Page MenuHomePhabricator
Create Task
Maniphest T59336

Make metawiki the central OAuth wiki
Closed, ResolvedPublic
Actions

Description

We originally planned to use meta as the central wiki for OAuth. Before we do this, we need to make sure:

  • All of the help pages are copied across
  • OAuth admin user rights are assigned to appropriate users - what's the process for this on meta?

We probably also need to make sure we have solid policies established for app management (approvals, revocation, etc.) and who is an admins.

Once that is in place, we can copy the database across. Since we track user's centralauth id's, no user id translations will need to happen.

Version: master
Severity: normal

Details

Reference
bz57336
SubjectRepoBranchLines +/-
Small improvements to migration scriptmediawiki/extensions/OAuthmaster+10 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Unbreak Now!.Nov 22 2014, 2:29 AM
bzimport added a project: MediaWiki-extensions-OAuth.
bzimport set Reference to bz57336.
bzimport added a subscriber: Unknown Object (MLST).
csteipp created this task.Nov 21 2013, 12:41 AM
aaron added a comment.Nov 21 2013, 12:50 AM

If we copy it accross, then the logging table entries will need to be copied over to. These have local user_text and user_id fields. They would need to be replaced with the correct local values...

How many apps are on mw.org? Maybe they can just be recreated on metawiki?

Deskana added a comment.Nov 21 2013, 3:02 PM

(In reply to comment #0)

  • OAuth admin user rights are assigned to appropriate users - what's the

process for this on meta?

For our initial deployment of the minimum viable product (i.e. today's deployment) we can use the existing structure we've got of staff doing it. For the long term, that's not viable. But, having a system in place to address these questions should be our focus for the next deployment. Control of this needs to be in the hands of the community.

If you can switch it over to it working on Meta instead of MediaWiki before today's deployment, then you can do that. If you can't, then let's keep it on MediaWiki and shift over to Meta later. If we can't do an automated migration, pinging people to resubmit their authorisation requests shouldn't be the worst thing in the world to have to do.

I'd say we can just give this to the stewards. But that's the easy part. The hard part is the social structure for who should get grants. Because this is somewhat distributed (each individual project can have its own grants) a structure like we have for advanced permissions should work. That is, we can give the actual power to the stewards, and let each individual project come up with some social structure to handle when the stewards should flip the switch. Projects that are too small to have that structure in place can have it handled by the stewards.

csteipp added a comment.Nov 22 2013, 2:35 AM

I decided to stick with mw.o for today, and we'll look at doing this switch sometime on or after Dec 2 (next open deployment date).

<Aaron|home> so that would make mw.org the central wiki
<csteipp> Aaron|home: Yeah, I think I'd rather do that in another window later.
<Aaron|home> so any extra consumers after now will also get nuked? I guess you could do that
<csteipp> I was planning to copy over any consumers, keeping the id, key, secret, but make them all pending. And then approve them with a comment like "See approval [[X]]" pointing to the mw.o log.
<csteipp> Authorizations I would just copy over as is
<Aaron|home> so they won't have any propose log entries?
<csteipp> Correct
<Aaron|home> there are 2 of them right?
<csteipp> 2 approved last I checked...
<csteipp> let me look though
<Aaron|home> http://www.mediawiki.org/wiki/Special:OAuthListConsumers
<Aaron|home> a few more
<Aaron|home> though only 2 interesting ones
<Aaron|home> I guess the logs could be copied over with a little script too

  • Aaron|home adds that to his TODO file
Deskana added a comment.Feb 6 2014, 11:19 PM

We need to migrate this to Meta in order to put it in a place that makes sense for the stewards. Setting priority accordingly.

Aklapper added a comment.Mar 17 2014, 11:01 AM

(In reply to Dan Garry from comment #4)

We need to migrate this to Meta in order to put it in a place that makes
sense for the stewards. Setting priority accordingly.

Dan: Who is going to work on this? Any timeframe?

Deskana added a comment.Mar 17 2014, 8:38 PM

(In reply to Andre Klapper from comment #5)

(In reply to Dan Garry from comment #4)

We need to migrate this to Meta in order to put it in a place that makes
sense for the stewards. Setting priority accordingly.

Dan: Who is going to work on this? Any timeframe?

I'm unsure on both fronts, honestly. We currently have little (read: no) engineering resourcing towards OAuth specifically.

csteipp added a comment.Mar 17 2014, 8:52 PM

It would be good to finalize our DB schema before we move it over, so we don't have to do db updates to meta after the move. Added some potential blockers to that.

I think the Stewards have all been ok with taking ownership, and the process in general.

Otherwise, Aaron and I just need to work out the checklist for the transfer, and try a couple dry runs.

gerritbot added a comment.Mar 26 2014, 7:10 PM

Change 121131 had a related patch set uploaded by CSteipp:
Add maintenance script to copy db tables

https://gerrit.wikimedia.org/r/121131

gerritbot added a comment.Apr 1 2014, 6:22 PM

Change 122867 had a related patch set uploaded by CSteipp:
Move OAuth logs to another wiki

https://gerrit.wikimedia.org/r/122867

gerritbot added a comment.Apr 3 2014, 6:46 PM

Change 121131 merged by jenkins-bot:
Add maintenance script to copy db tables

https://gerrit.wikimedia.org/r/121131

gerritbot added a comment.Apr 7 2014, 8:18 PM

Change 122867 merged by jenkins-bot:
Move OAuth logs to another wiki

https://gerrit.wikimedia.org/r/122867

Aklapper added a comment.May 25 2014, 3:02 PM

All patches merged, resetting bug report status.

Aklapper added a comment.Jun 8 2014, 8:54 PM

This ticket has been highest priority for four months now. Does this still reflect reality, and if so, who is supposed to continue working on this and when?

csteipp added a comment.Jun 9 2014, 4:35 PM

I think it's highest in that it's the project I work on if I have time. The reality is nobody is directly assigned to work on OAuth right now, so it's really just me in my spare time.

So it's nice to keep it at the top of the priority list until it gets completed, but I'm not sure what kind of timeframe we have for it.

Sitic subscribed.Nov 24 2014, 11:30 AM
Ricordisamoa subscribed.Mar 1 2015, 6:46 AM
bd808 moved this task from Backlog to Tool User wants on the MediaWiki-extensions-OAuth board.Mar 6 2015, 10:51 PM
TTO lowered the priority of this task from Unbreak Now! to High.Apr 18 2015, 1:11 AM
TTO subscribed.

Maybe this was "highest" priority in Bugzilla, but it isn't really "Unbreak Now!", is it?

Tgr subscribed.Jun 23 2015, 12:04 AM

Is this still top priority? If so, what exactly is needed to get it done?

mw.org has now 250 consumers and 16000 acceptances, so at least for acceptances we would need some sort of batching. Apart from that, just testing and actually doing the migration?

Tgr mentioned this in T58946: Add URL for OAuth Consumers.Jun 23 2015, 12:06 AM
csteipp added a comment.Jun 23 2015, 4:33 PM

Yep, test the scripts again, then announce a date and run them.

Before SUL finalization, we weren't sure what to do if we had an acceptance on mw.org, but the meta account was owned by another user... all that fun stuff.

gerritbot subscribed.Jul 3 2015, 9:49 PM

Change 222709 had a related patch set uploaded (by Gergő Tisza):
Small improvements to migration script

https://gerrit.wikimedia.org/r/222709

gerritbot added a project: Patch-For-Review.Jul 3 2015, 9:49 PM
Tgr added a comment.Jul 3 2015, 9:53 PM

Tested locally, works fine. Since the OAuth tables don't exist at Meta, I don't think there is much point in testing - just do the migration and drop the table if it does not look good. Log migration errors could be more messy; what's a good test for that? Migrate to aawiki?

Should we start a discussion with stewards about handover, what features they are missing etc, or is that a later step that's independent of the migration?

gerritbot added a comment.Jul 24 2015, 8:36 AM

Change 222709 merged by jenkins-bot:
Small improvements to migration script

https://gerrit.wikimedia.org/r/222709

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 24 2015, 8:36 AM
Diffusion mentioned this in rMEXTb40acc62146b: Updated mediawiki/extensions Project: mediawiki/extensions/OAuth….Jul 24 2015, 8:37 AM
Tgr mentioned this in rEOAUb36f3d28a3d0: Small improvements to migration script.Jul 24 2015, 8:37 AM
Forrestbot added a project: WMF-deploy-2015-07-28_(1.26wmf16).Jul 24 2015, 9:00 AM
He7d3r mentioned this in T6547: Support crosswiki template inclusion (transclusion => interwiki templates, etc.).Jul 31 2015, 10:20 PM
Qgil subscribed.Jul 31 2015, 10:37 PM
He7d3r mentioned this in T22153: Implement global gadgets (WMF-wide).Aug 9 2015, 2:54 PM
Tgr mentioned this in T108648: Migrate OAuth data from mediawikiwiki to metawiki.Aug 10 2015, 11:40 PM
Tgr added a subtask: T108648: Migrate OAuth data from mediawikiwiki to metawiki.
zhuyifei1999 subscribed.Aug 11 2015, 10:07 AM
Tgr added a subtask: T109392: Move Wikimedia OAuth documentation to Meta.Aug 17 2015, 11:27 PM
Tgr closed subtask T108648: Migrate OAuth data from mediawikiwiki to metawiki as Resolved.Aug 25 2015, 8:59 PM
Jay8g subscribed.Sep 4 2015, 2:00 AM
Tgr closed this task as Resolved.Jan 6 2016, 6:27 PM
Tgr claimed this task.
Tgr closed subtask T109392: Move Wikimedia OAuth documentation to Meta as Resolved.

Migrated some time ago.

He7d3r added a comment.Jan 6 2016, 9:19 PM

@Tgr: Just for curiosity: can I check that by going to some Special page, or making some api call, or only looking at some line in the config files used for WMF wikis?

Tgr added a comment.Jan 6 2016, 9:50 PM

You can see it in the config files (the patch is in T108648). Not sure about the other two; you can check whether the consumer management special pages work, but that would not tell you which wiki is the right one, just whether the current one is it.

csteipp added a comment.Jan 6 2016, 11:05 PM
In T59336#1918812, @He7d3r wrote:

@Tgr: Just for curiosity: can I check that by going to some Special page, or making some api call, or only looking at some line in the config files used for WMF wikis?

Only the central wiki has Special:OAuthConsumerRegistration defined, so you can check for that. Otherwise as Tgr said, you can look at the config.

He7d3r added a comment.Jan 7 2016, 5:04 PM

Thank you both!

TerraCodes subscribed.Aug 3 2016, 1:17 PM
Aklapper removed subscribers: Anomie, wikibugs-l-list.Oct 16 2020, 5:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL