Page MenuHomePhabricator
Create Task
Maniphest T385566

SUL3: Transaction profiler warnings when logging in
Closed, ResolvedPublic
Actions

Description

Summary

When users log in to an account on WMF wikis, the CheckUser extension logs this. On a wiki with SUL3 enabled this code is called when the transaction profiler expects no writes.

Background

  • CheckUser creates a private CheckUser event when a user logs in, logs out, or creates an account
  • SUL3 causes the login flow to be changed, and as part of this it appears that login on the local wiki is performed using a GET request
  • CheckUser currently assumes that logins can only occur on POST requests, so does not handle a case when logging is performed via a GET request for the purposes of the transaction profiler

Technical notes

  • To solve, this the code could do one of the following ideas:
    • If the login is performed via a method which expects no writes, then either insert the private event post send or in a job
    • Make SUL3 perform the request to the local wiki use a POST request
    • Mark the inserts to the CheckUser tables as ignored by the transaction profiler

Acceptance criteria

  • TransactionProfiler warnings are no longer created when a user logs in on a SUL3 enabled wiki

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
auth: Use POST trxProfiler expectations during return/reauthmediawiki/corewmf/1.44.0-wmf.16+15 -6
auth: Use POST trxProfiler expectations during return/reauthmediawiki/coremaster+15 -6
Customize query in gerrit

Related Objects

Event Timeline

Dreamy_Jazz created this task.Feb 4 2025, 12:05 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 4 2025, 12:05 PM
Dreamy_Jazz added projects: MediaWiki-extensions-CentralAuth, MediaWiki-Platform-Team.Feb 4 2025, 12:05 PM
Tgr subscribed.Feb 4 2025, 4:10 PM

This is not particularly specific to SUL3, any time when the wiki uses a remote identity provider (ie. a primary authentication provider that returns a REDIRECT response) and no provider requests subsequent forms to be shown, login will happen on a GET request. There's a hack in AuthManagerSpecialPage::handleReturnBeforeExecute() to kinda pretend it's a POST internally, but that doesn't affect TransactionProfiler.

It's not really specific to CheckUser either, all kinds of DB operations could happen on a login (autocreation etc).

I think it's fine to just quiet the warnings in this case.

rOPUP014a838899e3: Update CentralAuth multi-DC rules for SUL3 has some notes about the infra side of this - in theory we could force Special:UserLogin/return to the primary DC, but we'd have to make sure that the special page name does not get localized. I'll check if that's manageable, but I think it's not the end of the world if we don't fix that.

Tgr claimed this task.Feb 9 2025, 2:30 PM
Tgr moved this task from Inbox, needs triage to In progress (DO NOT USE) on the MediaWiki-Platform-Team board.
gerritbot added a comment.Feb 9 2025, 2:38 PM

Change #1118239 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/core@master] auth: Silence GET trxProfiler expectations during return/reuth

https://gerrit.wikimedia.org/r/1118239

gerritbot added a project: Patch-For-Review.Feb 9 2025, 2:38 PM
gerritbot added a comment.Feb 13 2025, 12:01 PM

Change #1118239 merged by jenkins-bot:

[mediawiki/core@master] auth: Use POST trxProfiler expectations during return/reauth

https://gerrit.wikimedia.org/r/1118239

Maintenance_bot removed a project: Patch-For-Review.Feb 13 2025, 12:30 PM
ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.17; 2025-02-18).Feb 13 2025, 1:00 PM
gerritbot added a comment.Feb 13 2025, 2:41 PM

Change #1119516 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/core@wmf/1.44.0-wmf.16] auth: Use POST trxProfiler expectations during return/reauth

https://gerrit.wikimedia.org/r/1119516

gerritbot added a project: Patch-For-Review.Feb 13 2025, 2:41 PM
gerritbot added a comment.Feb 13 2025, 9:49 PM

Change #1119516 merged by jenkins-bot:

[mediawiki/core@wmf/1.44.0-wmf.16] auth: Use POST trxProfiler expectations during return/reauth

https://gerrit.wikimedia.org/r/1119516

Stashbot mentioned this in T364866: Adapt to changes in post-login/signup hooks after switching to a central login wiki.Feb 13 2025, 9:50 PM
Stashbot mentioned this in T377261: Track the number of interrupted SUL3 logins / signups.

Mentioned in SAL (#wikimedia-operations) [2025-02-13T21:50:52Z] <tgr@deploy2002> Started scap sync-world: Backport for [[gerrit:1119516|auth: Use POST trxProfiler expectations during return/reauth (T385566)]], [[gerrit:1119530|Track the number of started / finished SUL3 flows (T377261)]], [[gerrit:1119531|Do not preserve 'sul3-action' when restarting authentication (T364866)]]

Stashbot added a comment.Feb 13 2025, 9:53 PM

Mentioned in SAL (#wikimedia-operations) [2025-02-13T21:53:33Z] <tgr@deploy2002> tgr: Backport for [[gerrit:1119516|auth: Use POST trxProfiler expectations during return/reauth (T385566)]], [[gerrit:1119530|Track the number of started / finished SUL3 flows (T377261)]], [[gerrit:1119531|Do not preserve 'sul3-action' when restarting authentication (T364866)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.16; 2025-02-11); removed MW-1.44-notes (1.44.0-wmf.17; 2025-02-18).Feb 13 2025, 10:00 PM
Stashbot added a comment.Feb 13 2025, 10:06 PM

Mentioned in SAL (#wikimedia-operations) [2025-02-13T22:05:56Z] <tgr@deploy2002> Finished scap sync-world: Backport for [[gerrit:1119516|auth: Use POST trxProfiler expectations during return/reauth (T385566)]], [[gerrit:1119530|Track the number of started / finished SUL3 flows (T377261)]], [[gerrit:1119531|Do not preserve 'sul3-action' when restarting authentication (T364866)]] (duration: 15m 03s)

Maintenance_bot removed a project: Patch-For-Review.Feb 13 2025, 10:30 PM
Tgr closed this task as Resolved.Feb 17 2025, 9:43 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits