LoginNotify and SUL3: Two emails are sent for a new device login when logging in on a SUL3 wiki
Closed, ResolvedPublicBUG REPORT
Actions

Assigned To

Authored By

	Dreamy_Jazz
	Feb 4 2025, 12:39 PM

Description

Summary

On a SUL3 enabled wiki, the MediaWiki-extensions-LoginNotify extension causes two emails to be sent for the same successful login from a new device.

Background

When testing CheckUser with SUL3 and finding T385572: SUL3: CheckUser is told about two successful logins with different IP addresses for one successful login on a SUL3 enabled wiki, I found that I was emailed twice about a login from a new device
The email had the same content and the timestamps match with the login events stored in CheckUser
This appears to be the same issue where the IP address is different for the different calls to the AuthManagerAuthenticateAudit hook for the same login

User story

As a user, I log into my account from a new device
I see two emails indicating I've logged in from a new device
I am worried that someone else has logged into my account, as it appears two new devices have been used to log into my account

Technical notes

Appears to be AuthManagerAuthenticateAudit being called twice for the same successful login
Fix may be the same as T385572, but may be different if calling the hook twice is going to remain

Acceptance criteria

Only one MediaWiki-extensions-LoginNotify email is sent for a successful login attempt from a new device

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	Suppress login audit hook in local leg of SUL3 authentication	mediawiki/extensions/CentralAuth	master	+59 -2
	Suppress login audit hook in local leg of SUL3 authentication	mediawiki/extensions/CentralAuth	wmf/1.44.0-wmf.16	+59 -2

Customize query in gerrit

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T345245 Mitigate phase-out of third-party cookies in Wikimedia production
Resolved		Tgr	T345249 Mitigate phase-out of third-party cookies in CentralAuth
Open		None	T348388 SUL3: Use a dedicated domain for login and account creation
Resolved		Tgr	T362713 Implement the new login process which redirects to the central login wiki for showing the login/signup form
Resolved		Tgr	T384007 SUL3 Phase 1: All new account creation on group 0 and group 1 wikis
Resolved	BUG REPORT	Tgr	T384236 [regression] Accounts created at test wikis are not receiving Growth features
Resolved		Tgr	T364866 Adapt to changes in post-login/signup hooks after switching to a central login wiki
Resolved	BUG REPORT	Tgr	T385574 LoginNotify and SUL3: Two emails are sent for a new device login when logging in on a SUL3 wiki

Event Timeline

Dreamy_Jazz created this task.Feb 4 2025, 12:39 PM

Restricted Application added projects: Community-Tech, MediaWiki-Platform-Team. · View Herald TranscriptFeb 4 2025, 12:39 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Dreamy_Jazz changed the subtype of this task from "Task" to "Bug Report".Feb 4 2025, 1:37 PM

Tgr added a parent task: T364866: Adapt to changes in post-login/signup hooks after switching to a central login wiki.Feb 4 2025, 3:51 PM

Tgr mentioned this in T384232: QA for SUL3 on testwikis.Feb 5 2025, 2:57 PM

Change #1118249 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@master] Suppress login audit hook in local leg of SUL3 authentication

https://gerrit.wikimedia.org/r/1118249

gerritbot added a project: Patch-For-Review.Feb 9 2025, 10:03 PM

Tgr claimed this task.Feb 9 2025, 10:10 PM

Tgr moved this task from Inbox, needs triage to In progress (DO NOT USE) on the MediaWiki-Platform-Team board.

Change #1118249 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Suppress login audit hook in local leg of SUL3 authentication

https://gerrit.wikimedia.org/r/1118249

Maintenance_bot removed a project: Patch-For-Review.Feb 15 2025, 8:30 PM

Change #1119874 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.16] Suppress login audit hook in local leg of SUL3 authentication

https://gerrit.wikimedia.org/r/1119874

gerritbot added a project: Patch-For-Review.Feb 16 2025, 2:41 PM

Tgr closed this task as Resolved.Feb 16 2025, 3:06 PM

Change #1119874 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.16] Suppress login audit hook in local leg of SUL3 authentication

https://gerrit.wikimedia.org/r/1119874

Mentioned in SAL (#wikimedia-operations) [2025-02-17T14:21:19Z] <tgr@deploy2002> Started scap sync-world: Backport for [[gerrit:1119874|Suppress login audit hook in local leg of SUL3 authentication (T385574 T385572)]]

Mentioned in SAL (#wikimedia-operations) [2025-02-17T14:26:30Z] <tgr@deploy2002> tgr: Backport for [[gerrit:1119874|Suppress login audit hook in local leg of SUL3 authentication (T385574 T385572)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Mentioned in SAL (#wikimedia-operations) [2025-02-17T14:49:02Z] <tgr@deploy2002> Finished scap sync-world: Backport for [[gerrit:1119874|Suppress login audit hook in local leg of SUL3 authentication (T385574 T385572)]] (duration: 27m 43s)

LoginNotify and SUL3: Two emails are sent for a new device login when logging in on a SUL3 wikiClosed, ResolvedPublicBUG REPORTActions

Description

Summary

Background

User story

Technical notes

Acceptance criteria

Details

Related ObjectsSearch...

Event Timeline

LoginNotify and SUL3: Two emails are sent for a new device login when logging in on a SUL3 wiki
Closed, ResolvedPublicBUG REPORT
Actions

Related Objects
Search...