Page MenuHomePhabricator

Create an API endpoint that accepts a log id or revision id and returns mock data about the IP address
Closed, ResolvedPublic4 Estimated Story PointsSep 22 2020

Description

Create a REST API endpoint that returns mock data about an IP address. It accepts the following:

  • An IP address (returns data for the IP address) (restricted by permission and removed once T261555 is completed)
  • A log ID (returns data about the associated IP address, if the performer was anonymous)
  • A revision ID (returns data about the associated IP address, if the editor was anonymous)

The endpoint will return data for anon actions (and may return data for logged in users if the user has the proper permission, like checkuser, see T261555).

Related Objects

StatusSubtypeAssignedTask
ResolvedSTran
ResolvedSTran
OpenNone
OpenNone
OpenTchanders
ResolvedNiharika
OpenNone
ResolvedSTran
ResolvedNiharika
ResolvedTchanders
InvalidNone
InvalidNone
InvalidNone
ResolvedSTran
ResolvedSTran
ResolvedSpikephuedx
ResolvedSTran
ResolvedTThoabala
Resolvedphuedx
DeclinedTchanders
ResolvedSTran
ResolvedSTran
ResolvedTchanders
ResolvedTchanders
Resolvedsbassett
ResolvedDec 15 2020Tchanders
ResolvedTchanders
ResolvedTchanders
InvalidNone
InvalidNone
OpenNone
ResolvedSep 22 2020Tchanders
ResolvedTchanders
Resolveddbarratt

Event Timeline

Niharika triaged this task as Medium priority.Aug 26 2020, 4:44 PM

I realized that sometimes we wont actually know the IP address of an edit or logged action. This could be the case if the user is logged in. In that instance the IP address only exists in CheckUser, but the user may or may not have permission to access that data.

I think we should resolve this by adding a hook in the new extension to pass a log id/revision id, and the request context. Then another extension like CheckUser can listen for that and respond with the IP address.

The extensions could put additional requirements on retrieving the IP address. For instance, perhaps CheckUser requires an additional parameter of a checkUserLogId (or something like that) token parameter. Then CheckUser could check to see if 1) the check user log entry belongs to the user making the request and 2) it matches the main log id/revision id of the lookup verify the token before returning the IP address. This ensures that they are using the API as part of Special:Investigate or Special:CheckUser

The hook should probably pass around a Status object so they can also return a helpful error message if necessary. For instance CheckUser could return an error message if the log id/revision id is older than 90 days.

@Tchanders I realize we already estimated this task (and arguably it doesn't fit anyways). Should I create a new task to be completed between this one and T261372: Replace mock data returned from API endpoint with live data?

Alternatively we could change the endpoint to accept IP addresses, but I think that goes against the direction we are headed. In addition, it could expose a user's IP address in the logs, which we avoided by using the token. I think using a log id/revision id is still the correct direction, even with this additional complexity.

And by checkUserLogId I really mean the token. The log id never expires (?) but the token is fairly short lived (preventing CheckUsers from seeing a user's IP address indefinitely).

I moved the additional complexity of revisions/logs belonging to logged-in users to T261555

Change 623670 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/extensions/IPInfo@master] Create two REST API endpoints

https://gerrit.wikimedia.org/r/623670

We should probably define what fields we need and in what format they should take.

We should probably define what fields we need and in what format they should take.

Do you mean which information we should return about the IP?

We should probably define what fields we need and in what format they should take.

Do you mean which information we should return about the IP?

Yeah. I'm going to use the data we need for T260604 for now. :)

Yeah. I'm going to use the data we need for T260604 for now. :)

Sounds good. I guess this is another thing that will depend on the licenses.

ARamirez_WMF changed the point value for this task from 4 to 8.Sep 9 2020, 4:46 PM
ARamirez_WMF changed the point value for this task from 8 to 4.
ARamirez_WMF set Final Story Points to 8.

We discussed with @Niharika that we would:

  • Make IPInfo available on Special:Investigate first
  • Make IPInfo available to checkusers first
  • Make an endpoint that accepts the IP address, which may be deprecated later when IPs get masked
ARamirez_WMF changed the subtype of this task from "Task" to "Deadline".Sep 9 2020, 8:45 PM
ARamirez_WMF set Due Date to Sep 22 2020, 4:00 AM.

Change 627580 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/extensions/IPInfo@master] Create InfoManager service to return information about a given IP

https://gerrit.wikimedia.org/r/627580

Change 627583 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/extensions/IPInfo@master] Create REST API endpoint for retrieving IP Info from a Revision

https://gerrit.wikimedia.org/r/627583

Change 627585 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/extensions/IPInfo@master] Create REST API endpoint for retrieving IP Info from a Log Entry

https://gerrit.wikimedia.org/r/627585

Change 627590 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/extensions/IPInfo@master] Create REST API endpoint for retrieving IP Info from any IP address

https://gerrit.wikimedia.org/r/627590

Change 623670 abandoned by Dbarratt:
[mediawiki/extensions/IPInfo@master] Create three REST API endpoints

Reason:
Split into three patches

https://gerrit.wikimedia.org/r/623670

Change 627580 merged by jenkins-bot:
[mediawiki/extensions/IPInfo@master] Create InfoManager service to return information about a given IP

https://gerrit.wikimedia.org/r/627580

Change 627583 merged by jenkins-bot:
[mediawiki/extensions/IPInfo@master] Create REST API endpoint for retrieving IP Info from a Revision

https://gerrit.wikimedia.org/r/627583

Change 627585 merged by jenkins-bot:
[mediawiki/extensions/IPInfo@master] Create REST API endpoint for retrieving IP Info from a Log Entry

https://gerrit.wikimedia.org/r/627585

Change 627590 merged by jenkins-bot:
[mediawiki/extensions/IPInfo@master] Create REST API endpoint for retrieving IP Info from any IP address

https://gerrit.wikimedia.org/r/627590

ARamirez_WMF changed Final Story Points from 8 to 13.Sep 22 2020, 4:49 PM
ARamirez_WMF changed Final Story Points from 13 to 14.

Anti-Harassment: Hi, the Due Date set for this open task was two months ago, and all related patches in Gerrit have been merged or abandoned. Is there more to do in this task and the Due Date and assignee should be updated? Or should this task be resolved? Thanks in advance.

dbarratt removed a subscriber: dbarratt.
Tchanders claimed this task.