Page MenuHomePhabricator

Allow CheckUser to provide IP addresses for logged in edits/actions
Open, Needs TriagePublic

Description

Problem

The API endpoint created in T260603 only supports anon edits. This is because the IP addresses for logged in edits are not available in core.

Proposed Solution

Add a new hook to IP Info to pass a log/revision id, and the request context. Then another extension like CheckUser can listen for that and respond with the IP address.

  1. If the popup should work on Special:Investigate pages. CheckUser should check to see if the request includes a query parameter of token. If it does it should validate the token and that the revision/log id is covered by the token. If so, it may return the IP address.
  2. If the popup should work on Special:CheckUser pages. CheckUser should check to see if the request includes a query parameter of checkUserLogId. If it does it should validate that the log id is a valid log entry within the last 24 hours (?) and that the log entry covers the revision/log id being requested. If so, it may return the IP address.
  3. If the popup should work anywhere user names are displayed (like Special:RecentChanges). Should the popup log the request? Should it ask for a log message? Or would it only work for IP reqeusts of users who have been logged already in CheckUser? If so, for how long? 90 days?

Regardless, requests for a revision/log id that belongs to a logged in user should not be publicly cached (it should include something like Cache-Control: private as a response header). But adding to the private cache is acceptable (I think?).

Alternative Solution

We could change the API to accept an IP address directly, rather than a revision/log id. However this raises some Privacy concerns as the IP address for a user could be revealed in the request logs on the server (which was the whole purpose of encrypting this data in the token on Special:Investigate). It also seems contrary to the IP Masking project.