Page MenuHomePhabricator
Create Task
Maniphest T326954

Ensure that blocked users/IPs can not make edits
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

Acceptance criteria:

  • feature has been checked and is working as expected
  • corresponding e2e test is in place

Action API endpoint to block/unblock a user: https://www.mediawiki.org/wiki/API:Block

Details

SubjectRepoBranchLines +/-
REST: Test edit while user blockedmediawiki/extensions/Wikibasemaster+26 -4
Customize query in gerrit

Related Objects
Search...

Event Timeline

Silvan_WMDE created this task.Jan 13 2023, 1:21 PM
Silvan_WMDE set the point value for this task to 3.
Ollie.Shotton_WMDE updated the task description. (Show Details)Jan 13 2023, 1:28 PM
WMDE-leszek edited projects, added Wikibase Product Platform (v1); removed Wikibase REST API (archieved).Jan 13 2023, 1:42 PM
WMDE-leszek moved this task from Backlog to Next on the Wikibase Product Platform (v1) board.
Ollie.Shotton_WMDE mentioned this in T316354: Ensure rate limiting and potentially other harm preventions are in place for the Wikibase REST API.Jan 13 2023, 3:31 PM
WMDE-leszek moved this task from Next to Sprint 21 on the Wikibase Product Platform (v1) board.Jan 17 2023, 12:34 PM
WMDE-leszek edited projects, added Wikibase Product Platform (v1) (Sprint 21); removed Wikibase Product Platform (v1).
Silvan_WMDE added a comment.Jan 17 2023, 2:38 PM

Task Breakdown notes

  • verify the feature is working
  • add 'blocked user/IP' test to the 'Authorization' section of the AuthTest.js e2e-test
    • use the 'block' API action to set up the test (see task description)
Muhammad_Yasser_Jazirahly_WMDE claimed this task.Jan 18 2023, 8:07 AM
Muhammad_Yasser_Jazirahly_WMDE moved this task from To Do to Doing on the Wikibase Product Platform (v1) (Sprint 21) board.
gerritbot added a comment.Jan 18 2023, 2:56 PM

Change 881416 had a related patch set uploaded (by Muhammad Jaziraly; author: Muhammad Jaziraly):

[mediawiki/extensions/Wikibase@master] REST: Test edit while user blocked

https://gerrit.wikimedia.org/r/881416

gerritbot added a project: Patch-For-Review.Jan 18 2023, 2:56 PM
Muhammad_Yasser_Jazirahly_WMDE moved this task from Doing to Peer Review on the Wikibase Product Platform (v1) (Sprint 21) board.Jan 18 2023, 3:51 PM
Muhammad_Yasser_Jazirahly_WMDE added a comment.Jan 19 2023, 8:30 AM

I've tested the edit functionality while the user is blocked (using the REST API to edit), and it's working properly.

The response for edit using REST API after blocking was:

{
	"error": "rest-write-denied",
	"httpCode": 403,
	"httpReason": "Forbidden"
}

And a new e2e test was written to cover it.

gerritbot added a comment.Jan 19 2023, 9:45 AM

Change 881416 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] REST: Test edit while user blocked

https://gerrit.wikimedia.org/r/881416

Muhammad_Yasser_Jazirahly_WMDE moved this task from Peer Review to Done on the Wikibase Product Platform (v1) (Sprint 21) board.Jan 19 2023, 9:52 AM
ReleaseTaggerBot added a project: MW-1.40-notes (1.40.0-wmf.20; 2023-01-23).Jan 19 2023, 10:00 AM
Maintenance_bot removed a project: Patch-For-Review.Jan 19 2023, 10:30 AM
Muhammad_Yasser_Jazirahly_WMDE moved this task from Done to Product Verification on the Wikibase Product Platform (v1) (Sprint 21) board.Jan 19 2023, 10:35 AM
WMDE-leszek added a comment.Jan 23 2023, 12:07 PM

Works as expected, thank you!

WMDE-leszek moved this task from Product Verification to Done on the Wikibase Product Platform (v1) (Sprint 21) board.Jan 23 2023, 12:07 PM
WMDE-leszek closed this task as Resolved.Feb 7 2023, 9:42 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL