Page MenuHomePhabricator
Create Task
Maniphest T369688

Batch the requests to reveal temp account IP addresses
Closed, ResolvedPublic
Actions

Description

If you reveal IP addresses for temp accounts on e.g. a history page or RecentChanges/Watchlist, we remember which accounts you've already clicked "Show IP" for, and the next time you visit the history/RecentChanges/Watchlist page, we automatically re-reveal the IP address after making a POST request to fetch the data.

We use browser localStorage to keep track of which temp account IDs someone has clicked "Show IP" for. (We can't cache the IP itself in localStorage to avoid storing sensitive data in the user's browser.)

If you've clicked "reveal" for a bunch of accounts on a page, we make one request per account when loading the page. This can be inefficient if there are dozens or hundreds of accounts on a given page.

To improve on this, we could obtain a list of all the accounts that we should fetch IP information for, and batch them in a single request, generating any access logs as necessary.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Batch the requests to reveal temporary account IP addressesmediawiki/extensions/CheckUsermaster+578 -48
Separate out traits from temporary account REST handlersmediawiki/extensions/CheckUsermaster+469 -256
Customize query in gerrit

Related Objects
Search...

Event Timeline

kostajh created this task.Jul 10 2024, 7:42 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 10 2024, 7:42 AM
Tchanders added a parent task: T325238: [Epic] IP Address Reveal for Privileged Users.Jul 15 2024, 4:43 PM
Tchanders subscribed.Jul 19 2024, 11:02 AM

To improve on this, we could obtain a list of all the accounts that we should fetch IP information for, and batch them in a single request, generating any access logs as necessary.

Is the suggestion here to add a new API endpoint that can:

  • take a map of user names to revision/log IDs as input
  • return a map of user names to maps of rev/log IDs to IPs
  • perhaps include the latest IP for each user too?
Dreamy_Jazz moved this task from Inbox to Temporary account IP reveal on the CheckUser board.Jul 22 2024, 10:26 AM
Amdrel subscribed.Jul 25 2024, 12:20 AM
Amdrel claimed this task.Aug 21 2024, 12:02 AM
Amdrel changed the task status from Open to In Progress.Aug 22 2024, 6:46 PM
gerritbot added a comment.Sep 6 2024, 6:11 PM

Change #1071250 had a related patch set uploaded (by Amdrel; author: Amdrel):

[mediawiki/extensions/CheckUser@master] [WIP] Batch the requests to reveal temporary account IP addresses

https://gerrit.wikimedia.org/r/1071250

gerritbot added a project: Patch-For-Review.Sep 6 2024, 6:11 PM
kostajh mentioned this in T334712: Number of revisions looked up by IP reveal increases each time RecentChanges updates.Sep 10 2024, 1:24 PM
kostajh added a project: Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)).Sep 25 2024, 2:19 PM
kostajh moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)) board.
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15); removed Trust and Safety Product Sprint (Sprint Beatboxing (Sept 16-27)).Oct 8 2024, 10:14 AM
kostajh removed Amdrel as the assignee of this task.Oct 28 2024, 10:58 AM
kostajh moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15) board.
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)); removed Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15).Nov 18 2024, 11:43 AM
Tchanders moved this task from Priority Backlog to Needs review on the Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)) board.
Tchanders edited parent tasks, added: T358853: Temporary accounts: Automatically resolve temporary account names to IP addresses on displaying (auto reveal feature); removed: T325238: [Epic] IP Address Reveal for Privileged Users.Nov 28 2024, 4:22 PM
Tchanders claimed this task.Nov 28 2024, 8:55 PM
Tchanders moved this task from Needs review to Ready on the Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)) board.
Tchanders removed Tchanders as the assignee of this task.Dec 6 2024, 6:54 PM
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)); removed Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)).
kostajh moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.Dec 9 2024, 9:43 PM
Restricted Application added a project: Trust and Safety Product Team. · View Herald TranscriptDec 9 2024, 9:43 PM
Tchanders claimed this task.Jan 13 2025, 1:26 PM
Tchanders moved this task from Ready to In Progress on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.
mszabo moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.Jan 16 2025, 4:27 PM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)); removed Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)).Jan 17 2025, 12:25 PM
kostajh moved this task from Priority Backlog to Needs Review on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.
gerritbot added a comment.Jan 20 2025, 11:28 AM

Change #1112721 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/CheckUser@master] Separate out traits from temporary account REST handlers

https://gerrit.wikimedia.org/r/1112721

gerritbot added a comment.Jan 20 2025, 3:46 PM

Change #1112721 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Separate out traits from temporary account REST handlers

https://gerrit.wikimedia.org/r/1112721

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.13; 2025-01-21).Jan 20 2025, 4:00 PM
gerritbot added a comment.Jan 24 2025, 11:39 AM

Change #1071250 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Batch the requests to reveal temporary account IP addresses

https://gerrit.wikimedia.org/r/1071250

Dreamy_Jazz moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.Jan 24 2025, 11:40 AM
ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.14; 2025-01-28); removed MW-1.44-notes (1.44.0-wmf.13; 2025-01-21).Jan 24 2025, 12:00 PM
Maintenance_bot removed a project: Patch-For-Review.Jan 24 2025, 12:30 PM
kostajh mentioned this in T385546: When too many revisions are revealed at once using the IP reveal APIs, the request fails because the URL is too long.Feb 4 2025, 11:11 AM
Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.Feb 8 2025, 1:12 AM
Djackson-ctr subscribed.

QA is completed, I have verified the new code has been implemented and is functioning as expected (On a page with more than one "Show IP" button for the same temporary account: when the user selects one of those Show IP buttons, it will only produce one API request instead of multiple API requests for the same temporary account, also on a page refresh the new endpoint checkuser/v0/batch-temporary will be produced).

Tchanders closed this task as Resolved.Feb 10 2025, 9:26 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits