Page MenuHomePhabricator
Create Task
Maniphest T370083

On Special:Log, IP reveal fails if the temp user is the not the performer of the log
Closed, ResolvedPublic
Actions

Assigned To
Dreamy_Jazz
Authored By
Tchanders
Jul 15 2024, 5:13 PM
Tags
Referenced Files
F58257123: ip_reveal_move_rev_history.png
Jan 23 2025, 9:40 AM
F58257121: ip_reveal_move_log.png
Jan 23 2025, 9:40 AM
F56507202: image.png
Jul 19 2024, 7:43 AM
F56442202: image.png
Jul 15 2024, 5:13 PM
F56441954: image.png
Jul 15 2024, 5:13 PM
F56441952: image.png
Jul 15 2024, 5:13 PM
Subscribers
Aklapper
Djackson-ctr
dom_walden
Dreamy_Jazz
JJMC89
Johannnes89
kostajh
View All 13 Subscribers

Description

Example

Log line where a temporary user is the target:

image.png (85×873 px, 31 KB)

Clicking on "Show IP" reveals "(unavailable)":

image.png (85×873 px, 32 KB)

What's happening

This is because the IP is looked up using rest.php/checkuser/v0/temporaryaccount/{name}/logs/{ids}, which looks for an IP where the performer is the temporary account and the log ID is the log ID from the HTML attribute of the log line. However, the performer in this example is actually Admin, so the lookup finds nothing.

What should happen

The target's IP is not logged (it can't be since they're not actually performing a request). So the button should not appear if the temporary user is the target.

How can we do this

It's not easy to infer whether the temporary userlink refers to the performer or the target based on the log line. Sometimes the temp user is the only user link despite not being the performer, e.g. this example:

image.png (58×764 px, 16 KB)

However, we do have access to the log action (e.g. block/block, newusers/autocreate for the above examples). There doesn't appear to be much that a temporary account can do that is a loggable action. (On my local instance, the only entry in cu_log_event for a temporary account with a temp user performer is an account creation, which we don't log any more since T364716: Do not show link between named account and temporary account in RecentChanges and Special:Log).

Could we do one of the following?

  • Stop adding the reveal IP buttons on Special:Log
  • Audit which log actions could be performed by a temporary account and only add the reveal IP buttons for those actions

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Support temp account IP reveal for logs in RC feedsmediawiki/extensions/CheckUsermaster+134 -66
extension.json: Mark as requiring MW 1.44.0mediawiki/extensions/CheckUsermaster+1 -1
Add "Show IP" button for temp account performers on Special:Logmediawiki/extensions/CheckUsermaster+257 -17
Add ChangesListInsertLogEntry hookmediawiki/coremaster+144 -17
Define Title::isSpecialPage in MockTitleTrait::makeMockTitlemediawiki/coremaster+1 -0
Prevent IP reveal buttons from being added to Special:Logmediawiki/extensions/CheckUsermaster+2 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tchanders created this task.Jul 15 2024, 5:13 PM
Tchanders renamed this task from On Special:Log, IP reveal fails if the temp user is the subject of the log to On Special:Log, IP reveal fails if the temp user is the not the performer of the log.
Tchanders added a project: Trust and Safety Product Sprint (Sprint Koto (July 15 - July 26)).
Tchanders moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Koto (July 15 - July 26)) board.Jul 17 2024, 6:25 PM
Tchanders added a comment.Jul 17 2024, 6:28 PM

Ahead of testwiki deployment, lets do:

  • Stop adding the reveal IP buttons on Special:Log

Then we can see if we get any requests to add any back.

gerritbot added a comment.Jul 17 2024, 6:36 PM

Change #1054925 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/CheckUser@master] Prevent IP reveal buttons from being added to Special:Log

https://gerrit.wikimedia.org/r/1054925

gerritbot added a project: Patch-For-Review.Jul 17 2024, 6:36 PM
JJMC89 subscribed.Jul 17 2024, 6:56 PM
In T370083#9992140, @Tchanders wrote:

Ahead of testwiki deployment, lets do:

  • Stop adding the reveal IP buttons on Special:Log

The issue here is with the target. We should still be able to reveal the IP when a temp user is the performer.

Tchanders added a comment.Jul 17 2024, 9:09 PM

@JJMC89 This is true, but we haven't found examples yet of logged actions (actions with a log ID that are saved to the cu_log_event table) where a temporary account can be the performer. (Happy to be corrected!)

Examples we know of where the temp account could be the performer:

  • autocreate log: this isn't saved to the cu_log_eventtable with production config settings
  • page creation: this isn't saved to the cu_log_event table
  • actions like uploading or moving: temp accounts can't do this

... All of these should have an accompanying revision, so the IP can be found by looking at the history of contributions pages

At the moment, Special:Log is full of confusing buttons (that reveal unavailable) because it's very common for the temporary account to be the target. It seems better to have no buttons than to have buttons next to all of the temp account user links.

If we do find logged actions where temporary accounts could be the performer - and the IP is available - we could make a list of these actions and add the buttons back for these actions only.

JJMC89 added a comment.Jul 17 2024, 9:25 PM

You'd never have data for the target, so I don't know why the buttons are there for those.

What temp users can do is configurable. If the temp user group is granted additional rights, I'd expect relevant events to be in cu_log_event. While this may not be relevant for WMF production, other MW instances may configure temp differently.

Tchanders moved this task from Ready to Needs Review on the Trust and Safety Product Sprint (Sprint Koto (July 15 - July 26)) board.Jul 18 2024, 7:26 AM

You'd never have data for the target, so I don't know why the buttons are there for those.

At the moment CheckUser adds buttons next to any user link with the mw-tempuserlink class. Currently, we can only enable or disable this by page, so it can add buttons next to all temp user links on Special:Log or none of them.

What temp users can do is configurable. If the temp user group is granted additional rights, I'd expect relevant events to be in cu_log_event. While this may not be relevant for WMF production, other MW instances may configure temp differently.

This makes sense. It would require working out some way to indicate which is the target and which is the performer, possibly by adding something in the HTML.

For a quick fix that improves the page in time for deploying to testwiki, I think we should remove the buttons for now.

But let's keep the task open to allow a longer-term fix where we add the buttons in, only if:

  • the temp account is the performer
  • the log type can have a cu_log_event entry
Tchanders claimed this task.Jul 18 2024, 7:27 AM
Dreamy_Jazz moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Koto (July 15 - July 26)) board.Jul 18 2024, 8:48 AM
gerritbot added a comment.Jul 18 2024, 8:55 AM

Change #1054925 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Prevent IP reveal buttons from being added to Special:Log

https://gerrit.wikimedia.org/r/1054925

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.15; 2024-07-23).Jul 18 2024, 9:00 AM
Maintenance_bot removed a project: Patch-For-Review.Jul 18 2024, 9:30 AM
Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Koto (July 15 - July 26)) board.Jul 19 2024, 7:43 AM
Djackson-ctr subscribed.

I have verified the new code has been implemented and is functioning and displaying as expected.

image.png (93×1 px, 15 KB)

Tchanders edited projects, added Trust and Safety Product Team; removed Trust and Safety Product Sprint (Sprint Koto (July 15 - July 26)).Jul 19 2024, 8:14 AM
Dreamy_Jazz moved this task from Inbox to Temporary account IP reveal on the CheckUser board.Jul 22 2024, 10:26 AM
kostajh added a project: Trust and Safety Product Sprint.Aug 14 2024, 3:54 PM
In T370083#9993503, @Tchanders wrote:

But let's keep the task open to allow a longer-term fix where we add the buttons in, only if:

  • the temp account is the performer
  • the log type can have a cu_log_event entry

Adding to sprint board for this follow up work.

Dreamy_Jazz mentioned this in T357523: Temporary account IP reveal fails for log entries that are for the creation of a page.Aug 19 2024, 2:15 PM
kostajh removed Tchanders as the assignee of this task.Sep 10 2024, 12:05 PM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)); removed Trust and Safety Product Sprint.
kostajh moved this task from Inbox to Backlog on the Temporary accounts board.
kostajh edited projects, added Trust and Safety Product Sprint; removed Trust and Safety Product Sprint (Sprint Theremin (Aug 26 - Sept. 6)).Sep 16 2024, 10:05 AM

We don't need this for pilot wiki deployment, so moving out of current sprint.

Dreamy_Jazz mentioned this in T379495: Special:BlockList reveals an arbitrary Temporary user IP.Nov 11 2024, 10:52 AM
Dreamy_Jazz mentioned this in T379493: Show IP button shows for block entries on Special:RecentChanges where a Temporary account is referenced.EditedNov 11 2024, 11:21 AM
Dreamy_Jazz merged a task: T379493: Show IP button shows for block entries on Special:RecentChanges where a Temporary account is referenced.
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15); removed Trust and Safety Product Sprint.
Dreamy_Jazz added subscribers: Urbanecm, mdaniels5757, XXBlackburnXx, Johannnes89.

It appears that the short-term fix of hiding the "Show IP" button on the page did not work based on the filing of T379493.

Dreamy_Jazz mentioned this in T379494: Show IP button is missing for spamblacklist actions.Nov 11 2024, 11:27 AM
Dreamy_Jazz added a parent task: T379494: Show IP button is missing for spamblacklist actions.
Dreamy_Jazz mentioned this in T379583: Find and exclude special pages where temporary account IP reveal is not necessary.Nov 11 2024, 9:00 PM
Tchanders merged a task: T379493: Show IP button shows for block entries on Special:RecentChanges where a Temporary account is referenced.Nov 15 2024, 5:34 PM
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)); removed Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15).Nov 18 2024, 11:48 AM
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)); removed Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)).Nov 18 2024, 12:02 PM
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)); removed Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)).Nov 18 2024, 12:18 PM
Tchanders edited projects, added Temporary accounts (Major pilot wiki deployment); removed Temporary accounts.Nov 20 2024, 6:38 PM
Tchanders moved this task from Backlog to Planned on the Temporary accounts (Major pilot wiki deployment) board.Dec 5 2024, 4:49 PM
Dreamy_Jazz moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.Jan 10 2025, 9:18 PM
Dreamy_Jazz claimed this task.Jan 10 2025, 9:30 PM
Dreamy_Jazz moved this task from Ready to In Progress on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.

My current plan to make this work is:

  1. Implement the LogEventsListLineEnding hook to add a class to log event lines which should have the IP reveal button. This would be defined by looking for actions performed by a temporary account and also maybe checking an list to restrict this to specific log types.
  2. Add JS code which looks for this class on Special:Log and then adds the "Show IP" button to only the first temporary account username, as any other usernames present are likely the target
gerritbot added a comment.Jan 10 2025, 9:56 PM

Change #1109774 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [Very WIP] Add "Show IP" button in Special:Log for performers

https://gerrit.wikimedia.org/r/1109774

gerritbot added a project: Patch-For-Review.Jan 10 2025, 9:56 PM
gerritbot added a comment.Jan 15 2025, 11:13 AM

Change #1111591 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/core@master] Define Title::isSpecialPage in MockTitleTrait::makeMockTitle

https://gerrit.wikimedia.org/r/1111591

gerritbot added a comment.Jan 15 2025, 12:50 PM

Change #1111591 merged by jenkins-bot:

[mediawiki/core@master] Define Title::isSpecialPage in MockTitleTrait::makeMockTitle

https://gerrit.wikimedia.org/r/1111591

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.13; 2025-01-21).Jan 15 2025, 1:00 PM
Dreamy_Jazz moved this task from Sprint Chimes (Dec. 9 - Jan. 17) to Sprint Tuba (Jan 20 - Feb 7) on the Trust and Safety Product Sprint board.Jan 15 2025, 2:55 PM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)); removed Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)).
Dreamy_Jazz moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.
gerritbot added a comment.Jan 15 2025, 5:04 PM

Change #1111665 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/core@master] Add ChangesListInsertLogEntry hook

https://gerrit.wikimedia.org/r/1111665

gerritbot added a comment.Jan 15 2025, 5:16 PM

Change #1111669 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Support temp account IP reveal for logs in RC feeds

https://gerrit.wikimedia.org/r/1111669

Dreamy_Jazz added a comment.Jan 15 2025, 5:20 PM

To properly fix this, we also need to fix Special:RecentChanges which has the same issues as Special:Log. This involves some extra patches and expands the scope of this task, but I don't think by too much.

Dreamy_Jazz moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.Jan 16 2025, 2:31 PM
gerritbot added a comment.Jan 16 2025, 5:17 PM

Change #1111665 merged by jenkins-bot:

[mediawiki/core@master] Add ChangesListInsertLogEntry hook

https://gerrit.wikimedia.org/r/1111665

gerritbot added a comment.Jan 16 2025, 5:20 PM

Change #1109774 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Add "Show IP" button for temp account performers on Special:Log

https://gerrit.wikimedia.org/r/1109774

gerritbot added a comment.Jan 17 2025, 12:06 PM

Change #1111669 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Support temp account IP reveal for logs in RC feeds

https://gerrit.wikimedia.org/r/1111669

Maintenance_bot removed a project: Patch-For-Review.Jan 17 2025, 12:30 PM
Dreamy_Jazz moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.Jan 17 2025, 1:20 PM

To QA this task, I would suggest the following:

  1. Perform a variety of actions that produce log entries using temporary account(s) (creating a page, moving a page, triggering a rule defined by the SpamBlacklist extension when $wgLogSpamBlacklistHits is true). You should at least move a page for this testing steps.
  2. Make at least one testing edit using a temporary account
  3. Block a temporary account using an admin account
  4. Open Special:Log using an account which has the rights to see temporary account IP addresses
  5. Verify that the "Show IP" buttons are only shown next to temporary account which performed the log entry. All other log entries, including when the log entry has the target as a temporary account (such as the block of a temporary account), should not have the "Show IP" button.
    1. Note: The spambacklist log is restricted, so you need to have the spamblacklistlog right and then filter for these logs in Special:Log to see them
  6. Click these buttons and verify that IP addresses appear
    1. Note: The revealing of the IP address for a temporary account auto-creation is being worked on in T383708, so may not display an IP address at this time (so you can ignore this log entry).
  7. Open Special:RecentChanges
  8. For log entries that are performed by a temporary account there should be the "Show IP" button present or the IP address if you have revealed the IP of that temporary account in step 4
  9. Test any "Show IP" buttons on the page to ensure that they work
  10. Ensure that the "Show IP" buttons for revisions made by temporary accounts continue to work the same as before this task
  11. Visit Special:MovePage and enter the old title for the page that the temporary account moved in step 1
  12. Scroll down and you should find a log extract for the move log.
  13. Verify that either the "Show IP" button is present or the revealed IP if you had revealed the IP of that temporary account in either step 4 or 8. If a button is present, then click it to show the IP.
dom_walden subscribed.Jan 23 2025, 9:40 AM

@Dreamy_Jazz I feel like this is a known issue, but just wanted to check.

If I move a page as a temp account, I can see IP Reveal information for the move log entry but not for the associated revision in the moved page's history:

ip_reveal_move_log.png (98×1 px, 23 KB)

ip_reveal_move_rev_history.png (372×1 px, 90 KB)

Dreamy_Jazz added a comment.Jan 23 2025, 10:23 AM
In T370083#10487925, @dom_walden wrote:

@Dreamy_Jazz I feel like this is a known issue, but just wanted to check.

If I move a page as a temp account, I can see IP Reveal information for the move log entry but not for the associated revision in the moved page's history:

ip_reveal_move_log.png (98×1 px, 23 KB)

ip_reveal_move_rev_history.png (372×1 px, 90 KB)

Yeah. This is a known issue. I filed T384228: No IP shown for IP reveal when revealing the IP for a revision created when moving a page a few days ago for this. Thanks for checking.

dom_walden moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)) board.Jan 24 2025, 12:15 PM

I wrote a script which took a random sample of log and recent changes entries and looked at them in Special:Log or Special:RecentChangesLinked respectively, checking that the IP Reveal did or did not appear as appropriate and that the IP it revealed was corrected.

I can also confirm that IP Reveal appears on Special:MovePage and for SpamBlacklist log entries.

Test environment: local docker CheckUser 2.5 (78eab55) 17:27, 23 January 2025 (latest tested).

Dreamy_Jazz closed this task as Resolved.Jan 24 2025, 1:28 PM
Reedy mentioned this in T389427: CheckUser Extension causes exception (fatal error) on wiki system pages (upload log, protections page, etc).Mar 19 2025, 9:42 PM
gerritbot added a comment.Mar 19 2025, 9:44 PM

Change #1129380 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/CheckUser@master] extension.json: Mark as requiring MW 1.44.0

https://gerrit.wikimedia.org/r/1129380

gerritbot added a project: Patch-For-Review.Mar 19 2025, 9:44 PM
gerritbot added a comment.Mar 19 2025, 10:21 PM

Change #1129380 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] extension.json: Mark as requiring MW 1.44.0

https://gerrit.wikimedia.org/r/1129380

Maintenance_bot removed a project: Patch-For-Review.Mar 19 2025, 10:30 PM
ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.22; 2025-03-25); removed MW-1.44-notes (1.44.0-wmf.13; 2025-01-21).Mar 19 2025, 11:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits