Page MenuHomePhabricator
Create Task
Maniphest T388124

CheckUser IP reveal: Support IP reveal on Special:AbuseLog
Closed, ResolvedPublic
Actions

Description

Summary

The AbuseFilter extension provides a custom log page at Special:AbuseLog which does not currently display "Show IP" links for temporary accounts that caused a log entry. We should re-enable the "Show IP" button after fixing it to show the IP associated with the specific AbuseFilter log.

Background

  • We disabled the "Show IP" button Special:AbuseLog in 316f316b16b58f5e35ffb9c73c1c2a2509277e31 because it did not work as intended, only showing the last used IP address
    • This should instead have shown the IP for the specific abusefilter log entry
  • We did not work on fixing this at the time, and it has now been raised as something that patrollers would like to be able to do
  • This is separate from the user_unnamed_ip variable work, because the "Show IP" button would apply to any abusefilter log entry performed by a temporary account
    • This would be similar to the "Show IP" buttons on Special:Log

User story

  • As a patroller, I review the contributions by a temporary account
  • I see no contributions in Special:Contributions, but see actions that were prevented by AbuseFilter in Special:AbuseLog
  • This prevented action was abusive and requires action (such as a block)
  • I want to see the IP address used to perform the prevented actions, to find other temporary accounts which may have performed similar abuse

Technical notes

Acceptance criteria

  • Special:AbuseLog shows a "Show IP" button next to AbuseFilter log entries that were performed by temporary accounts

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
ipreveal: Don't provide AF log IDs if AbuseFilter is not loadedmediawiki/extensions/CheckUsermaster+6 -5
ipreveal: Frontend changes supporting IPReveal in Special:AbuseLogmediawiki/extensions/CheckUsermaster+352 -50
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 6 2025, 1:54 PM
sgrabarczuk subscribed.Mar 6 2025, 1:58 PM
Msz2001 subscribed.Mar 6 2025, 2:05 PM
1AmNobody24 subscribed.Mar 7 2025, 8:23 AM
matej_suchanek renamed this task from CheckUser IP reveal: Support IP reveal on Special:AbuseFilterLog to CheckUser IP reveal: Support IP reveal on Special:AbuseLog.Mar 8 2025, 9:01 AM
matej_suchanek updated the task description. (Show Details)
Titore subscribed.Mar 29 2025, 12:57 AM
Tchanders moved this task from Inbox to Create/update essential tools/anti-abuse management on the Temporary accounts board.Apr 30 2025, 4:31 PM
Tchanders edited projects, added Temporary accounts (Create/update essential tools/anti-abuse management); removed Temporary accounts.
Three_Sixty moved this task from Inbox to Temporary account IP reveal on the CheckUser board.May 10 2025, 1:20 AM
Tchanders edited projects, added Temporary accounts (Global wiki rollout); removed Temporary accounts (Create/update essential tools/anti-abuse management).Jun 10 2025, 5:39 PM
Tchanders moved this task from To triage to Ready on the Temporary accounts (Global wiki rollout) board.Jun 12 2025, 1:25 PM
Dreamy_Jazz merged a task: T397878: Add a "show IP" link to temp account AbuseFilter log entries.Jun 25 2025, 8:50 PM
Dreamy_Jazz added a subscriber: Jules78120.
Jules78120 awarded a token.Jun 25 2025, 9:00 PM
NicoScribe subscribed.Jun 26 2025, 12:00 PM
Johannnes89 subscribed.Jul 5 2025, 1:17 PM
DerHexer subscribed.Jul 14 2025, 4:44 PM
Tchanders added a project: Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)).Jul 17 2025, 1:33 PM
Tchanders moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)) board.Jul 17 2025, 1:36 PM
OKryva-WMF triaged this task as Medium priority.Jul 17 2025, 2:51 PM
Dreamy_Jazz added a subtask: T397842: Populate afl_ip_hex for pre-existing abuse_filter_log rows.EditedJul 18 2025, 1:56 PM
Dreamy_Jazz updated the task description. (Show Details)

We should just read from afl_ip_hex to make T397941: Update code to read from afl_ip_hex easier to do in the future.

