Page MenuHomePhabricator

Admins blocked by User:Abuse filter cannot unblockself
Open, MediumPublic

Description

Administrators automatically blocked by an abuse filter (or any user with block rights) should be able to unblock themselves, even if they lack the unblockself right

Background:
In T150826: Remove unblockself right on wikimedia wikis (but allow blocked admins to block their blocker) unblockself was removed from admins on all WMF wikis. But this raises a potential problem: if an abuse filter is set up to block users on triggering, and it blocks an administrator, the administrator cannot unblock themselves.

See https://meta.wikimedia.org/w/index.php?title=Steward_requests/Miscellaneous&oldid=19373678#Unblock_DannyS712_on_mediawiki for an example of this happening.

Event Timeline

DannyS712 added a project: AbuseFilter.
DannyS712 added a subscriber: Daimona.

Proposed solution:
Users who blocked themselves or were blocked by the abuse filter automatically may unblock themselves without needing unblockself

Proposed implementation:
In SpecialBlock::checkUnblockSelf, after checking if the user is unblocking themselves, but before returning ipbblocked when they are not allowed to unblock themselves, run a new hook, UnblockUserCheckUnblockSelf, which, if it returns true, will allow the unblock to proceed; returning null or false will result in the unblock failing with the current code of ipbblocked.

Given the addition of a hook that would allow circumventing current restrictions on unblocking self, tagging Platform Engineering for feature review

This was shortly discussed in T150826, see T150826#4784526 and following comments. There are two main ways to circumvent this issue:
1 - And most important, check user_groups in abuse filters. That's like a golden rule. There'll always be new problems like this one if a filter isn't checking user groups. (I know that this time it happened during testing, but other than that, this should be the actual solution)
2 - Even then, blocked admins can use Special:AbuseFilter/revert to unblock themselves. That was probably not intended, so we may take it away in the near future.

But again, 1 should be the correct solution 99% of the times, without the need to create new hooks or sth like that.

eprodromou added a subscriber: eprodromou.

This seems like a pretty straightforward fix for an annoying bug for admins. From CPT side, we think it's a good idea to do, and we'll track its progress. Let me know if there's anything CPT can do to help in the process.

Change 551606 had a related patch set uploaded (by DannyS712; owner: DannyS712):
[mediawiki/core@master] Add UnblockUserUnblockSelf hook for allowing users to unblock self.

https://gerrit.wikimedia.org/r/551606

This seems like a pretty straightforward fix for an annoying bug for admins. From CPT side, we think it's a good idea to do, and we'll track its progress. Let me know if there's anything CPT can do to help in the process.

Can CPT please review the patch provided?

@Urbanecm can you take a look at the pending patch as part of your block logic refactoring? I've updated it to use the BlockPermissionChecker

Please someone should give real (non-theoretical) example of where this has caused a problem on Wikimedia wikis. (In mediawiki default, sysops already have unblockself, so this will already not apply to them).

That's already in the description, so not sure why the repetition. But anyway, that was triggered by "test" last year, and since then it never happen again, (no one even did the test again it seems, not talk of real example).
By 'real example', I mean example of filter blocking admin who is just normally minding their own business and doing editing not when you're "testing all that's possible". In the latter case, it can be caused to happen anytime, even just right now and so that's not valid example.

Please someone should give real (non-theoretical) example of where this has caused a problem on Wikimedia wikis. (In mediawiki default, sysops already have unblockself, so this will already not apply to them).

I'm not sure, but CPT approved this as a simple fix:

This seems like a pretty straightforward fix for an annoying bug for admins. From CPT side, we think it's a good idea to do, and we'll track its progress. Let me know if there's anything CPT can do to help in the process.