Page MenuHomePhabricator
Create Task
Maniphest T351971

Check if client LinkItem widget leaks IP on the repo of the edited Item
Closed, ResolvedPublic
Actions

Assigned To
Lydia_Pintscher
Authored By
Lydia_Pintscher
Nov 26 2023, 12:57 PM
Tags
Referenced Files
F41791646: 2024-02-06-104958_532x326_scrot.png
Feb 6 2024, 10:05 AM
F41791614: 2024-02-06-102812_534x206_scrot.png
Feb 6 2024, 10:05 AM
F41791606: 2024-02-06-102552_518x298_scrot.png
Feb 6 2024, 10:05 AM
F41791597: 2024-02-06-102419_427x225_scrot.png
Feb 6 2024, 10:05 AM
Subscribers
Aklapper
ArthurTaylor
Bugreporter
Lydia_Pintscher

Description

Problem:
When an editor connects a Wikipedia article with an Item from the client we make an edit for them. We need to check if we are leaking their IP in case they are not logged in and IP masking is enabled on the repo.

If we are leaking the editor's IP through the LinkItem widget and temporary accounts are enabled on the repo, we must not leak it and add entry with their temporary account name instead to the edit history of the Item.

BDD
GIVEN a Wikipedia article
AND a user who isn't logged in
AND Temporary Accounts are enabled
WHEN connecting it to an Item from the client
THEN the connected Item is edited
AND an entry with their temporary account name is added to the edit history of the Item

Acceptance criteria:

  • IP is not leaked for editors using the client LinkItem widget if IP masking is enabled on the repo

Open questions:

  • Do we show IP leak warnings here? If yes we should have a new ticket for removing that warning if IP masking is enabled on the repo.

Related Objects
Search...

Event Timeline

Lydia_Pintscher created this task.Nov 26 2023, 12:57 PM
Arian_Bozorg moved this task from Incoming to Product Backlog on the Wikidata Dev Team board.Dec 5 2023, 3:15 PM
karapayneWMDE moved this task from Product Backlog to Unified DOT Backlog on the Wikidata Dev Team board.Dec 19 2023, 2:00 PM
karapayneWMDE moved this task from Unified DOT Backlog to Product Backlog on the Wikidata Dev Team board.
Arian_Bozorg updated the task description. (Show Details)Jan 15 2024, 4:32 PM
Bugreporter subscribed.Jan 26 2024, 3:37 AM

Currently the add links widget is not enabled if user is not logged in in client (T140661: enable add links widget for anonymous users), and widget will also check whether the user is logged in in repo. If temp accounts is enabled and user with temp account treated as logged in some strange behavior may happen unless that task is properly fixed (the widget will not be enabled until a temporary account is created, and before a temp account is also created in Wikidata, the add link widget is nonfunctional until a temp account is also created in Wikidata).

ArthurTaylor claimed this task.Feb 5 2024, 8:57 AM
ArthurTaylor edited projects, added Wikidata Dev Team (Wikidata.org Slice); removed Wikidata Dev Team.
ArthurTaylor moved this task from In Task Breakdown to In Development on the Wikidata Dev Team (Wikidata.org Slice) board.
ArthurTaylor added a comment.EditedFeb 6 2024, 10:05 AM

Did some additional investigation of this ticket.

Test case 1 - TempUser enabled on Client and Repo

Client (dewikidev): wgAutoCreateTempUser['enabled'] = true;
Repo (wikidatawikidev): wgAutoCreateTempUser['enabled'] = true;
Create a new test page on Client (dewikidev) and a new test item on Repo (wikidatawikidev)

  1. Open a new Private window - Client (dewikidev): not logged in, Repo (wikidatadev): not logged in
  2. On Client (dewikidev), clicking Add interlanguage links redirects to 'Special:NewItem' on Repo (wikidatawikidev).
  3. Log in to Client - Client (dewikidev): logged in, Repo (wikidatadev): not logged in
  4. On Client (dewikidev), clicking Links auf Artikel in anderen Sprachen bearbeiten opens the termbox pop-up:
    2024-02-06-102419_427x225_scrot.png (225×427 px, 12 KB)
  5. Log in to Repo - Client (dewikidev): logged in, Repo (wikidatadev): logged in
  6. On Client (dewikidev), clicking Links auf Artikel in anderen Sprachen bearbeiten opens the termbox pop-up:
    2024-02-06-102552_518x298_scrot.png (298×518 px, 17 KB)
  7. Fill out the modal dialog to create a link to the test item.
    2024-02-06-102812_534x206_scrot.png (206×534 px, 22 KB)
  8. Reload the page on Client (dewikidev). Clicking Links auf Artikel in anderen Sprachen bearbeiten redirects directly to the item page on Repo (wikidatawikidev).

History on Repo shows link item created by logged-in user.

Test case 2 - TempUser enabled on Client, but not enabled on Repo

Client (dewikidev): wgAutoCreateTempUser['enabled'] = true;
Repo (wikidatawikidev): wgAutoCreateTempUser['enabled'] = false;
Create a new test page on Client (dewikidev) and a new test item on Repo (wikidatawikidev)

  1. Open a new Private window - Client (dewikidev): not logged in, Repo (wikidatadev): not logged in
  2. On Client (dewikidev), clicking Add interlanguage links redirects to 'Special:NewItem' on Repo (wikidatawikidev).
  3. Log in to Client - Client (dewikidev): logged in, Repo (wikidatadev): not logged in
  4. On Client (dewikidev), clicking Links auf Artikel in anderen Sprachen bearbeiten opens the termbox pop-up:
    2024-02-06-102419_427x225_scrot.png (225×427 px, 12 KB)
  5. Log in to Repo - Client (dewikidev): logged in, Repo (wikidatadev): logged in
  6. On Client (dewikidev), clicking Links auf Artikel in anderen Sprachen bearbeiten opens the termbox pop-up:
    2024-02-06-102552_518x298_scrot.png (298×518 px, 17 KB)
  7. Fill out the modal dialog to create a link to the test item.
    2024-02-06-102812_534x206_scrot.png (206×534 px, 22 KB)
  8. Reload the page on Client (dewikidev). Clicking Links auf Artikel in anderen Sprachen bearbeiten redirects directly to the item page on Repo (wikidatawikidev).

History on Repo shows link item created by logged-in user.

Test case 3 - TempUser not enabled on Client, but enabled on Repo

Client (dewikidev): wgAutoCreateTempUser['enabled'] = false;
Repo (wikidatawikidev): wgAutoCreateTempUser['enabled'] = true;
Create a new test page on Client (dewikidev) and a new test item on Repo (wikidatawikidev)

  1. Open a new Private window - Client (dewikidev): not logged in, Repo (wikidatadev): not logged in
  2. On Client (dewikidev), clicking Add interlanguage links redirects to 'Special:NewItem' on Repo (wikidatawikidev).
  3. Log in to Client - Client (dewikidev): logged in, Repo (wikidatadev): not logged in
  4. On Client (dewikidev), clicking Links auf Artikel in anderen Sprachen bearbeiten opens the termbox pop-up:
    2024-02-06-102419_427x225_scrot.png (225×427 px, 12 KB)
  5. On Repo (wikidatawikidev) edit a property as a tempuser - Client (dewikidev): logged in, Repo (wikidatadev): TempUser
  6. On Client (dewikidev), clicking Links auf Artikel in anderen Sprachen bearbeiten opens the termbox pop-up:
    2024-02-06-102552_518x298_scrot.png (298×518 px, 17 KB)
  7. Fill out the modal dialog to create a link to the test item.
    2024-02-06-104958_532x326_scrot.png (326×532 px, 25 KB)
    Visual error in UI and JSON error returned by API.
  8. Log in to Repo - Client (dewikidev): logged in, Repo (wikidatadev): logged in
  9. On Client (dewikidev), clicking Links auf Artikel in anderen Sprachen bearbeiten opens the termbox pop-up:
    2024-02-06-102552_518x298_scrot.png (298×518 px, 17 KB)
  10. Fill out the modal dialog to create a link to the test item.
    2024-02-06-102812_534x206_scrot.png (206×534 px, 22 KB)
  11. Reload the page on Client (dewikidev). Clicking Links auf Artikel in anderen Sprachen bearbeiten redirects directly to the item page on Repo (wikidatawikidev).

History on Repo shows link item created by logged-in user.

JSON Error detail:

json
{
	"error": {
		"code": "assertnameduserfailed",
		"info": "You are no longer logged in as \"Admin\", so the action could not be completed.",
		"*": "See http://wikidatawikidev.mediawiki.mwdd.localhost:8080/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes."
	}
}
ArthurTaylor added a comment.Feb 6 2024, 10:10 AM

Based on the test cases, I would say that the Acceptance Criteria are met by the current implementation - the IP Address is not leaked, because the LinkItem widget either doesn't show up or doesn't work unless both Client and Repo are logged in as the same user. But of course we might want a nicer behaviour / error message for Test Case 3.

ArthurTaylor reassigned this task from ArthurTaylor to Lydia_Pintscher.Feb 6 2024, 10:10 AM
ArthurTaylor moved this task from In Development to Product Verification on the Wikidata Dev Team (Wikidata.org Slice) board.
ArthurTaylor subscribed.
Lydia_Pintscher closed this task as Resolved.Feb 6 2024, 11:33 AM
Lydia_Pintscher moved this task from Product Verification to Done on the Wikidata Dev Team (Wikidata.org Slice) board.

\o/
Thank you. This is good enough for us.

Maintenance_bot moved this task from Incoming to Ongoing on the wmde-wikidata-tech board.Feb 6 2024, 11:43 AM
ArthurTaylor mentioned this in T357500: Perform necessary redirect after linking items with the link-item widget.Feb 21 2024, 1:56 PM
Lucas_Werkmeister_WMDE mentioned this in T351968: Update Wikidata-related extensions for IP Masking.Mar 5 2024, 4:39 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL