Page MenuHomePhabricator
Create Task
Maniphest T357974

Update CheckUser interfaces to autocreate a temporary account if an IP is running a check and temporary accounts are enabled
Open, LowPublic2 Estimated Story Points
Actions

Description

The CheckUserLogService is used to create a log entry in Special:CheckUserLog. This is done after a user makes a check using either the CheckUser API, Special:CheckUser, or Special:Investigate. However, these actions need an actor ID for the performer of the check which means that when a logged out user runs a check it will cause no log entry to be created.

To solve this we should update the CheckUser interfaces to create a temporary account as part of the check action. This means that the CheckUserLogService will not have a situation where it needs to create an actor ID for a IP address when temporary accounts are enabled.

While we could make it impossible for IPs to run checks, in {T346458} we made it possible to have checkuser logs for IP addresses running checks. Adding in an extra check (other than the checkuser user right) could complicate things on a private wiki.

Related Objects
Search...

Event Timeline

Dreamy_Jazz created this task.Feb 20 2024, 12:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 20 2024, 12:48 PM
Dreamy_Jazz added a parent task: T336477: [Epic] Update CheckUser for IP Masking.Feb 20 2024, 12:48 PM
Dreamy_Jazz updated the task description. (Show Details)Feb 20 2024, 4:31 PM
Dreamy_Jazz added projects: Trust and Safety Product Team, Trust and Safety Product Sprint (Sprint Piano (Feb 19th - 1st March)).
Dreamy_Jazz set the point value for this task to 2.
Dreamy_Jazz updated the task description. (Show Details)Feb 20 2024, 4:37 PM
Dreamy_Jazz moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Piano (Feb 19th - 1st March)) board.Feb 21 2024, 11:16 AM
Dreamy_Jazz added a parent task: T355879: Make PHPUnit, Selenium, and API testing tests pass with temp account feature flag enabled.Feb 21 2024, 12:37 PM
Dreamy_Jazz renamed this task from Update the CheckUserLogService to not try to acquire an actor ID for IP addresses to Update the CheckUser interfaces to autocreate a temporary account on a check to ensure an actor ID exists when creating a CheckUserLog and using temporary accounts.Feb 21 2024, 8:44 PM
Dreamy_Jazz removed a project: Trust and Safety Product Sprint (Sprint Piano (Feb 19th - 1st March)).
Dreamy_Jazz mentioned this in T358148: Fix test failures for CheckUser when temporary accounts are enabled.Feb 21 2024, 8:48 PM
Dreamy_Jazz renamed this task from Update the CheckUser interfaces to autocreate a temporary account on a check to ensure an actor ID exists when creating a CheckUserLog and using temporary accounts to Update CheckUser interfaces to autocreate a temporary account if an IP is running a check and temporary accounts are enabled.Feb 21 2024, 9:07 PM
Dreamy_Jazz removed a parent task: T355879: Make PHPUnit, Selenium, and API testing tests pass with temp account feature flag enabled.
Tchanders triaged this task as Low priority.Mar 1 2024, 10:59 AM
Tchanders subscribed.

We discussed that this would would put the codebase in a consistent state following {T346458}, but that it's not urgent and shouldn't block temp accounts deployment on WMF production sites.

T346458 was a bit of a security hole if a site was ever configures to allow IP users to use checkuser, since it then wouldn't log their access properly. But it's unlikely a site would be configured that way, so I don't think we need to work on this any time soon.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL