### User Story
> As an anonymous editor,
> I want to be notified a temporary account will be created on my behalf
> So that I do not have to reveal my personal information to edit a Wiki
### Acceptance Criteria
[ ] Show an updated notice when the editor starts editing
{F34933165}*[[ https://www.figma.com/file/WrsQMKK1l1Pvb9kkpVcFq4/IP-Masking | See Figma ]] for the latest update mockup
[ ] Notice displayed for both Wikitext & Visual Editor
{F34933178}*[[ https://www.figma.com/file/WrsQMKK1l1Pvb9kkpVcFq4/IP-Masking | See Figma ]] for the latest update mockup
[ ] After the edit is saved, anonymous user should view notice for temporary account username
[ ] Temporary accounts should have “Preferences” disabled
[ ] Temporary accounts should be cross-wiki compatible
[ ] Temporary accounts should enable cross-wiki notifications
{F34933175}*[[ https://www.figma.com/file/WrsQMKK1l1Pvb9kkpVcFq4/IP-Masking | See Figma ]] for the latest update mockup
### Some answered questions
1. Are we able to prevent anyone from signing up with the temporary account format of "~ ... ~"? **Yes**
2. How many usernames currently contain "~" or "~...~"? **673 accounts that begin and end with a tilde. (Begins with tilde 1078).**
3. What will happen to usernames with this format? **We can change them on their behalf. Captured here > https://phabricator.wikimedia.org/T300265**
### Proposed internal interface
```lang=php
// Skin
$uac = MediaWikiServices::getInstance()->getUserAutoCreator();
if ( $uac->isEnabledAction( 'edit' ) ) {
// Show edit tab
} else {
// Show view source tab
}
// Changes lists
if ( $uac->isAutoCreated( $user ) ) {
$classes[] = 'temp-user';
}
// Permissions
public function getUserImplicitGroups( ... ) {
...
if ( !$uac->isAutoCreated( $user ) ) {
$groups[] = 'permanent'; //?
$groups[] = 'nontemp'; //?
$groups[] = 'onymous'; //?
}
}
// Page save
// Before edit constraints
if ( $uac->isAllowed( 'edit', $anonUser ) ) {
// notify constraints that creation will be attempted
} elseif ( !$anonUser->isAllowed( 'edit' ) ) {
// not allowed
return Status::newFatal( ... );
}
// Before PageUpdater
$user = $uac->createUser();
// After save, CentralAuth will need to redirect to login.wikimedia.org for cookie-setting
```
### Config
```lang=php
// Defaults
$wgEnableAutoCreateUser = false;
$wgAutoCreateUser = [
'actions' => [ 'edit' ]
'prefix' => '~',
'pattern' => '~Unregistered $1~'
'serialProvider' => 'db',
'serialMap' => 'numeric-en'
];
$wgSharedTables[] = 'user_autocreate_serial';
// Typical wiki config
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = true;
$wgGroupPermissions['*']['createaccount'] = true; // otherwise no actions are enabled
// Production
$wgEnableAutoCreateUser = true;
$wgAutoCreateUser['serialProvider'] = 'centralauth';
```
### Database
```lang=sql
CREATE TABLE user_autocreate_serial (
uas_shard INT PRIMARY KEY NOT NULL,
uas_value INT NOT NULL
);
BEGIN;
SET n = 8;
SET r = FLOOR(RAND() * @n)
UPDATE user_autocreate_serial SET uas_value=uas_value+1 WHERE uas_shard=@r;
SELECT uas_value * @n + @r AS value FROM user_autocreate_serial WHERE uas_shard=@r;
COMMIT;
```
With n=1, r=0, IDs grow monotonically. With n>1 the IDs are not allocated in order, but a global lock is avoided.
Probably no need for altering the user table if we reserve a username prefix. We can just use the prefix for permissions and display.