[00:19:09] This user is asking me to refer them to someone who knows a lot about CentralAuth, and I'm not sure who to refer them to https://www.mediawiki.org/w/index.php?title=Topic:Ucbk02dh4a1szag6&topic_showPostId=uk9bvkuno6eyep4d&fromnotif=1#flow-post-uk9bvkuno6eyep4d [00:19:18] Who's our CentralAuth expert these days? [00:24:48] the SUL2 project was 2013, time flies [00:26:11] probably anomie, he worked on SUL2 in 2013, as well as AuthManager more recently [00:27:43] so the question is about installing CentralAuth in a non-WMF wiki? I don't know if that would be within anomie's interests [00:31:31] In particular it's about getting Echo cross-wiki notifications to work on a non-WMF farm [00:31:38] With some sort of auth plugin stuff [00:31:57] Echo relies pretty heavily on CentralAuth though, not just on global user IDs existing but also on ?centralauthtoken=NNN working [00:33:05] normally we tell 3rd party users to use user table sharing rather than CentralAuth [01:18:56] Hmm yeah [01:29:45] the global user id part has been abstracted into CentralIdLookup [01:29:58] and centralauthtoken is abstracted into mw.ForeignApi [09:14:32] RoanKattouw: revansx is not a developer and tends to get in over his head, I'd steer him away from CentralAuth [09:15:38] which in theory works with an external auth plugin but I don't think anyone ever tried [09:16:03] and the first person to try probably needs better debugging skills than he has [09:17:37] then again if Echo properly uses ForeignApi then maybe it just works without CA? [09:18:32] if he is using Auth_RemoteUser cross-wiki requests should just work [10:40:11] DanielK_WMDE: I put up a test for the unwrap patch; I'm probably offline for the rest of the day, sorry [10:40:57] the other two issues don't look too bad though [10:41:55] the null wrapper class one probably affects <100 pages [17:00:00] anomie: do we want to backport the unwrap patch? the impact seems less bad than I initially assumed [17:02:40] DanielK_WMDE: Heisenbug, to be renamed to Volkswagenbug? [17:35:36] Hi, could i ask a really newbie question - how do I delete a revision in MW. Not suppress, but specifically delete. I couldn't find it anywhere in the docs or UI. A point to the actual code that does it would be much appreciated [17:37:07] Pchelolo: delete as in normal page deletion (so not physical delete)? [17:37:19] tgr: not a page, the revision [17:37:34] those aren't really different concepts [17:38:22] tgr: I mean, I know how to delete a page, but what if I have a page with rev1 and rev2 and want to only delete rev2 [17:38:35] delete like move to archive table [17:38:41] single revision deletion doesn't exist as such but you can delete the page and restore selected revisions (even all except one) [17:38:55] aha! So that's how they do it! [17:39:24] Revision deletion normally refers to hiding parts of the revision info [17:39:37] Krenair: ye, that's what I called suprssion [17:39:38] Suppression is just a component of that which restricts who can see the hidden parts [17:39:40] No. [17:39:44] there's an open RfC about a saner deletion process which does not touch revisions, if that gets accepted revision deletion would become impossible [17:40:06] normally it's only used as a horrible hack for history split/merge [17:40:40] as live revisions are bound to page id but deleted revisions are bound to title so you can use deletion do detach/reattach revisions [17:41:08] ye, I've just stumbled upon the case where there was a page with rev 1 - 10, and then suddenly rev 8-10 are moved to archive without any particular indication what happened.. [17:41:21] and RESTbase doesn't really handle cases like that properly [17:42:02] I don't think there's a way to that without delete + selective undelete [17:42:32] ok, thank you. That actually makes fixing it easier [17:43:01] I thought I'm missing some clever way of deleting a specific revision [17:43:59] There used to be something called Oversight [17:44:26] That went into a 'hidden' table instead of 'archive' [17:45:04] A few years ago we converted those revisions to suppressed revdel, so they went to 'revision' or 'archive' depending on whether the page they got pulled out of still existed [17:45:48] Confusingly, a lot of people still refer to suppression as oversighting [17:46:18] The user group is still named Oversight [17:46:19] etc. [17:47:29] ok.. Gotcha. Thank you! [17:47:52] I don't remember what the logging around that thing was like [17:50:57] I wouldn't be surprised if early cases are completely missing logs at least [17:52:37] I'm only interested in the current state of affairs, it's only about deleting and restoring stuff in restbase properly [17:53:56] I'm not sure whether external services are given enough information to handle it properly if they want to do their own caching. Do you get notified when stuff gets actually-suppressed? [17:54:30] Krenair: ye, we have page_delete, page_undelete and revision-visibility-change events, so in most cases it works properly [17:54:46] okay but do you get revision visibility changes when suppression is involved? [17:55:14] suppression as 'text_hidden' comment_hidden etc? [17:55:55] * Pchelolo still confused with terminology [17:56:31] We notify on revision-visibility-change from `ArticleRevisionVisibilitySet` [17:57:20] Suppression as in Revision::DELETED_RESTRICTED being set on rev_deleted - and thus ending up in the suppression log instead of the normal deletion log. [17:57:58] yeah that might do the trick [18:00:37] yeah based on the docs for that, if that hook is actually getting passed through to RB you're probably ok [18:02:04] I'm making a task for the issue at hand now, will cc you there.. [18:02:16] uh ok [18:02:58] I don't like how this access checking for services work to be honest, but going to MW for that would defeat the purpose of restbase, but it's a bigger conversation [18:07:43] how would you like it to work? [18:11:04] heh.. no real idea to be honest here, since it's very full of corner cases in MW and catching all of them is super hard.. The problem with contacting MW is that we do it on every request, so we will have to pay the price of spinning up MW and in that case moving restbase into MW will actually have lower latency then current state [18:11:29] so now we do some 'smart' replication of the state into RESTBase, but we only use public restbase API [18:11:54] and we do replication via eventbus, so via hooks and public events [18:12:50] if we could generalize replicating the state somehow that would be nice, or even introducing 'private' api in RESTBase, so we issue an actual http 'delete' for a deletion, and don't guess what happened based on MW response [18:14:18] like, for a page deletion now we re-render `page/title/{title}`, if MW responds with 404 we guess that was a page delete. But with all the corner cases this very quickly goes out of hand [21:17:59] Pchelolo: ArticleRevisionVisibilitySet contains a map of revision id => new visibility, just send that with eventbus and use it to only undelete the right revisions in Cassandra? [21:18:07] seems straightforward enough [21:19:14] tgr: that's not about revision visibility - it's when a whole page is deleted and then undeleted, but with only subset of revisions. I don't think that hook is called in this case [21:22:42] oops, you are right [21:22:54] there's a UndeleteForm::undelete hook but it seems pretty useless [21:23:08] guess we'll need a new hook for that [21:23:43] tgr: not really, I think we can make it work properly within restbase with existing hooks [21:24:17] it was made as it's now because we've never deleted anything in rb storage explicitly, but we're long past that design choice