Page MenuHomePhabricator
Create Task
Maniphest T353367

Deprecate IP handling in `User::mailPasswordInternal` hook
Open, Needs TriagePublic
Actions

Description

PasswordReset class uses User::getRequest() to retrieve the user IP, that later is used in User::mailPasswordInternal hook, and the in the log statement.
With T353339 we will be able to inject request IP into logs, therefore the second remaining use is the User::mailPasswordInternal hook.

After a quick check of https://codesearch.wmcloud.org/search/?q=User%3A%3AmailPasswordInternal&files=&excludeFiles=&repos= I see only CheckUser extension uses this hook, and what more - doesn't use the $ip. Furthermore, IMHO, if some extension that listens to that hook really needs the IP, they can already get it via RequestContext::getMain()

PasswordReset is used in three places:

  • api/ResetUserPassword where we have a request and we can retrieve the $ip
  • SpecialPasswordReset that can be visited in browser and we can retrieve the $ip of caller
  • maintenance/resetUserEmail where we don't have the IP as this is CLI script

As PasswordReset can be triggered via CLI and at this moment I do not see a valid purpose for providing this variable I vote to drop support for it - keep the $ip as param, but leave it as empty string unless we have a better way to deprecate params in Hooks.

Details

SubjectRepoBranchLines +/-
DNM: Pass the client IP to PasswordResetmediawiki/coremaster+16 -6
Customize query in gerrit

Related Objects
Search...

Event Timeline

pmiazga created this task.Dec 13 2023, 7:23 PM
pmiazga added subscribers: daniel, Tgr.

@daniel @Tgr @Krinkle - do you have any thoughts on this?

pmiazga removed a project: MediaWiki CodeJam Dec 2023.Dec 13 2023, 7:25 PM
gerritbot added a comment.Dec 13 2023, 7:34 PM

Change 982907 had a related patch set uploaded (by Pmiazga; author: Pmiazga):

[mediawiki/core@master] DNM: Pass the client IP to PasswordReset

https://gerrit.wikimedia.org/r/982907

gerritbot added a project: Patch-For-Review.Dec 13 2023, 7:34 PM
Tgr added a comment.Dec 13 2023, 8:31 PM

CheckUser just ignores the IP passed by the hook and uses the IP from RequestContext instead. I think that's generally fine - it shouldn't be possible for the two IPs to differ, so it doesn't need to be passed explicitly by the hook. In theory someone could call User::newFromSession( $request ) with a fabricated request, maybe as a part of an internal API request, and then it would have significance, but it seems very unlikely to happen in practice.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL