Create a checkuser entry for global rename requests
Open, MediumPublicBUG REPORT
Actions

Assigned To

None

Authored By

	Vituzzu
	Mar 29 2016, 10:25 PM

Description

Currently global rename requests aren't logged by checkuser while they might be exploited in various fashions for abusing.

Related Objects

Mentioned In: T174490: Integrate Special:GlobalRenameRequest into local CheckUser tables
T145265: Store check user data action text in structured format
T139810: RFC: Overhaul the CheckUser extension
Mentioned Here: T145265: Store check user data action text in structured format

Event Timeline

Vituzzu created this task.Mar 29 2016, 10:25 PM

Restricted Application added a project: MediaWiki-extensions-CentralAuth. · View Herald TranscriptMar 29 2016, 10:25 PM

Restricted Application added subscribers: JEumerus, Steinsplitter, Aklapper. · View Herald Transcript

MarcoAurelio subscribed.Mar 30 2016, 2:39 PM

MarcoAurelio awarded a token.Mar 30 2016, 3:08 PM

We can probably do this in a similar manner to how AbuseFilter does it...

Special:GlobalRenameRequest can be used from any wiki, and feeds into the queue on meta. Should the CU entries be logged on the wiki where the user made the request? Or should it be logged to a central wiki (metawiki)?

And should the CU logs be updated during the rename? Or should they forever point to the username that made the request?

Special:GlobalRenameRequest can be used from any wiki, and feeds into the queue on meta. Should the CU entries be logged on the wiki where the user made the request? Or should it be logged to a central wiki (metawiki)?

I'd say that, if possible, should log to both.

And should the CU logs be updated during the rename?

IMHO yes, to allow better searching in the CU-log instead of having to
remember if this or that user were once renamed.

Steinsplitter awarded a token.Apr 17 2016, 6:31 PM

Trijnstel subscribed.Jun 26 2016, 4:32 PM

MarcoAurelio mentioned this in T139810: RFC: Overhaul the CheckUser extension.Jul 23 2016, 1:26 PM

Liuxinyu970226 subscribed.Jul 27 2016, 3:27 AM

Glaisher mentioned this in T145265: Store check user data action text in structured format.Sep 10 2016, 8:57 AM

In order to counter increased abuse of this feature, I'd ask for some eyes in this task if at all possible. Thank you.

Luke081515 triaged this task as High priority.Nov 12 2016, 10:45 AM

MarcoAurelio moved this task from Backlog to Internal bugs on the MediaWiki-extensions-CentralAuth board.Dec 18 2016, 10:34 PM

In T131207#2212727, @MarcoAurelio wrote:

And should the CU logs be updated during the rename?

IMHO yes, to allow better searching in the CU-log instead of having to
remember if this or that user were once renamed.

I am afraid this is not currently possible, until T145265 is resolved.

DerHexer subscribed.Jan 21 2017, 12:24 PM

Matanya moved this task from Untriaged to Medium priority on the Stewards-and-global-tools board.Apr 19 2017, 8:00 PM

TerraCodes subscribed.Jul 17 2017, 1:46 AM

@Huji Can at least the first part (creating a CU log entry) be actioned? Thanks.

MarcoAurelio added a project: Anti-Harassment.Aug 29 2017, 10:08 AM

MarcoAurelio mentioned this in T174490: Integrate Special:GlobalRenameRequest into local CheckUser tables.Aug 29 2017, 8:30 PM

Keegan merged a task: T174490: Integrate Special:GlobalRenameRequest into local CheckUser tables.Aug 29 2017, 8:40 PM

Keegan added subscribers: Keegan, Reedy.

MGChecker subscribed.Feb 26 2018, 8:16 PM

• TBolliger moved this task from Untriaged to Product/Tech backlog on the Anti-Harassment board.Mar 9 2018, 1:59 PM

alaa subscribed.Mar 17 2018, 6:32 PM

Ping @Huji wrt T131207#3558482 - thanks! :)

Huji added a project: User-Huji.Apr 24 2018, 3:36 PM

• TBolliger removed a project: Anti-Harassment.Jun 11 2018, 9:11 PM

1997kB subscribed.Jun 12 2018, 2:16 AM

Trijnstel awarded a token.Jul 14 2018, 6:27 PM

sbassett subscribed.Aug 28 2019, 7:40 PM

Per T131207#2164035, it looks like this is how AF does it:

if ( ExtensionRegistry::getInstance()->isLoaded( 'CheckUser' )
      && strpos( $wgAbuseFilterNotifications, 'rc' ) === false
) {
      $rc = $entry->getRecentChange();
      CheckUserHooks::updateCheckUserData( $rc );
}

I'm guessing the relevant place to do something similar in CA is probably in GlobalRenameUser.php around here, since there's a ManualLogEntry there where we could call getRecentChange() as the rename was processed. Or at least this seems the simplest way to do the CU logging piece without getting more advanced as discussed in T131207#2212568.

Daimona subscribed.Sep 10 2019, 8:29 PM

The task is not claimed and priority was set several years ago. Unprioritizing.

Huji removed a project: User-Huji.Jun 15 2020, 10:59 PM

DannyS712 subscribed.Jun 15 2020, 11:00 PM

CptViraj subscribed.Nov 16 2020, 1:24 PM

MarcoAurelio added a subscriber: Nahid.Apr 2 2021, 3:09 PM

Nahid added a subscriber: drochford.Apr 21 2021, 8:52 AM

This was brought to my attention by @drochford. Anti-Harassment Tools can do a technical investigation into this ticket in the next few weeks. Sorry, I can't be more specific around timelines - there is a fair amount of SecurePoll work on the team at the moment.
Noting that this ticket is for adding an entry to the CU database for global renames. There will need to be follow-up tasks for displaying these entries, unless that can be achieved automatically.

• Niharika moved this task from Product/Tech backlog to Triage/To be Estimated on the Anti-Harassment board.Apr 28 2021, 1:02 PM

phuedx moved this task from Triage/To be Estimated to Untriaged on the Anti-Harassment board.Oct 18 2021, 2:01 PM

phuedx moved this task from Untriaged to CheckUser on the Anti-Harassment board.Oct 18 2021, 2:07 PM

Stang subscribed.Dec 25 2021, 8:48 PM

Zabe subscribed.Jan 25 2022, 9:24 PM

Any update from Anti-Harrassment as to whether they would take this on (@Niharika)? Just don't want to trample on your current work if it's being worked on / going to be soon.

Dreamy_Jazz triaged this task as Medium priority.Aug 28 2022, 5:02 PM

Working on this. Currently I have written code to do this but have not added tests yet. It will require a change to both CentralAuth and CheckUser.

My current changes would add a cu entry for the wiki used to make the request and the central wiki (if this is different to the wiki used to make the request). It would use the text "username requested a global rename" with the username replaced by the user who made the request. @MarcoAurelio what do you feel about that amount of info? Is it too much or too little? I didn't want to add much more without checking as it may be something that only centralauth-rename users should have access to. One thing to note is that due to current limitations with CheckUser any info included in that message is static and cannot be updated. This means that clearly specifying old username -> new username may be better so that in future it's clear how the chain went. If you have any ideas please detail them.

An example with the current message is shown below:

Likely to have lost the patch by now. Will look at this later.

Aklapper changed the subtype of this task from "Task" to "Bug Report".Nov 21 2022, 2:52 PM

	F35493559: image.png
	Aug 28 2022, 9:51 PM

Create a checkuser entry for global rename requestsOpen, MediumPublicBUG REPORTActions

Description

Related Objects

Event Timeline

Create a checkuser entry for global rename requests
Open, MediumPublicBUG REPORT
Actions