Tasks By Project

Project: MediaWiki-Authentication-and-authorization

Switch to Active Tasks 52 Phabricator task(s).

Phabricator Link	Wiki Link	Status	Priority	Projects	Subtasks	Parent Tasks
T120484	T120484: Create password-authentication service for use by CentralAuth	open	Medium (orange)	MediaWiki-extensions-CentralAuth (Incoming) MediaWiki-Authentication-and-authorization (Backlog)	T88811: Develop use-cases & user stories for authnz service	T140813: Protect sensitive user-related information with a UserData / auth / session service
T133452	T133452: RFC: Create temporary accounts for anonymous editors	open	Needs Triage (violet)	WMF-Legal (Assigned) Privacy Security-Team-Services (Privacy Engineering) (Watching) MediaWiki-Authentication-and-authorization (Backlog) User-Tgr (Backlog) TechCom-RFC (P2: Resource)
T134842	T134842: SpecialCentralAutoLogin calls User::saveSettings() on HTTP GET presend	open	Medium (orange)	Sustainability (Tag) MediaWiki-extensions-CentralAuth (Incoming) MediaWiki-Authentication-and-authorization (Backlog)		T92357: Fix database master queries from HTTP GET/HEAD before active-active multi-dc
T154552	T154552: ApiLogin should not open master connection to centralauth DB	stalled	Medium (orange)	MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-extensions-CentralAuth (Incoming) Sustainability (MediaWiki-MultiDC) (Later)	T150506: Avoid lazyImportLocalNames() master writes on GET requests (Run a script to backfill them once for all)
T154946	T154946: Trying to log in using a BotPassword from the wrong IP gives incorrect password error	open	Needs Triage (violet)	MediaWiki-API (Needs details or plan) MediaWiki-Authentication-and-authorization (Backlog)
T158365	T158365: Session "{session}": Metadata merge failed: {exception}	open	Medium (orange)	Platform Engineering (Icebox) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-extensions-CentralAuth (Incoming) Wikimedia-production-error (Older)
T179752	T179752: Clear site data on MediaWiki log out	open	Medium (orange)	Performance-Team (Radar) (Watching) MediaWiki-Authentication-and-authorization (Backlog) Analytics (Analytics-Radar) (Radar - Watching) Security-Team-Services (Privacy Engineering) (Backlog)
T181687	T181687: Give RESTBase / MCS requests the apihighlimits right	open	Needs Triage (violet)	Services (watching) MediaWiki-Authentication-and-authorization (Backlog) RESTBase (Backlog) Platform Team Legacy (Watching / External) Mobile-Content-Service (Incoming) Product-Infrastructure-Team-Backlog (Tracking)
T181869	T181869: Error "Session {session}: Metadata has an anonymous user, but a non-anon user was provided"	open	Medium (orange)	Platform Team Workboards (Clinic Duty Team) (Later) MediaWiki-Authentication-and-authorization (Backlog) Wikimedia-production-error (Older) MediaWiki-extensions-CentralAuth (Incoming)
T182379	T182379: Test failures from PHPSessionHandlerTest in PHP 7.2	duplicate	Needs Triage (violet)	PHP 7.2 support (MediaWiki core) Platform Engineering (PHP7 (TEC4)) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-Core-Tests (PHPUnit)
T189362	T189362: ipblock-exempt does not allow account creation when blocked	open	Medium (orange)	Patch-For-Review MediaWiki-Blocks (Backlog) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-User-login-and-signup (Backlog) Platform Team Workboards (Clinic Duty Team) (Later)
T189641	T189641: Service for checking the Pwned Passwords database	open	Low (yellow)	Platform Team Legacy (Watching / External) MediaWiki-Authentication-and-authorization (Backlog) Services (watching) MediaWiki-User-login-and-signup (Backlog) SecTeam-Processed (Completed) Security WMF-Legal (Backlog) User-Tgr (Next)
T199393	T199393: Reproducible deadlock in User::addToDatabase() when api.php?action=createaccount is called simultaneously by several users	open	Medium (orange)	Wikimedia-database-error (Query) MW-1.36-notes (1.36.0-wmf.26; 2021-01-12) Platform Team Workboards (External Code Reviews) (External Code Review Needed) Patch-For-Review MediaWiki-Authentication-and-authorization (Backlog) Performance-Team (Radar) (Perf recommendation) MW-1.38-notes (1.38.0-wmf.18; 2022-01-17)
T204145	T204145: PHP Warning: session_id(): Cannot change session id when headers already sent	declined	Needs Triage (violet)	Platform Team Workboards (Done with CPT) MediaWiki-Authentication-and-authorization (Backlog) PHP 7.2 support (MediaWiki core) MediaWiki-extensions-CentralAuth (Incoming) Platform Engineering (PHP7 (TEC4))
T204787	T204787: Session Warning: "User ID mismatch, {uid_a} !== {uid_b}"	open	Medium (orange)	Wikimedia-production-error (Older) MediaWiki-Authentication-and-authorization (Backlog) Platform Team Workboards (Clinic Duty Team) (Later)
T207112	T207112: session_id(): Cannot change session id when session is active test failures on PHP 7.3	resolved	Needs Triage (violet)	MediaWiki-Authentication-and-authorization (Backlog) MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)) Patch-For-Review Platform Team Workboards (Done with CPT) PHP 7.3 support (MediaWiki core) Platform Engineering (PHP7 (TEC4)) MW-1.31-release-notes		T204884: Run MediaWiki tests on PHP 7.3
T208768	T208768: Create a PermissionManager service	resolved	Medium (orange)	Platform Engineering (Decoupling (CDP2)) Platform Team Workboards (S&F Workboard) (Done) MediaWiki-User-management (Backlog) Anti-Harassment (Tracking work by others) MediaWiki-Authentication-and-authorization (Backlog)		T208764: Remove cyclic dependency between Title and User classes T218558: Move User::getRights and related methods into PermissionManager T220191: Remove calls to deprecated methods in Title and User with calls to the new PermissionManager service.
T214215	T214215: MinimumPasswordLengthToLogin error message is unhelpful	open	High (red)	Platform Team Workboards (Clinic Duty Team) (External Code Review Completed) MediaWiki-Authentication-and-authorization (Backlog) Patch-For-Review
T219689	T219689: Undeprecate User::setPassword()	declined	Low (yellow)	MW-1.34-notes (1.34.0-wmf.8; 2019-06-04) MediaWiki-Authentication-and-authorization (Backlog) Platform Engineering (Triage Meeting Inbox)
T223898	T223898: Remove the requirement to enter a password during the login flow	open	Needs Triage (violet)	Platform Engineering (Icebox) MediaWiki-Authentication-and-authorization (Backlog) PasswordlessLogin (Backlog)
T228253	T228253: PermissionManager should not cache anonymous rights under ID 0	resolved	Low (yellow)	MW-1.34-notes (1.34.0-wmf.21; 2019-09-03) Platform Team Workboards (Clinic Duty Team) (Done) MediaWiki-Authentication-and-authorization (Backlog)
T228717	T228717: On Special:UnlinkAccounts, when no auth request is passed, show a proper error message instead of an InvalidArgumentException error	resolved	Needs Triage (violet)	MediaWiki-Authentication-and-authorization (Backlog) User-DannyS712 (Resolved tasks (others)) Platform Team Workboards (Clinic Duty Team) (Done) Wikimedia-production-error (Jun 2019 / 1.34.wmf.8+) Platform Engineering (Needs Cleaning - Code Health (TEC13)) MW-1.34-notes (1.34.0-wmf.16; 2019-07-30)
T232789	T232789: List active MediaWiki sessions for your account	duplicate	Medium (orange)	Security Platform Engineering (Future Initiatives/Small Projects) MediaWiki-Authentication-and-authorization (Backlog)
T233119	T233119: Intended use of MinimumPasswordLengthToLogin not so clear	resolved	High (red)	MediaWiki-User-login-and-signup (Backlog) MW-1.31-release-notes Anti-Harassment (Untriaged) MediaWiki-Authentication-and-authorization (Backlog) MW-1.33-notes Trust-and-Safety (Other team) Documentation (Backlog) MW-1.32-notes (Backlog) Platform Team Workboards (Clinic Duty Team) (Done) MW-1.34-notes (1.34.0-wmf.24; 2019-09-24)
T243845	T243845: Exception on "createaccount" on a API call at checkPasswordValidity	invalid	Needs Triage (violet)	Platform Engineering (Inbox) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-API (Non-core-API stuff)
T245149	T245149: API readapidenied with private wiki on v1.34	resolved	Needs Triage (violet)	Regression MediaWiki-API (Done) MW-1.35-notes (1.35.0-wmf.24; 2020-03-17) MW-1.34-notes MediaWiki-Authentication-and-authorization (Backlog) Platform Team Workboards (Clinic Duty Team) (Done)
T246471	T246471: Login authevents should include the username	open	Needs Triage (violet)	MediaWiki-API (Needs details or plan) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-Special-pages (To triage)
T246943	T246943: Login failed/disappeared during 2FA	open	Medium (orange)	MediaWiki-Authentication-and-authorization (Backlog) Platform Team Workboards (Clinic Duty Team) (Later) MediaWiki-extensions-OATHAuth (Backlog) MediaWiki-extensions-CentralAuth (Incoming)
T247710	T247710: Argument 3 passed to ApiAuthManagerHelper::formatMessage() must be an instance of Message, null given, called in ApiAuthManagerHelper.php on line 337	resolved	Medium (orange)	MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-extensions-OATHAuth (Backlog) MediaWiki-API (Non-core-API stuff) Wikimedia-production-error (Mar 2020) MW-1.37-notes (1.37.0-wmf.11; 2021-06-21) Platform Team Workboards (Clinic Duty Team) (Waiting for deployment)
T248339	T248339: Decide how to deal with WebAuthn login/registration flow on Wikimedia wikis in future	open	Needs Triage (violet)	SecTeam Discussion MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-extensions-OATHAuth (Backlog) Platform Engineering (Tracking/Watching) Security-Team (Watching)	T248367: Update messages to notify WebAuthn users that they need to login on the same wiki they registered	T244088: Logging in at another wiki than WebAuth was set up fails
T251661	T251661: TOTP throttle not enforced cross-wiki (CVE-2020-25827)	resolved	High (red)	MediaWiki-Authentication-and-authorization (Backlog) MW-1.36-notes (1.36.0-wmf.8; 2020-09-08) Platform Team Workboards (Clinic Duty Team) (Waiting for deployment) Security-Team (Watching) Security MediaWiki-extensions-OATHAuth (Backlog)
T255179	T255179: Session failures ("invalid CSRF token") preventing edits, login, logout, etc due to kask outage	resolved	High (red)	Platform Engineering (Inbox) Wikimedia-Incident (Active investigation) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-User-login-and-signup (Backlog) User-DannyS712 (Reports)
T255369	T255369: apihelp-clientlogin-example-login2 is misleading in MW core	open	Lowest (sky)	MediaWiki-API (Unsorted) Voice & Tone (Backlog) MediaWiki-Authentication-and-authorization (Backlog) Platform Engineering (Volunteer Needed Tasks)
T255370	T255370: Document best practices for user login if user is using 2FA	open	Low (yellow)	Platform Team Initiatives (API Gateway) Documentation (Backlog) MediaWiki-Documentation Security MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-extensions-OATHAuth (Backlog)
T256956	T256956: Clean up getCacheVaryCookies()/haveCacheVaryCookies()	open	Medium (orange)	Performance-Team (Radar) (Watching) Platform Engineering Roadmap Decision Making (Icebox) MediaWiki-Authentication-and-authorization (Backlog)
T262958	T262958: PasswordError when attempting to create a new user with createAndPromote.php	open	Low (yellow)	MediaWiki-Authentication-and-authorization (Backlog) Platform Team Workboards (Clinic Duty Team) (Later)
T263911	T263911: Missing $wgServer in LocalSettings.php causes fatal error "Call to a member function getIP() on null"	resolved	Low (yellow)	MW-1.36-notes (1.36.0-wmf.25; 2021-01-05) MW-1.35-notes MediaWiki-Authentication-and-authorization (Backlog) MW-1.35-release (Not a blocker) MediaWiki-User-management (Other) Platform Team Workboards (Clinic Duty Team) (Later)
T264793	T264793: Make sure SessionManager emitting Set-Cookie headers gets logged	resolved	Needs Triage (violet)	MediaWiki-Debug-Logger Patch-For-Review MediaWiki-Authentication-and-authorization (Backlog) MW-1.36-notes (1.36.0-wmf.11; 2020-09-29) Platform Engineering (Inbox)
T264794	T264794: SessionManager should not emit Set-Cookies on session renewal	open	Needs Triage (violet)	Platform Team Workboards (External Code Reviews) (External Code Review In Progress) MediaWiki-Authentication-and-authorization (Backlog) Patch-For-Review
T264799	T264799: Log when a request with the same user session comes from a different IP	resolved	Unbreak Now! (pink)	MW-1.36-notes (1.36.0-wmf.11; 2020-09-29) Platform Engineering (Inbox) MediaWiki-Debug-Logger MediaWiki-Authentication-and-authorization (Backlog) Patch-For-Review
T265400	T265400: Research to create service for SessionManager::singleton()/getGlobalSession()	open	Needs Triage (violet)	Dependency injection MediaWiki-Authentication-and-authorization (Backlog)		T259960: Inject services into API modules and special pages
T265551	T265551: Error fetching URL "http://localhost:600...": (curl error: 28) Timeout was reached	resolved	High (red)	serviceops (Incoming 🐫) MediaWiki-Authentication-and-authorization (Backlog) Wikimedia-production-error (Oct 2020) Platform Team Workboards (Clinic Duty Team) (Later)
T265769	T265769: Research to create service for BotPassword class	open	Needs Triage (violet)	MW-1.36-notes (1.36.0-wmf.16; 2020-11-03) MW-1.37-notes (1.37.0-wmf.16; 2021-07-26) Patch-For-Review MediaWiki-Authentication-and-authorization (Backlog) Dependency injection User-DannyS712 (Awaiting review and deployment)	T265767: Research to create service for CentralIdLookup::factory	T259960: Inject services into API modules and special pages
T269680	T269680: MediaWiki logging indexing conflict on 'session' for 'session-ip' channel	resolved	Medium (orange)	Platform Team Workboards (Clinic Duty Team) (Later) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-extensions-CentralAuth (Incoming) MW-1.35-notes MediaWiki-Debug-Logger MW-1.36-notes (1.36.0-wmf.31; 2021-02-16) observability (Radar) Patch-For-Review
T270225	T270225: Finish session storage to actually meet multi-DC requirements	open	High (red)	MediaWiki-Authentication-and-authorization (Backlog) Platform Engineering Roadmap (Later (future inbox)) MW-1.37-notes (1.37.0-wmf.3; 2021-04-27)	T222990: Audit session storage to determine max age of un-GC'd sessions	T270223: FY2021-2022: Enable basic Multi-DC operations for read traffic (tracking)
T284020	T284020: Support bot passwords in the REST API	open	Needs Triage (violet)	Patch-For-Review Platform Team Workboards (External Code Reviews) (External Code Review Needed) MediaWiki-REST-API (Backlog) MediaWiki-Authentication-and-authorization (Backlog)
T284170	T284170: TypeError: Argument to UserNameUtils::getCanonical() must be string in AbstractPrimaryAuthenticationProvider.php (Unable to login)	resolved	High (red)	MediaWiki-extensions-Pluggable-Auth (Backlog) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-extensions-WSOAuth (Backlog) Platform Engineering (Inbox) Wikimedia-production-error (June 2021) MW-1.37-notes (1.37.0-wmf.12; 2021-06-28)
T291127	T291127: MediaWiki session management does not work on split PHP 7.4 and < PHP 7.4 cluster	resolved	Needs Triage (violet)	MW-1.37-release (Blocker) PHP 7.4 support (MediaWiki core) MW-1.35-notes User-RhinosF1 (Miraheze-Linked) PHP 7.3 support (MediaWiki core) MW-1.38-notes (1.38.0-wmf.5; 2021-10-19) MW-1.37-notes Platform Engineering (Inbox) MW-1.36-release (Blocker) MW-1.35-release (Blocker) MW-1.36-notes (Backlog) MediaWiki-Authentication-and-authorization (Backlog)		T271736: Migrate WMF Production from PHP 7.2 to PHP 7.4
T292375	T292375: Figure out how to force-logout users cross-wiki	open	Needs Triage (violet)	MediaWiki-Authentication-and-authorization (Backlog) Platform Team Workboards (MW Expedition) (Unsorted pile) MediaWiki-Blocks (Backlog)		T291994: Properly support cross-wiki blocking
T37220	T37220: Allow per-session log out	open	Low (yellow)	MediaWiki-extensions-CentralAuth (Incoming) MediaWiki-User-login-and-signup (Backlog) MediaWiki-Authentication-and-authorization (Backlog)		T58212: Add a feature to track and terminate specific login sessions
T58212	T58212: Add a feature to track and terminate specific login sessions	open	Needs Triage (violet)	Platform Engineering (Feature Requests to Review) MediaWiki-Authentication-and-authorization (Backlog) MediaWiki-User-login-and-signup (Backlog)	T37220: Allow per-session log out
T88811	T88811: Develop use-cases & user stories for authnz service	open	Medium (orange)	Services (later) MediaWiki-Authentication-and-authorization (Backlog) Platform Team Legacy (Later)		T120484: Create password-authentication service for use by CentralAuth