Page MenuHomePhabricator
Create Task
Maniphest T343799

[8 hr] Investigate places where Wikibase distinguishes between anonymous and registered users
Closed, ResolvedPublic
Actions

Description

See parent task for details.

Results:

Wikibase:
  • Wikibase shows an anon-editing warning when not logged-in and editing statements/terms/sitelinks
  • Special:MyLanguageFallbackChain informs about babel on the userpage for logged-in users. That is actually something temp-users can currently do, but I'm not sure if that is intended? What happens when such a temp user logs in? It works though.
    • In general: LanguageFallback taking Babel into account is difference between logged-in and anon users. Even if you would add a Babel-box to an IP-"Userpage", it would not have an effect on language fallback
  • All other Wikibase SpecialPages that allow some form of editing have a Warning only for Anon IPs, not temp users
  • Also the undo and restore dialogs of Wikibase have the anon editing warnings only for Anon IPs, not temp users

Wikibase Client

  • the jquery.Ui LinkItem widget is only shown to registered users and not Anonymous IPs. However, it _is_ currently shown to temporary users.

Broken remembering of preferences for temp users:

  • Showing/Hiding the Legacy Termbox is usually remembered. For anons via a cookie, for logged-in users via a user options. Temp users do not have user options, so this feature is broken for them.
  • Similar to the above, dismissing the message informing about copyright, that shows when editing Statements or Sitelinks, is remembered in a cookie for anon IPs and a user option for proper logged-in users. This too is broken for temp-users.
  • Similar to the above, for federated Properties, we seem to show a "leave site notice"? Remembering the dismissal of that would probably be broken as well. But that is not a Wikidata concern directly.

Probably unaffected/maybe changes for the sake of clarifying the intention only:

  • For Wikibase's undo and restore, we're might add the Entity to the user's watchlist, if they're logged in. But I would expect that to still work as expected with temp users (as in: do nothing)
  • \Wikibase\Repo\Store\Sql\WikiPageEntityStore::updateWatchlist has a check for the users being registered, but I don't expect that to break either
WikibaseLexeme:
  • Special:MergeLexemes and the non-js fallback of Special:NewLexeme use User:isRegistered() for showing the anon user warning.
  • The Vue-based Special:NewLexme page gets that information for the same purpose via js: mw.user.isAnon().
  • The editing Statements functionality comes from Wikibase, and so the notes there apply
EntitySchema:
  • Special:NewEntity, Special:SetLabelDescriptionAlias, and Editing the Schema Text, all show a warning based on the user being an anonymous IP. As far as I can tell, none of them currently trigger a temp user account creation.
WikibaseQualityConstraints:
  • If the configuration to show violations to all users is disabled, then the Gadget to show the violations is loaded only for "registered" users, but not anonymous users. "Registered" in that sense includes temporary users.

Related Objects
Search...

Event Timeline

Michael created this task.Aug 8 2023, 12:52 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 8 2023, 12:52 PM
Michael moved this task from Parents/Waiting to Todo/Backlog on the Wikidata Dev Team (Sprint-∞) board.Aug 8 2023, 12:53 PM
Michael claimed this task.Aug 8 2023, 12:56 PM
Michael moved this task from Todo/Backlog to Doing on the Wikidata Dev Team (Sprint-∞) board.
Restricted Application added a project: User-Michael. · View Herald TranscriptAug 8 2023, 12:56 PM
Michael added a comment.Aug 8 2023, 1:10 PM

One way to approach this is via endpoints. That includes on the repo side:

  • Wikibase Action-API endpoints, such as wbeditentity
    • question to answer: how much is this generalized? How much is this endpoint-specific
  • Special pages, such as Special:NewItem
    • what message is shown, should it be shown differently?
  • The JS UI anon editor warning
  • how/where exactly is semi-protection of pages handled?
  • What does this mean for Lexeme?
  • What does this mean for WikibaseQualityConstraints?
  • What does this mean for EntitySchema?
  • ...

Another approach is to look at the code, find what methods/patterns are used to distinguish between logged-in and anon users, and then look all the places where these are used.

Also relevant, but potentially out of scope:

  • How is the new Termbox handling anon users?
  • How is the REST API handling anon users?
Michael added a comment.Aug 8 2023, 1:45 PM

First observation:

Using a local config based on a related core change looking as follows:

LocalSettings.php
$wgAutoCreateTempUser = [
	'enabled' => true,
	'actions' => [
		0 => 'edit',
	],
    'genPattern' => '*Unregistered $1*',
    'matchPattern' => '*$1',
    'serialProvider' => [ 'type' => 'local' ],
    'serialMapping' => [ 'type' => 'plain-numeric' ],
];
  1. Editing a Statement on an Item through the UI while not logged-in did NOT create a new temporary user and instead recorded the IP address.
  2. Editing an ordinary Wikipage however, did create a temporary user.
  3. Using that temporary user, it was then possible to make an edit to a Statement via the UI that shows in the history with the temporary user instead of the IP.
Michael added a comment.Aug 8 2023, 1:56 PM

Creating a new Item did also NOT result in a temporary user being created.

Michael added a comment.Aug 8 2023, 2:00 PM

Neither creating an EntitySchema via Special:NewEntitySchema, nor edits to the schema text (action=edit) triggered the creation of a temporary user.

Lucas_Werkmeister_WMDE subscribed.Aug 8 2023, 3:33 PM
Lucas_Werkmeister_WMDE mentioned this in T343800: [8 hr] Investigate behavior of temporary accounts with cross-wiki API actions.Aug 8 2023, 4:02 PM
Michael added a comment.Aug 9 2023, 3:03 PM

NewItem, NewProperty, NewLexeme, NewEntitySchema, all of them do NOT show the "anon-user-warning" to temporary users.

The code that used to check for this is currently \User::isRegistered() (or \User::isAnon(), which is just the negated result of the former).

Since 1.39, Mediawiki also has the methods \User::isNamed() and \User::isTemp(), which might be suitable for what we maybe want to do.

Michael updated the task description. (Show Details)Aug 9 2023, 3:45 PM
Michael added a comment.Aug 9 2023, 3:53 PM

EntitySchema seems to be the only Extension of ours that uses \User::isAnon():
https://codesearch.wmcloud.org/things/?q=-%3EisAnon%5C%28%5C%29&files=.*%5C.php&excludeFiles=&repos=Extension%3AEntitySchema%2CExtension%3AWikibase%2CExtension%3AWikibaseLexeme%2CExtension%3AWikibaseQualityConstraints
It is used to show the anon edit warning.

There are two more ways to edit EntitySchema: undo and restore. Neither of those has the anon edit warning, and both trigger the IP Address to be recorded, without an anonymous user being created.

Michael updated the task description. (Show Details)Aug 9 2023, 3:57 PM
Michael updated the task description. (Show Details)
Michael added a comment.Aug 9 2023, 4:36 PM

Special:MergeLexemes and the non-js fallback of Special:NewLexeme use User:isRegistered() for showing the anon user warning. The Vue-based Special:NewLexme page gets that information for the same purpose via js: mw.user.isAnon().

Michael updated the task description. (Show Details)Aug 9 2023, 4:57 PM
Michael added a comment.Aug 9 2023, 5:17 PM

On the js side of things, there seems to be both mw.config.get( 'wgUserIsTemp' ) and mw.user.isTemp().

Michael updated the task description. (Show Details)Aug 9 2023, 5:37 PM
Michael updated the task description. (Show Details)Aug 9 2023, 5:42 PM
Michael updated the task description. (Show Details)Aug 9 2023, 5:49 PM
Michael updated the task description. (Show Details)Aug 9 2023, 5:56 PM
Michael updated the task description. (Show Details)Aug 9 2023, 6:09 PM
Michael updated the task description. (Show Details)Aug 9 2023, 6:23 PM
Michael updated the task description. (Show Details)Aug 9 2023, 6:25 PM
Michael updated the task description. (Show Details)Aug 9 2023, 6:28 PM
Michael added a comment.Aug 9 2023, 6:34 PM

TODO NEXT:

Michael added a comment.Aug 9 2023, 6:36 PM

(ca. 4.5 hours done so far)

Michael updated the task description. (Show Details)Aug 10 2023, 10:04 AM
Michael added a comment.Aug 10 2023, 12:12 PM

Looking at \User::getId did not result in any places in Wikibase+ that would have different behavior based on logged-in status.

Michael updated the task description. (Show Details)Aug 10 2023, 12:23 PM
Michael updated the task description. (Show Details)Aug 10 2023, 12:28 PM
Michael updated the task description. (Show Details)Aug 10 2023, 2:38 PM

As far as I can see, this should cover all the cases I found in a first pass. I think there are about 2 hours left in the timebox for some more in-depth investigation, if needed, or for a nicer write-up of the findings, if that is desired.

