Page MenuHomePhabricator
Create Task
Maniphest T421355

Refactor UserRequirementsConditionChecker so that 2FA assumption in OATHAuth can be done without extending full checker
Closed, ResolvedPublic
Actions

Description

The UserRequirementsConditionChecker does two things currently. It parses the condition, which may be compound, and evaluates a set of core conditions.

OATHAuth defines also its own condition checker, which can make assumptions about 2FA status, so that it can be determined, whether user is obliged to have 2FA enabled. In practice it only needs to override how the atomic conditions are evaluated, but for that it has to extend the full class, which includes a lot of unrelated logic.

In this setting, adding new conditions to core (and thus, adding new dependencies in constructor) will require updating the OATHAuth's ServiceWiring. It's very easy to oversee this and block some CIs or start triggering logspam on prod.

Idea

The UserRequirementsConditionChecker is split into two classes – one responsible for going through compound conditions, and managing the general syntax of them. The second class will support the atomic conditions already defined in core.

In such scenario, the top-level condition checker will be created with an array of atomic condition checkers, so that adding new conditions won't require fundamental and possibly breaking changes to the whole object. OATHAuth will be then able to create the condition checker with a custom set of evaluators.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add @since to method in UserRequirementsConditionCheckerFactorymediawiki/coremaster+2 -0
Extract condition evaluation from UserRequirementsConditionCheckermediawiki/coremaster+363 -143
Drop unneeded fields from UserRequirementsConditionCheckermediawiki/coremaster+34 -50
Check mandatory 2FA without extending UserRequirementsConditionCheckermediawiki/extensions/OATHAuthmaster+43 -45
Customize query in gerrit

Event Timeline

mszwarc created this task.Mar 26 2026, 11:54 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 26 2026, 11:54 AM
mszwarc moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Mar 26 2026, 11:54 AM
mszwarc moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Mar 27 2026, 1:11 PM
Reedy moved this task from Backlog to Features/Improvements on the MediaWiki-extensions-OATHAuth board.Mar 27 2026, 5:08 PM
gerritbot added a comment.Mar 30 2026, 10:10 AM

Change #1264566 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/core@master] Extract condition evaluation from UserRequirementsConditionChecker

https://gerrit.wikimedia.org/r/1264566

gerritbot added a project: Patch-For-Review.Mar 30 2026, 10:10 AM

Change #1264568 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/extensions/OATHAuth@master] Check mandatory 2FA without extending UserRequirementsConditionChecker

https://gerrit.wikimedia.org/r/1264568

gerritbot added a comment.Mar 30 2026, 10:10 AM

Change #1264567 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/core@master] Drop unneeded fields from UserRequirementsConditionChecker

https://gerrit.wikimedia.org/r/1264567

mszwarc moved this task from In progress to Needs review on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Mar 31 2026, 11:43 AM
gerritbot added a comment.Apr 7 2026, 6:16 PM

Change #1264566 merged by jenkins-bot:

[mediawiki/core@master] Extract condition evaluation from UserRequirementsConditionChecker

https://gerrit.wikimedia.org/r/1264566

gerritbot added a comment.Apr 7 2026, 6:16 PM

Change #1264568 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] Check mandatory 2FA without extending UserRequirementsConditionChecker

https://gerrit.wikimedia.org/r/1264568

gerritbot added a comment.Apr 7 2026, 6:16 PM

Change #1264567 merged by jenkins-bot:

[mediawiki/core@master] Drop unneeded fields from UserRequirementsConditionChecker

https://gerrit.wikimedia.org/r/1264567

Maintenance_bot removed a project: Patch-For-Review.Apr 7 2026, 6:31 PM
ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.24; 2026-04-14).Apr 7 2026, 7:00 PM
gerritbot added a comment.Apr 8 2026, 7:33 AM

Change #1268848 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/core@master] Add @since to method in UserRequirementsConditionCheckerFactory

https://gerrit.wikimedia.org/r/1268848

gerritbot added a project: Patch-For-Review.Apr 8 2026, 7:33 AM
gerritbot added a comment.Apr 8 2026, 12:20 PM

Change #1268848 merged by jenkins-bot:

[mediawiki/core@master] Add @since to method in UserRequirementsConditionCheckerFactory

https://gerrit.wikimedia.org/r/1268848

Maintenance_bot removed a project: Patch-For-Review.Apr 8 2026, 12:31 PM
mszwarc closed this task as Resolved.Apr 8 2026, 12:45 PM
mszwarc moved this task from Needs review to Done on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits