Page MenuHomePhabricator
Create Task
Maniphest T316354

Ensure rate limiting and potentially other harm preventions are in place for the Wikibase REST API
Closed, ResolvedPublic
Actions

Description

As an editor I want API users to be restricted in how much damage they can cause in order to make it harder to vandalize the data and harm the project.

List of things to check:

  • rate limiting is happening (T301970)
  • abuse filters are processed and obeyed (T326093)
  • blocked users/IPs can not make edits (T326954)
  • a protected Item can only be edited by accounts that should be able to edit it
  • URLs on the spam block list can not be added as values (T326955)

Acceptance criteria:

  • the above items have been checked and are working as expected

Open questions:

  • What's currently in place for the action API?
  • How do we want to do things (potentially differently) for the REST API?

Related Objects
Search...

Event Timeline

Lydia_Pintscher created this task.Aug 26 2022, 2:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 26 2022, 2:24 PM
Lydia_Pintscher added a parent task: T314503: rollout of the new Wikibase REST API to Wikidata.Oct 12 2022, 5:25 PM
Lydia_Pintscher added a subtask: T321318: 🤖️ Wikibase REST API ignores `bot` user right, lets anyone mark edits as bot edits.Oct 20 2022, 3:51 PM
WMDE-leszek closed subtask T321318: 🤖️ Wikibase REST API ignores `bot` user right, lets anyone mark edits as bot edits as Resolved.Dec 7 2022, 12:55 PM
WMDE-leszek subscribed.Dec 7 2022, 3:44 PM

see T301970 for rate limiting topic

Lydia_Pintscher moved this task from Backlog to First release on the Wikibase REST API (archieved) board.Jan 6 2023, 1:59 PM
Lydia_Pintscher updated the task description. (Show Details)Jan 6 2023, 2:11 PM
Michael subscribed.Jan 10 2023, 10:32 AM
karapayneWMDE mentioned this in T324999: configure Wikibase REST API on Wikidata.Jan 10 2023, 10:36 AM
Ollie.Shotton_WMDE added a subtask: T326093: Confirm Wikibase REST API are considered by the AbuseFilter.Jan 13 2023, 1:29 PM
Ollie.Shotton_WMDE updated the task description. (Show Details)
Ollie.Shotton_WMDE subscribed.EditedJan 13 2023, 3:30 PM

"a protected Item can only be edited by accounts that should be able to edit it" is done and there are automated e2e tests to check this

Ollie.Shotton_WMDE updated the task description. (Show Details)Jan 13 2023, 3:31 PM
Ollie.Shotton_WMDE updated the task description. (Show Details)Jan 26 2023, 10:29 AM
Lydia_Pintscher closed this task as Resolved.Feb 3 2023, 11:36 AM
Lydia_Pintscher claimed this task.
WMDE-leszek closed subtask T326955: Ensure URLs on the spam block list can not be added as values as Resolved.Feb 7 2023, 9:42 PM
WMDE-leszek closed subtask T326954: Ensure that blocked users/IPs can not make edits as Resolved.
WMDE-leszek closed subtask T326093: Confirm Wikibase REST API are considered by the AbuseFilter as Resolved.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL