Page MenuHomePhabricator
Create Task
Maniphest T106067

Undeploy DisableAccount extension
Closed, ResolvedPublic
Actions

Description

This eventually needs to be done (DisableAccount is a bad hack and it's not easy to reactivate disabled account) but we need to resolve T54453: Accounts blocked on wikis with wgBlockDisablesLogin enabled should not continue to receive email notifications first

Details

SubjectRepoBranchLines +/-
Stop branching DisableAccountmediawiki/tools/releasemaster+0 -1
Remove DisableAccount from InitialiseSettings.php and extension-listoperations/mediawiki-configmaster+0 -5
Remove DisableAccount from CommonSettings.phpoperations/mediawiki-configmaster+0 -7
Disable DisableAccount on all wikisoperations/mediawiki-configmaster+0 -11
Disable DisableAccount on wikis where there are no disabled usersoperations/mediawiki-configmaster+1 -3
Move DisableAccount and RelatedSites to the Legacy grouptranslatewikimaster+2 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Bugreporter created this task.Jul 16 2015, 5:50 PM
Bugreporter raised the priority of this task from to Needs Triage.
Bugreporter updated the task description. (Show Details)
Bugreporter added a project: Wikimedia-Site-requests.
Bugreporter subscribed.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptJul 16 2015, 5:50 PM
Bugreporter added a subtask: T54453: Accounts blocked on wikis with wgBlockDisablesLogin enabled should not continue to receive email notifications.Jul 16 2015, 5:50 PM
Glaisher added subscribers: Glaisher, Jalexander.Jul 16 2015, 5:52 PM

I don't think foundationwiki wants this.

Glaisher triaged this task as Lowest priority.Jul 16 2015, 5:52 PM
Bugreporter added a subscriber: Philippe-WMF.Jul 16 2015, 6:02 PM

See InitialiseSettings.php:
DO NOT DISABLE WITHOUT CONTACTING PHILIPPE / LEGAL!
 Installed by Andrew, 2011-04-26

Bugreporter added a project: WMF-Legal.Jul 16 2015, 6:02 PM
Bugreporter added a subscriber: werdna.
Bugreporter added a comment.Jul 16 2015, 6:06 PM
In T106067#1458079, @Glaisher wrote:

I don't think foundationwiki wants this.

Actually this extension is not installed on foundationwiki.

Krenair subscribed.Jul 16 2015, 7:05 PM
Jalexander added a comment.Jul 16 2015, 8:02 PM
In T106067#1458109, @Bugreporter wrote:
In T106067#1458079, @Glaisher wrote:

I don't think foundationwiki wants this.

Actually this extension is not installed on foundationwiki.

Aye, these are on a couple specific highly confidential private wikis (currently arbcom_enwiki, checkuserwiki, legalteamwiki, ombudsmenwiki & stewardwiki) and was there mostly because at the time engineering told us that BlockDisablesLogin would not be completely usable (and may have not even existed at the very start) . After T54453 is closed then most of those issues may be gone and we can reevaluate.

Krenair added a comment.Jul 16 2015, 8:08 PM

I'd quite like for us to figure out what is needed to get rid of this now, to add to the list with T54453.

Legoktm subscribed.Jul 17 2015, 5:33 AM
Bugreporter added a parent task: T106123: Extensions needing to be removed from Wikimedia wikis.Jul 17 2015, 6:28 AM
Ricordisamoa subscribed.Jul 17 2015, 7:31 AM
Krenair mentioned this in T106068: [DisableAccount] Remove "inactive" user group.Jul 17 2015, 7:42 AM
MarcoAurelio subscribed.Jul 17 2015, 5:16 PM

As an user on two WMF wikis which do use this tool, I can say that this is hardly used; thankfully. This was designed as aditional security for compromised accounts and other situations where we really wanted to remove access to a wiki. However mistakes using this tool require sysadmin intervention. Perhaps, if we worry about wrong unblocks and users regaining access to information they ain't cleared no more to view, with the fix of T54453, we can think about granting the 'unblock' rights on those wikis to the bureaucrats? Meanwhile and as @Jalexander say, better to keep this for now IMHO; but if we want to get rid of this extension $wgBlockDisablesLogin needs to work as block + disable and totally remove access from blocked accounts.

Glaisher edited projects, added Wikimedia-Extension-setup; removed Wikimedia-Site-requests.Jul 17 2015, 5:18 PM
Glaisher set Security to None.
Krenair added a comment.Jul 17 2015, 8:05 PM
In T106067#1460810, @MarcoAurelio wrote:

This was designed as aditional security for compromised accounts and other situations where we really wanted to remove access to a wiki.

Sure, $wgBlockDisablesLogin should do this.

In T106067#1460810, @MarcoAurelio wrote:

However mistakes using this tool require sysadmin intervention.

And presumably ordinary reverts? But still, ugh.

In T106067#1460810, @MarcoAurelio wrote:

we can think about granting the 'unblock' rights on those wikis to the bureaucrats?

We don't have a separate 'unblock' right... I don't understand why you would want to do that anyway?

In T106067#1460810, @MarcoAurelio wrote:

Meanwhile and as @Jalexander say, better to keep this for now IMHO

Yes, there is one known issue preventing us from getting rid of it right now, it's the email task marked as a blocker

In T106067#1460810, @MarcoAurelio wrote:

if we want to get rid of this extension $wgBlockDisablesLogin needs to work as block + disable and totally remove access from blocked accounts.

It should do that already other than the aforementioned email issue.

Krenair added a comment.Aug 13 2015, 4:42 PM

The patch for T54453 (the email blocker bug here) is being merged now.
I think we also need a blocker about writing (and then running) a script to migrate current users who have been disabled via DisableAccount to blocks.

Glaisher closed subtask T54453: Accounts blocked on wikis with wgBlockDisablesLogin enabled should not continue to receive email notifications as Resolved.Aug 14 2015, 11:36 AM
Glaisher mentioned this in T109060: [DisableAccount] Write a script to migrate disabled accounts with DisableAccount to blocked account.Aug 14 2015, 11:51 AM
In T106067#1535731, @Krenair wrote:

I think we also need a blocker about writing (and then running) a script to migrate current users who have been disabled via DisableAccount to blocks.

T109060: [DisableAccount] Write a script to migrate disabled accounts with DisableAccount to blocked account

MarcoAurelio added a parent task: T43492: [DO NOT USE] Steward, global sysop and SWMT tasks bugs (tracking) [superseded by #Stewards-and-global-tools].Sep 5 2015, 9:15 AM
Legoktm added a project: Stewards-and-global-tools.Oct 27 2015, 4:57 PM
Trijnstel subscribed.Dec 18 2015, 12:01 PM
Trijnstel added a comment.EditedDec 18 2015, 12:33 PM
In T106067#1461194, @Krenair wrote:
In T106067#1460810, @MarcoAurelio wrote:

we can think about granting the 'unblock' rights on those wikis to the bureaucrats?

We don't have a separate 'unblock' right... I don't understand why you would want to do that anyway?

But there is a block right and actually, I support MarcoAurelio's idea... On the Checkuser wiki accounts are being maintained by the CU-l list admins. They are the only ones with bureaucrat rights, and thus the only ones to create accounts there. It seems logical to make the bureaucrats the only ones with the ability to block accounts as well.

On the steward wiki every steward has bureaucrat rights, so it's not a problem there either. Maybe on the other private wikis, but I doubt that, to be honest. @Jalexander: can you shed some light here?

ZhouZ subscribed.Apr 14 2016, 1:00 AM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptApr 14 2016, 1:00 AM
ZhouZ moved this task from Backlog to Assigned on the WMF-Legal board.Apr 14 2016, 1:00 AM
Jdforrester-WMF created subtask T141954: Run maintenance script to migrate disabled accounts with DisableAccount to blocked account.Aug 3 2016, 12:51 AM
Jdforrester-WMF closed subtask T109060: [DisableAccount] Write a script to migrate disabled accounts with DisableAccount to blocked account as Resolved.
Jdforrester-WMF removed a subtask: T109060: [DisableAccount] Write a script to migrate disabled accounts with DisableAccount to blocked account.
MZMcBride subscribed.Aug 3 2016, 11:56 PM
Tgr subscribed.Dec 24 2016, 10:30 PM

T54453: Accounts blocked on wikis with wgBlockDisablesLogin enabled should not continue to receive email notifications is now fixed (and T129738: Blocked accounts on BlockDisablesLogin wikis aren't logged out as well). So is this now in the "just do it" phase?

MarcoAurelio added a comment.Dec 25 2016, 1:42 AM

Can/Should the 'inactive' user group go as well? If so it should be removed
from the accounts that have it first.

MarcoAurelio added a comment.Dec 26 2016, 9:09 AM

Also, is the maintenance script (T141954) ready?

MarcoAurelio removed a parent task: T43492: [DO NOT USE] Steward, global sysop and SWMT tasks bugs (tracking) [superseded by #Stewards-and-global-tools].Jan 11 2017, 11:39 PM
Reedy added a project: Technical-Debt.Feb 20 2017, 4:14 PM
Reedy removed a subscriber: Philippe-WMF.
gerritbot subscribed.Feb 20 2017, 4:31 PM

Change 338792 had a related patch set uploaded (by Reedy):
Disable DisableAccount on two wikis were no disabled users

https://gerrit.wikimedia.org/r/338792

gerritbot added a project: Patch-For-Review.Feb 20 2017, 4:31 PM
Reedy subscribed.Feb 20 2017, 4:35 PM

Both legalteamwiki and ombudsmenwiki have no users in the inactive group. So proposing we disable the extension there in the first instance

As for everywhere else...

wikiusers to migrate
arbcom_enwiki69
checkuserwiki193
stewardwiki54
MarcoAurelio added a comment.Feb 20 2017, 6:00 PM

@Reedy Our internal tracking page on stewardwiki differs on the number of people whose accounts were removed using DisableAccount. Is that count correct? I'd be surprised that it were. If so, is it possible to know who did it? Thanks.

Reedy added a comment.Feb 20 2017, 6:04 PM
In T106067#3041335, @MarcoAurelio wrote:

@Reedy Our internal tracking page on stewardwiki differs on the number of people whose accounts were removed using DisableAccount. Is that count correct? I'd be surprised that it were. If so, is it possible to know who did it? Thanks.

I did it, just before posting them (and that's what I used to decide where to disable the extension now)... Based on who is in the 'inactive' user group... Which is what the migration script in T141954 uses for working out who needs migrating

select count(*) from user_groups where ug_group = 'inactive';
MarcoAurelio added a comment.Feb 20 2017, 6:21 PM

At least, for stewardwiki, that is not correct @Reedy. We have been adding the 'inactive' flag to all blocked accounts manually. You should check who in those private wikis do not have an email and password: those will be the ones really in need to be migrated.

Reedy added a comment.EditedFeb 20 2017, 6:24 PM
In T106067#3041378, @MarcoAurelio wrote:

At least, for stewardwiki, that is not correct @Reedy. We have been adding the 'inactive' flag to all blocked accounts manually. You should check who in those private wikis do not have an email and password: those will be the ones really in need to be migrated.

Based on that...

In T106067#2901995, @MarcoAurelio wrote:

Also, is the maintenance script (T141954) ready?

The answer to that is no then, based on your comment above?

Any accounts already blocked etc, will just be reblocked if in that group. So no harm done in those cases

mysql:wikiadmin@db1078 [stewardwiki]> select count(*) from user where user_password = "" OR user_email = "";
+----------+
| count(*) |
+----------+
|        6 |
+----------+
1 row in set (0.00 sec)
MarcoAurelio added a comment.Feb 20 2017, 6:28 PM

My on-wiki count is 2. Can you run it with AND user_email instead of OR?

Reedy added a comment.Feb 20 2017, 6:33 PM
mysql:wikiadmin@db1078 [stewardwiki]> select count(*) from user where user_password = "" AND user_email = "";
+----------+
| count(*) |
+----------+
|        4 |
+----------+
1 row in set (0.00 sec)
MarcoAurelio created subtask T158594: Once DisableAccount extension is removed: remove all users from the 'inactive' user group and remove it from fishbowl.dblist and private.dblist list of permissions.Feb 20 2017, 6:47 PM
TerraCodes subscribed.Mar 14 2017, 9:18 PM
Matanya moved this task from Untriaged to Medium priority on the Stewards-and-global-tools board.Apr 19 2017, 8:08 PM
MarcoAurelio mentioned this in T166858: Deploy "CloseMyAccount" extension to allow disabling/closing your own user account.Jul 29 2017, 2:08 PM
Peachey88 mentioned this in T177661: Add feature to deactivate an account on arbcom-fi.wikipedia.org.Oct 7 2017, 12:11 AM
gerritbot added a comment.Jun 5 2018, 11:28 PM

Change 338792 merged by jenkins-bot:
[operations/mediawiki-config@master] Disable DisableAccount on wikis where there are no disabled users

https://gerrit.wikimedia.org/r/338792

TerraCodes added a comment.Jun 6 2018, 1:25 AM

@MarcoAurelio is your on-wiki count still at two, or has it changed?

Reedy removed a project: Patch-For-Review.Jun 6 2018, 1:29 AM
Reedy removed a subscriber: ZhouZ.
gerritbot added a comment.Aug 12 2018, 8:05 AM

Change 452181 had a related patch set uploaded (by Amire80; owner: Amire80):
[translatewiki@master] Move DisableAccount and RelatedSites to the Legacy group

https://gerrit.wikimedia.org/r/452181

gerritbot added a project: Patch-For-Review.Aug 12 2018, 8:05 AM
gerritbot added a comment.Aug 12 2018, 11:20 AM

Change 452181 merged by jenkins-bot:
[translatewiki@master] Move DisableAccount and RelatedSites to the Legacy group

https://gerrit.wikimedia.org/r/452181

MarcoAurelio mentioned this in T141954: Run maintenance script to migrate disabled accounts with DisableAccount to blocked account.Sep 20 2018, 8:04 AM
Reedy closed subtask T141954: Run maintenance script to migrate disabled accounts with DisableAccount to blocked account as Resolved.Sep 20 2018, 7:51 PM
gerritbot added a comment.Sep 20 2018, 7:51 PM

Change 461726 had a related patch set uploaded (by Reedy; owner: Reedy):
[operations/mediawiki-config@master] Disable DisableAccount on all wikis

https://gerrit.wikimedia.org/r/461726

gerritbot added a comment.Sep 20 2018, 7:54 PM

Change 461726 merged by jenkins-bot:
[operations/mediawiki-config@master] Disable DisableAccount on all wikis

https://gerrit.wikimedia.org/r/461726

gerritbot added a comment.Sep 20 2018, 7:55 PM

Change 461731 had a related patch set uploaded (by Reedy; owner: Reedy):
[operations/mediawiki-config@master] Remove DisableAccount from CommonSettings.php

https://gerrit.wikimedia.org/r/461731

gerritbot added a comment.Sep 20 2018, 7:55 PM

Change 461732 had a related patch set uploaded (by Reedy; owner: Reedy):
[operations/mediawiki-config@master] Remove DisableAccount from InitialiseSettings.php and extension-list

https://gerrit.wikimedia.org/r/461732

Stashbot subscribed.Sep 20 2018, 7:57 PM

Mentioned in SAL (#wikimedia-operations) [2018-09-20T19:57:49Z] <reedy@deploy1001> Synchronized wmf-config/InitialiseSettings.php: Disable DisableAccount T106067 (duration: 00m 51s)

gerritbot added a comment.Sep 20 2018, 7:57 PM

Change 461733 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/tools/release@master] Stop branching DisableAccount

https://gerrit.wikimedia.org/r/461733

gerritbot added a comment.Sep 24 2018, 10:41 PM

Change 461731 merged by jenkins-bot:
[operations/mediawiki-config@master] Remove DisableAccount from CommonSettings.php

https://gerrit.wikimedia.org/r/461731

Stashbot added a comment.Sep 24 2018, 10:43 PM

Mentioned in SAL (#wikimedia-operations) [2018-09-24T22:43:16Z] <reedy@deploy1001> Synchronized wmf-config/CommonSettings.php: Bye bye DisableAccount T106067 (duration: 00m 51s)

gerritbot added a comment.Sep 24 2018, 10:48 PM

Change 461732 merged by jenkins-bot:
[operations/mediawiki-config@master] Remove DisableAccount from InitialiseSettings.php and extension-list

https://gerrit.wikimedia.org/r/461732

Reedy closed this task as Resolved.Sep 24 2018, 11:34 PM
Reedy claimed this task.
Reedy changed the status of subtask T158594: Once DisableAccount extension is removed: remove all users from the 'inactive' user group and remove it from fishbowl.dblist and private.dblist list of permissions from Open to Stalled.
Reedy removed a project: Patch-For-Review.

Extension is undeployed... T158594 doesn't block it, that's only in wmf-config, and isn't particularly dependant on the extnesion

Aklapper added a comment.Sep 25 2018, 5:57 AM
In T106067#4613112, @Reedy wrote:

Extension is undeployed... T158594 doesn't block it, that's only in wmf-config, and isn't particularly dependant on the extnesion

I removed {{OnWikimedia}} from https://www.mediawiki.org/wiki/Extension:DisableAccount and removed the entry from https://www.mediawiki.org/wiki/Developers/Maintainers#MediaWiki_extensions_deployed_by_WMF

Reedy added a comment.Sep 25 2018, 12:09 PM

Thanks Andre! :)

gerritbot added a comment.Sep 25 2018, 3:05 PM

Change 461733 merged by jenkins-bot:
[mediawiki/tools/release@master] Stop branching DisableAccount

https://gerrit.wikimedia.org/r/461733

Aklapper removed a subtask: T158594: Once DisableAccount extension is removed: remove all users from the 'inactive' user group and remove it from fishbowl.dblist and private.dblist list of permissions.May 13 2020, 12:07 PM
Aklapper added a parent task: T158594: Once DisableAccount extension is removed: remove all users from the 'inactive' user group and remove it from fishbowl.dblist and private.dblist list of permissions.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits