Page MenuHomePhabricator
Create Task
Maniphest T286409

DiscussionTools reply tool needs double-posting protection
Closed, ResolvedPublicBUG REPORT
Actions

Assigned To
Esanders
Authored By
Tgr
Jul 11 2021, 10:46 AM
Tags
Referenced Files
F34722301: Screenshot 2021-11-01 at 17.58.15.png
Nov 1 2021, 5:35 PM
F34722373: Screenshot 2021-11-01 at 18.03.44.png
Nov 1 2021, 5:35 PM
F34722371: Screenshot 2021-11-01 at 18.02.06.png
Nov 1 2021, 5:35 PM
Subscribers
Aklapper
EAkinloose
Esanders
Krinkle
matmarex
ppelberg
Tacsipacsi
Tgr

Description

Behavior

  1. Post a reply to some comment
  2. Break internet connection after the server received the request, but before the browser received the response...this results in a warning dialog, and the Reply Tool's comment form remains open
  3. Try to post the reply again (in my case I changed the wording slightly, but I doubt that matters), do not interfere with the connection this time

Expected

  1. ✅ You get an error saying you have already posted the comment (even better would be if your previous comment gets replaced, but that seems unnecessarily complex)

Actual

  1. ❗️In Chrome 91 on Ubuntu: the comment gets posted twice

Approaches

Ways in which the `Expected behavior could be achieved.

  • Some kind of nonce could be used to prevent this situation.

Open questions

  • 1. What – if any – existing edit functionality behaves similar to what is described in **Expected** above.

Done

  • All ===Open questions are answered
  • An approach within the ===Approaches section is decided upon and implement

Details

SubjectRepoBranchLines +/-
Generate form tokens in the client to prevent double postingmediawiki/extensions/DiscussionToolsmaster+50 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tgr created this task.Jul 11 2021, 10:46 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 11 2021, 10:46 AM
Tgr updated the task description. (Show Details)Jul 11 2021, 10:47 AM
ppelberg added a parent task: T262331: [Release ticket] Make Reply Tool available as opt-out preference at all Wikipedias.Jul 26 2021, 11:57 PM
ppelberg moved this task from Backlog to Triaged on the DiscussionTools board.
ppelberg added a project: Editing-team.
ppelberg moved this task from Untriaged to Next Quarter on the Editing-team board.
ppelberg edited projects, added Editing-team (Kanban Board); removed Editing-team.Aug 11 2021, 12:53 AM
ppelberg subscribed.Aug 11 2021, 4:38 PM

Next step

  • Editing Engineering to investigate and document here whether there is existing edit functionality that handles the scenario this ticket is describing.
ppelberg updated the task description. (Show Details)Aug 14 2021, 1:25 AM
ppelberg moved this task from Incoming to Upcoming on the Editing-team (Kanban Board) board.
ppelberg moved this task from Upcoming to Ready to Be Worked On on the Editing-team (Kanban Board) board.Aug 18 2021, 3:44 PM
ppelberg updated the task description. (Show Details)Aug 20 2021, 4:19 PM
matmarex mentioned this in T290514: Reply tool has gotten slower?.Sep 7 2021, 6:16 PM
Esanders subscribed.Oct 4 2021, 4:24 PM

The reply tool API is different from most editing processes in that it fetches the latest version of the page and appends content. This is the technique by which we have all but eliminated edit conflicts.

As other edit processes usually send the entire document I don't think there will be any existing code to guard against this as it would just be handled as an edit conflict.

matmarex mentioned this in T250295: Notify people when new comment(s) is posted in a discussion while they are composing a reply, and offer to show it.Oct 13 2021, 1:06 AM
ppelberg moved this task from Ready to Be Worked On to Incoming on the Editing-team (Kanban Board) board.Oct 16 2021, 1:36 AM
ppelberg added a comment.Oct 16 2021, 1:42 AM
In T286409#7399379, @Esanders wrote:

The reply tool API is different from most editing processes in that it fetches the latest version of the page and appends content. This is the technique by which we have all but eliminated edit conflicts.

As other edit processes usually send the entire document I don't think there will be any existing code to guard against this as it would just be handled as an edit conflict.

Noted. @Esanders, considering [it sounds like] we'll need to write something from scratch to implement what this task is describing, how big/complex might something like this be to implement? Are we talking on the order of hours? Days? Week(s)?

Also: if there are open questions we need to address before being able to answer the above, can you please document them here?

Esanders added a comment.Oct 17 2021, 12:55 PM

Are we talking on the order of hours? Days? Week(s)?

It depends on what infrastructure is available - we'll need to do further investigation, but I doubt it would be as long as weeks.

Esanders added a comment.Oct 17 2021, 1:14 PM

I've verified the issue also exists in Flow, so there's no solution there for us (and possibly an indicator that this isn't a very common occurrence)

Tacsipacsi subscribed.Oct 17 2021, 2:56 PM
In T286409#7434406, @Esanders wrote:

and possibly an indicator that this isn't a very common occurrence

Or an indicator of the not very common occurrence of Flow, especially in heated discussions. It’s enabled only on a few wikis, and even less have it as opt-out on talk pages. And the most heated discussions probably happen in the project namespace, which doesn’t use Flow by default anywhere. I’ve just got a conflict in Flow the other day, but the browser tab has been open for hours before I started drafting my reply, not for minutes, as it could happen in a heated village pump discussion on a major Wikipedia.

Tgr added a comment.Oct 18 2021, 4:55 AM

You need an unreliable internet connection for it to happen. I think that's uncommon in the parts of the world where most of the current userbase lives but more common elsewhere.

I think it is fairly easy to fix (not sure if it's worth the added complexity): generate a random number, send it when trying to post the message, stash it into object cache with an expiry of an hour or so, if it's already there do not save. (The OAuth extension does this as a defense against replay attacks; there is some discussion in T106066#5973566 about which object cache is appropriate, although the kind of problems it caused for OAuth would not be relevant here.)

Esanders added a subscriber: Krinkle.Oct 18 2021, 4:12 PM
In T247562#5973562, @Krinkle wrote:

@Tgr That's a fundamental contract between MW and Memcached that I don't think we will depart from anytime soon. Non-cache use cases do not belong in Memcached. The use case of T106066 is what session store, echo store, main stash, db-replicated, or dedicated tables are for.

It sounds like this would apply to this use case too ("Non-cache use cases do not belong in Memcached").

Esanders claimed this task.Oct 18 2021, 5:00 PM
Esanders moved this task from Incoming to Doing on the Editing-team (Kanban Board) board.
matmarex subscribed.Oct 18 2021, 5:18 PM

(I was also thinking that this is basically a special case of an edit conflict, which we started discussing in T250295. We could simply dsplay a warning when we find any comments by yourself that weren't there when you started writing the reply.)

gerritbot added a comment.Oct 18 2021, 10:21 PM

Change 731848 had a related patch set uploaded (by Esanders; author: Esanders):

[mediawiki/extensions/DiscussionTools@master] Generate form tokens in the client to prevent double posting

https://gerrit.wikimedia.org/r/731848

gerritbot added a project: Patch-For-Review.Oct 18 2021, 10:21 PM
ppelberg moved this task from Doing to Code Review on the Editing-team (Kanban Board) board.Oct 25 2021, 5:23 PM
Esanders added a comment.Oct 26 2021, 1:36 PM

As discussed offline, we think it's better to keep this logic separate from the edit conflict logic, as they are not quite the same and may be connected to different user experiences.

gerritbot added a comment.Oct 29 2021, 10:32 PM

Change 731848 merged by jenkins-bot:

[mediawiki/extensions/DiscussionTools@master] Generate form tokens in the client to prevent double posting

https://gerrit.wikimedia.org/r/731848

ReleaseTaggerBot added a project: MW-1.38-notes (1.38.0-wmf.7; 2021-11-02).Oct 29 2021, 11:00 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 29 2021, 11:10 PM
matmarex added a project: Editing QA.Oct 31 2021, 9:42 PM
matmarex moved this task from Code Review to QA on the Editing-team (Kanban Board) board.

I'm not sure if this is practically testable, feel free to move it over if you can't reproduce the scenario. I have tested it locally (by changing the API code to throw an exception after saving changes but before returning the response).

EAkinloose subscribed.Nov 1 2021, 5:35 PM

I looked at this and it works fine on both Chrome:

Screenshot 2021-11-01 at 17.58.15.png (714×1 px, 113 KB)

and Firefox:
Screenshot 2021-11-01 at 18.02.06.png (926×1 px, 146 KB)

Screenshot 2021-11-01 at 18.03.44.png (564×1 px, 70 KB)

EAkinloose edited projects, added Verified; removed Editing QA.Nov 1 2021, 5:37 PM
EAkinloose moved this task from QA to Ready for Sign Off on the Editing-team (Kanban Board) board.
ppelberg closed this task as Resolved.Nov 2 2021, 1:31 AM
matmarex mentioned this in T304771: Double-posting prevention interacts weirdly with auto-save in DiscussionTools.Mar 26 2022, 8:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits
  NODES
INTERN 2
Note 4
Project 9