Page MenuHomePhabricator
Create Task
Maniphest T344276

Should SpecialPages that return true for ::requireLogin allow access to temporary users?
Open, In Progress, Needs TriagePublic1 Estimated Story Points
Actions

Description

SpecialPage::requireLogin can be overridden to return true, which denies access for logged out (anon/IP) users. However, it still allows access to temporary users.

To deny access to temporary users, SpecialPage::requireNamedUser should return true.

We should check whether special pages that return true for requireLogin should be available to temporary users. If not, we should update them to return true for requireNamedUser instead.

Note: Some SpecialPages in core have already been updated. Extension SpecialPages may need updating too.

Related Objects
Search...

Event Timeline

Tchanders created this task.Aug 15 2023, 5:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 15 2023, 5:22 PM
JJMC89 subscribed.Aug 15 2023, 5:30 PM

As with everything else for MVP, I'd say that access should be the same as for anon/IP.

AGueyte claimed this task.Aug 22 2023, 12:58 PM
AGueyte moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
AGueyte mentioned this in T344714: Update requireLogin() for temp users on CentralAuth extension .Aug 22 2023, 2:57 PM
AGueyte mentioned this in T344715: Update requireLogin() for temp users on Echo extension.Aug 22 2023, 3:00 PM
AGueyte mentioned this in T344716: Update requireLogin() for temp users on MobileFrontend extension.
AGueyte mentioned this in T344718: Update requireLogin() for temp users on Newsletter extension.Aug 22 2023, 3:06 PM
AGueyte mentioned this in T344720: Update requireLogin() for temp users on OATHAuth extension.Aug 22 2023, 3:14 PM
AGueyte mentioned this in T344721: Update requireLogin() for temp users on OAuth extension.Aug 22 2023, 3:18 PM
AGueyte mentioned this in T344722: Update requireLogin() for temp users on ContactPage extension.
AGueyte mentioned this in T344723: Update requireLogin() for temp users on ReadingLists extension.Aug 22 2023, 3:23 PM
AGueyte mentioned this in T344725: Update requireLogin() for temp users on TranslationNotifications extension.Aug 22 2023, 3:28 PM
AGueyte mentioned this in T344727: Update requireLogin() for temp users on UrlShortener extension.
AGueyte mentioned this in T344728: Update requireLogin() for temp users on Wikistories extension.Aug 22 2023, 3:31 PM
Urbanecm_WMF closed subtask T344715: Update requireLogin() for temp users on Echo extension as Declined.Aug 22 2023, 5:56 PM
AGueyte mentioned this in T344771: Update requireLogin() for temp users on ContentTranslation extension.Aug 22 2023, 8:20 PM
AGueyte closed subtask T344718: Update requireLogin() for temp users on Newsletter extension as Resolved.Aug 23 2023, 12:07 PM
JJMC89 changed the status of subtask T344718: Update requireLogin() for temp users on Newsletter extension from Resolved to Declined.Aug 23 2023, 2:10 PM
AGueyte changed the task status from Open to In Progress.Aug 23 2023, 2:50 PM
AGueyte moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
AGueyte set the point value for this task to 1.Aug 23 2023, 2:58 PM
Tchanders moved this task from Code Review 🔍 to Done Q1 2023-2024 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 24 2023, 5:24 PM
AGueyte changed the status of subtask T344722: Update requireLogin() for temp users on ContactPage extension from Open to In Progress.Sep 5 2023, 2:00 PM
Tchanders mentioned this in T326759: Investigate: Which WMF deployed code might be affected by IP Masking?.Sep 25 2023, 4:07 PM
Aklapper removed AGueyte as the assignee of this task.Oct 9 2023, 1:02 AM
Aklapper added a subscriber: AGueyte.

Removing inactive task assignee (please do so as part of offboarding steps).

Tchanders closed subtask T344727: Update requireLogin() for temp users on UrlShortener extension as Resolved.Oct 9 2023, 3:21 PM
ngkountas changed the status of subtask T344771: Update requireLogin() for temp users on ContentTranslation extension from Open to In Progress.Oct 11 2023, 6:35 PM
Niharika closed subtask T344722: Update requireLogin() for temp users on ContactPage extension as Resolved.Nov 6 2023, 9:54 PM
Jdlrobson closed subtask T344723: Update requireLogin() for temp users on ReadingLists extension as Resolved.Nov 9 2023, 7:56 PM
Pginer-WMF closed subtask T344771: Update requireLogin() for temp users on ContentTranslation extension as Resolved.Nov 16 2023, 10:35 AM
abi_ changed the status of subtask T344725: Update requireLogin() for temp users on TranslationNotifications extension from Open to In Progress.Nov 27 2023, 2:56 PM
abi_ closed subtask T344725: Update requireLogin() for temp users on TranslationNotifications extension as Resolved.Dec 13 2023, 8:12 AM
Tgr closed subtask T344714: Update requireLogin() for temp users on CentralAuth extension as Resolved.Feb 19 2024, 8:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL