Page MenuHomePhabricator

Warn if blocking both IPs and accounts when using Special:InvestigateBlock
Closed, ResolvedPublic2 Estimated Story Points

Assigned To
Authored By
Dreamy_Jazz
Apr 15 2024, 4:06 PM
Referenced Files
F49884055: image.png
Fri, May 3, 9:25 PM
F49884012: image.png
Fri, May 3, 9:25 PM
F49878681: image.png
Fri, May 3, 9:25 PM
F49878369: image.png
Fri, May 3, 9:25 PM
F49878301: image.png
Fri, May 3, 9:25 PM
F49877760: image.png
Fri, May 3, 9:25 PM
F49877084: image.png
Fri, May 3, 9:25 PM
F49877045: image.png
Fri, May 3, 9:25 PM

Description

When using Special:InvestigateBlock to block both IPs and accounts in the same usage of the form, a warning should be displayed to the checkuser to avoid blocking them at the same time.

This is because https://foundation.wikimedia.org/wiki/Policy:Access_to_nonpublic_personal_data_policy places limits on when a checkuser can connect a specific IP address and an account. Because block logs are public, the usage of the form for both accounts and IPs creates the issue that the logs are performed at the same time and with the same reason.

As such, we should warn the user if they attempt to do this. We should still allow them for the use case of third-party wikis and because the IP may have already been disclosed (and therefore the use of the form doesn't break ANDP).

Event Timeline

Change #1022199 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Warn if blocking accounts and IPs in Special:InvestigateBlock

https://gerrit.wikimedia.org/r/1022199

Change #1022199 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Warn if blocking accounts and IPs in Special:InvestigateBlock

https://gerrit.wikimedia.org/r/1022199

Suggested QA steps for either patch demo or local wiki:

  1. Load Special:InvestigateBlock while logged into an account with the checkuser and sysop groups
  2. Enter a username and an IP address into the Usernames and IP addresses input box
  3. Fill out the rest of the form and press submit
  4. Verify that the following is displayed at the top of the form (and that the targets are not blocked yet):

image.png (131×720 px, 11 KB)

  1. Go to the bottom of the form and press submit again
  2. Verify that the form did not submit and the warning is still shown
  3. Check Confirm blocks (near the submit button) and submit the form again
  4. Verify that the form successfully submitted and the targets are blocked
  5. Load Special:InvestigateBlock again
  6. Fill the Usernames and IP addresses input box with a number of IP addresses
  7. Verify that the error text in step 4 is not shown when pressing submit
  8. Repeat steps 9 to 11, but in step 10 fill the input box with usernames of existing accounts

Change #1025812 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/WikimediaMessages@master] Provide Wikimedia specific text for InvestigateBlock targets warning

https://gerrit.wikimedia.org/r/1025812

Change #1025812 merged by jenkins-bot:

[mediawiki/extensions/WikimediaMessages@master] Provide Wikimedia specific text for InvestigateBlock targets warning

https://gerrit.wikimedia.org/r/1025812

I have verified the new code has been implemented and is functioning and displaying as expected... Thank You @Dreamy_Jazz!!!

image.png (908×1 px, 80 KB)

image.png (211×1 px, 26 KB)

image.png (871×1 px, 104 KB)

image.png (866×1 px, 66 KB)

image.png (238×1 px, 23 KB)

image.png (981×1 px, 136 KB)

image.png (836×1 px, 65 KB)

image.png (216×973 px, 22 KB)

image.png (951×1 px, 131 KB)

image.png (708×916 px, 164 KB)

image.png (908×519 px, 300 KB)