Page MenuHomePhabricator

resetUserTokens.php not usable on large wikis
Open, MediumPublic

Description

resetUserTokens.php calls User::saveSettings(), which is fast enough for most things, but far too slow for the task of modifying every user in the database. It may even have scary side-effects like preference normalisation.

Also, the main SELECT query is not batched and may use a lot of memory.

What's needed is something that just does updates user_token for each user and nothing else. Calling authentication plugin hooks while this is going on is probably harmful: CentralAuth can more efficiently update gu_auth_token in a script of its own.

MySQL doesn't provide a particularly convenient method for updating multiple rows at a time with different literal values, but something like this seems to be possible:

CREATE TEMPORARY TABLE new_tokens (nt_user_id int, nt_token varbinary(32));
INSERT INTO new_tokens VALUES (...), (...), ...;
UPDATE user SET user_token = (SELECT nt_token FROM new_tokens WHERE nt_user_id=user_id) WHERE user_id BETWEEN ... AND ...;

Maybe if the rows were updated in batches of 50 or so, a large wiki could have its tokens reset in a reasonable amount of time.


See also: T124861: resetGlobalUserTokens is too slow

Details

Reference
bz47490
Related Gerrit Patches:
mediawiki/core : masterAdd $wgAuthenticationTokenVersion

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 1:25 AM
bzimport set Reference to bz47490.
bzimport added a subscriber: Unknown Object (MLST).

Change 267734 had a related patch set uploaded (by Anomie):
Add $wgAuthenticationTokenVersion

https://gerrit.wikimedia.org/r/267734

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 1 2016, 8:48 PM

Change 267734 merged by jenkins-bot:
Add $wgAuthenticationTokenVersion

https://gerrit.wikimedia.org/r/267734

greg added a subscriber: Anomie.

@Anomie, I'm going to set this blocking wmf.13's deploy as we discussed on Monday. This might not be the perfect task, but it's what you associated that patch with, so let me know if not.

greg added a comment.Feb 3 2016, 12:09 AM

It looks like it. I was just fleshing out the agreed upon blockers for wmf.13 (via T125596), this was the closest task I had for this. Hence me asking you for confirmation.

OK, I misunderstood the purpose. But the CA patch's bug is probably the
better one.

Tgr updated the task description. (Show Details)Feb 10 2016, 3:08 AM
Tgr set Security to None.