All values which are stored in gu_salt can be stored as ':B:' . $this->mSalt . ':' . $this->mPassword in the gu_password column.
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Bawolff | T122164 Better limitation on number of password guesses people can make | |||
Restricted Task | |||||
Duplicate | None | T122123 Send echo notification to user of how many failed logins there was since last successful login | |||
Open | None | T122248 Password/login related security issues (Tracking) | |||
Restricted Task | |||||
Restricted Task | |||||
In Progress | None | T364435 Drop gu_salt from globaluser | |||
Resolved | Marostegui | T366123 Drop gu_salt from globaluser in WMF prod | |||
Resolved | Marostegui | T366167 Update centralauth triggers |
Event Timeline
Change #1028906 had a related patch set uploaded (by Zabe; author: Zabe):
[mediawiki/extensions/CentralAuth@master] Add migrateGuSalt.php script
Change #1029709 had a related patch set uploaded (by Zabe; author: Zabe):
[operations/puppet@production] wikireplicas: Drop gu_salt from maintain-views
Claiming this task temporarily: I will deploy the wikireplicas change on Monday, then I will unassign myself.
Change #1028906 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Add migrateGuSalt.php script
Change #1030526 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[mediawiki/extensions/CentralAuth@master] migrateGuSalt: Use transaction
Change #1030526 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] migrateGuSalt: Use transaction
Mentioned in SAL (#wikimedia-operations) [2024-05-14T22:48:31Z] <zabe> start running migrateGuSalt.php in screen session # T364435
Change #1031606 had a related patch set uploaded (by Zabe; author: Zabe):
[mediawiki/extensions/CentralAuth@master] Stop using gu_salt
Change #1031608 had a related patch set uploaded (by Zabe; author: Zabe):
[operations/puppet@production] filtered_tables: Remove gu_salt
Change #1029709 merged by FNegri:
[operations/puppet@production] wikireplicas: Drop gu_salt from maintain-views
Cookbook cookbooks.sre.wikireplicas.update-views run by fnegri: Started updating wiki replica views
Cookbook cookbooks.sre.wikireplicas.update-views started by fnegri completed:
- clouddb1021.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
- clouddb1017.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
- clouddb1018.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
- clouddb1019.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
- clouddb1020.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
- clouddb1013.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
- clouddb1014.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
- clouddb1015.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
- clouddb1016.eqiad.wmnet (PASS)
- Ran Puppet agent
- Ran 'maintain-views --all-databases --replace-all --auto-depool --table globaluser'
Claiming this task temporarily: I will deploy the wikireplicas change on Monday, then I will unassign myself.
Apologies, I did this a few days later. The wikireplicas patch is now merged and applied.
Do we need to do something to support third-party users (although officially, third-party use of CentralAuth is not supported)? I guess once T348486: Migrate CentralAuth to use a virtual database domain lands, CA can have update scripts and we can just automatically run the migration?
Change #1031606 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Stop using gu_salt
Change #1032596 had a related patch set uploaded (by Zabe; author: Zabe):
[mediawiki/extensions/CentralAuth@master] Run migrateGuSalt.php on Third-party wikis
Change #1032596 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Run migrateGuSalt.php on Third-party wikis
Change #1035532 had a related patch set uploaded (by Zabe; author: Zabe):
[mediawiki/extensions/CentralAuth@master] Drop gu_salt from globaluser table
Change #1035897 had a related patch set uploaded (by Zabe; author: Zabe):
[mediawiki/extensions/CentralAuth@master] Add sql files for dropping gu_salt from globaluser
Change #1035897 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Add sql files for dropping gu_salt from globaluser
Change #1031608 abandoned by Zabe:
[operations/puppet@production] filtered_tables: Remove gu_salt
Reason:
Done in https://gerrit.wikimedia.org/r/c/operations/puppet/+/1037046