Michael moved this task from Doing to Peer Review on the Wikidata Dev Team (Sprint-∞) board.Aug 10 2023, 2:41 PM
Lucas_Werkmeister_WMDE added a comment.EditedAug 22 2023, 3:32 PM

Regarding Wikibase edits not auto-creating temporary accounts: In MediaWiki core, this seems to happen in EditPage::maybeActivateTempUserCreate() and EditPage::createTempUser(); I imagine we’ll need similar code in either MediaWikiEditEntity or WikiPageEntityStore, not sure which.

Also, as seen in T343799#9077216, $wgAutoCreateTempUser supports different actions, with edit currently being the only known action; I think we should check with the MediaWiki core developers whether Wikibase should also use this edit action (interpreting it as a very generic term) or use one or more different, Wikibase-specific actions (“wikibase-edit”? or even one per API module / special page?). (Edit: now asked at T326816#9122653.)

Lucas_Werkmeister_WMDE added a comment.Aug 28 2023, 10:11 AM
In T343799#9110430, @Lucas_Werkmeister_WMDE wrote:

Regarding Wikibase edits not auto-creating temporary accounts: In MediaWiki core, this seems to happen in EditPage::maybeActivateTempUserCreate() and EditPage::createTempUser(); I imagine we’ll need similar code in either MediaWikiEditEntity or WikiPageEntityStore, not sure which.

I’m now leaning towards WikiPageEntityStore, so that it also applies to ItemMergeInteractor.

See also T336187: [S] Investigate: Creating temp user on non-EditPage actions for some useful guidance.

ItamarWMDE moved this task from Incoming to Ongoing on the wmde-wikidata-tech board.Aug 29 2023, 7:41 AM
Bugreporter subscribed.Sep 4 2023, 4:59 PM

the jquery.Ui LinkItem widget is only shown to registered users and not Anonymous IPs. However, it _is_ currently shown to temporary users.

See: T140661: enable add links widget for anonymous users

Michael mentioned this in T328454: [TECH][IPM] Investigate ramifications of IP masking on Wikidata related extensions.Sep 6 2023, 12:36 PM
Michael moved this task from Peer Review to Product Verification on the Wikidata Dev Team (Sprint-∞) board.
Lydia_Pintscher moved this task from Product Verification to Tech Verification on the Wikidata Dev Team (Sprint-∞) board.Sep 7 2023, 11:19 AM
Lydia_Pintscher subscribed.

Thank you! Looking good. Moving this to tech verification.

ItamarWMDE subscribed.Sep 13 2023, 7:56 AM

While it is good to have all the history here on the ticket, and the results in the ticket description, phabricator is not an ideal place for future discoverability and I would prefer if you summarized the entire investigation in one place that is easily searchable (for example on wiki or in a google doc), for posterity.

ItamarWMDE moved this task from Tech Verification to Todo/Backlog on the Wikidata Dev Team (Sprint-∞) board.Sep 13 2023, 7:56 AM
Michael added a comment.Sep 13 2023, 8:07 AM

To me, Phabricator feels more searchable and keeping things in their context than Google Docs, but a Wiki sounds like not a bad idea. We should be using wikis more anyway. Now I'm wondering which wiki would be best? Probably either www.wikimedia.org or wikitech. I will ponder it some more and find a suitable place.

ItamarWMDE added a comment.Sep 13 2023, 8:52 AM

For Mismatch Finder, we used Wikitech for any documentation that relates to Wikmedia specific infrastructure: https://wikitech.wikimedia.org/wiki/Tool:Wikidata_Mismatch_Finder

We also have a Wikdata page there that I have slowly started to restructure and add to: https://wikitech.wikimedia.org/wiki/WMDE/Wikidata

So I would prefer for Wikitech to be our team's one-stop shop, if we go for onwiki documentation.

Michael closed this task as Resolved.Sep 18 2023, 2:20 PM

Content transferred to https://wikitech.wikimedia.org/wiki/WMDE/Wikidata/Reports/2023/2023-09-18_Ramifications_of_IP_masking_on_Wikidata_related_extensions
Further discussion of the results should probably happen in the parent story, not in this subtask here.

karapayneWMDE moved this task from Todo/Backlog to Our work done on the Wikidata Dev Team (Sprint-∞) board.Sep 19 2023, 9:12 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits