Page MenuHomePhabricator
Create Task
Maniphest T326397

IP Address Reveal on Diff page
Closed, ResolvedPublic5 Estimated Story Points
Actions

Assigned To
AGueyte
Authored By
Niharika
Jan 6 2023, 7:12 AM
Tags
Referenced Files
F36783122: T326397_IPMasking_AdminBlock24hrs_History.png
Feb 7 2023, 5:35 PM
F36783120: T326397_IPMasking_AdminBlock24hrs_Diff.png
Feb 7 2023, 5:35 PM
F36781140: T326397_IPMasking_ Diff_Result_2IPs.png
Feb 6 2023, 11:57 PM
F36781138: T326397_IPMasking_ Diff_RHResult_2IPs.png
Feb 6 2023, 11:57 PM
F36781136: T326397_IPMasking_ Diff_Result.png
Feb 6 2023, 11:57 PM
F36781134: T326397_IPMasking_ Diff_RHResult.png
Feb 6 2023, 11:57 PM
F36781142: T326397_IPMasking_ Diff_Result_FireFox.png
Feb 6 2023, 11:57 PM
F36439682: Screen Shot 2023-01-23 at 8.49.21 AM.png
Jan 23 2023, 2:49 PM
View All 9 Files
Subscribers
Aklapper
DAbad
DannyH
Dreamy_Jazz
GMikesell-WMF
kostajh
Naike
View All 12 Subscribers

Description

Motivation

See parent T325238: [Epic] IP Address Reveal for Privileged Users for details.

Proposed mockup

image.png (320×1 px, 86 KB)

There would be a new "show IP" option next to the temporary username (which replaces the IP address shown in this screenshot) which would reveal to show the IP address in place. Presumably somewhere close to the "talk" link.
Will replace this with an actual mock before implementation begins.

What needs doing

T326415: Add (show IP) buttons next to temporary account user name links adds buttons next to temporary account name links, everywhere (including on diff pages):

  • By default these buttons fetch the last IP used by the temporary account
  • When the revision ID is present in the user link, it gets the IP associated with that revision ID

This task is for ensuring that the revision IDs are present in the user links displayed on diff pages.

There is an equivalent task that does the same for the history pages: T326392: IP Address Reveal on History page. The patch attached to that may have solved more cases than just the history page, so it is possible that it has solved this task too.

So what exactly needs doing?

  • Check whether revision IDs are present in the user links displayed on diff pages
  • If so, add a comment and close this task!
  • If not, add them. You'll need to find where the links are built, and pass through the data, like in T326392

How can I test this?

Testing notes

This is best tested along with T326415: Add (show IP) buttons next to temporary account user name links, which adds the buttons.

It should be tested locally, since it requires $wgAutoCreateTempUser['enabled'] = true; (only available on Beta) and the CheckUser extension (not available on Beta). It can't be fully tested on PatchDemo, because it isn't possible to edit from different IP addresses there.

Steps to test:

  • Edit an article twice from one temporary account, using two different IP addresses
  • Go to the article's history page
  • Select the radios next to the two edits, then click "compare selected revisions"
  • Clicking on the "Reveal IP" buttons should reveal the correct (different) IP addresses for each edit

Related Objects
Search...

Event Timeline

Niharika removed Niharika as the assignee of this task.Jan 6 2023, 7:12 AM
Niharika created this task.
Tchanders assigned this task to AGueyte.Jan 12 2023, 2:44 PM
Tchanders added a project: Anti-Harassment (AHaT Sprint 22: Asian Conical Hat).
Niharika mentioned this in T326840: [Design] Positioning the "show IP" links.Jan 12 2023, 6:16 PM
ARamirez_WMF edited projects, added Anti-Harassment (AHaT Sprint 23: Penguit Santa Hat); removed Anti-Harassment (AHaT Sprint 22: Asian Conical Hat).Jan 17 2023, 6:06 PM
AGueyte moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (AHaT Sprint 23: Penguit Santa Hat) board.Jan 17 2023, 6:41 PM
Tchanders set the point value for this task to 5.Jan 17 2023, 6:43 PM
Tchanders updated the task description. (Show Details)Jan 19 2023, 7:12 PM
AGueyte added a comment.EditedJan 23 2023, 2:49 PM

Confirming the revision ID is well added to the Username link via Linker::revUserTools in DifferenceEngine::showDiffPage()

Screen Shot 2023-01-23 at 8.49.21 AM.png (878×2 px, 329 KB)

To test, be on Master and have the latest pull from Git/Gerrit.
Make an edit on an existing page while logged out
Go to the page "view history" tab, click on the date of the first history log line
Click on the "diff" link within the yellow rectangle.

The diff page appears with the temp account named created from your logged-out edit as shown in the screenshot in the ticket's description.
Open the console to inspect the link, and the "data-mw-revid=x" should appear within the <a> element.

AGueyte moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 23: Penguit Santa Hat) board.Jan 23 2023, 2:50 PM
Tchanders updated the task description. (Show Details)Jan 24 2023, 4:15 PM
Tchanders moved this task from Code Review 🔍 to Blocked/Stalled 🚧 on the Anti-Harassment (AHaT Sprint 23: Penguit Santa Hat) board.

Thanks @AGueyte, looks good to me.

I'm moving to stalled until T326415: Add (show IP) buttons next to temporary account user name links is merged, since it will be easier for QA to test after that.

Niharika moved this task from Backlog to Ready / In Progress (TSP) on the Temporary accounts board.Jan 25 2023, 6:59 PM
ARamirez_WMF edited projects, added Anti-Harassment (AHaT Sprint 24: The Toque Blanche Hat); removed Anti-Harassment (AHaT Sprint 23: Penguit Santa Hat).Jan 31 2023, 4:50 PM
ARamirez_WMF moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to Blocked/Stalled 🚧 on the Anti-Harassment (AHaT Sprint 24: The Toque Blanche Hat) board.
Tchanders moved this task from Blocked/Stalled 🚧 to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 24: The Toque Blanche Hat) board.Feb 1 2023, 2:48 PM
GMikesell-WMF subscribed.Feb 6 2023, 11:57 PM

@Tchanders and @AGueyte I came across an issue that was not one before. This is in regards to blocking an Admin as seen in https://phabricator.wikimedia.org/T327437#8586051. In Chrome 109, even though the account is blocked, I can still reveal the IP address. In Firefox though, it still stayed as not being able to reveal an IP from Show IP when an account is blocked.

Also same issue as in Safari, which T328754: IP reveal buttons not displaying on Safari has been created.

OS: macOS 13.0
Browsers: Chrome 109, Safari 16, FireFox 109
Environment: Local

Firefox 109

T326397_IPMasking_ Diff_Result_FireFox.png (645×1 px, 165 KB)

Different temp accounts with different IPs- Good

T326397_IPMasking_ Diff_RHResult.png (1×3 px, 429 KB)

T326397_IPMasking_ Diff_Result.png (1×3 px, 341 KB)

2 Different IPs under the same temp account- Good

T326397_IPMasking_ Diff_RHResult_2IPs.png (1×3 px, 417 KB)

T326397_IPMasking_ Diff_Result_2IPs.png (1×3 px, 320 KB)

Tchanders added a comment.Feb 7 2023, 2:35 AM

I haven't had a chance to test properly, but a couple of thoughts:

  • Am I right in understanding that the buttons are shown even to a blocked user? If so we should file a task to correct that
  • The API should error if the user is blocked; however, the results are cached locally for 24 hours, so would still be visible to a recently-blocked user who accessed then while unblocked (which I think is fine, since they've already seen them). I suspect this is responsible for the differences in the different browser tests here. What happens if the cache is disabled (via developer tools, network tab)?
GMikesell-WMF added a comment.Feb 7 2023, 5:35 PM

@Tchanders @AGueyte For non-admin users being blocked or non-admin in general, Show IP does not show up at all. If you block an Admin and create a temp edit recently as I made one right now, Show IP still shows up but it does not reveal the IP when you click on it. This only occurs on the current date as seen in the screenshots. On the older dates that are not today, you are able to reveal the IP address. I will move this to Done since there is a ticket for {T328754: IP reveal buttons not displaying on Safari} already and I just created ticket {T329072: IP Masking: Admins that are blocked have the Show IP button still visible} for this one. Thanks!

T326397_IPMasking_AdminBlock24hrs_Diff.png (963×2 px, 282 KB)

T326397_IPMasking_AdminBlock24hrs_History.png (889×2 px, 368 KB)

GMikesell-WMF moved this task from QA/Testing 🐞 to Done Q2 2022-2023 on the Anti-Harassment (AHaT Sprint 24: The Toque Blanche Hat) board.Feb 8 2023, 4:26 PM
SCP-2000 unsubscribed.Feb 8 2023, 5:48 PM
Dreamy_Jazz mentioned this in T331002: "Show IP" link not shown on Special:History or Special:MobileDiff when using MinervaNeue skin.Mar 2 2023, 12:43 PM
Tchanders closed this task as Resolved.Mar 3 2023, 5:31 PM
Stang unsubscribed.Mar 6 2023, 10:33 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits