Page MenuHomePhabricator
Create Task
Maniphest T387357

SUL3 signup results in autocreation on all edge login domains
Closed, ResolvedPublicBUG REPORT
Actions

Description

Normally when a user signs up, they only automatically get accounts on the wiki where they sign up, on loginwiki and on meta. But with SUL3 signup, the account is autocreated on all edge login wikis:
https://www.mediawiki.org/wiki/Special:CentralAuth/Tgr-test-c1120968

This generates a lot of log noise on small wikis. Not sure how much of a problem that would be, but edge login intentionally aborts when there is no local account specifically to prevent that.

I think I understand what's going on: for SUL2, edge login bounces between e.g. www.wikidata.org (where the user has no local account and no session cookies) and login.wikimedia.org (where the user has a local account and session cookies). At some point the central autologin logic sees the lack of a local account and aborts. For SUL3, the redirect chain is between www.wikidata.org and auth.wikimedia.org/wikidatawiki, where the user has session cookies, but unlike loginwiki on SUL2, no local account. Since there is no local account and there's a valid session, the user gets autocreated during Setup.php.

What I don't understand is why we didn't see this on testwiki and only when trying to roll out SUL3 signups to more group 0 wikis (specifically the test above was on mediawiki.org). Here's an account created on testwiki: https://test.wikipedia.org/wiki/Special:CentralAuth/Tgr-test-c1120968-3

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
SUL3: Use a central wiki for autologinmediawiki/extensions/CentralAuthwmf/1.44.0-wmf.18+139 -54
SUL3: Use a central wiki for autologinmediawiki/extensions/CentralAuthmaster+139 -54
Set $wgCentralAuthSharedDomainCallbackoperations/mediawiki-configmaster+1 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tgr created this task.Feb 26 2025, 3:57 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptFeb 26 2025, 3:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Tgr mentioned this in T384007: SUL3 Phase 1: All new account creation on group 0 and group 1 wikis.Feb 26 2025, 3:58 PM
Tgr added a comment.Feb 26 2025, 4:01 PM

If we decide to avoid this, I suppose we could use auth.wikimedia.org/loginwiki, or the auth.wikimedia.org version of the wiki where the user signed up, as the representative of the central domain. Other than that, I don't think there's a way to suppress autocreation, it's happening very early in the MediaWiki request lifecycle.

Krinkle subscribed.Feb 27 2025, 2:03 AM

This generates a lot of log noise on small wikis.

Yeah, there's also the side-effects of noise in RCFeed for tooling. And, multiplying growth in non-temporary rows for user and log tables on a dozen s3-cluster wiki databases.

In T387357#10583617, @Tgr wrote:

If we decide to avoid this, I suppose we could use auth.wikimedia.org/loginwiki, or the auth.wikimedia.org version of the wiki where the user signed up, as the representative of the central domain. […]

Between a constant URL and a dynamic URL, I think a constant URL would keep the system easier to understand.

You may want to consider auth.wikimedia.org/metawiki as the contant URL. That would reduce overlap between SUL3 and SUL2, and make it easier to phase out loginwiki without requiring another change in the future.

Tgr added a comment.Mar 1 2025, 7:49 PM

The other option would be having something like a noautocreate=1 URL parameter suppress autocreation in Setup.php. That's hacky but would have some other use cases (e.g. T385752: Using special globalcontributions is causing clients to attach to other projects triggering autocreated accounts (especially mlwiki)). There are even more compelling use cases for "don't always autocreate when you have session cookies" more generally (that can't always be solved with a query parameter), such as T21161: Don't autologin if local account doesn't exist (don't autocreate if user doesn't explicitly login).

It's probably not as simple as it sounds though - what should Session::getUser() return? (Probably not a non-existent named user, that would violate assumptions all across the codebase.) What session provider should own the request? What should happen when something calls persist()? So I'd rather not go there, especially not in a hurry.

Tgr mentioned this in T385752: Using special globalcontributions is causing clients to attach to other projects triggering autocreated accounts (especially mlwiki).Mar 1 2025, 7:51 PM
gerritbot added a comment.Mar 2 2025, 12:16 AM

Change #1123776 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[operations/mediawiki-config@master] Set $wgCentralAuthSharedDomainCallback

https://gerrit.wikimedia.org/r/1123776

gerritbot added a project: Patch-For-Review.Mar 2 2025, 12:16 AM
gerritbot added a comment.Mar 2 2025, 12:23 AM

Change #1123777 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@master] SUL3: Use a central wiki for autologin

https://gerrit.wikimedia.org/r/1123777

Tgr added a comment.Mar 2 2025, 8:39 PM
In T387357#10585694, @Krinkle wrote:

You may want to consider auth.wikimedia.org/metawiki as the constant URL. That would reduce overlap between SUL3 and SUL2, and make it easier to phase out loginwiki without requiring another change in the future.

I ended up using loginwiki, mostly out of laziness (we already have a configuration setting for that). We can just switch $wgCentralAuthLoginWiki to meta if we want once we fully phased out SUL2 logins.
I don't think there is meaningful overlap - they don't share cookies, and functionality-wise loginwiki is nothing special.

Bugreporter subscribed.Mar 3 2025, 4:23 AM

Account autocreation in all edge login wikis somehow (though not always) happen in SUL2, so it is not something new to SUL3. See previous task T18864: Auto-login is creating accounts

Current example:

https://en.wikivoyage.org/wiki/Special:CentralAuth/Crackwood
https://en.wikivoyage.org/wiki/Special:CentralAuth/Bruhz333
https://en.wikivoyage.org/wiki/Special:CentralAuth/Damiandtess

Tgr claimed this task.Mar 3 2025, 3:24 PM
Tgr moved this task from Inbox, needs triage to In progress (DO NOT USE) on the MediaWiki-Platform-Team board.
Tgr added a comment.Mar 3 2025, 3:28 PM
In T387357#10594702, @Bugreporter wrote:

See previous task T18864: Auto-login is creating accounts

The task is very old (also mis-titled; autologin does create accounts, but the task is about edge login). Edge login does automatically not autocreate today. There's a condition here to avoid it (edge login is type=1x1).

Edge login does set valid session cookies on all domains, and the next request with a valid session cookie will autocreate, so it's not impossible to end up with a bunch of autocreations, if e.g. edge login happens twice in succession for some reason. But that should be rare.

https://en.wikivoyage.org/wiki/Special:CentralAuth/Crackwood
https://en.wikivoyage.org/wiki/Special:CentralAuth/Bruhz333
https://en.wikivoyage.org/wiki/Special:CentralAuth/Damiandtess

Two of those are very old, no idea how the system worked back then. Bruhz333 is a legitimate example, but again, I think such cases are rare.

gerritbot added a comment.Mar 3 2025, 9:16 PM

Change #1123776 merged by jenkins-bot:

[operations/mediawiki-config@master] Set $wgCentralAuthSharedDomainCallback

https://gerrit.wikimedia.org/r/1123776

Stashbot added a comment.Mar 3 2025, 9:16 PM

Mentioned in SAL (#wikimedia-operations) [2025-03-03T21:16:40Z] <tgr@deploy2002> Started scap sync-world: Backport for [[gerrit:1122683|Remove unused config variable $wgJsonConfigInterwikiPrefix]], [[gerrit:1123766|Fix inconsistent definitions for $wmgLocalServices['chart-renderer']]], [[gerrit:1123776|Set $wgCentralAuthSharedDomainCallback (T387357)]]

Stashbot added a comment.Mar 3 2025, 9:19 PM

Mentioned in SAL (#wikimedia-operations) [2025-03-03T21:19:15Z] <tgr@deploy2002> matmarex, tgr: Backport for [[gerrit:1122683|Remove unused config variable $wgJsonConfigInterwikiPrefix]], [[gerrit:1123766|Fix inconsistent definitions for $wmgLocalServices['chart-renderer']]], [[gerrit:1123776|Set $wgCentralAuthSharedDomainCallback (T387357)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Mar 3 2025, 9:26 PM

Mentioned in SAL (#wikimedia-operations) [2025-03-03T21:26:46Z] <tgr@deploy2002> Finished scap sync-world: Backport for [[gerrit:1122683|Remove unused config variable $wgJsonConfigInterwikiPrefix]], [[gerrit:1123766|Fix inconsistent definitions for $wmgLocalServices['chart-renderer']]], [[gerrit:1123776|Set $wgCentralAuthSharedDomainCallback (T387357)]] (duration: 10m 06s)

gerritbot added a comment.Mar 3 2025, 9:36 PM

Change #1123777 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] SUL3: Use a central wiki for autologin

https://gerrit.wikimedia.org/r/1123777

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.19; 2025-03-04).Mar 3 2025, 10:00 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 3 2025, 10:30 PM
Tgr added a parent task: T384007: SUL3 Phase 1: All new account creation on group 0 and group 1 wikis.Mar 4 2025, 11:13 PM
Etonkovidova mentioned this in T378362: Assess level of breakage of Create account, Login and Mid-Edit-Signup workflows with SUL3 on beta.Mar 4 2025, 11:52 PM
gerritbot added a comment.Mar 5 2025, 1:17 PM

Change #1124786 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.18] SUL3: Use a central wiki for autologin

https://gerrit.wikimedia.org/r/1124786

gerritbot added a project: Patch-For-Review.Mar 5 2025, 1:17 PM
gerritbot added a comment.Mar 5 2025, 4:19 PM

Change #1124786 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@wmf/1.44.0-wmf.18] SUL3: Use a central wiki for autologin

https://gerrit.wikimedia.org/r/1124786

Maintenance_bot removed a project: Patch-For-Review.Mar 5 2025, 4:30 PM
Tgr closed this task as Resolved.Mar 5 2025, 8:10 PM

Confirmed that this is not happening anymore.

ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.18; 2025-02-25); removed MW-1.44-notes (1.44.0-wmf.19; 2025-03-04).Mar 6 2025, 1:00 AM
NicoScribe subscribed.Jun 18 2025, 6:44 AM
Krinkle mentioned this in T385310: Could not find local user data for {username}@{wikiId} (2025).Dec 5 2025, 11:53 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits