Page MenuHomePhabricator

Prevent Translate from setting preferences for temporary accounts
Closed, ResolvedPublic4 Estimated Story Points

Description

Following T335971, it appears the extension is saving preferences for temporary users.
Update the code to treat temporary users like anon users.

Wherever these do something different based on whether a user is anonymous or registered, they may need updating (including comments).

Tests and comments should also be updated.

Notes
To help with searching:

In PHP preferences are saved via UserOptionsManager::saveOptions
In JS preferences are saved via methods defined on options.js: https://gerrit.wikimedia.org/g/mediawiki/core/+/809d4c9a9dd2cff6321cdae7a41e75b6c362cbbd/resources/src/mediawiki.api/options.js

Event Timeline

(Please add codebase project tags to tasks when possible, so such tasks can be found when looking for open tasks related to that codebase - thanks!)

Nikerabbit set the point value for this task to 4.Jul 10 2023, 8:29 AM

Following T335971, it appears the extension is saving preferences for temporary users.

Hi @AGueyte, do we see instances of this in the database? I'm not seeing this in the code. We call saveOptions in 3 different places across 2 files, and in all those places we are operating on a registered user. Let me know if I'm missing something.

and in all those places we are operating on a registered user.

Do you mean "we are NOT operating on a registered user"?
If so, we can close the task.

Thanks for looking into this!

and in all those places we are operating on a registered user.

Do you mean "we are NOT operating on a registered user"?
If so, we can close the task.

Thanks for looking into this!

No, I mean we always operate on registered users with proper name and email specified. If a user is registered with a username and email, they can't be a temporary user right?

and in all those places we are operating on a registered user.

Do you mean "we are NOT operating on a registered user"?
If so, we can close the task.

Thanks for looking into this!

No, I mean we always operate on registered users with the proper names and email specified. If a user is registered with a username and email, they can't be a temporary user right?

They can!
Temporary users are registered users. (there's an ongoing conversation to change the nomination as it creates confusion).
Temporary users have a username and an ID however they do not have an email address.
With the implementation of IP Masking, a Registered user can be a Named user (identified with a username, id, account, preferences, email, etc) and a Temporary user (username + ID)

and in all those places we are operating on a registered user.

Do you mean "we are NOT operating on a registered user"?
If so, we can close the task.

Thanks for looking into this!

No, I mean we always operate on registered users with the proper names and email specified. If a user is registered with a username and email, they can't be a temporary user right?

They can!
Temporary users are registered users. (there's an ongoing conversation to change the nomination as it creates confusion).
Temporary users have a username and an ID however they do not have an email address.
With the implementation of IP Masking, a Registered user can be a Named user (identified with a username, id, account, preferences, email, etc) and a Temporary user (username + ID)

Thanks for the link, that clarifies a lot of things. I don't think this check is needed in this case since the user actually registers with a username and email.

Another note: We call saveOptions only for sandboxed (not full translators yet) users. These users are added to the translate-sandboxed group via the UserGroupManager::addUserToGroup method which will throw an InvalidArgumentException if called with a temporary user account.