Page MenuHomePhabricator
Create Task
Maniphest T292755

Epic: IP Info access
Closed, ResolvedPublic
Actions

Description

In the context of IP Info, "access" covers:

Rights

IP Info has two separate sets of MediaWiki rights:

  1. The right that allows the user to enable the tool, ipinfo
  2. The rights that control the user's access to the information provided by the tool – T292626: Create and implement IP Info viewing rights [L]

and the right to use the tool, which is gated by #1 above and the user having enabled the tool and agreed to its terms of use – T291582: Implement condition agreements in Special:Preferences [M] and T264150: User needs to request access to IP information [L]

Access will work as follows for the MVP version:

  • "Full" access: Limited to sysop, bureaucrat, checkuser, oversight and steward user groups.
  • "Basic" access: All other registered users

image.png (754×1 px, 461 KB)

Logging and reporting

@STran and @Niharika met with members of the Legal and Trust & Safety teams today to iron out the logging requirements. Here are the discussed upon requirements:

  1. The logs should capture:
    • Who performed the IP information check
    • Access of the performer (limited or full)
    • Against which IP address
    • Whether it was the popup or the accordion
    • Timestamp of the check
  2. To avoid the problem of log spam, only one log entry will be captured if multiple checks are made by the same user against the same IP over a period of 24 hours (rolling or one UTC day). Note that we will have a separate log entry for popup check versus accordion check but each of them will be captured only once every 24 hours.
    • This time period needs to be configurable to allow flexibility in the future.
  3. Retention: Logs will be retained forever.
  4. For now, the WMF 'staff' group will have access. This will need to be configurable to allow flexibility in the future.
  5. The users will be informed that their checks will be logged when they accept the terms of access. (Ticket TBD)
 Revocation

From T264150: User needs to request access to IP information [L] only:

  • T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse
  • If a user’s permission is revoked by us, they should not be able to activate it again
  • There is a possibility that users might need to regain access periodically (TBD)

While estimating T291854: Create revoke user access maintenance script, we also discussed:

  • The user's access should be revoked across all wikis

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT261555 Allow CheckUser to provide IP addresses for logged in edits/actions
 ResolvedSTranT298955 Return different data from IPInfo api based on context [M]
 ResolvedSTranT300825 IPInfo logger should queue a logging job instead of writing directly
 OpenNoneT285977 IP Info
 ResolvedNiharikaT287648 Reviews and deployment
 ResolvedTchandersT260597 Deploy IP Info extension to all wikis (as a beta feature)
 ResolvedNiharikaT261372 Replace mock data returned from API endpoint with live data
 ResolvedDzahnT288844 Update MaxMind GeoIP2 license key and product IDs for application servers
 ResolvedBUG REPORTClement_GoubertT288375 IPInfo MediaWiki extension depends on presence of maxmind db in the container/host
 OpenSpikeNiharikaT263637 Determine on which pages IPInfo should be available
 ResolvedNiharikaT292755 Epic: IP Info access
 ResolvedSTranT292842 Log when the user's access level changes
 ResolvedNiharikaT263756 Create a table to store which users have access to IPInfo, and the timestamp when access was granted [L]
 ResolvedTchandersT264795 Decide how we want to store how we log which users have access to IP Info [8 hours]
 InvalidNoneT291827 Create IPInfo access manager
 InvalidNoneT291854 Create revoke user access maintenance script
 InvalidNoneT296186 Create a group that revokes all ipinfo* rights
 ResolvedSTranT264150 User needs to request access to IP information [L]
 ResolvedSTranT291582 Implement condition agreements in Special:Preferences [M]
 ResolvedSpikephuedxT291583 [SPIKE] Check that IPInfo-related user properties aren't replicated to publicly accessible databases [8H]
 ResolvedSTranT294658 Create a log entry when the RevisionHandler is called
 Resolved TThoabalaT294657 Create a log entry when the LogHandler is called
 ResolvedphuedxT294680 IP Info: Create a logger function to be used in both the popup and accordion presenters [M]
 DeclinedTchandersT296184 Automatically promote users to the group that grants basic rights
 ResolvedSTranT296085 Create a group that grants basic ipinfo* rights
 ResolvedSTranT296499 Grant certain groups the ipinfo-view-full right
 ResolvedTchandersT260598 Deploy IP Info extension to test.wikipedia.org
 ResolvedTchandersT260599 Deploy IP Info extension to beta cluster
 ResolvedsbassettT262963 Security Readiness Review For geoip2/geoip2
 ResolvedDec 15 2020TchandersT266136 Update CI config once geoip2 is available
 ResolvedTchandersT269475 Add geoip2/geoip2 library to mediawiki/vendor
 ResolvedTchandersT260602 Complete the necessary reviews for the IP Info extension
 InvalidNoneT260601 Remove the static mock data from the popup and make a request to the API endpoint for dynamic mock data
 ResolvedSep 22 2020TchandersT260603 Create an API endpoint that accepts a log id or revision id and returns mock data about the IP address
 ResolvedSep 22 2020TchandersT260604 Display a popup with fixed mock data for an IP address on the specified page(s)
 ResolvedTchandersT260605 Add IP Info extension to translatewiki.net
 ResolveddbarrattT260607 Deploy the IP Info extension to The Good Place
 ResolvedTchandersT260609 Create a basic extension.json file and a new wikipage for the IP Info extension
 ResolveddbarrattT260611 Request a repository for the IP Info Extension
 ResolvedTchandersT260610 Request the necessary reviews of the IP Info extension
 ResolvedsbassettT260822 Security review of IP Info extension
 ResolvedNiharikaT260821 Performance review of IP Info extension
 InvalidNoneT270347 Remove 'ipinfo' right from administrators on the Beta Cluster
 StalledNoneT309318 Can global sysops have ipinfo-view-full and ipinfo-view-log access?
 ResolvedSecurityUrbanecmT309411 sysop access to ipinfo logs can leak IP addresses that sysops should not have access to
 ResolvedUrbanecmT309928 Remove `ipinfo-view-log` from sysops

Event Timeline

phuedx created this task.Oct 7 2021, 3:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 7 2021, 3:03 PM
phuedx added a parent task: T285977: IP Info.Oct 7 2021, 3:03 PM
Izno subscribed.Oct 7 2021, 3:37 PM
phuedx mentioned this in T292842: Log when the user's access level changes.Oct 8 2021, 1:30 PM
phuedx added a subtask: T291827: Create IPInfo access manager.Oct 8 2021, 1:34 PM
phuedx added a subtask: T291854: Create revoke user access maintenance script.
phuedx added a subtask: T264150: User needs to request access to IP information [L].Oct 8 2021, 1:39 PM
Niharika triaged this task as Medium priority.Oct 8 2021, 11:02 PM
Niharika updated the task description. (Show Details)
Niharika updated the task description. (Show Details)Oct 28 2021, 10:16 PM
Niharika added subscribers: STran, Niharika.
Niharika mentioned this in T294657: Create a log entry when the LogHandler is called.Oct 29 2021, 5:42 PM
Niharika mentioned this in T294658: Create a log entry when the RevisionHandler is called.Oct 29 2021, 5:55 PM
phuedx closed subtask T291827: Create IPInfo access manager as Invalid.Nov 2 2021, 11:23 AM
Niharika added a subtask: T294680: IP Info: Create a logger function to be used in both the popup and accordion presenters [M].Nov 3 2021, 4:18 PM
Niharika closed subtask T264150: User needs to request access to IP information [L] as Resolved.Nov 11 2021, 8:55 PM
phuedx updated the task description. (Show Details)Nov 19 2021, 1:24 PM
phuedx updated the task description. (Show Details)Nov 19 2021, 2:08 PM
phuedx mentioned this in T291854: Create revoke user access maintenance script.Nov 19 2021, 2:43 PM
JJMC89 renamed this task from Epic: Access to Epic: IP Info access.Nov 19 2021, 4:16 PM
phuedx mentioned this in T296085: Create a group that grants basic ipinfo* rights.Nov 23 2021, 11:48 AM
phuedx closed subtask T291854: Create revoke user access maintenance script as Invalid.Nov 24 2021, 7:07 PM
phuedx mentioned this in T296499: Grant certain groups the ipinfo-view-full right.Nov 25 2021, 7:36 PM
Ameisenigel subscribed.Jan 18 2022, 10:54 AM
Niharika closed subtask T294680: IP Info: Create a logger function to be used in both the popup and accordion presenters [M] as Resolved.Feb 17 2022, 1:48 AM
Niharika closed subtask T294658: Create a log entry when the RevisionHandler is called as Resolved.Feb 18 2022, 8:11 PM
Niharika closed subtask T294657: Create a log entry when the LogHandler is called as Resolved.Mar 1 2022, 7:20 AM
Niharika updated the task description. (Show Details)Mar 1 2022, 5:22 PM
Niharika closed subtask T292842: Log when the user's access level changes as Resolved.Mar 8 2022, 12:29 AM
Tchanders closed subtask T296184: Automatically promote users to the group that grants basic rights as Declined.Mar 21 2022, 8:44 PM
Niharika closed subtask T296499: Grant certain groups the ipinfo-view-full right as Resolved.Apr 8 2022, 10:41 PM
Niharika closed this task as Resolved.May 27 2022, 6:35 PM
Niharika claimed this task.

All subtasks resolved.

JJMC89 added a subtask: T309318: Can global sysops have ipinfo-view-full and ipinfo-view-log access?.May 27 2022, 7:46 PM
Urbanecm closed subtask T309411: sysop access to ipinfo logs can leak IP addresses that sysops should not have access to as Resolved.Jun 6 2022, 9:53 AM
TheresNoTime changed the status of subtask T309318: Can global sysops have ipinfo-view-full and ipinfo-view-log access? from Open to Stalled.Jun 6 2022, 9:57 AM
Niharika moved this task from Backlog to Closed on the IP Info board.Aug 8 2022, 7:59 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL