Page MenuHomePhabricator

IP Address Reveal on Diff page
Closed, ResolvedPublic5 Estimated Story Points



See parent T325238: [Epic] IP Address Reveal for Privileged Users for details.

Proposed mockup

image.png (320×1 px, 86 KB)

There would be a new "show IP" option next to the temporary username (which replaces the IP address shown in this screenshot) which would reveal to show the IP address in place. Presumably somewhere close to the "talk" link.
Will replace this with an actual mock before implementation begins.

What needs doing

T326415: Add (show IP) buttons next to temporary account user name links adds buttons next to temporary account name links, everywhere (including on diff pages):

  • By default these buttons fetch the last IP used by the temporary account
  • When the revision ID is present in the user link, it gets the IP associated with that revision ID

This task is for ensuring that the revision IDs are present in the user links displayed on diff pages.

There is an equivalent task that does the same for the history pages: T326392: IP Address Reveal on History page. The patch attached to that may have solved more cases than just the history page, so it is possible that it has solved this task too.

So what exactly needs doing?

  • Check whether revision IDs are present in the user links displayed on diff pages
  • If so, add a comment and close this task!
  • If not, add them. You'll need to find where the links are built, and pass through the data, like in T326392

How can I test this?

Testing notes

This is best tested along with T326415: Add (show IP) buttons next to temporary account user name links, which adds the buttons.

It should be tested locally, since it requires $wgAutoCreateTempUser['enabled'] = true; (only available on Beta) and the CheckUser extension (not available on Beta). It can't be fully tested on PatchDemo, because it isn't possible to edit from different IP addresses there.

Steps to test:

  • Edit an article twice from one temporary account, using two different IP addresses
  • Go to the article's history page
  • Select the radios next to the two edits, then click "compare selected revisions"
  • Clicking on the "Reveal IP" buttons should reveal the correct (different) IP addresses for each edit

Event Timeline

Niharika created this task.
Tchanders set the point value for this task to 5.Jan 17 2023, 6:43 PM

Confirming the revision ID is well added to the Username link via Linker::revUserTools in DifferenceEngine::showDiffPage()

Screen Shot 2023-01-23 at 8.49.21 AM.png (878×2 px, 329 KB)

To test, be on Master and have the latest pull from Git/Gerrit.
Make an edit on an existing page while logged out
Go to the page "view history" tab, click on the date of the first history log line
Click on the "diff" link within the yellow rectangle.

The diff page appears with the temp account named created from your logged-out edit as shown in the screenshot in the ticket's description.
Open the console to inspect the link, and the "data-mw-revid=x" should appear within the <a> element.

Thanks @AGueyte, looks good to me.

I'm moving to stalled until T326415: Add (show IP) buttons next to temporary account user name links is merged, since it will be easier for QA to test after that.

@Tchanders and @AGueyte I came across an issue that was not one before. This is in regards to blocking an Admin as seen in In Chrome 109, even though the account is blocked, I can still reveal the IP address. In Firefox though, it still stayed as not being able to reveal an IP from Show IP when an account is blocked.

Also same issue as in Safari, which T328754: IP reveal buttons not displaying on Safari has been created.

OS: macOS 13.0
Browsers: Chrome 109, Safari 16, FireFox 109
Environment: Local

Firefox 109

T326397_IPMasking_ Diff_Result_FireFox.png (645×1 px, 165 KB)

Different temp accounts with different IPs- Good

T326397_IPMasking_ Diff_RHResult.png (1×3 px, 429 KB)

T326397_IPMasking_ Diff_Result.png (1×3 px, 341 KB)

2 Different IPs under the same temp account- Good

T326397_IPMasking_ Diff_RHResult_2IPs.png (1×3 px, 417 KB)

T326397_IPMasking_ Diff_Result_2IPs.png (1×3 px, 320 KB)

I haven't had a chance to test properly, but a couple of thoughts:

  • Am I right in understanding that the buttons are shown even to a blocked user? If so we should file a task to correct that
  • The API should error if the user is blocked; however, the results are cached locally for 24 hours, so would still be visible to a recently-blocked user who accessed then while unblocked (which I think is fine, since they've already seen them). I suspect this is responsible for the differences in the different browser tests here. What happens if the cache is disabled (via developer tools, network tab)?

@Tchanders @AGueyte For non-admin users being blocked or non-admin in general, Show IP does not show up at all. If you block an Admin and create a temp edit recently as I made one right now, Show IP still shows up but it does not reveal the IP when you click on it. This only occurs on the current date as seen in the screenshots. On the older dates that are not today, you are able to reveal the IP address. I will move this to Done since there is a ticket for {T328754: IP reveal buttons not displaying on Safari} already and I just created ticket {T329072: IP Masking: Admins that are blocked have the Show IP button still visible} for this one. Thanks!

T326397_IPMasking_AdminBlock24hrs_Diff.png (963×2 px, 282 KB)

T326397_IPMasking_AdminBlock24hrs_History.png (889×2 px, 368 KB)