Page MenuHomePhabricator
Create Task
Maniphest T342790

Allow storage of client hints for deleted revisions and revisions with revision deleted performer
Closed, ResolvedPublic
Actions

Description

Currently, the storage of Client Hints data for an edit will be prevented if the following happen just after the revision is saved:

  • The page is deleted
  • The revision is deleted and/or suppressed

The storage of Client Hints data via the REST API will happen shortly after the user loads the page after the edit screen, however, there is no guarantee that this would happen quickly. For example, a slow internet connection for a user could mean the request takes a little time to be sent. A user on a fast internet connection could be deleting the page shortly after the edit went through and this delete goes through before the API request is sent by the user on the slow internet connection.

This was raised in QA by T258105: Implement storage for User-Agent Client Hints header data.

Details

SubjectRepoBranchLines +/-
clienthints REST API: Perform matching user check with RAW audiencemediawiki/extensions/CheckUsermaster+5 -1
Customize query in gerrit

Related Objects

Event Timeline

Dreamy_Jazz created this task.Jul 26 2023, 4:15 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 26 2023, 4:15 PM
Dreamy_Jazz moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jul 26 2023, 4:15 PM
gerritbot added a comment.Jul 26 2023, 4:32 PM

Change 941964 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] clienthints REST API: Perform matching user check with RAW audience

https://gerrit.wikimedia.org/r/941964

gerritbot added a project: Patch-For-Review.Jul 26 2023, 4:32 PM
Dreamy_Jazz mentioned this in T258105: Implement storage for User-Agent Client Hints header data.Jul 26 2023, 4:34 PM
Dreamy_Jazz claimed this task.Jul 26 2023, 4:37 PM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
Tchanders added subscribers: STran, Tchanders.Jul 26 2023, 4:45 PM

@STran This would be a nice first review to help onboard you to the project (concepts to understand, but not much code)

gerritbot added a comment.Jul 27 2023, 10:45 AM

Change 941964 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] clienthints REST API: Perform matching user check with RAW audience

https://gerrit.wikimedia.org/r/941964

ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.20; 2023-08-01).Jul 27 2023, 11:00 AM
Maintenance_bot removed a project: Patch-For-Review.Jul 27 2023, 11:10 AM
Tchanders moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Jul 27 2023, 3:01 PM
dom_walden subscribed.Aug 7 2023, 10:17 AM

@Dreamy_Jazz I cannot set client hints for revisions of deleted pages. It returns:

{'errorKey': 'rest-nonexistent-revision', 'messageTranslations': {'en': 'The specified revision (10377) does not exist'}, 'httpCode': 404, 'httpReason': 'Not Found'}

For revisions with restricted visibility, if the user does not have permission to see the username or IP which created the revision should they be allowed to set the client hints? The risk I see is that you can infer from the response of /rest.php/checkuser/v0/useragent-clienthints/revision/$revid whether or not you created the revision. Perhaps this is not a problem for a logged in user, but might be for an IP which could be shared by multiple people.

They could perhaps always be shown the 'User $id is not the author of revision $id' so as not to reveal any information.

Dreamy_Jazz added a comment.EditedAug 7 2023, 11:44 AM
In T342790#9073220, @dom_walden wrote:

@Dreamy_Jazz I cannot set client hints for revisions of deleted pages. It returns:

{'errorKey': 'rest-nonexistent-revision', 'messageTranslations': {'en': 'The specified revision (10377) does not exist'}, 'httpCode': 404, 'httpReason': 'Not Found'}

I will investigate this. Thanks for spotting.

For revisions with restricted visibility, if the user does not have permission to see the username or IP which created the revision should they be allowed to set the client hints? The risk I see is that you can infer from the response of /rest.php/checkuser/v0/useragent-clienthints/revision/$revid whether or not you created the revision. Perhaps this is not a problem for a logged in user, but might be for an IP which could be shared by multiple people.

They could perhaps always be shown the 'User $id is not the author of revision $id' so as not to reveal any information.

This was motivated to avoid race conditions where the performer is restricted before the API request is performed. This could happen for a user on a slow network and if some kind of restriction of the username is performed before the API request finishes.

I think they should be allowed to set Client Hints assuming that the other checks are fine.

To combat the time that a user has to investigate whether a deleted revision was made by them, the check that ensures the API call was made within the last 30 minutes (T342134) could be placed before the check if the performer of the action is deleted.

Tchanders added a comment.Aug 7 2023, 12:26 PM

To combat the time that a user has to investigate whether a deleted revision was made by them, the check that ensures the API call was made within the last 30 minutes (T342134) could be placed before the check if the performer of the action is deleted.

This makes sense to me.

dom_walden mentioned this in T345165: Move the time limit check before the permissions check.Aug 29 2023, 2:07 PM
dom_walden mentioned this in T345157: Allow storage of client hints for revisions of deleted pages.Aug 29 2023, 2:12 PM
dom_walden moved this task from QA/Testing 🐞 to Done Q1 2023-2024 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
In T342790#9073220, @dom_walden wrote:

@Dreamy_Jazz I cannot set client hints for revisions of deleted pages. It returns:

Raised as T345157.

! In T342790#9073530, @Dreamy_Jazz wrote:
To combat the time that a user has to investigate whether a deleted revision was made by them, the check that ensures the API call was made within the last 30 minutes (T342134) could be placed before the check if the performer of the action is deleted.

Raised as T345165.

Dreamy_Jazz added a comment.Aug 29 2023, 2:34 PM

Thanks for the in-depth testing!

Dreamy_Jazz moved this task from Backlog to Release 0 (Pilot wikis) on the http-client-hints board.Sep 26 2023, 12:01 PM
Dreamy_Jazz edited projects, added http-client-hints (Release 0 (Pilot wikis)); removed http-client-hints.
kostajh closed this task as Resolved.Sep 26 2023, 12:55 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL