Page MenuHomePhabricator
Create Task
Maniphest T328896

Fix non-sequential indices in TemporaryAccountHandler API results
Closed, ResolvedPublic
Actions

Description

Background

TemporaryAccountHandler returns a list of IPs used by a temporary account.

The returned list should be an array, e.g.:

{
  "ips": [
    "192:168:1:1:0:0:0:0"
  ]
}

However, sometimes an object is returned with numerical indices that are non-sequential, e.g.:

{
  "ips": {
    "0": "192:168:1:1:0:0:0:0",
    "2": "192:168:1:0:0:0:0:0"
  }
}

This should instead be:

{
  "ips": [
    "0": "192:168:1:1:0:0:0:0",
    "1": "192:168:1:0:0:0:0:0"
  ]
}

This might only happen if there are multiple rows for the same actor-IP-timestamp. For more information see T324603#8577985 and the following comments.

Acceptance criteria
  • The returned list of IPs is always an array
Notes

The problem might arise here when calling array_unique here: https://gerrit.wikimedia.org/g/mediawiki/extensions/CheckUser/+/d5a63f4df9c6f77310c3ebbf6e90baa56136d9e5/src/Api/Rest/Handler/TemporaryAccountHandler.php#47 Could we use something like array_values(array_unique($ips))?

Testing Notes

-To use this API, you'll need the checkuser-temporary-account right that's introduced in this patch.You must also have Enable revealing IP addresses for temporary accounts enabled on your Special:Preferences

-The URL is rest.php/checkuser/v0/temporaryaccount/{name}, where {name} is the user name you want to look up (see RestRoutes in extension.json)

-You can add the optional params in TemporaryAccountHandler::getParamSettings via the querystring (e.g. ?revision=123, etc)

-In case you have been switching $wgAutoCreateTempUser['enabled'] on and off locally, it needs to be true to avoid a nonexistent account error

-Visiting this URL : http://localhost:8080/w/rest.php/checkuser/v0/temporaryaccount/{nameoftemporaryaccount} should give JSON object with a single key "ips" which maps to an array of unique IP addresses used by a temporary account

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Fix non-sequential indices in TemporaryAccountHandler API resultsmediawiki/extensions/CheckUsermaster+2 -2
Customize query in gerrit

Related Objects

Event Timeline

Tchanders created this task.Feb 6 2023, 5:37 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 6 2023, 5:37 AM
Tchanders mentioned this in T324603: The CheckUser extension should provide IP addresses of temporary account users, for IP Masking.Feb 6 2023, 5:49 AM
Cyndymediawiksim claimed this task.Feb 7 2023, 6:48 AM
Cyndymediawiksim moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment-Team (AHaT Sprint 24: The Toque Blanche Hat) board.
gerritbot added a comment.Feb 9 2023, 4:50 PM

Change 888056 had a related patch set uploaded (by Cyndywikime; author: Cyndywikime):

[mediawiki/extensions/CheckUser@master] Fix non-sequential indices in TemporaryAccountHandler API results

https://gerrit.wikimedia.org/r/888056

gerritbot added a project: Patch-For-Review.Feb 9 2023, 4:50 PM
AGueyte subscribed.Feb 9 2023, 10:15 PM

Make sure to go into Special:Preferences, can you check the option "Enable revealing IP addresses for temporary accounts"

Cyndymediawiksim updated the task description. (Show Details)Feb 10 2023, 8:34 PM
Cyndymediawiksim moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment-Team (AHaT Sprint 24: The Toque Blanche Hat) board.
Dreamy_Jazz moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment-Team (AHaT Sprint 24: The Toque Blanche Hat) board.Feb 11 2023, 1:24 AM
Dreamy_Jazz updated the task description. (Show Details)Feb 11 2023, 1:27 AM
gerritbot added a comment.Feb 11 2023, 1:38 AM

Change 888056 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Fix non-sequential indices in TemporaryAccountHandler API results

https://gerrit.wikimedia.org/r/888056

ReleaseTaggerBot added a project: MW-1.40-notes (1.40.0-wmf.23; 2023-02-13).Feb 11 2023, 2:00 AM
Maintenance_bot removed a project: Patch-For-Review.Feb 11 2023, 2:31 AM
dom_walden moved this task from QA/Testing 🐞 to Done Q2 2022-2023 on the Anti-Harassment-Team (AHaT Sprint 24: The Toque Blanche Hat) board.Feb 13 2023, 2:24 PM
dom_walden subscribed.

I wrote a script to check that:

  • the IPs are always returned as a list (not an object or dictionary), which I believe means their indices are always sequential
  • the IPs returned match the IPs in the cu_changes table and are in the correct order (descending lexicographic order of IP; I was concerned that array_values() might change this)

Test environment: local docker CheckUser 2.5 (7f54d18) 07:29, 13 February 2023.

Dreamy_Jazz moved this task from Inbox to Temporary account IP reveal on the CheckUser board.Mar 2 2023, 2:31 AM
Niharika closed this task as Resolved.Mar 4 2023, 8:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits