Background
For T325238, we want to allow privileged users to reveal the IP address used by a temporary account, ideally wherever a temporary account name is shown in the UI.
After T326414: Update Linker::userLink to allow identification of temporary account usernames and provide some context, we can add buttons to reveal the IP addresses anywhere a temporary account user link is shown. When clicked, the IP address(es) can be fetched via the API added in T324603: The CheckUser extension should provide IP addresses of temporary account users, for IP Masking.
There are a couple of ways to do this. One way would be to do this similarly to IPInfo, where we handle a widely-run hook like BeforePageDisplay, and add a JS module that adds the buttons, given a page and permissions check.
Designs
Some of the screenshots are old or work-in-progress, so pay attention to the bullet points too
Button:
- The button should be a quiet, progressive button, as in the screenshot
- The button should appear after the user name
- The label in English should say "Show IP" (capital "S")
Revealed IP:
- The revealed IP should take the place of the button
- The IP should be surrounded by parentheses
- If no IP is found, the parentheses should contain "unavailable" (in English)
Note that UI jumps as the buttons are added (and as the IPs are revealed) are unavoidable here, because:
- The button labels are an unpredictable length, since they are translatable
- The IP addresses are differing lengths
- The string for "unavailable" is translatable, so can be different lengths
Acceptance criteria
- Buttons should appear to users who are able to reveal IPs anywhere that temporary user account links are shown on special pages, history pages and diff pages.
- Clicking on one button reveals one IP address
- If a data-rev-id attribute is present in the user link, the IP address for that specific revision should be revealed (see history page example below)
- Otherwise, the latest IP used by that user should be revealed (see Special:BlockList example below)
Note that this task does not do the following (from the parent task) - they will be covered by other tasks:
How are IPs revealed?
Two ways:
- Temp user reveal: On all other pages admins and checkusers will be able to reveal all IPs for a given temp account. In other words, revealing a temp account will unveil all instances of that temp account on that page irrespective of the IP address.
- Pair (temp user-IP) reveal: patrollers will only be able to reveal a single "temp account - IP address" pair at a time. In other words, revealing a temp account will unveil all other temp account instances on that page that are from the same IP address.
Done via T327946: Admins and checkusers unveil all IPs on the page for a temp account by clicking one button and T327947: Patrollers reveal all instances of a single IP address on a page by clicking on button
Do revealed IP addresses persist?
Yes. For admins and checkusers, all temp accounts once revealed will stay revealed even when the user moves across pages. They will stay revealed for 24 hours.
For patrollers temp-account-IP address pairs once revealed will stay revealed even when the user moved across pages. This will stay revealed for 24 hours.
Testing notes
This should be tested locally, with $wgAutoCreateTempUser['enabled'] = true; and CheckUser installed
There are various ways to test it, but some examples are below.
Example: test on a history page
- Make edits to an article as a temporary user, using different IPs
- Visit the article's history page as a user with the right to reveal IP addresses
- Clicking on the "Show IP" buttons should reveal the correct IP address for each revision
Example: test on Special:BlockList
- Block some temporary users
- Visit Special:BlockList
- Clicking on the "Show IP" buttons should reveal the latest IP used by each user
