### User Story
> As an anonymous editor,
> I want to be notified a temporary account will be created on my behalf
> So that I do not have to reveal my personal information to edit a Wiki
### Acceptance Criteria
[ ] Show an updated notice when the editor starts editing
{F34933165}*[[ https://www.figma.com/file/WrsQMKK1l1Pvb9kkpVcFq4/IP-Masking | See Figma ]] for the latest update mockup
[ ] Notice displayed for both Wikitext & Visual Editor
{F34933178}*[[ https://www.figma.com/file/WrsQMKK1l1Pvb9kkpVcFq4/IP-Masking | See Figma ]] for the latest update mockup
[ ] After the edit is saved, anonymous user should view notice for temporary account username
[ ] Temporary accounts should have “Preferences” disabled
[ ] Temporary accounts should be cross-wiki compatible
[ ] Temporary accounts should enable cross-wiki notifications
{F34933175}*[[ https://www.figma.com/file/WrsQMKK1l1Pvb9kkpVcFq4/IP-Masking | See Figma ]] for the latest update mockup
### Some answered questions
1. Are we able to prevent anyone from signing up with the temporary account format of "~ ... ~"? **Yes**
2. How many usernames currently contain "~" or "~...~"? **673 accounts that begin and end with a tilde. (Begins with tilde 1078).**
3. What will happen to usernames with this format? **We can change them on their behalf. Captured here > https://phabricator.wikimedia.org/T300265**
### Proposed internal interface
```lang=php
// Skin
$tum = MediaWikiServices::getInstance()->getTempUserManager();
if ( $tum->isAutoCreateAction( 'edit' ) ) {
// Show edit tab
} else {
// Show view source tab
}
// Changes lists
if ( $tum->isTempUser( $user ) ) {
$classes[] = 'temp-user';
}
// Permissions
public function getUserImplicitGroups( ... ) {
...
if ( !$tum->isTempUser( $user ) ) {
$groups[] = 'permanent'; //?
$groups[] = 'nontemp'; //?
$groups[] = 'onymous'; //?
}
}
// Page save
// Before edit constraints
if ( $tum->isAutoCreateAllowed( 'edit', $anonUser ) ) {
// notify constraints that creation will be attempted
} elseif ( !$anonUser->isAllowed( 'edit' ) ) {
// not allowed
return Status::newFatal( ... );
}
// Before PageUpdater
$user = $tum->createUser();
// After save, CentralAuth will need to redirect to login.wikimedia.org for cookie-setting
```
### Config
```lang=php
// Defaults
$wgEnableAutoCreateTempUser = false;
$wgAutoCreateTempUser = [
'actions' => [ 'edit' ]
'prefix'genPattern' => '~',*Unregistered $1*'
'p'matchPattern' => '~Unregistered $1~'*$1',
'serialProvider' => 'db'[ 'type' => 'local' ],
'serialMap' => '[ 'type' => 'plain-numeric-en'' ],
];
$wgSharedTables[] = 'user_autocreate_serial';
// Typical wiki config
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = true;
$wgGroupPermissions['*']['createaccount'] = true; // otherwise no actions are enabled
// Production
$wgEnableAutoCreateTempUser = true;
$wgAutoCreateTempUser['serialProvider'] = 'centralauth';
```
### Database
```lang=sql
CREATE TABLE user_autocreate_serial (
uas_shard INT PRIMARY KEY NOT NULL,
uas_value INT NOT NULL
);
-- SQL flavoured pseudocode -- in reality this would be done in PHP
BEGIN;
SET n = 8;
SET r = FLOOR(RAND() * @n)
UPDATE user_autocreate_serial SET uas_value=uas_value+1 WHERE uas_shard=@r;
SELECT uas_value * @n + @r AS value FROM user_autocreate_serial WHERE uas_shard=@r;
COMMIT;
```
With n=1, r=0, IDs grow monotonically. With n>1 the IDs are not allocated in order, but a global lock is avoided.
Probably no need for altering the user table if we reserve a username prefix. We can just use the prefix for permissions and display.