1F616EMO subscribed.Jul 19 2025, 3:38 AM
mszwarc mentioned this in T399994: Show IP button appear in AbuseLog for people with auto-reveal right.Jul 21 2025, 6:50 AM
hector.arroyo changed the task status from Open to In Progress.Jul 21 2025, 8:16 AM
hector.arroyo claimed this task.
hector.arroyo moved this task from Ready to In Progress on the Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)) board.
hector.arroyo moved this task from Inbox to Engineering on the Trust and Safety Product Team board.Jul 21 2025, 8:59 AM
hector.arroyo moved this task from Ready to In progress on the Temporary accounts (Global wiki rollout) board.
hector.arroyo mentioned this in T400042: CheckUser IP reveal: Support IP reveal on Special:AbuseLog (backend).Jul 21 2025, 9:41 AM
hector.arroyo added a subtask: T400042: CheckUser IP reveal: Support IP reveal on Special:AbuseLog (backend).
hector.arroyo mentioned this in T400043: CheckUser IP reveal: Support IP reveal on Special:AbuseLog (frontend).Jul 21 2025, 9:44 AM
hector.arroyo updated the task description. (Show Details)
Dreamy_Jazz removed a subtask: T397842: Populate afl_ip_hex for pre-existing abuse_filter_log rows.Jul 21 2025, 9:47 AM
hector.arroyo added a subtask: T400043: CheckUser IP reveal: Support IP reveal on Special:AbuseLog (frontend).Jul 21 2025, 9:49 AM
Dreamy_Jazz mentioned this in T400049: Update AbuseFilter to add the abuse_filter_log afl_id to each log line.Jul 21 2025, 7:53 PM
hector.arroyo mentioned this in T400051: CheckUser IP reveal: Add a service to AbuseFilter to return the IP address for a given afl_id from abuse_filter_log.Jul 22 2025, 8:14 AM
gerritbot added a comment.Jul 22 2025, 12:27 PM

Change #1171567 had a related patch set uploaded (by Harroyo-wmf; author: Harroyo-wmf):

[mediawiki/extensions/CheckUser@master] ipreveal: Frontend changes supporting IPReveal in Special:AbuseLog

https://gerrit.wikimedia.org/r/1171567

gerritbot added a project: Patch-For-Review.Jul 22 2025, 12:27 PM
Dreamy_Jazz closed subtask T400042: CheckUser IP reveal: Support IP reveal on Special:AbuseLog (backend) as Resolved.Jul 23 2025, 9:48 AM
OKryva-WMF edited projects, added Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)); removed Trust and Safety Product Sprint (Sprint Cannoli (July 7 - July 25)).Jul 25 2025, 3:17 PM
OKryva-WMF moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)) board.
Supertoff subscribed.EditedJul 27 2025, 10:08 AM

I don't know if this change is the problem but since, on fr wikipedia, we have problem to test filters. Sometimes very long (1 minute and over), sometimes so long that the request end with an error, sometimes the test doesn't work : even a simple test as <added_lines irlike "something"> shows a false result when add line "something".

mszwarc subscribed.Jul 28 2025, 7:11 AM
In T388124#11037278, @Supertoff wrote:

I don't know if this change is the problem but since, on fr wikipedia, we have problem to test filters. Sometimes very long (1 minute and over), sometimes so long that the request end with an error, sometimes the test doesn't work : even a simple test as <added_lines irlike "something"> shows a false result when add line "something".

@Supertoff this change is unlikely to have messed up the test page, because it hasn't been merged yet. Just to make sure, you're talking about using Special:AbuseFilter/test page, right?

Supertoff added a comment.Jul 28 2025, 5:03 PM
In T388124#11038168, @mszwarc wrote:
In T388124#11037278, @Supertoff wrote:

I don't know if this change is the problem but since, on fr wikipedia, we have problem to test filters. Sometimes very long (1 minute and over), sometimes so long that the request end with an error, sometimes the test doesn't work : even a simple test as <added_lines irlike "something"> shows a false result when add line "something".

@Supertoff this change is unlikely to have messed up the test page, because it hasn't been merged yet. Just to make sure, you're talking about using Special:AbuseFilter/test page, right?

Yes, you are right.

Od1n subscribed.EditedJul 29 2025, 5:32 AM

The latest significant commits to the AbuseFilter extension seem to solely be about protected variables, afl_ip, afl_ip_hex, etc. That's why, as an educated guess, I assumed the regression might have been introduced during the work related to the items from this ticket.

Without access to any error reporting, since it's server-side, it's difficult to do better than educated guessing.

mszwarc mentioned this in T400673: Special:AbuseFilter/test takes long time and sometimes ends with server error.Jul 29 2025, 7:03 AM
mszwarc added a comment.Jul 29 2025, 7:05 AM

I've reported the issue with /test page in T400673. I was able to reproduce the issue yesterday on plwiki, today it works fine for me. In a local environment I wasn't able to reproduce it in the same version of AbuseFilter as is currently installed on WMF wikis.

Msz2001 unsubscribed.Jul 29 2025, 7:09 AM
hector.arroyo moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)) board.Jul 30 2025, 12:35 PM

The frontend patch was updated based on the feedback provided so far, moving this back to code review.

Od1n unsubscribed.Jul 30 2025, 1:33 PM
hector.arroyo moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)) board.EditedJul 30 2025, 3:23 PM

The patch associated with the frontend subtask for this ticket is being merged right now, so I'm closing that ticket and moving this one QA.

hector.arroyo closed subtask T400043: CheckUser IP reveal: Support IP reveal on Special:AbuseLog (frontend) as Resolved.Jul 30 2025, 3:23 PM
gerritbot added a comment.Jul 30 2025, 4:43 PM

Change #1171567 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] ipreveal: Frontend changes supporting IPReveal in Special:AbuseLog

https://gerrit.wikimedia.org/r/1171567

Maintenance_bot removed a project: Patch-For-Review.Jul 30 2025, 5:32 PM
dom_walden subscribed.Aug 12 2025, 1:25 PM

@hector.arroyo When I click Show IP on Special:AbuseLog, in Local Storage on my browser I see an entry for mw-checkuser-temp-<username> but not for _EXPIRY_mw-checkuser-temp-<username>. The latter entry I do see when I click Show IP on Special:RecentChanges (for example). I guess this is something that needs to be set if we want to expire autoreveal correctly?

Dreamy_Jazz added a project: OKR-Work.Aug 14 2025, 10:13 AM
OKryva-WMF edited projects, added Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)); removed Trust and Safety Product Sprint (Sprint Rum baba (July 28 - August 15)).Aug 19 2025, 10:26 AM
OKryva-WMF moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)) board.Aug 19 2025, 10:29 AM
gerritbot added a comment.Aug 21 2025, 8:56 AM

Change #1180820 had a related patch set uploaded (by Harroyo-wmf; author: Harroyo-wmf):

[mediawiki/extensions/CheckUser@master] ipreveal: Don't provide AF log IDs if AbuseFilter is not loaded

https://gerrit.wikimedia.org/r/1180820

gerritbot added a project: Patch-For-Review.Aug 21 2025, 8:56 AM
hector.arroyo added a comment.Aug 21 2025, 9:03 AM

I've submitted an additional patch to fix requests to the batch endpoint in case AbuseFilter is not loaded in the wiki making use of IP Reveal, since the new abuseLogIds request parameter won't be recognized as a valid property from the JSON request payload in that case: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/1180820

Dreamy_Jazz moved this task from Needs QA to Needs Review on the Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)) board.Aug 21 2025, 2:48 PM

(Moving to 'Needs Review' so that we can track reviewing that patch)

gerritbot added a comment.Aug 22 2025, 7:46 AM

Change #1180820 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] ipreveal: Don't provide AF log IDs if AbuseFilter is not loaded

https://gerrit.wikimedia.org/r/1180820

mszwarc moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)) board.Aug 22 2025, 7:48 AM
ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.16; 2025-08-26).Aug 22 2025, 8:00 AM
Maintenance_bot removed a project: Patch-For-Review.Aug 22 2025, 8:31 AM
SCP-2000 subscribed.Aug 24 2025, 5:29 PM
hector.arroyo added a comment.Aug 28 2025, 9:35 AM

Checking https://test.wikipedia.org/wiki/Special:Version, the CheckUser version there is 2.5 (e322528) 10:21, 25 August 2025, which means the latest fix should be deployed there.

Additionally,

So I think QA may be done there. However, I don't have CheckUser permissions on that environment, so I can't verify myself if the fix is working properly there.

dom_walden moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Princess Tarta (August 18 - September 5)) board.Aug 29 2025, 10:46 AM
In T388124#11078046, @dom_walden wrote:

@hector.arroyo When I click Show IP on Special:AbuseLog, in Local Storage on my browser I see an entry for mw-checkuser-temp-<username> but not for _EXPIRY_mw-checkuser-temp-<username>. The latter entry I do see when I click Show IP on Special:RecentChanges (for example). I guess this is something that needs to be set if we want to expire autoreveal correctly?

I can no longer reproduce this on https://test.wikipedia.org CheckUser 2.5 (e322528) 10:21, 25 August 2025. I think I am finished here.

Dreamy_Jazz closed this task as Resolved.Aug 29 2025, 11:06 AM
Johannnes89 added a comment.Aug 31 2025, 5:13 AM

@hector.arroyo @dom_walden @Dreamy_Jazz according to dewiki TAIV they can see the "show IP" button in abuse filter logs (previously only visible for admins) but it doesn't show an IP for them – is that intended?

Titore mentioned this in T405522: Temporary account IP reveal: Users who lack abusefilter-log-detail right get non-functional IP reveal on Special:AbuseLog.Sep 24 2025, 8:48 PM
Dreamy_Jazz added a comment.Sep 24 2025, 8:54 PM
In T388124#11134323, @Johannnes89 wrote:

@hector.arroyo @dom_walden @Dreamy_Jazz according to dewiki TAIV they can see the "show IP" button in abuse filter logs (previously only visible for admins) but it doesn't show an IP for them – is that intended?

Thanks for reporting this and apologies for not seeing this sooner. This isn't intentional and I think it has also been reported at T405522: Temporary account IP reveal: Users who lack abusefilter-log-detail right get non-functional IP reveal on Special:AbuseLog.

Johannnes89 added a comment.Sep 25 2025, 5:53 AM
In T388124#11211969, @Dreamy_Jazz wrote:
In T388124#11134323, @Johannnes89 wrote:

@hector.arroyo @dom_walden @Dreamy_Jazz according to dewiki TAIV they can see the "show IP" button in abuse filter logs (previously only visible for admins) but it doesn't show an IP for them – is that intended?

Thanks for reporting this and apologies for not seeing this sooner. This isn't intentional and I think it has also been reported at T405522: Temporary account IP reveal: Users who lack abusefilter-log-detail right get non-functional IP reveal on Special:AbuseLog.

Thanks, T405522 is indeed the same issue. I didn't realise it until reading the task but a non-admin TAIV just confirmed that he can access the IP in abuse logs like https://de.wikipedia.org/w/index.php?title=Spezial:Missbrauchsfilter-Logbuch&wpSearchUser=%7E2025-26551-48 because it's a public filter which just requires abusefilter-log-detail (which all autoconfirmed users on dewiki have) while the error message appears when trying to access IPs in abuse logs like https://de.wikipedia.org/w/index.php?title=Spezial:Missbrauchsfilter-Logbuch&wpSearchUser=~2025-64368-1 which requires abusefilter-log-private. I'll continue in the linked task.

NDG subscribed.Sep 25 2025, 6:09 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits