Page MenuHomePhabricator

Create API endpoint for receiving report data
Closed, ResolvedPublic5 Estimated Story Points

Description

The incident report form is a client-side application. When the user clicks the submit button, we will POST the data to a REST API endpoint managed by the ReportIncident extension.

The API endpoint should:

  • require the user to be authenticated to submit
  • validate the POST body for the following:
    • user ID of person being reported
    • revision ID for the page, when the user launched the "report" app
    • [pending the DiscussionTools integration] comment ID (optional, used if report button clicked in context of the comment)
    • [pending the DiscussionTools integration] topic ID / heading text (used if report button clicked in context of the header, also sent as additional metadata to help locate a comment in a page)
    • details text
    • abuse types
    • ? (any other fields in the form, each one listed as a parameter)

For validated POST body, the endpoint should then:

  • send an email containing contents (email content to be determined, cc @Madalina to create a separate task to document what the email subject line and contents should look like) to a list of email addresses determined by a configuration variable in extension.json
  • in the HTTP response, provide a success/failure message and code, so that the client-side app can inform the user in case of failure.

The API endpoint should have rate limits (T345813: Implement rate limits for submitting data to ReportIncident API) in place for authenticated users, as a basic precaution to limit abuse.

User story:

As a user, when I click submit I expect an email containing my report to be sent to foundation email address.

  • create an API endpoint to handle sending emails
  • the endpoint should be rate limited (T345813)

[not-for-this-iteration] The endpoint should not allow users to submit duplicate submissions. This depends on having a database table to track submissions, though. We could define duplicate submission as having all of the same:

  • user ID of submitter
  • user ID of alleged harasser
  • revision ID for the page
  • topic ID
  • comment ID

Event Timeline

JKieserman renamed this task from [ FR PoC ] email workflow for reports to Create API endpoint for emailing.Jun 13 2023, 6:25 PM
JKieserman updated the task description. (Show Details)
JKieserman added a subscriber: kostajh.

@kostajh mind adding additional technical details for this task? Are there any example endpoints we should model this off of?
@Madalina could you confirm what email address we should be using?

We need to create a dummy email address, need to investigate how to do that.

kostajh renamed this task from Create API endpoint for emailing to Create API endpoint for receiving report data.Jul 6 2023, 10:29 AM
kostajh updated the task description. (Show Details)

We need to create a dummy email address, need to investigate how to do that.

We can create a Google Group mailing list with WMF's account, and subscribe engineers and other interested people to it. Or we can use our individual emails with the +reportincident identifier, e.g. kharlan+reportincident@wikimedia and then in our Gmail filters, we can route email sent to the +reportincident identifier to a specific folder, or automatically archive/delete, etc.

kostajh updated the task description. (Show Details)

cc @Madalina to create a separate task to document what the email subject line and contents should look like)

@Madalina, could you create a task for this please, and link it with this one? Thank you!

Change 952458 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/ReportIncident@master] [WIP] api: Add endpoint receiving report data from form

https://gerrit.wikimedia.org/r/952458

We'll create subtasks for:

  • sending the email
  • posting form contents from the dialog
Madalina set the point value for this task to 5.Aug 30 2023, 1:18 PM

Change 952458 merged by jenkins-bot:

[mediawiki/extensions/ReportIncident@master] api: Add endpoint to receive report data

https://gerrit.wikimedia.org/r/952458

I have verified that data is posted to a REST API endpoint, but there are 2 more items listed in the ticket Description that can't be verified at the moment:
create an API endpoint to handle sending emails (Email group has not been created or configured yet)
the endpoint should be rate limited (T345813) (this ticket is still being developed, and from looking at the ticket comments its also waiting on T338804 Inform the user about the success or failure of submitting a report to be developed)

@Madalina do you want me to put this ticket into Hold / Stalled status until those 2 items are completed or do you want to take a different approach for this ticket?

Email address has been created, let's use: incident-report-system-beta@wikimedia.org.

Dreamy_Jazz subscribed.

T345813 is in QA, so that shouldn't block this any further.

For the endpoint that handles sending emails this is done in T345256 which is also in QA, so that shouldn't block this either.

Moving this back to QA for @Djackson-ctr to look at this again and move to the done column if appropriate now.

I have verified the information listed in the ticket Description has been implemented and is displaying and functioning as expected at https://ko.wikipedia.beta.wmflabs.org/w/index.php?title=사용자토론:Bluedot&uselang=en