Identity management service to centralize account creation/settings, access groups for Wikimedia Developer accounts.
See https://wikitech.wikimedia.org/wiki/IDM
As of 2023, stewarded by Infrastructure-Foundations
Identity management service to centralize account creation/settings, access groups for Wikimedia Developer accounts.
See https://wikitech.wikimedia.org/wiki/IDM
As of 2023, stewarded by Infrastructure-Foundations
Motivation: I guess apart from people asking for permissions for a user account on GitHub, we've been struggling for years with "good enough" contribution / retention statistics for Hackathons etc.
@MisterSynergy We deployed an update to https://idm-test.wikimedia.org
Change #1051293 merged by jenkins-bot:
[operations/software/bitu@master] LDAP key sync: Improvements to SSH key sync with LDAP.
Change #1051293 had a related patch set uploaded (by Slyngshede; author: Slyngshede):
[operations/software/bitu@master] LDAP key sync: Improvements to SSH key sync with LDAP.
What's the motivation for this? I'm not opposed, just wondering. Security? Easier sharing of linked accounts on profile pages? Something else?
See also various tasks linked from T325235#8697072. Also GitHub username can be changed and the old username can be reused by other users, so maybe we should record GitHub user ID instead of username.
@SLyngshede-WMF: Please feel free to Edit Related Tasks... → Close As Duplicate in the upper right corner in such cases.
@taavi Correct :-(
Duplicate of T359820?
One way we could do this is by adding Github to Bitu in the same way we've added the SUL accounts.
@bd808 suggested that Bitu could be used for this. He is working on a tool that Wikimedia developers can use to register their Github accounts (for purposes unrelated to this task) so I think that could provide the UI for it.
I'll take care of this when I'm back from sabbatical
From the log file we do see:
Sorry for the delay, this somehow almost got lost. Anyways, it is still not working for me.
Currently the highest number in use is 47058. So that's 1081 accounts in the 148 days since I created this task, or about 7.3 accounts per day. Assuming a similar rate of growth we're looking at running out of numbers in about 400 days, which would be late July next calendar year.
@MisterSynergy Thank you for testing. Based on the error logs I believe that we where able to reproduce the bug you found.
Change #1046613 merged by jenkins-bot:
[operations/software/bitu@master] SSH Key mgmt: Ensure that keys are trimmed
Change #1046613 had a related patch set uploaded (by Slyngshede; author: Slyngshede):
[operations/software/bitu@master] SSH Key mgmt: Ensure that keys are trimmed
I have tried https://idm-test.wikimedia.org/, result is as follows:
@MisterSynergy We have deployed a potential bug fix to https://idm-test.wikimedia.org. This installation do use the production LDAP server, but a separate database. This mean that you should be able to test SSH key upload, activation and deactivation, but inactive keys may be different from those shown in production, as these only exist in the database for each of the two installation.
Change #1038778 merged by jenkins-bot:
[operations/software/bitu@master] Fix bug where SSH keys are imported incorrectly.
You are correct, just looked at the code again. When generating the email template, Bitu will get the email from the user object, which is database backed, and it has a copy of the email address.
Bitu is showing the old email again, and triggering an email change caused Bitu to send an email Someone, hopefully you, has requested that your email address for your Wikimedia Developer Account (sportz) be updated from wiki@sportshead.dev to wiki@sportshead.dev. To confirm this change please click here:. The new email is definitely being stored somewhere, just not in the right place
I think Wikitech just synchronized the old email address back, because it has now been updated in LDAP again, and it is set to the old Gmail account.
@taavi: logged out and logged back in but MediaWiki doesn't seem to have updated the email. Special:Preferences is still showing the old one.
Wikitech should update the email address from the developer account LDAP tree when logging in, but it's indeed otherwise cached in the MediaWiki daatabase.
https://idm.wikimedia.org/ldapbackend/properties/ should show you the email address as stored in LDAP. I do wonder if the issue is that Wikitech doesn't pull the email address directly from LDAP, but stores a copy/cached version. I looked up your account in LDAP, and it correctly showed your new email address.
Seems like Bitu actually saves the new email somewhere, but doesn't actually change it for wikitech. I changed from sportzpikachu@gmail.com to wiki@sportshead.dev on 2024-05-09, and I thought it had worked but just now I noticed that wikitech still had my old email, and I clicked the link to https://idm.wikimedia.org/accounts/email/ (which should probably show the current email) from the wikitech preferences page. Changing the email again causes Bitu to send a new email Someone, hopefully you, has requested that your email address for your Wikimedia Developer Account (sportz) be updated from wiki@sportshead.dev to wiki@sportshead.dev. To confirm this change please click here: <link>, clicking the link changes it in the Bitu dashboard but not in wikitech. I'll keep checking the Bitu dashboard to see if it reverts at any point
@MisterSynergy I'm still trying to replicate the exact issue, but I believe we've found at least part of the issue.
Change #1038778 had a related patch set uploaded (by Slyngshede; author: Slyngshede):
[operations/software/bitu@master] Attempt to fix bug where SSH keys are imported incorrectly.
First look indicates that the issue might be a missing comment in the comment field. I'm currently trying to reproduce how that may happen.
Second issue is how messaging is handled, we're missing a check for a "form valid"before displaying the "success" message.