A preliminary investigation (T326759) has found that the WikiLove extension may be affected by IP Masking
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
In Progress | Niharika | T324492 Temporary accounts - MVP | |||
Open | None | T326816 Update features for IP Masking | |||
Open | KStoller-WMF | T326877 [Epic] Update Growth Team-owned products that may be affected by IP Masking | |||
Resolved | • TThoabala | T326931 Prepare WikiLove extension for IP Masking | |||
Resolved | • TThoabala | T335844 Update WikiLove extension for IP Masking |
Event Timeline
I pulled down the repo and ran a couple of test, and searched the repo for functions listed here T326759
1 isIPAddress in wikilove.core.js
This is used to show this message wikilove-anon-warning as seen below
if ( !mw.util.isIPAddress( mw.config.get( 'wikilove-recipient' ) ) ) { $( '#mw-wikilove-anon-warning' ).hide(); }
The message is a warning about unregistered users
`wikilove-anon-warning:` `Note: This user is not registered, he or she may not notice this message.
do we want to show this message for temporary users as well? @Niharika/@Prtksxna?
- isRegistered in hooks.php
If the user is not logged in we return early as shown below
// Exit early if the sending user isn't logged in if ( !$user->isRegistered() ) { return ApiMessage::create( 'wikilove-err-not-logged-in', 'notloggedin' ); }
This hides the wikilove button on a user's talk page
This we can fix by adding a isTemp check on that line, which will mean temporary users are not able to send wikilove. cc: @Niharika
3a. getName in ApiWikiLove.php
This calls getName on a user newly created using User::newFromName. This does not require any change.
see code below
'target' => User::newFromName( $talk->getSubjectPage()->getBaseText() )->getName()
3b. getName in hooks.php
getname is also used to check that users don't send themselves wikilove
if ( $user->getName() === $baseTitle->getText() ) { return ApiMessage::create( 'wikilove-err-no-self-wikilove', 'no-self-wikilove' ); }
the user being referred to here is the current user. And from testing with temporary users there is no change required here.
- Is anon in ApiWikiLove.php
if ( $receiver === false || $receiver->isAnon() ) { $this->addWarning( 'apiwarn-wikilove-ignoringunregistered' ); return; }
Here we need to add isTemp for $receiver
- getRegistration in ApiWikiLove.php
$values = [ 'wll_timestamp' => $dbw->timestamp(), 'wll_sender' => $user->getId(), 'wll_sender_editcount' => $user->getEditCount(), 'wll_sender_registration' => $user->getRegistration(), 'wll_receiver' => $receiver->getId(), 'wll_receiver_editcount' => $receiver->getEditCount(), 'wll_receiver_registration' => $receiver->getRegistration(), 'wll_type' => $type, 'wll_subject' => $subject, 'wll_message' => $message, 'wll_email' => $email, ];
This depends on 2 above, currently if the user is not logged in they are not allowed to send wikilove, are temporary user going to be allowed to send wikilove @Niharika ?
The message is a warning about unregistered users
wikilove-anon-warning: Note: This user is not registered, he or she may not notice this message.
do we want to show this message for temporary users as well?
I think it makes sense to show this for temporary users too. We could update the message to make it similar to the one we've drafted for Talk pages:
Note: This is a temporary user, based on their device settings they might not notice this message.
Just wanted to check if this will mean that there are different messages for unregistered and temporary users? @Niharika what do you think?
@TThoabala Thanks for this!
I think we can disable temp users sending or receiving Wikilove notifications.
We can start by using the same messages for anon/temp, then later if necessary we can refine them - that's what we did in T334597: Update User access to polls on SecurePoll.
Would you be able to file the necessary follow-up tasks?