserInsertmediawiki/extensions/CheckUsermaster+82 -5
Implement ways to limit update rate of cuci_usermediawiki/extensions/CheckUsermaster+193 -9
Allow CheckUserCentralIndexManager to write to cuci_usermediawiki/extensions/CheckUsermaster+296 -5
Add CheckUserCentralIndexManager::getWikiMapIdForDomainIdmediawiki/extensions/CheckUsermaster+109 -20
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 ResolvedkostajhT294511 2021 Security Team wikireplicas audit
 DeclinedNoneT284948 Raw IPs of logged-out users disclosed in wiki-replicas
 In ProgressNiharikaT324492 Temporary accounts - MVP
 OpenNoneT326816 [Epic] Update features for temporary accounts
 OpenDreamy_JazzT355286 [Epic] Globally blocking a temporary account should prevent further account creations
 ResolvedDreamy_JazzT368949 [Epic] Implement global autoblocks from global user blocks
 OpenNiharikaT337012 Tracking task for community-owned and maintained tools that will be impacted by Temporary Accounts
 OpenSTranT337089 [Epic] Implement global contributions feature
 OpenNoneT358047 Add ToggleButtonGroup to Special:GlobalContributions for displaying results in a table
 OpenNoneT358048 Use Codex HtmlForm in Special:GlobalContributions
 OpenNoneT371917 Use a time period field in Special:GlobalContributions instead of start/end date fields
 ResolvedSTranT356292 Return global contributions by temporary accounts given an IP address or range
 ResolvedDreamy_JazzT373018 [Epic] Write to, populate, and purge data from the CheckUser central index tables
 ResolvedDreamy_JazzT371789 Create a maintenance script for populating the cuci_temp_edit and cuci_user tables
 ResolvedDreamy_JazzT373021 Write to cuci_user table when CheckUser actions occur
 ResolvedDreamy_JazzT372865 Purge expired data from the cuci_temp_edit and cuci_user tables
 ResolvedDreamy_JazzT368151 Add a shared table to CheckUser that records changes to different wikis per IP address of the user
 ResolvedDreamy_JazzT359560 Create the CheckUserDataPruner service
 ResolvedDreamy_JazzT373032 Create a maintenance script to purge expired rows from the recentchanges table

Event Timeline

Dreamy_Jazz created this task.Aug 21 2024, 12:53 PM
Dreamy_Jazz added a subtask: T372865: Purge expired data from the cuci_temp_edit and cuci_user tables.
Dreamy_Jazz added a subtask: T371789: Create a maintenance script for populating the cuci_temp_edit and cuci_user tables.Aug 21 2024, 12:55 PM
Dreamy_Jazz added a project: Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)).Aug 26 2024, 10:29 AM
Dreamy_Jazz set the point value for this task to 3.
Dreamy_Jazz moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)) board.
Dreamy_Jazz removed a project: Epic.
Dreamy_Jazz claimed this task.Aug 27 2024, 11:09 AM
Dreamy_Jazz moved this task from Ready to In Progress on the Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)) board.
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz changed the point value for this task from 3 to 2.
Dreamy_Jazz removed a subtask: T371789: Create a maintenance script for populating the cuci_temp_edit and cuci_user tables.Aug 27 2024, 3:14 PM
Dreamy_Jazz added a parent task: T371789: Create a maintenance script for populating the cuci_temp_edit and cuci_user tables.
Dreamy_Jazz changed the point value for this task from 2 to 3.Aug 27 2024, 8:09 PM
gerritbot added a comment.Aug 27 2024, 9:03 PM

Change #1067423 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Add CheckUserCentralIndexManager::getWikiMapIdForDomainId

https://gerrit.wikimedia.org/r/1067423

gerritbot added a project: Patch-For-Review.Aug 27 2024, 9:04 PM

Change #1067424 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Allow CheckUserCentralIndexManager to write to cuci_user

https://gerrit.wikimedia.org/r/1067424

gerritbot added a comment.Aug 27 2024, 9:04 PM

Change #1067425 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Implement ways to limit update rate of cuci_user

https://gerrit.wikimedia.org/r/1067425

gerritbot added a comment.Aug 27 2024, 9:04 PM

Change #1067426 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Call CheckUserCentralIndexManager in CheckUserInsert

https://gerrit.wikimedia.org/r/1067426

Dreamy_Jazz moved this task from In Progress to Needs review on the Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)) board.Aug 28 2024, 7:12 PM
Dreamy_Jazz mentioned this in T372865: Purge expired data from the cuci_temp_edit and cuci_user tables.Aug 30 2024, 8:28 AM
Dreamy_Jazz mentioned this in T373018: [Epic] Write to, populate, and purge data from the CheckUser central index tables.Aug 30 2024, 12:32 PM
gerritbot added a comment.Aug 30 2024, 12:57 PM

Change #1067423 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Add CheckUserCentralIndexManager::getWikiMapIdForDomainId

https://gerrit.wikimedia.org/r/1067423

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.21; 2024-09-03).Aug 30 2024, 1:00 PM
Niharika added a project: CheckUser-GlobalContributions.Sep 4 2024, 5:32 PM
Niharika moved this task from Backlog to Pilot wiki (minor phase) blocker on the CheckUser-GlobalContributions board.Sep 4 2024, 5:35 PM
gerritbot added a comment.Sep 5 2024, 1:53 PM

Change #1067424 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Allow CheckUserCentralIndexManager to write to cuci_user

https://gerrit.wikimedia.org/r/1067424

ReleaseTaggerBot edited projects, added MW-1.43-notes (1.43.0-wmf.22; 2024-09-10); removed MW-1.43-notes (1.43.0-wmf.21; 2024-09-03).Sep 5 2024, 2:00 PM
gerritbot added a comment.Sep 6 2024, 11:05 AM

Change #1067425 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Implement ways to limit update rate of cuci_user

https://gerrit.wikimedia.org/r/1067425

gerritbot added a comment.Sep 6 2024, 11:41 AM

Change #1067426 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Call CheckUserCentralIndexManager in CheckUserInsert

https://gerrit.wikimedia.org/r/1067426

Maintenance_bot removed a project: Patch-For-Review.Sep 6 2024, 12:30 PM
Dreamy_Jazz moved this task from Needs review to Needs QA on the Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)) board.Sep 6 2024, 6:06 PM
gerritbot added a comment.Sep 6 2024, 6:20 PM

Change #1071251 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[operations/mediawiki-config@master] Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS

https://gerrit.wikimedia.org/r/1071251

gerritbot added a project: Patch-For-Review.Sep 6 2024, 6:20 PM
gerritbot added a comment.Sep 9 2024, 12:58 PM

Change #1071251 merged by jenkins-bot:

[operations/mediawiki-config@master] Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS

https://gerrit.wikimedia.org/r/1071251

Stashbot added a comment.Sep 9 2024, 12:59 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-09T12:59:08Z] <dreamyjazz@deploy1003> Started scap sync-world: Backport for [[gerrit:1071251|Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS (T373021)]]

Stashbot added a comment.Sep 9 2024, 1:08 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-09T13:08:43Z] <dreamyjazz@deploy1003> Started scap sync-world: Backport for [[gerrit:1071251|Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS (T373021)]]

Stashbot added a comment.Sep 9 2024, 1:13 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-09T13:13:35Z] <dreamyjazz@deploy1003> dreamyjazz: Backport for [[gerrit:1071251|Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS (T373021)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Maintenance_bot removed a project: Patch-For-Review.Sep 9 2024, 1:31 PM
Stashbot mentioned this in T374199: Identities and Types are missing from the Object selector results so References to them cannot be used in new tests or implementations.Sep 9 2024, 1:36 PM
Stashbot mentioned this in T374242: Beta Cluster orchestrator / evaluator broken, blocking WikiLambda CI (and use of Beta Cluster).

Mentioned in SAL (#wikimedia-operations) [2024-09-09T13:36:54Z] <jforrester@deploy1003> Started scap sync-world: Backport for [[gerrit:1071251|Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS (T373021)]], [[gerrit:rEWBA1071253a7fd3|tests: Disable all Beta Cluster CI testing, all failing (T374242)]], [[gerrit:1071254|Don't pass empty type/returnType to zobject lookup when undefined (T374199)]], [[gerrit:1071265|Use default width/height on gallery to avoid parser instance (T374146

Stashbot mentioned this in T374146: PHP Deprecated: Use of ImageGalleryBase::setHeights without parser was deprecated in MediaWiki 1.43. [Called from MediaWiki\Extension\UploadWizard\CampaignPageFormatter::generateReadHtml].Sep 9 2024, 1:37 PM
Stashbot added a comment.Sep 9 2024, 1:40 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-09T13:40:26Z] <jforrester@deploy1003> dreamyjazz, jforrester: Backport for [[gerrit:1071251|Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS (T373021)]], [[gerrit:rEWBA1071253a7fd3|tests: Disable all Beta Cluster CI testing, all failing (T374242)]], [[gerrit:1071254|Don't pass empty type/returnType to zobject lookup when undefined (T374199)]], [[gerrit:1071265|Use default width/height on gallery to avoid parser instance (T374146)

Stashbot added a comment.Sep 9 2024, 1:46 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-09T13:46:31Z] <jforrester@deploy1003> Started scap sync-world: Backport for [[gerrit:1071251|Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS (T373021)]], [[gerrit:rEWBA1071253a7fd3|tests: Disable all Beta Cluster CI testing, all failing (T374242)]], [[gerrit:1071254|Don't pass empty type/returnType to zobject lookup when undefined (T374199)]], [[gerrit:1071265|Use default width/height on gallery to avoid parser instance (T374146

Stashbot added a comment.Sep 9 2024, 1:50 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-09T13:50:31Z] <jforrester@deploy1003> dreamyjazz, jforrester: Backport for [[gerrit:1071251|Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS (T373021)]], [[gerrit:rEWBA1071253a7fd3|tests: Disable all Beta Cluster CI testing, all failing (T374242)]], [[gerrit:1071254|Don't pass empty type/returnType to zobject lookup when undefined (T374199)]], [[gerrit:1071265|Use default width/height on gallery to avoid parser instance (T374146)

Stashbot added a comment.Sep 9 2024, 1:58 PM

Mentioned in SAL (#wikimedia-operations) [2024-09-09T13:58:34Z] <jforrester@deploy1003> Finished scap sync-world: Backport for [[gerrit:1071251|Define wgCheckUserCentralIndexRangesToExclude to exclude WMCS (T373021)]], [[gerrit:rEWBA1071253a7fd3|tests: Disable all Beta Cluster CI testing, all failing (T374242)]], [[gerrit:1071254|Don't pass empty type/returnType to zobject lookup when undefined (T374199)]], [[gerrit:1071265|Use default width/height on gallery to avoid parser instance (T37414

Stashbot mentioned this in T37414: Debug parameters don't work as expected.Sep 9 2024, 1:58 PM
kostajh moved this task from Backlog to In progress on the Temporary accounts (Blockers to minor pilot wiki deployment) board.Sep 16 2024, 8:41 AM
Dreamy_Jazz moved this task from Sprint Theremin (Aug 26 - Sept. 6) to Sprint Beatboxing (Sept 16-27) on the Trust and Safety Product Sprint board.Sep 16 2024, 10:15 AM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)); removed Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)).
Dreamy_Jazz moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.
dom_walden moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.Sep 19 2024, 12:13 PM
dom_walden subscribed.

The cuci_user table gets written to pretty much anytime the cu_changes, cu_log_event and cu_private_event tables are written to. It uses the same actor as was recorded in the cu_* tables (e.g. while logged in as a user if I create another account a row will be inserted/updated in cuci_user for the user I am logged in as, not the newly created user).

As well as the exceptions above (bot accounts, IPs in $wgCheckUserCentralIndexRangesToExclude), any action which does not have an actor associated with it. For example, a failed login attempt won't be written to cuci_user. This probably makes sense as the person trying to login might not be the owner of the username.

The job is enqueued from within a DeferredUpdate. I didn't check if this is a supported pattern, but I didn't observe any issues with it.

The insert to the cuci_user table is in a separate transaction from the inserts to the other cu_* tables. I deliberately made the inserts to cuci_user fail but this did not appear to effect the inserts to the cu_* tables.

I created some maintenance scripts (P69320) which inserted a large number of RecentChange entries. I was on a few occasions able to find timestamps for a user in cuci_user which did not correspond to the most recent RecentChange entry or users who were not recorded in cuci_user at all. I don't know if this is a genuine bug or just due to local environments not always being able to handle a very large number of requests. Reading the logs, I couldn't see anything obviously going wrong.

dom_walden mentioned this in T371788: Update cuci_temp_edit table each time a temp user edits.Sep 19 2024, 12:14 PM
Dreamy_Jazz closed this task as Resolved.Sep 19 2024, 12:24 PM

Thanks for the thorough QA. I think we can consider this done. If production has the same issues about missing rows (where there should actually be rows), we will probably find this through bug reports for the CheckUser-GlobalContributions and global autoblocks work.

kostajh closed subtask T372865: Purge expired data from the cuci_temp_edit and cuci_user tables as Resolved.Sep 20 2024, 7:08 AM
Dreamy_Jazz moved this task from Pilot wiki (minor phase) blocker to Done on the CheckUser-GlobalContributions board.Oct 4 2024, 10:59 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits