Page MenuHomePhabricator
Create Task
Maniphest T362548

Warn if blocking both IPs and accounts when using Special:InvestigateBlock
Closed, ResolvedPublic2 Estimated Story Points
Actions

Assigned To
Dreamy_Jazz
Authored By
Dreamy_Jazz
Apr 15 2024, 4:06 PM
Tags
Referenced Files
F49884055: image.png
May 3 2024, 9:25 PM
F49884012: image.png
May 3 2024, 9:25 PM
F49878681: image.png
May 3 2024, 9:25 PM
F49878369: image.png
May 3 2024, 9:25 PM
F49878301: image.png
May 3 2024, 9:25 PM
F49877760: image.png
May 3 2024, 9:25 PM
F49877084: image.png
May 3 2024, 9:25 PM
F49877045: image.png
May 3 2024, 9:25 PM
View All 12 Files
Subscribers
Aklapper
Djackson-ctr
Dreamy_Jazz

Description

When using Special:InvestigateBlock to block both IPs and accounts in the same usage of the form, a warning should be displayed to the checkuser to avoid blocking them at the same time.

This is because https://foundation.wikimedia.org/wiki/Policy:Access_to_nonpublic_personal_data_policy places limits on when a checkuser can connect a specific IP address and an account. Because block logs are public, the usage of the form for both accounts and IPs creates the issue that the logs are performed at the same time and with the same reason.

As such, we should warn the user if they attempt to do this. We should still allow them for the use case of third-party wikis and because the IP may have already been disclosed (and therefore the use of the form doesn't break ANDP).

Details

SubjectRepoBranchLines +/-
Provide Wikimedia specific text for InvestigateBlock targets warningmediawiki/extensions/WikimediaMessagesmaster+4 -0
Warn if blocking accounts and IPs in Special:InvestigateBlockmediawiki/extensions/CheckUsermaster+159 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Dreamy_Jazz created this task.Apr 15 2024, 4:06 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 15 2024, 4:06 PM
Dreamy_Jazz mentioned this in T313448: Allow Special:InvestigateBlock to have seperate reasons for IPs and accounts.Apr 15 2024, 4:06 PM
Dreamy_Jazz mentioned this in T313449: Allow Special:InvestigateBlock to have seperate notices for IPs and accounts.
Dreamy_Jazz mentioned this in T313450: Separate out when the blocks are made for IPs and users in Special:InvestigateBlock.
Dreamy_Jazz mentioned this in T362569: Test SpecialInvestigateBlock.Apr 15 2024, 6:22 PM
Dreamy_Jazz removed a project: Epic.Apr 15 2024, 8:07 PM
Dreamy_Jazz moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Tabla (1st - 14th April)) board.Apr 19 2024, 5:40 PM
Dreamy_Jazz set the point value for this task to 2.
gerritbot added a comment.Apr 19 2024, 10:01 PM

Change #1022199 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Warn if blocking accounts and IPs in Special:InvestigateBlock

https://gerrit.wikimedia.org/r/1022199

gerritbot added a project: Patch-For-Review.Apr 19 2024, 10:01 PM
Dreamy_Jazz closed subtask T362569: Test SpecialInvestigateBlock as Resolved.Apr 23 2024, 10:52 AM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Kazoo (Jan 29 - Feb 9 2024)); removed Trust and Safety Product Sprint (Sprint Tabla (1st - 14th April)).Apr 23 2024, 10:55 AM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)); removed Trust and Safety Product Sprint (Sprint Kazoo (Jan 29 - Feb 9 2024)).Apr 23 2024, 10:58 AM
Dreamy_Jazz moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.Apr 23 2024, 1:14 PM
Dreamy_Jazz moved this task from In Progress to Priority Backlog on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.Apr 24 2024, 6:27 PM
Dreamy_Jazz closed subtask T362862: Provide two links from Special:Investigate to Special:InvestigateBlock (one for accounts and one for IPs) as Resolved.Apr 25 2024, 6:41 AM
Dreamy_Jazz moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.Apr 26 2024, 10:03 AM
Dreamy_Jazz moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.Apr 26 2024, 1:50 PM
gerritbot added a comment.Apr 30 2024, 5:59 AM

Change #1022199 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Warn if blocking accounts and IPs in Special:InvestigateBlock

https://gerrit.wikimedia.org/r/1022199

Maintenance_bot removed a project: Patch-For-Review.Apr 30 2024, 6:30 AM
ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.4; 2024-05-07).Apr 30 2024, 7:00 AM
Dreamy_Jazz moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.Apr 30 2024, 9:22 AM
Dreamy_Jazz added a comment.Apr 30 2024, 3:12 PM

Suggested QA steps for either patch demo or local wiki:

  1. Load Special:InvestigateBlock while logged into an account with the checkuser and sysop groups
  2. Enter a username and an IP address into the Usernames and IP addresses input box
  3. Fill out the rest of the form and press submit
  4. Verify that the following is displayed at the top of the form (and that the targets are not blocked yet):

image.png (131×720 px, 11 KB)

  1. Go to the bottom of the form and press submit again
  2. Verify that the form did not submit and the warning is still shown
  3. Check Confirm blocks (near the submit button) and submit the form again
  4. Verify that the form successfully submitted and the targets are blocked
  5. Load Special:InvestigateBlock again
  6. Fill the Usernames and IP addresses input box with a number of IP addresses
  7. Verify that the error text in step 4 is not shown when pressing submit
  8. Repeat steps 9 to 11, but in step 10 fill the input box with usernames of existing accounts
gerritbot added a comment.Apr 30 2024, 4:24 PM

Change #1025812 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/WikimediaMessages@master] Provide Wikimedia specific text for InvestigateBlock targets warning

https://gerrit.wikimedia.org/r/1025812

gerritbot added a project: Patch-For-Review.Apr 30 2024, 4:24 PM
gerritbot added a comment.Apr 30 2024, 5:10 PM

Change #1025812 merged by jenkins-bot:

[mediawiki/extensions/WikimediaMessages@master] Provide Wikimedia specific text for InvestigateBlock targets warning

https://gerrit.wikimedia.org/r/1025812

Maintenance_bot removed a project: Patch-For-Review.Apr 30 2024, 5:30 PM
Djackson-ctr subscribed.May 3 2024, 9:25 PM

I have verified the new code has been implemented and is functioning and displaying as expected... Thank You @Dreamy_Jazz!!!

image.png (908×1 px, 80 KB)

image.png (211×1 px, 26 KB)

image.png (871×1 px, 104 KB)

image.png (866×1 px, 66 KB)

image.png (238×1 px, 23 KB)

image.png (981×1 px, 136 KB)

image.png (836×1 px, 65 KB)

image.png (216×973 px, 22 KB)

image.png (951×1 px, 131 KB)

image.png (708×916 px, 164 KB)

image.png (908×519 px, 300 KB)

Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.May 3 2024, 9:29 PM
Dreamy_Jazz closed this task as Resolved.May 13 2024, 9:20 AM
Dreamy_Jazz moved this task from General / Unsorted to Investigate on the CheckUser board.May 28 2024, 4:49 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits