♟ Tgr — CUCH

♟ Tgr
Page Menu
Phabricator
User Profile
Assigned Tasks
Authored Tasks
Authored Commits
Received Badges
Manage User
People
Tgr
Tgr (Gergő Tisza)
Software Engineer, WMF
Projects (53)
View All
acl*Batch-Editors
Policy
acl*mediawiki_platform_team
Policy
acl*Project-Admins
Policy
acl*security
Policy
acl*security_developer
Policy
Calendar
Today
No visible events.
Tomorrow
No visible events.
Sunday
No visible events.
User Details
User Since
Sep 19 2014, 4:55 PM (605 w, 1 h)
Availability
Busy
Busy until May 10.
IRC Nick
tgr
LDAP User
Gergő Tisza
MediaWiki User
Tgr (WMF)
Global Accounts
Things my team is working on:
MediaWiki-Platform-Team
Side projects I am working on (or planning to, eventually):
User-Tgr
You can find more info about me on
my user page
Recent Activity
View All
Wed, Mar 25
Tgr
added a comment to
T421307: extjsonuploader update-and-upload job fails with "Error when saving : Invalid CSRF token."
We use
toolforge/extjsonuploader
. The
UA policy
isn't very clear about it but it requires a contact email or URL.
Wed, Mar 25, 9:35 PM
Tool-extjsonuploader
Tgr
created
T421307: extjsonuploader update-and-upload job fails with "Error when saving : Invalid CSRF token."
Wed, Mar 25, 9:33 PM
Tool-extjsonuploader
Mar 18 2026
Tgr
added a comment to
T419130: Exempt some routes from rate limiting and JWT validity checks in the API gateway
That and maybe
type=createaccount
Mar 18 2026, 12:32 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
envoy
Mar 15 2026
Tgr
added a comment to
T136101: Rethink AuthManager::securitySensitiveOperationStatus
With
T348388: SUL3: Use a dedicated domain for login and account creation
we have (at least for Wikimedia wikis) given up the ability to embed identity checks right into the forms which perform dangerous actions. This was probably a net security benefit, since the auth domain has no on-wiki scripts and much reduced functionality, and so authentication (including reauthentication) is much safer against XSS attacks (and consequently also against phishing attacks once WebAuthn becomes widespread and ensures authentication only works on the right domain). Redirect-based identity verification workflows are a good fit for a separate auth domain; and we probably don't want to evolve security in two different directions for Wikimedia and non-Wikimedia wikis.
Mar 15 2026, 6:58 PM
MediaWiki-Platform-Team
Security
MediaWiki-Core-AuthManager
Tgr
added a comment to
T402423: Remove &usesul3= URL parameter
See also
T420150: Remove SUL2 B/C API behavior
Mar 15 2026, 6:58 PM
SUL3
MediaWiki-Platform-Team (Q3 Kanban Board)
MediaWiki-extensions-CentralAuth
Tgr
created
T420150: Remove SUL2 B/C API behavior
Mar 15 2026, 6:57 PM
SUL3
MediaWiki-extensions-CentralAuth
MediaWiki-Platform-Team
Tgr
added a comment to
T419152: Editing user JS/CSS pages of another user should require elevated security
At a minimum, we should require verification when editing the user JS of a user with high privileges. (Related:
T197087: Remove or limit ability to edit the user JS of another user who has higher privileges
Mar 15 2026, 6:33 PM
MediaWiki-Platform-Team (Radar)
Sustainability (Incident Followup)
2026-user-javascript-incident
Product Safety and Integrity
Security
MediaWiki-Core-AuthManager
Tgr
renamed
T197087: Remove or limit ability to edit the user JS of another user who has higher privileges
from
Remove or limit edituserjs and similar rights from users with "higher" access than the editor
to
Remove or limit ability to edit the user JS of another user who has higher privileges
Mar 15 2026, 6:33 PM
Security
MediaWiki-User-Interface
Tgr
added a comment to
T419130: Exempt some routes from rate limiting and JWT validity checks in the API gateway
Or maybe it could be worked into cost-based rate limiting somehow? Envoy could let requests with
meta=tokens
in them through, and then MediaWiki would somehow indicate whether it was a "pure" token request, and Envoy could block it on the way back if not.
Mar 15 2026, 2:05 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
envoy
Tgr
added a comment to
T419130: Exempt some routes from rate limiting and JWT validity checks in the API gateway
Yeah dealing with action API URLs will be a huge pain. You'd need to disallow all other
meta
prop
list
generator
parameter values, plus the
export
parameter at least.
Mar 15 2026, 2:02 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
envoy
Tgr
added a comment to
T420132: Make it so that only Trusted-Contributors can edit things on other people's tickets
I wonder if we could auto-add people to Trusted-Contributors based on some modest contribution criteria (like >1000 global wiki edits)?
Mar 15 2026, 1:46 PM
Phabricator
Tgr
updated the task description for
T419130: Exempt some routes from rate limiting and JWT validity checks in the API gateway
Mar 15 2026, 1:07 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
envoy
Tgr
added a comment to
T419130: Exempt some routes from rate limiting and JWT validity checks in the API gateway
In
T419130#11711216
@Tacsipacsi
wrote:
Could the Action API login endpoints (
action=clientlogin
and
action=login
) also be exempted? They suffer from the same issues as OAuth login – one cannot be logged in while logging in.
Mar 15 2026, 1:04 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
envoy
Tgr
added a comment to
T419130: Exempt some routes from rate limiting and JWT validity checks in the API gateway
In
T419130#11687204
@daniel
wrote:
How about we excempt everything under
/oauth2/
? Makes the config easier.
Mar 15 2026, 11:50 AM
MediaWiki-Platform-Team (Q3 Kanban Board)
envoy
Mar 13 2026
Tgr
added a comment to
T419921: TypeError: MediaWiki\Extension\OAuth\ResourceServer::getUser(): Return value must be of type MediaWiki\User\User, false returned
This is the snippet that sets
ResourceServer::$user
$userId
$request
->
getAttribute
'oauth_user_id'
);
if
$userId
// Set anon user when no user id is present in the AT (machine grant)
$this
->
user
User
::
newFromId
);
return
Mar 13 2026, 12:34 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
User-brennen
MediaWiki-Engineering
MediaWiki-extensions-OAuth
Wikimedia-production-error
Tgr
added a comment to
T419946: Cannot login to beta: "There was an unexpected error logging in"
Logstash:
Has a bunch of
Couldn't connect to server
on the objectcache channel, so pretty sure it's an infra issue.
Mar 13 2026, 12:14 PM
User-bd808
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
MediaWiki-Core-AuthManager
Beta-Cluster-Infrastructure
Tgr
added a comment to
T418606: Include session type in x-analytics header
I don't think api.wikimedia.org has any authenticated endpoints?
Mar 13 2026, 11:02 AM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
MediaWiki-Core-AuthManager
Tgr
added a comment to
T419921: TypeError: MediaWiki\Extension\OAuth\ResourceServer::getUser(): Return value must be of type MediaWiki\User\User, false returned
(Also that broke getting an access token with client credentials, and this probably broke using an access token that was obtained with client credentials, so maybe one causes bots to retry more aggressively than the other.)
Mar 13 2026, 10:45 AM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
User-brennen
MediaWiki-Engineering
MediaWiki-extensions-OAuth
Wikimedia-production-error
Tgr
closed
T404334: EmailAuth verification on Wikimedia wikis can sometimes be bypassed by logging in via a wiki in the `closed` dblist
as
Resolved
Works now on closed wikis.
@sbassett
I think the task can be made public.
Mar 13 2026, 8:34 AM
WikimediaCustomizations
MW-1.46-notes (1.46.0-wmf.15; 2026-02-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
Product Safety and Integrity
SecTeam-Processed
Vuln-Misconfiguration
WMF-General-or-Unknown
MediaWiki-extensions-WikimediaEvents
MediaWiki-extensions-EmailAuth
Security
Security-Team
Tgr
added a comment to
T419921: TypeError: MediaWiki\Extension\OAuth\ResourceServer::getUser(): Return value must be of type MediaWiki\User\User, false returned
Yeah, probably caused by
rEOAUa750632f6b0e: Set 'sub' JWT field in client credentials access tokens
Mar 13 2026, 8:29 AM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
User-brennen
MediaWiki-Engineering
MediaWiki-extensions-OAuth
Wikimedia-production-error
Mar 12 2026
Tgr
added a comment to
T419107: The PHPUnit config override does not appear to be auto-generated
Thanks!
Mar 12 2026, 6:33 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
MediaWiki-Core-Tests
Patch-For-Review
Release-Engineering-Team
ci-test-error (WMF-deployed Build Failure)
Tgr
added a comment to
T419107: The PHPUnit config override does not appear to be auto-generated
Is the fix easy to backport? It's nice not to have CI breaks in live production branches.
Mar 12 2026, 3:05 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
MediaWiki-Core-Tests
Patch-For-Review
Release-Engineering-Team
ci-test-error (WMF-deployed Build Failure)
Tgr
added a comment to
T419107: The PHPUnit config override does not appear to be auto-generated
IIUIC this is supposed to be fixed by
rMWc47f1b756d46: Generate local PHPUnit config before preparing parallel runs
, but the error is
still happening
15:01:26 Error in bootstrap script: RuntimeException:
15:01:26 The PHPUnit config override does not appear to be auto-generated. Generate it manually by running `composer phpunit:config`, or automatically by running tests via `composer phpunit`.
15:01:26 #0 /workspace/src/vendor/phpunit/phpunit/src/Util/FileLoader.php(66): include_once()
15:01:26 #1 /workspace/src/vendor/phpunit/phpunit/src/Util/FileLoader.php(49): PHPUnit\Util\FileLoader::load()
15:01:26 #2 /workspace/src/vendor/phpunit/phpunit/src/TextUI/Command.php(567): PHPUnit\Util\FileLoader::checkAndLoad()
15:01:26 #3 /workspace/src/vendor/phpunit/phpunit/src/TextUI/Command.php(347): PHPUnit\TextUI\Command->handleBootstrap()
15:01:26 #4 /workspace/src/vendor/phpunit/phpunit/src/TextUI/Command.php(114): PHPUnit\TextUI\Command->handleArguments()
15:01:26 #5 /workspace/src/vendor/phpunit/phpunit/src/TextUI/Command.php(99): PHPUnit\TextUI\Command->run()
15:01:26 #6 /workspace/src/vendor/phpunit/phpunit/phpunit(107): PHPUnit\TextUI\Command::main()
15:01:26 #7 /workspace/src/vendor/bin/phpunit(122): include('...')
15:01:26 #8 {main}
15:01:26 Script phpunit handling the phpunit event returned with error code 1
15:01:26 Script @phpunit was called via phpunit:entrypoint
15:01:26 Worker exited with status 1
Mar 12 2026, 2:36 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
MediaWiki-Core-Tests
Patch-For-Review
Release-Engineering-Team
ci-test-error (WMF-deployed Build Failure)
Tgr
added a comment to
T419723: New accounts created from editor anon warning redirect to welcome survey, not back to editor (2026)
I believe this is caused by
rECAU41c5a166ccbc: SUL3: Allow viewing Special:CreateAccount?returnto=… while logged in
using
sul3-
prefixed URL parameters for
returnto
etc. when locally redirecting from Special:CreateAccount to Special:Userlogin (since the local domain sees SUL3 account creations as logins). The
getPreservedParams()
call in
AuthManagerSpecialPage::performAuthenticationStep()
is not picking up these parameters anymore, so they don't go into the returnUrl parameter of AuthManager, so they won't be in the local-domain URL the auth domain redirects back to after successful signup. About 10% of the time the tokenstore fails, returnUrl is not passed successfully to the central domain, and CentralAuth uses a different mechanism to generate the return URL, which is why this bug is only happening about 90% of the time. (Although it happened 0 out of 3 tries for me in production, but maybe I was just really unlucky?)
Mar 12 2026, 12:58 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
Data-Engineering
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Growth-Team (FY2025-26 Q3 Sprint 5)
Tgr
added a comment to
T419723: New accounts created from editor anon warning redirect to welcome survey, not back to editor (2026)
In
T419723#11700046
@Tgr
wrote:
On the way forward, they are in the token store though (in
returnUrl
) and that's less reliable.
Mar 12 2026, 11:11 AM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
Data-Engineering
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Growth-Team (FY2025-26 Q3 Sprint 5)
Tgr
added a comment to
T419723: New accounts created from editor anon warning redirect to welcome survey, not back to editor (2026)
We shouldn't sample error messages, they are infrequent enough and not really an auth event in the first place, we should just use the
authentication
channel for that. But yes, the debug log file should include sampled events. The log seems normal otherwise. Central autologin attempt -> sending the user to signup page -> on the local domain, treating the successful signup as a login -> doing edge login on all the various top-level Wikimedia domains is the normal flow of things.
Mar 12 2026, 10:48 AM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
Data-Engineering
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Growth-Team (FY2025-26 Q3 Sprint 5)
Mar 11 2026
Tgr
added a comment to
T419723: New accounts created from editor anon warning redirect to welcome survey, not back to editor (2026)
...you probably shouldn't, we send that to
authevents
which is sampled. We probably should not be doing that.
Mar 11 2026, 9:43 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
Data-Engineering
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Growth-Team (FY2025-26 Q3 Sprint 5)
Tgr
added a comment to
T419723: New accounts created from editor anon warning redirect to welcome survey, not back to editor (2026)
Nevermind, I'm misremembering how this works. On the way back these parameters should be in the URL, not in the token store. On the way forward, they are in the token store though (in
returnUrl
) and that's less reliable. If you are doing this with WikimediaDebug / you are keeping track of your request ID, you should be seeing a
Retrying local authentication
message for the auth.wikimedia.org POST request if it's indeed a tokenstore issue.
Mar 11 2026, 9:38 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
Data-Engineering
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Growth-Team (FY2025-26 Q3 Sprint 5)
Tgr
added a comment to
T419723: New accounts created from editor anon warning redirect to welcome survey, not back to editor (2026)
Thanks. That looks correct, aside from the loss of return parameters. Maybe the token store lost the data on the way back? That's generally the more reliable direction though, as the data is read back within a few hundred milliseconds of it being written.
Mar 11 2026, 9:32 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
Data-Engineering
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Growth-Team (FY2025-26 Q3 Sprint 5)
Tgr
added a comment to
T419621: Move site JS reauth code out into WikimediaCustomizations
One thing that could be improved: currently the script checks
Title::isSiteJsConfigPage()
but not
$wgRawHtmlMessages
(compare with
PermissionManager::checkSiteConfigPermissions()
).
Mar 11 2026, 9:17 PM
MW-1.46-notes (1.46.0-wmf.24; 2026-04-14)
Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10)))
WikimediaCustomizations
MediaWiki-Platform-Team (Radar)
Sustainability (Incident Followup)
MediaWiki-Core-AuthManager
SecTeam-Processed
2026-user-javascript-incident
Security
Security-Team
Tgr
added a comment to
T197160: All security-sensitive MediaWiki functionality should require elevated security
In
T197160#11696361
@Nux
wrote:
However, I still think in most situations a password should be enough.
Mar 11 2026, 8:56 PM
MediaWiki-Platform-Team (Radar)
Security
User-Tgr
Epic
MediaWiki-Core-AuthManager
Tgr
closed
T419764: 2026-03-11 session problems
as
Resolved
T419747: Possible hardware issues on wikikube-worker2332.codfw.wmnet
matches the timing.
Mar 11 2026, 8:30 PM
MediaWiki-Platform-Team
MediaWiki-Core-AuthManager
Tgr
created
T419764: 2026-03-11 session problems
Mar 11 2026, 8:28 PM
MediaWiki-Platform-Team
MediaWiki-Core-AuthManager
Tgr
added a comment to
T419621: Move site JS reauth code out into WikimediaCustomizations
T418507: Move wmfGetPrivilegedGroups(), $wmgPrivilegedGroups, $wmgPrivilegedGlobalGroups, GetSecurityLogContext and PasswordPoliciesForUser hook handlers to WikimediaCustomizations
would create a PrivilegedGroups component in WikimediaCustomizations, that might be a good (temporary) place for the code.
Mar 11 2026, 8:00 PM
MW-1.46-notes (1.46.0-wmf.24; 2026-04-14)
Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10)))
WikimediaCustomizations
MediaWiki-Platform-Team (Radar)
Sustainability (Incident Followup)
MediaWiki-Core-AuthManager
SecTeam-Processed
2026-user-javascript-incident
Security
Security-Team
Tgr
added a comment to
T419723: New accounts created from editor anon warning redirect to welcome survey, not back to editor (2026)
I couldn't reproduce - returntoquery handling seems to work for me as intended. (I haven't experimented much, but it doesn't seem like something that's happening 90% of the time.)
Do you have an example redirect chain?
Mar 11 2026, 7:22 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
Data-Engineering
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Growth-Team (FY2025-26 Q3 Sprint 5)
Tgr
updated the task description for
T407987: Define best practice for single-user apps which need a high MediaWiki API rate limit
Mar 11 2026, 6:25 PM
MediaWiki-Platform-Team
MediaWiki-extensions-OAuth
Tgr
added a comment to
T323849: pywikibot: Support OAuth2 token
Note that in the future what we'd like to recommend for bots is OAuth 2 client credentials (so rather than storing an access token in the configuration, you store the client ID and secret, and then the bot can use some standard OAuth library to fetch a new access token every few hours). It's not actually supported yet, though.
Mar 11 2026, 6:22 PM
Hackathon-Northwestern-Europe-2026
Pywikibot-Login
Pywikibot
Tgr
updated the task description for
T419684: Add restrictive CSP to auth.wikimedia.org
Mar 11 2026, 11:46 AM
ContentSecurityPolicy
Security
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Tgr
renamed
T419684: Add restrictive CSP to auth.wikimedia.org
from
Add aggressive CSP for auth.wikimedia.org
to
Add restrictive CSP to auth.wikimedia.org
Mar 11 2026, 11:45 AM
ContentSecurityPolicy
Security
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Tgr
added a subtask for
T28508: Content Security Policy (CSP)
T419684: Add restrictive CSP to auth.wikimedia.org
Mar 11 2026, 11:45 AM
SecTeam-Processed
Epic
Security
ContentSecurityPolicy
Front-end-Standards-Group
Security-Team
OKR-Work
MediaWiki-General
Tgr
added a parent task for
T419684: Add restrictive CSP to auth.wikimedia.org
T28508: Content Security Policy (CSP)
Mar 11 2026, 11:45 AM
ContentSecurityPolicy
Security
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Tgr
created
T419684: Add restrictive CSP to auth.wikimedia.org
Mar 11 2026, 11:45 AM
ContentSecurityPolicy
Security
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Mar 10 2026
Tgr
added a comment to
T419604: ClosedWikiProvider should check whether the user has UltimateAuthority
(ClosedWikiProvider is in mediawiki-config, we don't really have a Phab tag for that. Should be moved to
WikimediaCustomizations
one day.)
Mar 10 2026, 9:26 PM
Wikimedia-Site-requests
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Tgr
created
T419604: ClosedWikiProvider should check whether the user has UltimateAuthority
Mar 10 2026, 9:25 PM
Wikimedia-Site-requests
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
Tgr
added a comment to
T419187: Options to be selective about the revision when loading userscripts
In
T419187#11686221
@awight
wrote:
My 2¢ would be to lock down the userscript loading mechanism, especially for users in elevated privilege groups. Some ideas:
Never load userscripts from off-wiki URLs.
Require a specific revision ID.
Encourage or require copying the userscript into your own user space.
Mar 10 2026, 1:49 PM
Sustainability (Incident Followup)
MediaWiki-Platform-Team (Radar)
MediaWiki-ResourceLoader
2026-user-javascript-incident
JavaScript
Tgr
added a comment to
T197160: All security-sensitive MediaWiki functionality should require elevated security
In
T197160#11690429
@Nux
wrote:
No password manager I know of will do autocomplete on
wikipędia.org
Mar 10 2026, 1:41 PM
MediaWiki-Platform-Team (Radar)
Security
User-Tgr
Epic
MediaWiki-Core-AuthManager
Mar 9 2026
Tgr
added a comment to
T419476: Bogus PhanPluginDuplicateArrayKey error in mediawiki-config
Thanks for investigating!
Mar 9 2026, 9:54 PM
MediaWiki-Configuration
Continuous-Integration-Config
phan
Tgr
added a comment to
T407954: PHPUnit parallel database tests can fail to acquire locks on the same page
T416637: quibble-apitests failing on unrelated patches
is probably also a case of this (only with user ID 1 rather than page ID 1).
Mar 9 2026, 9:42 PM
ci-test-error (WMF-deployed Build Failure)
MediaWiki-Platform-Team (Q3 Kanban Board)
Developer Productivity
MediaWiki-Core-Tests
Tgr
closed
T419226: Archive wikimedia/oauth2-server
, a subtask of
T261462: Migrate OAuth extension back from wikimedia/oauth2-server fork to upstream
, as
Resolved
Mar 9 2026, 9:37 PM
MW-1.46-release
MW-1.46-notes (1.46.0-wmf.18; 2026-03-03)
ServiceOps new
ServiceOps-SharedInfra
Patch-For-Review
MediaWiki-Platform-Team (Q3 Kanban Board)
OKR-Work
MediaWiki-extensions-OAuth
Technical-Debt
Upstream
Tgr
closed
T419226: Archive wikimedia/oauth2-server
as
Resolved
Mar 9 2026, 9:37 PM
Wikimedia-GitHub
MediaWiki-Platform-Team (Q3 Kanban Board)
Projects-Cleanup
Librarization
MediaWiki-extensions-OAuth
Tgr
added a comment to
T197160: All security-sensitive MediaWiki functionality should require elevated security
In
T197160#11689990
@Nux
wrote:
Password managers solve most problems that passkeys solve (2FA solves the rest of them) and support more setups.
Mar 9 2026, 9:32 PM
MediaWiki-Platform-Team (Radar)
Security
User-Tgr
Epic
MediaWiki-Core-AuthManager
Tgr
closed
T397244: Private mitigation blocks registration from certain email domains but gives misleading error about rate limits
as
Resolved
Removed the private code (commit ID: e61fc28efe7a5cd5ca3ed9c52c17fd8a947f62f4), tested in production, works as expected.
Mar 9 2026, 9:07 PM
MW-1.46-notes (1.46.0-wmf.15; 2026-02-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
WMF-General-or-Unknown
MediaWiki-Core-AuthManager
Tgr
added a subtask for
T404334: EmailAuth verification on Wikimedia wikis can sometimes be bypassed by logging in via a wiki in the `closed` dblist
T419476: Bogus PhanPluginDuplicateArrayKey error in mediawiki-config
Mar 9 2026, 8:32 PM
WikimediaCustomizations
MW-1.46-notes (1.46.0-wmf.15; 2026-02-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
Product Safety and Integrity
SecTeam-Processed
Vuln-Misconfiguration
WMF-General-or-Unknown
MediaWiki-extensions-WikimediaEvents
MediaWiki-extensions-EmailAuth
Security
Security-Team
Tgr
added a parent task for
T419476: Bogus PhanPluginDuplicateArrayKey error in mediawiki-config
T404334: EmailAuth verification on Wikimedia wikis can sometimes be bypassed by logging in via a wiki in the `closed` dblist
Mar 9 2026, 8:32 PM
MediaWiki-Configuration
Continuous-Integration-Config
phan
Tgr
renamed
T419476: Bogus PhanPluginDuplicateArrayKey error in mediawiki-config
from
Bogus PhanPluginDuplicateArrayKey error in MediaWiki-config
to
Bogus PhanPluginDuplicateArrayKey error in mediawiki-config
Mar 9 2026, 8:31 PM
MediaWiki-Configuration
Continuous-Integration-Config
phan
Tgr
added a comment to
T419476: Bogus PhanPluginDuplicateArrayKey error in mediawiki-config
(Also, why is it only being checked during the gate pipeline, not during normal tests?)
Mar 9 2026, 8:28 PM
MediaWiki-Configuration
Continuous-Integration-Config
phan
Tgr
created
T419476: Bogus PhanPluginDuplicateArrayKey error in mediawiki-config
Mar 9 2026, 8:27 PM
MediaWiki-Configuration
Continuous-Integration-Config
phan
Tgr
added a comment to
T419226: Archive wikimedia/oauth2-server
Not sure I'd bother with the README which we never changed from upstream's version, but I updated the "About" section at
Mar 9 2026, 7:36 PM
Wikimedia-GitHub
MediaWiki-Platform-Team (Q3 Kanban Board)
Projects-Cleanup
Librarization
MediaWiki-extensions-OAuth
Tgr
added a comment to
T419226: Archive wikimedia/oauth2-server
In
T419226#11689174
@DAlangi_WMF
wrote:
Seems the fork never made it to Packagist?
Mar 9 2026, 7:28 PM
Wikimedia-GitHub
MediaWiki-Platform-Team (Q3 Kanban Board)
Projects-Cleanup
Librarization
MediaWiki-extensions-OAuth
Tgr
closed
T418668: TypeError: MediaWiki\Extension\OAuth\Repository\ClaimStore::getClaims(): Argument #3 ($userIdentifier) must be of type ?string, int given, called in /srv/mediawiki/php-1.46.0-wmf.17/vendor/league/oauth2-server/src/Grant/Refresh
as
Resolved
Seems fixed.
Mar 9 2026, 7:23 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
MediaWiki-extensions-OAuth
Wikimedia-production-error
Tgr
added a comment to
T418606: Include session type in x-analytics header
The task as stated in the description is done but want to 1) refactor the code so it can be reused for
T418608: Add label for session type to API metrics
, 2) maybe add some information about the consumer to webreqeust.
Mar 9 2026, 7:19 PM
MW-1.46-notes (1.46.0-wmf.19; 2026-03-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
MediaWiki-Core-AuthManager
Tgr
added a comment to
T418123: Improve CentralAuth dashboard in Grafana to load 30 days without timeout
Do we want to do the same thing for the authentication dashboard?
Mar 9 2026, 6:03 PM
MW-1.46-notes (1.46.0-wmf.18; 2026-03-03)
MediaWiki-Platform-Team (Q3 Kanban Board)
Grafana
Tgr
updated subscribers of
T419336: CentralAuth lock bypass on usernames that have md5 collisions
Mar 9 2026, 4:02 PM
Patch-For-Review
MediaWiki-Platform-Team (Q3 Kanban Board)
Vuln-CryptoFailures
SecTeam-Processed
MediaWiki-extensions-CentralAuth
Security
Tgr
added a comment to
T385310: Could not find local user data for {username}@{wikiId} (2025)
Worked:
Mar 9 2026, 12:21 PM
MW-1.46-notes (1.46.0-wmf.18; 2026-03-03)
MediaWiki-Platform-Team (Q3 Kanban Board)
MediaWiki-extensions-CentralAuth
Wikimedia-production-error
Tgr
added a comment to
T419192: CVE-2026-34095: action=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request
See also
T419273: Limit the forwarding actions for Special:Random
although you'd need a wiki to be extremely tiny for that to be a useful attack vector.
Mar 9 2026, 12:17 PM
MW-1.45-release
MW-1.44-release
MW-1.43-release
Sustainability (Incident Followup)
Vuln-Misconfiguration
SecTeam-Processed
2026-user-javascript-incident
Security-Team
Security
MediaWiki-General
Tgr
added a comment to
T419336: CentralAuth lock bypass on usernames that have md5 collisions
Yeah the xxh family are usually described as non-cryptographic hashes.
Mar 9 2026, 12:16 PM
Patch-For-Review
MediaWiki-Platform-Team (Q3 Kanban Board)
Vuln-CryptoFailures
SecTeam-Processed
MediaWiki-extensions-CentralAuth
Security
Tgr
added a comment to
T197153: Make some providers optional for reauthentication
While we are making reauthentication more explicitly understood by AuthManager, we should also improve how it is logged.
Mar 9 2026, 11:53 AM
Patch-Needs-Improvement
MediaWiki-Platform-Team (Q3 Kanban Board)
Security
User-Tgr
MediaWiki-Core-AuthManager
Mar 8 2026
Tgr
created
T419357: Move SpecialWikimediaDebug from WikimediaEvents to WikimediaCustomizations
Mar 8 2026, 9:17 PM
WikimediaCustomizations
MediaWiki-extensions-WikimediaEvents
Tgr
updated the task description for
T197160: All security-sensitive MediaWiki functionality should require elevated security
Mar 8 2026, 8:30 PM
MediaWiki-Platform-Team (Radar)
Security
User-Tgr
Epic
MediaWiki-Core-AuthManager
Tgr
created
T419353: $wgAllowSecuritySensitiveOperationIfCannotReauthenticate should depend on the provider
Mar 8 2026, 8:28 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
Security
MediaWiki-Core-AuthManager
Tgr
added a comment to
T390773: Split PrivateSettings into config and business logic
Rough plan:
Split the production repo
Create two new directories,
private/PrivateSettings
and
private/PrivateLogic
(names subject to bikeshed; also, maybe they should be one level higher, although then I think scap would have to be adjusted).
Clone the git repo into those two directories.
Edit so the PrivateSettings one only retains
PrivateSettings.php
without the hooks in it, and PrivateLogic retains everything but that. Update the readme files, etc.
Drop the original git repo and its contents, only retain
PrivateSettings.php
and it only contains two requires, for
PrivateSettings/PrivateSettings.php
and whatever the new entry point is in PrivateLogic. Also keep the the readme file, and replace its contents to explain what's going on.
Update
in mediawiki-config, document the changes in the production version
Update callers (probably just
this one
in mediawiki-config?) to require the two new entry points instead of the old one
Update
deployment-charts
, not really sure what needs to be done here (
here
it seems to claim it's not used anymore)
Update the
remaining code references
(which are just informational) and public documentation (
here
and probably
a handful of other places
Mar 8 2026, 7:59 PM
SecTeam-Processed
Release-Engineering-Team
Security-Team
Security
Tgr
moved
T208008: Consumer owner-only oauth proposals should require reauth
from
Not planned / Patches welcome
to
Inbox, needs triage
on the
MediaWiki-Platform-Team
board.
Let's look at this again. With reauthentication required for JS edits, this might be more pressing (because it would let us exempt OAuth from reauth).
Mar 8 2026, 7:29 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
Patch-Needs-Improvement
Sustainability (Incident Followup)
Security
MediaWiki-extensions-OAuth
Tgr
added a comment to
T206012: dont allow editing js and raw html messages over cors
Somewhat related:
T210909: Introduce secure mode to MediaWiki
(which proposes disallowing CORS entirely while in secure mode)
Mar 8 2026, 7:22 PM
Sustainability (Incident Followup)
2026-user-javascript-incident
Security-Team
Product Safety and Integrity
MW-Interfaces-Team
Security
MediaWiki-Action-API
Tgr
moved
T397244: Private mitigation blocks registration from certain email domains but gives misleading error about rate limits
from
To be verified in Prod
to
In Progress
on the
MediaWiki-Platform-Team (Q3 Kanban Board)
board.
Mar 8 2026, 7:16 PM
MW-1.46-notes (1.46.0-wmf.15; 2026-02-10)
MediaWiki-Platform-Team (Q3 Kanban Board)
WMF-General-or-Unknown
MediaWiki-Core-AuthManager
Tgr
closed
T133040: Remember "Remember me"
as
Declined
Probably don't want this on-by-default for security reasons, and it doesn't make sense at all to show it during reauthentication (but there's a separate task for that).
Mar 8 2026, 7:09 PM
MediaWiki-Platform-Team
MediaWiki-Core-AuthManager
Tgr
added a comment to
T206012: dont allow editing js and raw html messages over cors
I think we should do this. Cross-site JS edits are the obvious means of escalating an XSS attack from one wiki to another, and I doubt there's any legitimate use for them.
These days you need
editsitejs
to edit raw HTML messages, so this is just a matter of permission management (
editsitejs
edituserjs
editmyuserjs
).
Mar 8 2026, 7:03 PM
Sustainability (Incident Followup)
2026-user-javascript-incident
Security-Team
Product Safety and Integrity
MW-Interfaces-Team
Security
MediaWiki-Action-API
Tgr
added a comment to
T419152: Editing user JS/CSS pages of another user should require elevated security
In
T419152#11682359
@Tgr
wrote:
On reflection, I think this task is not useful as it is, editing your own JS and another user's JS are very different things with very different risks, and should be discussed separately.
Mar 8 2026, 5:48 PM
MediaWiki-Platform-Team (Radar)
Sustainability (Incident Followup)
2026-user-javascript-incident
Product Safety and Integrity
Security
MediaWiki-Core-AuthManager
Tgr
created
T419347: Editing your own JS/CSS pages should maybe require elevated security
Mar 8 2026, 5:48 PM
Sustainability (Incident Followup)
MediaWiki-Platform-Team (Radar)
2026-user-javascript-incident
Security
MediaWiki-Core-AuthManager
Tgr
renamed
T419152: Editing user JS/CSS pages of another user should require elevated security
from
Editing user JS/CSS pages should require elevated security
to
Editing user JS/CSS pages of another user should require elevated security
Mar 8 2026, 5:41 PM
MediaWiki-Platform-Team (Radar)
Sustainability (Incident Followup)
2026-user-javascript-incident
Product Safety and Integrity
Security
MediaWiki-Core-AuthManager
Tgr
added a comment to
T419152: Editing user JS/CSS pages of another user should require elevated security
In
T419152#11683994
@Krinkle
wrote:
The account created a bot password in the past that explicitly grants that particular right to that BotPassword (not by default).
Mar 8 2026, 5:37 PM
MediaWiki-Platform-Team (Radar)
Sustainability (Incident Followup)
2026-user-javascript-incident
Product Safety and Integrity
Security
MediaWiki-Core-AuthManager
Tgr
added a comment to
T419187: Options to be selective about the revision when loading userscripts
I was pretty sure we had an older task about importScript revision pinning, but can't find it.
Mar 8 2026, 3:24 PM
Sustainability (Incident Followup)
MediaWiki-Platform-Team (Radar)
MediaWiki-ResourceLoader
2026-user-javascript-incident
JavaScript
Tgr
added a comment to
T153454: Enable BotPasswords (or similar feature) for web/interactive access
In
T153454#4791681
@Urbanecm
wrote:
I see those two tasks as separate and we can do both of them. I don't see those two tasks as reverse of each other.
Mar 8 2026, 1:57 PM
MediaWiki-Platform-Team
Security
MediaWiki-Core-AuthManager
Tgr
added a comment to
T419336: CentralAuth lock bypass on usernames that have md5 collisions
Anything truly dangerous (colliding with a specific, non-attacker-controlled account) would require a preimage attack, which is not feasible against md5. So +1 to doing this via gerrit.
Mar 8 2026, 1:09 PM
Patch-For-Review
MediaWiki-Platform-Team (Q3 Kanban Board)
Vuln-CryptoFailures
SecTeam-Processed
MediaWiki-extensions-CentralAuth
Security
Mar 7 2026
Tgr
added a comment to
T419096: mediawiki sometimes incorrectly says I have cookies disabled (sul3, local account auto creation)
Probably unrelated unless you saw the specific error message about cookies? Someone must have made a bunch of failed logins from your IP.
Mar 7 2026, 12:42 PM
WikiNYC Tech Committee
MediaWiki-Platform-Team
MediaWiki-extensions-CentralAuth
SUL3
Tgr
added a comment to
T208667: Tie reauthentication (login with elevated security) to a specific security level
Yeah that's
T207557: Don't count initial login as valid for any operation that requires reauth
. We should definitely fix that one; other than having to be cautious about SUL3, it seems straightforward.
Mar 7 2026, 12:39 PM
Patch-Needs-Improvement
MediaWiki-Platform-Team
Security
MediaWiki-Core-AuthManager
Mar 6 2026
Tgr
added a comment to
T419226: Archive wikimedia/oauth2-server
Github, Packagist, not sure if there's anything else.
Mar 6 2026, 2:48 PM
Wikimedia-GitHub
MediaWiki-Platform-Team (Q3 Kanban Board)
Projects-Cleanup
Librarization
MediaWiki-extensions-OAuth
Tgr
added a comment to
T419152: Editing user JS/CSS pages of another user should require elevated security
On reflection, I think this task is not useful as it is, editing your own JS and another user's JS are very different things with very different risks, and should be discussed separately.
Mar 6 2026, 2:45 PM
MediaWiki-Platform-Team (Radar)
Sustainability (Incident Followup)
2026-user-javascript-incident
Product Safety and Integrity
Security
MediaWiki-Core-AuthManager
Tgr
added a comment to
T197137: Editing sitewide JS/CSS pages should require elevated security
In
T197137#11679454
@Bawolff
wrote:
Instead of making the edit action require 2fa when editing a js page, an alternative version might be:
have interfaceadmin be a group that only allows adding yourself (with an expiry) to a group called interfaceadmins-real that contains the real right.
have changing group rights require reverifying 2FA.
I think that would be easier to implement in the short term. We've basically got all the pieces already.
Mar 6 2026, 2:38 PM
2026-user-javascript-incident
Security
MediaWiki-User-management
MediaWiki-User-Interface
Tgr
added a comment to
T384829: Differentiate between stackable and final redirects in PostLoginRedirect hook
Another use case that came up is adding a query parameter to
returntoquery
(but otherwise not doing changes that could be incompatible with other handlers' intentions) and expecting that to show up on the next non-redirect response.
Mar 6 2026, 1:57 PM
MW-Interfaces-Team
MediaWiki-Platform-Team
MediaWiki-User-login-and-signup
MediaWiki-extensions-CentralAuth
MediaWiki-Core-Hooks
Tgr
added a comment to
T419140: MediaWiki periodic job purge-temporary-accounts failed
Filed
T419229: Periodic job alerts could use some more information on what to do
about making this clearer.
Mar 6 2026, 12:19 PM
Product Safety and Integrity
Temporary accounts
MediaWiki-Platform-Team
Tgr
added a comment to
T419229: Periodic job alerts could use some more information on what to do
On an aside, it would be nice if the
@phaultfinder
user's profile description contained instructions on how to file tasks about it.
Mar 6 2026, 12:18 PM
MW-on-K8s
ServiceOps-Mediawiki
ServiceOps new
SRE Observability
Tgr
created
T419229: Periodic job alerts could use some more information on what to do
Mar 6 2026, 12:18 PM
MW-on-K8s
ServiceOps-Mediawiki
ServiceOps new
SRE Observability
Tgr
merged
T419185: MediaWiki periodic job purge-temporary-accounts failed
into
T419140: MediaWiki periodic job purge-temporary-accounts failed
Mar 6 2026, 12:11 PM
Product Safety and Integrity
Temporary accounts
MediaWiki-Platform-Team
Tgr
merged task
T419185: MediaWiki periodic job purge-temporary-accounts failed
into
T419140: MediaWiki periodic job purge-temporary-accounts failed
Mar 6 2026, 12:11 PM
MediaWiki-Platform-Team
Tgr
added a comment to
T419140: MediaWiki periodic job purge-temporary-accounts failed
...but the alert cannot, the job needs to be deleted manually.
tgr@deploy2002:~$ kube-env mw-cron codfw
tgr@deploy2002:~$ KUBECONFIG=/etc/kubernetes/mw-cron-deploy-codfw.config
tgr@deploy2002:~$ kubectl get jobs -l team=mediawiki-platform,cronjob=purge-temporary-accounts --field-selector status.successful=0
NAME STATUS COMPLETIONS DURATION AGE
purge-temporary-accounts-29545347 Failed 0/1 21h 21h
tgr@deploy2002:~$ kubectl delete job purge-temporary-accounts-29545347
job.batch "purge-temporary-accounts-29545347" deleted
Mar 6 2026, 12:11 PM
Product Safety and Integrity
Temporary accounts
MediaWiki-Platform-Team
Tgr
added a subtask for
T261462: Migrate OAuth extension back from wikimedia/oauth2-server fork to upstream
T419226: Archive wikimedia/oauth2-server
Mar 6 2026, 11:57 AM
MW-1.46-release
MW-1.46-notes (1.46.0-wmf.18; 2026-03-03)
ServiceOps new
ServiceOps-SharedInfra
Patch-For-Review
MediaWiki-Platform-Team (Q3 Kanban Board)
OKR-Work
MediaWiki-extensions-OAuth
Technical-Debt
Upstream
Tgr
added a parent task for
T419226: Archive wikimedia/oauth2-server
T261462: Migrate OAuth extension back from wikimedia/oauth2-server fork to upstream
Mar 6 2026, 11:57 AM
Wikimedia-GitHub
MediaWiki-Platform-Team (Q3 Kanban Board)
Projects-Cleanup
Librarization
MediaWiki-extensions-OAuth
Tgr
created
T419226: Archive wikimedia/oauth2-server
Mar 6 2026, 11:56 AM
Wikimedia-GitHub
MediaWiki-Platform-Team (Q3 Kanban Board)
Projects-Cleanup
Librarization
MediaWiki-extensions-OAuth
Tgr
updated the task description for
T417833: Set a JWT cookie for OAuth 1 requests and OAuth 2 owner-only requests
Mar 6 2026, 11:34 AM
MW-1.46-notes (1.46.0-wmf.22; 2026-03-31)
MediaWiki-Platform-Team (Q3 Kanban Board)
MediaWiki-Core-AuthManager
MediaWiki-extensions-OAuth
Mar 5 2026
Tgr
added a subtask for
T419034: Custom OAuth 2 error from Wikimedia infrastructure breaks automatic retry of requests
T419130: Exempt some routes from rate limiting and JWT validity checks in the API gateway
Mar 5 2026, 8:05 PM
MediaWiki-Platform-Team (Q3 Kanban Board)
m3api
envoy
MediaWiki-extensions-OAuth
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct.
Wikimedia Foundation
Code of Conduct
Disclaimer
CC-BY-SA
GPL
Credits