Page MenuHomePhabricator
Create Task
Maniphest T347057

Reporting form sends username for the reportingUserId property of the API request
Closed, ResolvedPublicBUG REPORT
Actions

Description

What is the problem?

When using the Report Incident form, the form asks for a username that you want to report. However the API requests a user ID and the frontend sends the text in the username field (without validation) to the API. As the form asks for a username (and not an ID) this means the username will be converted to an integer.

Steps to reproduce problem
  1. Install ReportIncident
  2. Open a user talk page and open the network tab in inspect element
  3. Click the "Report" button
  4. Click the "Proceed to file a report" button
  5. Open DevTools and click on the network tab
  6. Fill in the form, specifying a username in Username you would like to report as asked for

Expected behaviour: The API request body specifies a username as the reportedUserID property.
Observed behaviour: The API request body should specify an ID or specify that the property is actually the username

Environment

Wiki(s): ReportIncident (ee99199) 07:09, 19 September 2023

Details

SubjectRepoBranchLines +/-
Suggest usernames for the reported username fieldmediawiki/extensions/ReportIncidentmaster+855 -315
Customize query in gerrit

Related Objects
Search...

Event Timeline

Dreamy_Jazz created this task.Sep 21 2023, 1:50 PM
Restricted Application added a project: Trust and Safety Tools Team Backlog. ยท View Herald TranscriptSep 21 2023, 1:50 PM
Restricted Application added a subscriber: Aklapper. ยท View Herald Transcript
Dreamy_Jazz added a parent task: T337566: [EPIC]: Incident Reporting System - Minimal Testable Product (MTP).Sep 21 2023, 2:48 PM
kostajh subscribed.Sep 21 2023, 7:47 PM

See also T338816: Pass the username associated with a reported comment to the username input component

kostajh added a comment.Sep 29 2023, 11:49 AM

We should probably change the API to accept a username instead. The DiscussionTools thread item data gives us a username, not a numeric ID.

Dreamy_Jazz added a comment.Sep 29 2023, 12:33 PM

It probably makes sense to do that as currently you couldn't report IPs (as they have no user ID).

Dreamy_Jazz claimed this task.Oct 18 2023, 10:23 AM
gerritbot added a comment.Oct 18 2023, 12:11 PM

Change 964565 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/ReportIncident@master] Suggest usernames for the reported username field

https://gerrit.wikimedia.org/r/964565

gerritbot added a project: Patch-For-Review.Oct 18 2023, 12:11 PM
Dreamy_Jazz edited projects, added Trust and Safety Tools Team Backlog (Kanban); removed Trust and Safety Tools Team Backlog.Oct 18 2023, 2:46 PM
Dreamy_Jazz moved this task from ๐ŸŽฌ Ready to ๐Ÿ” Review/Feedback on the Trust and Safety Tools Team Backlog (Kanban) board.
gerritbot added a comment.Oct 19 2023, 12:04 PM

Change 964565 merged by jenkins-bot:

[mediawiki/extensions/ReportIncident@master] Suggest usernames for the reported username field

https://gerrit.wikimedia.org/r/964565

Dreamy_Jazz mentioned this in rEREI4488a1828301: Suggest usernames for the reported username field.Oct 19 2023, 12:05 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 19 2023, 12:10 PM
Dreamy_Jazz updated the task description. (Show Details)Oct 19 2023, 1:51 PM
Dreamy_Jazz moved this task from ๐Ÿ” Review/Feedback to ๐Ÿ› QA on the Trust and Safety Tools Team Backlog (Kanban) board.Oct 19 2023, 1:56 PM

For QA, I would suggest following the steps to reproduce and the observed behaviour should be that a reportedUser property is set to the username you entered in the form. The request body should look like:

{"reportedUser":"Abuse filter","details":"test","behaviors":["threats-or-violence"],"revisionId":16895}
PatchDemoBot added a comment.Oct 20 2023, 2:04 PM

Test wiki created on Patch demo by DJacksonA using patch(es) linked to this task:
https://patchdemo.wmflabs.org/wikis/0ca007bc0f/w

Djackson-ctr subscribed.Oct 23 2023, 8:33 PM

I have verified the fix for this issue has been implemented and is working as expected per the Ticket Description... Thank you @Dreamy_Jazz!!!
Testing was performed at the following url:
https://ko.wikipedia.beta.wmflabs.org/wiki/์‚ฌ์šฉ์žํ† ๋ก :QS5E

image.png (940ร—1 px, 724 KB)

image.png (940ร—1 px, 145 KB)

Djackson-ctr moved this task from ๐Ÿ› QA to ๐Ÿค˜ Done on the Trust and Safety Tools Team Backlog (Kanban) board.Oct 23 2023, 8:36 PM
Dreamy_Jazz closed this task as Resolved.Oct 25 2023, 1:05 PM
PatchDemoBot added a comment.Tue, Apr 23, 3:50 PM

Test wiki on Patch demo by DJacksonA using patch(es) linked to this task was deleted:

https://patchdemo.wmflabs.org/wikis/0ca007bc0f/w/

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. ยท Wikimedia Foundation ยท Privacy Policy ยท Code of Conduct ยท Terms of Use ยท Disclaimer ยท CC-BY-SA ยท GPL