Page MenuHomePhabricator
Create Task
Maniphest T68828

CentralAuth: Audit autologin procedure for performance and code quality
Closed, DeclinedPublic
Actions

Description

I'm not happy about how the (still relatively new) added feature for autologin works.

The new JS-based procedure replaces old the in-between page and its <img> loads.

This is a reminder to perform a back-to-back audit of it and clean or refactor it. Perhaps we can walk through it this September when I'm visiting the office.

It currently performs upto 55 network requests to get things set up:F or each of the entry points CA tries to hit (listed below) multiplied by the number of wiki projects (wikipedia, wikibooks, wiktionary, etc.)

  • Special:CentralAutoLogin/start,
  • Special:CentralAutoLogin/checkLoggedIn
  • Special:CentralAutoLogin/createSession
  • Special:CentralAutoLogin/validateSession
  • Special:CentralAutoLogin/setCookies
See also

Details

Reference
bz66828

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:25 AM
bzimport added projects: MediaWiki-extensions-CentralAuth, Performance Issue.
bzimport set Reference to bz66828.
bzimport added a subscriber: Unknown Object (MLST).
Krinkle created this task.Jun 19 2014, 8:41 AM
werdna unsubscribed.Dec 10 2014, 5:24 PM
Nemo_bis added a project: MediaWiki-Core-AuthManager.Jul 18 2015, 7:23 PM
Nemo_bis subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 18 2015, 7:23 PM
Krinkle edited projects, added: Performance-Team; removed: Performance Issue.Dec 10 2018, 4:52 AM
Krinkle updated the task description. (Show Details)
Krinkle merged a task: T91196: Reduce calls to Special:CentralAutoLogin/checkLoggedIn.
Krinkle removed a subscriber: wikibugs-l-list.
Krinkle added a subscriber: Jdlrobson.Dec 10 2018, 4:54 AM
At T91196, @Nemo_bis wrote:

In an ideal world, unregistered users wouldn't need to load Special:CentralAutoLogin/checkLoggedIn on every single page view (e.g. https://login.wikimedia.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=itwikiquote&proto=https).

In T130935#2152565, @Jdlrobson wrote:

The offending line is in ext.centralauth.centralautologin.js

mw.loader.load( url );

I wonder if this should only be executing on a window onload event

Krinkle merged a task: T130935: CentralAutoLogin delays fully load time.Dec 10 2018, 4:55 AM
Krinkle updated the task description. (Show Details)
Krinkle added subscribers: Legoktm, Peter, ori.
Imarlier moved this task from Inbox, needs triage to To-do: Goals, prioritized next 4 Quarters on the Performance-Team board.Dec 10 2018, 8:54 PM
Krinkle updated the task description. (Show Details)Sep 9 2019, 9:08 PM
Krinkle mentioned this in T252244: CentralAuth extension: Code stewardship review.May 8 2020, 8:20 PM
Krinkle moved this task from To-do: Goals, prioritized next 4 Quarters to Radar on the Performance-Team board.Jan 19 2023, 7:08 AM
Krinkle edited projects, added: Performance-Team (Radar); removed: Performance-Team.
Krinkle moved this task from Limbo to Perf recommendation on the Performance-Team (Radar) board.
Krinkle edited projects, added: Wikimedia-Performance-recommendation; removed: Performance-Team (Radar).Aug 18 2023, 8:42 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptAug 18 2023, 8:42 PM
larissagaulia moved this task from Inbox, needs triage to Within 2 Qs on the MediaWiki-Platform-Team board.Aug 22 2023, 10:11 AM
Tgr subscribed.Oct 22 2023, 1:33 AM

Edge login seems to be triggered more than it should (e.g. a successful edge login on a wiki sets the CentralAuthDoEdgeLogin flag so the next visit to that wiki will trigger another edge login; I don't really get the point of that).

Other than that I'm not sure what small changes we could do performance-wise (the code quality could certainly be improved). At some point we'll have to get rid of edge login and having the login interface available on every wiki (T348388: SUL3: Use a dedicated domain for login and account creation), and then we can try to simplify things. But that will be a major refactoring.

matmarex closed this task as Declined.Jan 17 2024, 3:53 AM
matmarex subscribed.

While working on T327046 last year, I've read through all of this code, and made a number of code quality improvements (https://gerrit.wikimedia.org/r/q/owner:matmarex+project:mediawiki/extensions/CentralAuth+mergedafter:2023-10-10+mergedbefore:2024-01-01). I'm not sure if you can call this an audit, but I felt that what was left was ugly but necessary, and I feel that a more formal audit is not needed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits