Page MenuHomePhabricator
Create Task
Maniphest T380920

Remove the AbuseFilter protected variables preference gate
Closed, ResolvedPublic
Actions

Description

Summary

AbuseFilter has a preference that needs to be checked for the user to be able to see protected variable values. This is no longer required after T387333: CheckUser should impose IP viewing restrictions on AbuseFilter's `unnamed_user_ip` protected variable and per WMF Legal saying we don't need this preference for other protected variables

Background

Acceptance criteria

  • Access to protected variable values does not require checking the AbuseFilter preference
  • The AbuseFilter preference used to gate access to protected variable values is removed
  • The preference values for the removed preference are cleaned up on WMF wikis using the associated maintenance script to avoid un-needed DB rows in the preference database tables

historical context

Adjust wording of "abusefilter-preference-protected-vars-view-agreement"

The i18n string for abusefilter-preference-protected-vars-view-agreement is currently Enable revealing IP addresses for temporary accounts in AbuseFilter. However, per the parent task, we'll have new protected variables that are not about revealing IP addresses. We should adjust this wording so that it is more generic.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Drop 'abusefilter-protected-vars-view-agreement' preferencemediawiki/extensions/AbuseFiltermaster+229 -316
Don't set 'abusefilter-protected-vars-view-agreement' preferencemediawiki/extensions/CheckUsermaster+5 -8
Drop AbuseFilter access change log handlingmediawiki/extensions/CheckUsermaster+5 -65
Customize query in gerrit

Related Objects
Search...

Event Timeline

kostajh created this task.Nov 26 2024, 8:42 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 26 2024, 8:42 PM
STran mentioned this in T381052: Investigate: Should we remove the preference check from AbuseFilter's protected variables implementation?.Nov 27 2024, 11:28 PM
kostajh moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)) board.Dec 3 2024, 7:46 AM
  • make the wording more generic ("Enable viewing protected variables")
  • include a link to documentation
kostajh added a subscriber: KColeman-WMF.Dec 3 2024, 7:48 AM
Dreamy_Jazz added a comment.Dec 9 2024, 11:48 AM

We may need to consider if this preference text needs to be similar to the one provided by CheckUser on WMF wikis.

Dreamy_Jazz moved this task from Sprint Gong (November 18 - December 6) to Sprint Chimes (Dec. 9 - Jan. 17) on the Trust and Safety Product Sprint board.Dec 9 2024, 5:35 PM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)); removed Trust and Safety Product Sprint (Sprint Gong (November 18 - December 6)).
Dreamy_Jazz moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.
Dreamy_Jazz moved this task from Ready to Priority Backlog on the Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)) board.
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)); removed Trust and Safety Product Sprint (Sprint Chimes (Dec. 9 - Jan. 17)).Jan 17 2025, 12:24 PM
kostajh added a project: Temporary accounts.Jan 28 2025, 2:48 PM
Restricted Application added a project: Trust and Safety Product Team. · View Herald TranscriptJan 28 2025, 2:48 PM
STran renamed this task from Adjust wording of "abusefilter-preference-protected-vars-view-agreement" to Remove the AbuseFilter protected variables preference gate.Feb 5 2025, 10:56 AM
STran updated the task description. (Show Details)
STran mentioned this in T385687: Investigate: How should the AbuseFilter variable `user_unnamed_ip` be restricted.Feb 5 2025, 11:02 AM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Hurdy-Gurdy (Feb 10 - Feb 28)); removed Trust and Safety Product Sprint (Sprint Tuba (Jan 20 - Feb 7)).Feb 10 2025, 10:01 AM
STran mentioned this in T387329: Investigate: Confirm our logging expectations for AbuseFilter/CheckUser Temporary Accounts logs when using protected variables.Feb 26 2025, 1:03 PM
Johannnes89 subscribed.Feb 26 2025, 4:35 PM
Dreamy_Jazz moved this task from Sprint Hurdy-Gurdy (Feb 10 - Feb 28) to Sprint Lemon Meringue (March 3 - 21) on the Trust and Safety Product Sprint board.Mar 4 2025, 11:54 AM
Dreamy_Jazz edited projects, added Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)); removed Trust and Safety Product Sprint (Sprint Hurdy-Gurdy (Feb 10 - Feb 28)).
kostajh moved this task from Backlog to 2024-2025 Q3 on the WE4.2 Anti-abuse board.Mar 19 2025, 10:15 AM
Dreamy_Jazz added a subtask: T387333: CheckUser should impose IP viewing restrictions on AbuseFilter's `unnamed_user_ip` protected variable.Mar 24 2025, 1:29 PM
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)); removed Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)).Mar 24 2025, 2:19 PM
Dreamy_Jazz claimed this task.Mar 25 2025, 4:01 PM
Dreamy_Jazz moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.
gerritbot added a comment.Mar 25 2025, 5:22 PM

Change #1131056 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/AbuseFilter@master] [WIP] Drop 'abusefilter-protected-vars-view-agreement' preference

https://gerrit.wikimedia.org/r/1131056

gerritbot added a project: Patch-For-Review.Mar 25 2025, 5:22 PM
Dreamy_Jazz updated the task description. (Show Details)Mar 25 2025, 5:29 PM
gerritbot added a comment.Mar 25 2025, 5:44 PM

Change #1131062 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] [WIP] Drop AbuseFilter access change log handling

https://gerrit.wikimedia.org/r/1131062

Dreamy_Jazz moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.Mar 26 2025, 7:13 PM
gerritbot added a comment.Apr 1 2025, 12:16 PM

Change #1133121 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] Don't set 'abusefilter-protected-vars-view-agreement' preference

https://gerrit.wikimedia.org/r/1133121

gerritbot added a comment.Apr 1 2025, 1:07 PM

Change #1131062 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Drop AbuseFilter access change log handling

https://gerrit.wikimedia.org/r/1131062

gerritbot added a comment.Apr 1 2025, 1:07 PM

Change #1131056 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Drop 'abusefilter-protected-vars-view-agreement' preference

https://gerrit.wikimedia.org/r/1131056

gerritbot added a comment.Apr 1 2025, 1:07 PM

Change #1133121 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Don't set 'abusefilter-protected-vars-view-agreement' preference

https://gerrit.wikimedia.org/r/1133121

Maintenance_bot removed a project: Patch-For-Review.Apr 1 2025, 1:31 PM
ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.24; 2025-04-08).Apr 1 2025, 2:00 PM
Dreamy_Jazz moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.Apr 1 2025, 8:04 PM
Dreamy_Jazz added a comment.Apr 1 2025, 8:07 PM

QA'ing that user_unnamed_ip access still depends on checking a preference is done through T387331.

As such, in this ticket you only need to QA that the AbuseFilter protected variables preference has been removed and that no code uses the value of the preference. Note that some interface messages may still refer to a preference, which will be updated through T389640.

Dreamy_Jazz mentioned this in T390874: IPReputation: Create the initial IPReputation AbuseFilter variables.Apr 2 2025, 2:17 PM
Dreamy_Jazz moved this task from Inbox to Engineering on the Trust and Safety Product Team board.Apr 3 2025, 11:41 AM
Dreamy_Jazz closed subtask T387333: CheckUser should impose IP viewing restrictions on AbuseFilter's `unnamed_user_ip` protected variable as Resolved.Apr 3 2025, 2:21 PM
Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)) board.Apr 5 2025, 6:40 AM
Djackson-ctr subscribed.

QA is completed, I have verified (Abuse Filter Preference and respective code has been removed).

Dreamy_Jazz mentioned this in T391505: AbuseFilter: Drop the AbuseFilterCanViewProtectedVariableValues hook before 1.44 release.Apr 9 2025, 5:38 PM
codenamenoreste subscribed.Apr 10 2025, 2:42 PM

Noting here that the AbuseFilter option available in local preference pages on Meta-Wiki and Test Wikipedia (for example) is not available as it might have been merged with the Temporary account IP reveal tick option.

Dreamy_Jazz added a comment.Apr 10 2025, 3:16 PM
In T380920#10730065, @codenamenoreste wrote:

Noting here that the AbuseFilter option available in local preference pages on Meta-Wiki and Test Wikipedia (for example) is not available as it might have been merged with the Temporary account IP reveal tick option.

Yes, that was the intended outcome of this task.

Dreamy_Jazz closed this task as Resolved.Apr 10 2025, 3:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits