Page MenuHomePhabricator
Create Task
Maniphest T232908

Admins blocked by User:Abuse filter cannot unblockself
Open, MediumPublic
Actions

Description

Administrators automatically blocked by an abuse filter (or any user with block rights) should be able to unblock themselves, even if they lack the unblockself right

Background:
In T150826: Remove unblockself right on wikimedia wikis (but allow blocked admins to block their blocker) unblockself was removed from admins on all WMF wikis. But this raises a potential problem: if an abuse filter is set up to block users on triggering, and it blocks an administrator, the administrator cannot unblock themselves.

See https://meta.wikimedia.org/w/index.php?title=Steward_requests/Miscellaneous&oldid=19373678#Unblock_DannyS712_on_mediawiki for an example of this happening.

Details

SubjectRepoBranchLines +/-
Add `UnblockUserUnblockSelf` hook for allowing users to unblock self.mediawiki/coremaster+55 -7
Customize query in gerrit

Related Objects

Event Timeline

Rschen7754 created this task.Sep 14 2019, 2:04 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 14 2019, 2:04 AM
Rschen7754 added a subscriber: DannyS712.Sep 14 2019, 2:05 AM
DannyS712 claimed this task.EditedSep 14 2019, 2:07 AM
DannyS712 added a project: AbuseFilter.
DannyS712 added a subscriber: Daimona.

Proposed solution:
Users who blocked themselves or were blocked by the abuse filter automatically may unblock themselves without needing unblockself

Proposed implementation:
In SpecialBlock::checkUnblockSelf, after checking if the user is unblocking themselves, but before returning ipbblocked when they are not allowed to unblock themselves, run a new hook, UnblockUserCheckUnblockSelf, which, if it returns true, will allow the unblock to proceed; returning null or false will result in the unblock failing with the current code of ipbblocked.

Restricted Application added a project: User-DannyS712. · View Herald TranscriptSep 14 2019, 2:07 AM
DannyS712 updated the task description. (Show Details)Sep 14 2019, 2:09 AM
DannyS712 added a project: MediaWiki-User-management.Sep 14 2019, 2:14 AM
DannyS712 moved this task from Backlog to User blocking on the MediaWiki-User-management board.
DannyS712 moved this task from Unsorted to Abuse Filter on the User-DannyS712 board.Sep 14 2019, 2:16 AM
DannyS712 added a project: Platform Engineering.Sep 14 2019, 2:48 AM

Given the addition of a hook that would allow circumventing current restrictions on unblocking self, tagging Platform Engineering for feature review

DannyS712 moved this task from Inbox to Feature Requests to Review on the Platform Engineering board.Sep 14 2019, 2:49 AM
Ammarpad updated the task description. (Show Details)Sep 14 2019, 5:20 AM
Daimona added a comment.Sep 14 2019, 8:40 AM

This was shortly discussed in T150826, see T150826#4784526 and following comments. There are two main ways to circumvent this issue:
1 - And most important, check user_groups in abuse filters. That's like a golden rule. There'll always be new problems like this one if a filter isn't checking user groups. (I know that this time it happened during testing, but other than that, this should be the actual solution)
2 - Even then, blocked admins can use Special:AbuseFilter/revert to unblock themselves. That was probably not intended, so we may take it away in the near future.

But again, 1 should be the correct solution 99% of the times, without the need to create new hooks or sth like that.

Daimona mentioned this in T232916: Prevent blocked users from using Special:AbuseFilter/revert.Sep 14 2019, 10:24 AM
Peachey88 subscribed.Sep 15 2019, 12:20 PM
eprodromou triaged this task as Medium priority.Sep 24 2019, 2:42 PM
eprodromou subscribed.

This seems like a pretty straightforward fix for an annoying bug for admins. From CPT side, we think it's a good idea to do, and we'll track its progress. Let me know if there's anything CPT can do to help in the process.

eprodromou moved this task from Feature Requests to Review to Tracking/Watching on the Platform Engineering board.Sep 24 2019, 2:43 PM
gerritbot added a comment.Nov 18 2019, 6:39 PM

Change 551606 had a related patch set uploaded (by DannyS712; owner: DannyS712):
[mediawiki/core@master] Add UnblockUserUnblockSelf hook for allowing users to unblock self.

https://gerrit.wikimedia.org/r/551606

gerritbot added a project: Patch-For-Review.Nov 18 2019, 6:39 PM
DannyS712 added a comment.Dec 1 2019, 8:44 AM
In T232908#5519713, @eprodromou wrote:

This seems like a pretty straightforward fix for an annoying bug for admins. From CPT side, we think it's a good idea to do, and we'll track its progress. Let me know if there's anything CPT can do to help in the process.

Can CPT please review the patch provided?

DannyS712 added a project: MediaWiki-Core-Hooks.Apr 11 2020, 10:39 AM
DannyS712 moved this task from Untriaged to New hooks on the MediaWiki-Core-Hooks board.Apr 11 2020, 10:42 AM
Krinkle removed a project: MediaWiki-Core-Hooks.Apr 11 2020, 7:57 PM
DannyS712 edited projects, added MediaWiki-Blocks; removed MediaWiki-User-management.Apr 25 2020, 12:11 AM
Restricted Application added a project: MediaWiki-User-management. · View Herald TranscriptApr 25 2020, 12:11 AM
Aklapper removed a project: MediaWiki-User-management.Apr 25 2020, 12:24 PM
DannyS712 added a subscriber: Urbanecm.Sep 18 2020, 8:43 PM

@Urbanecm can you take a look at the pending patch as part of your block logic refactoring? I've updated it to use the BlockPermissionChecker

Urbanecm added a project: User-Urbanecm.Sep 18 2020, 10:08 PM
Urbanecm moved this task from Backlog to Reviewing on the User-Urbanecm board.
Ammarpad subscribed.Sep 19 2020, 4:48 PM

Please someone should give real (non-theoretical) example of where this has caused a problem on Wikimedia wikis. (In mediawiki default, sysops already have unblockself, so this will already not apply to them).

Pppery subscribed.Sep 19 2020, 4:50 PM

https://meta.wikimedia.org/wiki/Steward_requests/Miscellaneous/2019-09#Unblock_DannyS712_on_mediawiki

Pppery unsubscribed.Sep 19 2020, 4:51 PM
Ammarpad added a subscriber: Pppery.EditedSep 19 2020, 4:59 PM
In T232908#6476372, @Pppery wrote:

https://meta.wikimedia.org/wiki/Steward_requests/Miscellaneous/2019-09#Unblock_DannyS712_on_mediawiki

That's already in the description, so not sure why the repetition. But anyway, that was triggered by "test" last year, and since then it never happen again, (no one even did the test again it seems, not talk of real example).
By 'real example', I mean example of filter blocking admin who is just normally minding their own business and doing editing not when you're "testing all that's possible". In the latter case, it can be caused to happen anytime, even just right now and so that's not valid example.

Pppery unsubscribed.Sep 19 2020, 6:04 PM
DannyS712 added a comment.Nov 30 2020, 9:12 PM
In T232908#6476369, @Ammarpad wrote:

Please someone should give real (non-theoretical) example of where this has caused a problem on Wikimedia wikis. (In mediawiki default, sysops already have unblockself, so this will already not apply to them).

I'm not sure, but CPT approved this as a simple fix:

In T232908#5519713, @eprodromou wrote:

This seems like a pretty straightforward fix for an annoying bug for admins. From CPT side, we think it's a good idea to do, and we'll track its progress. Let me know if there's anything CPT can do to help in the process.

Urbanecm removed a project: User-Urbanecm.Jan 29 2021, 9:29 PM
Aklapper edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Aug 16 2022, 12:30 PM
Aklapper removed DannyS712 as the assignee of this task.Sep 26 2022, 10:31 AM
Aklapper removed a subscriber: eprodromou.

Removing task assignee due to inactivity as this open task has been assigned for more than two years. See the email sent to the task assignee on August 22nd, 2022.
Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome!
If this task has been resolved in the meantime, or should not be worked on ("declined"), please update its task status via "Add Action… 🡒 Change Status".
Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator. Thanks!

Bugreporter mentioned this in T352151: Block schema: Add a bot field.Nov 28 2023, 12:47 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits