Page MenuHomePhabricator
Create Task
Maniphest T394733

Consider ignoring permission checks in backfillLocalAccounts.php
Open, Needs TriagePublic
Actions

Description

backfillLocalAccounts.php can fail to backfill the account on loginwiki/metawiki because the autocreation is prevented by a permission check, block or abuse filter. Should we prevent that? Or prevent that on loginwiki only (on account of vandalism being less of a problem there than on metawiki)?

Related Objects
Search...

Event Timeline

Tgr created this task.May 19 2025, 8:22 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptMay 19 2025, 8:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Tgr added a subtask: T371267: Create a script to backfill missing local accounts on loginwiki/metawiki for new global accounts.May 19 2025, 8:23 PM
Tgr removed a subtask: T371267: Create a script to backfill missing local accounts on loginwiki/metawiki for new global accounts.
Tgr added a parent task: T371267: Create a script to backfill missing local accounts on loginwiki/metawiki for new global accounts.
Tgr added subscribers: NicoScribe, ArielGlenn.May 19 2025, 8:27 PM
In T393656#10804189, @NicoScribe wrote:

So the backfill jobs have been run several times to repair the following cases. Do you have logs showing the cause, when a backfill fails?
1 account for https://meta.wikimedia.org/wiki/Special:CentralAuth/Jenikipedia
2 accounts for https://meta.wikimedia.org/wiki/Special:CentralAuth/Furkan2525
2 accounts for https://meta.wikimedia.org/wiki/Special:CentralAuth/Nisapro
2 accounts for https://meta.wikimedia.org/wiki/Special:CentralAuth/Robertlanelilly
2 accounts for https://meta.wikimedia.org/wiki/Special:CentralAuth/Robertlane2031
2 accounts for https://meta.wikimedia.org/wiki/Special:CentralAuth/Fjshuxicjeb1
2 accounts for https://meta.wikimedia.org/wiki/Special:CentralAuth/BobDobolina1

In T393656#10812030, @ArielGlenn wrote:

https://phabricator.wikimedia.org/T378401#10307273 for more about the backfill script and what it skips when doing autocreates; this can be revisited if appropriate.

In T393656#10804485, @Tgr wrote:

Maybe we should pass UltimateAuthority as the performer for the backfill script. Not 100% sure about meta, but at least on loginwiki I imagine we'd prefer the account to be created, even if it's blocked or prevented by some other rule.

In T393656#10813439, @Tgr wrote:

I think this is ultimately a question for stewards, as they are the target audience for these autocreations: when a user registers successfully on some wiki, but their local account on metawiki and/or loginwiki cannot be created because of some local rule (block, abusefilter etc), what would be your preferred outcome for the backfill script (T371267: Create a script to backfill missing local accounts on loginwiki/metawiki for new global accounts)? Obeying the rule or overriding it and creating the account anyway?

Tgr mentioned this in T393656: Some newly created accounts are not created on loginwiki/metawiki (wgCentralAuthAutoCreateWikis).May 19 2025, 8:28 PM
Johannnes89 subscribed.May 19 2025, 8:55 PM
Krinkle moved this task from Inbox, needs triage to Not planned (Patches welcome!) on the MediaWiki-Platform-Team board.May 26 2025, 2:57 PM
matmarex removed a parent task: T371267: Create a script to backfill missing local accounts on loginwiki/metawiki for new global accounts.Aug 5 2025, 10:12 PM
matmarex added a parent task: T220769: Account created without having a loginwiki or metawiki automatically created.
matmarex mentioned this in T411826: MediaWiki periodic job centralauth-backfilllocalaccounts.php-loginwiki failed.Dec 5 2025, 11:36 PM
Arendpieter subscribed.Jan 12 2026, 10:46 AM
OWresch-WMF moved this task from Not planned (Patches welcome!) to Not planned / Patches welcome on the MediaWiki-Platform-Team board.Jan 20 2026, 11:33 AM
Johannnes89 added a comment.Apr 11 2026, 5:38 AM
In T394733#10837041, @Tgr wrote:
In T393656#10804485, @Tgr wrote:

Maybe we should pass UltimateAuthority as the performer for the backfill script. Not 100% sure about meta, but at least on loginwiki I imagine we'd prefer the account to be created, even if it's blocked or prevented by some other rule.

In T393656#10813439, @Tgr wrote:

I think this is ultimately a question for stewards, as they are the target audience for these autocreations: when a user registers successfully on some wiki, but their local account on metawiki and/or loginwiki cannot be created because of some local rule (block, abusefilter etc), what would be your preferred outcome for the backfill script (T371267: Create a script to backfill missing local accounts on loginwiki/metawiki for new global accounts)? Obeying the rule or overriding it and creating the account anyway?

Yes the backfill script should create an account on loginwiki, even if the account's IP is globally blocked (that's typically the reason why an account is created on meta but nowhere else, e.g. https://meta.wikimedia.org/wiki/Special:CentralAuth/Marx.Elon.Wu). Without a loginwiki account there's no way for stewards to perform CU unless they also hold CU permissions on metawiki. That's especially true now that T394732: backfillLocalAccounts.php does not (always?) copy checkuser data is basically fixed (except for MediaWikiAccountBackfiller appearing in CU results T394732#11612502).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits