Page MenuHomePhabricator
Create Task
Maniphest T388688

IP auto-reveal: Limit the duration that auto-reveal mode can be extended for
Closed, ResolvedPublic
Actions

Assigned To
Tchanders
Authored By
Tchanders
Mar 12 2025, 3:33 PM
Project Tags
Referenced Files
F59514849: image.png
Apr 28 2025, 4:33 PM
F59514767: image.png
Apr 28 2025, 4:26 PM
F59511430: image.png
Apr 28 2025, 1:47 PM
Subscribers
Aklapper
Djackson-ctr
KColeman-WMF
Niharika
Tchanders

Description

Summary

Users can extend the duration for IP auto-reveal, by adding 10 minutes.

Since the tool is exposing private data, there should be an upper limit to how long auto-reveal can be on for, to ensure that it is only used when needed.

Design

image.png (1,688×584 px, 195 KB)

image.png (1,720×998 px, 499 KB)

Error message:

The duration cannot be set to more than 24 hours

Acceptance criteria

  • IP auto-reveal expiry can not be set to greater than 24 hours from the time when it is set

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
IP auto-reveal: Limit the maximum valid durationmediawiki/extensions/CheckUsermaster+88 -13
IP auto-reveal: Limit how long the expiry can be extendedmediawiki/extensions/CheckUsermaster+52 -7
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tchanders created this task.Mar 12 2025, 3:33 PM

@KColeman-WMF @Niharika This was proposed in the engineering meeting as a mitigation to someone writing a script that sets the expiry time very far in the future. Does it seem OK with you?

KColeman-WMF added a comment.Mar 12 2025, 4:31 PM
In T388688#10629176, @Tchanders wrote:

@KColeman-WMF @Niharika This was proposed in the engineering meeting as a mitigation to someone writing a script that sets the expiry time very far in the future. Does it seem OK with you?

Yes, I like the idea of including this mitigation.

Tchanders edited projects, added: Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)); removed: Trust and Safety Product Sprint.Mar 12 2025, 9:18 PM
kostajh edited projects, added: Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)); removed: Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)).Apr 14 2025, 2:54 PM
Tchanders moved this task from Priority Backlog to Ready on the Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)) board.Apr 25 2025, 6:19 PM
Tchanders claimed this task.Apr 28 2025, 11:00 AM
Tchanders moved this task from Ready to In Progress on the Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)) board.
Tchanders added a comment.Apr 28 2025, 1:47 PM

@KColeman-WMF Here's a screenshot of error when the user attempts to extend the duration too far:

image.png (1,330×657 px, 59 KB)

How does that look?

gerritbot added a comment.Apr 28 2025, 1:53 PM

Change #1139477 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/CheckUser@master] WIP IP auto-reveal: Limit how long the expiry can be extended

https://gerrit.wikimedia.org/r/1139477

gerritbot added a project: Patch-For-Review.Apr 28 2025, 1:53 PM
KColeman-WMF added a comment.Apr 28 2025, 4:26 PM
In T388688#10772675, @Tchanders wrote:

@KColeman-WMF Here's a screenshot of error when the user attempts to extend the duration too far:

image.png (1,330×657 px, 59 KB)

How does that look?

Thanks @Tchanders. I've tweaked the copy slightly but otherwise it looks good to me!

New copy: The duration cannot be set to more than 24 hours

image.png (1,688×584 px, 195 KB)

KColeman-WMF added a comment.Apr 28 2025, 4:33 PM

Note: the same error will display on the panel if the user exceeds the 24 hour duration limit.

image.png (1,720×998 px, 499 KB)

KColeman-WMF updated the task description. (Show Details)Apr 28 2025, 4:35 PM
gerritbot added a comment.Apr 30 2025, 9:12 AM

Change #1139477 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] IP auto-reveal: Limit how long the expiry can be extended

https://gerrit.wikimedia.org/r/1139477

Maintenance_bot removed a project: Patch-For-Review.Apr 30 2025, 9:30 AM
ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.28; 2025-05-06).Apr 30 2025, 10:00 AM
Tchanders added a comment.Apr 30 2025, 2:57 PM

Needs another patch to handle expiry times that are set directly via the API to more than 24 hours in the future.

Tchanders moved this task from Backlog to In progress on the Temporary accounts (Major pilot wiki deployment) board.Apr 30 2025, 4:22 PM
kostajh edited projects, added: Trust and Safety Product Sprint (Sprint Key Lime Pie (May 5 - May 23)); removed: Trust and Safety Product Sprint (Sprint Cozonac (April 14 - May 2)).May 5 2025, 6:50 AM
kostajh moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Key Lime Pie (May 5 - May 23)) board.
gerritbot added a comment.May 6 2025, 4:59 AM

Change #1142153 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/CheckUser@master] IP auto-reveal: Limit the maximum valid duration

https://gerrit.wikimedia.org/r/1142153

gerritbot added a project: Patch-For-Review.May 6 2025, 4:59 AM
Tchanders moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Key Lime Pie (May 5 - May 23)) board.May 6 2025, 4:59 AM
gerritbot added a comment.May 6 2025, 4:44 PM

Change #1142153 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] IP auto-reveal: Limit the maximum valid duration

https://gerrit.wikimedia.org/r/1142153

ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.1; 2025-05-13).May 6 2025, 5:00 PM
Tchanders added a comment.May 6 2025, 5:02 PM

Testing notes

See T386500#10708399 for general testing steps for IP auto-reveal.

Some helpful-to-know context:

  • IP auto-reveal can be enabled via the link in the toolbar, but since it is a Global Preference, it can also be enabled by setting the preference directly.

Auto-reveal cannot be extended more than 24 hours via the UI:

  • Log in as a user who can auto-reveal IPs
  • Set the expiry to almost 24 hours from now. E.g.:
    • Paste Math.round( Date.now() / 1000 + 86400 - 500 ) into your browser console. The result is a timestamp just less than 24 hours in the future.
    • Set this value as your auto-reveal expiry, e.g. by visiting Special:ApiSandbox and filling out action=globalpreferences, optionname=checkuser-temporary-account-enable-auto-reveal, optionvalue=<the timestamp>
  • Visit a page with temporary accounts IPs, e.g. a history page. They should be visible.
  • Click on the auto-reveal tool link in the sidebar. The dialog should say you have just under 24 hours remaining.
  • Click on the "+10 min" button. If 10 more minutes takes your expiry beyond 24 hours in the future, you should see an error message. (Otherwise repeat this step until clicking on +10 takes your expiry beyond 24 hours.)

If auto-reveal expiry is set to more than 24 hours in the future via the API, it should be unset the next time it is checked:

  • Log in as a user who can auto-reveal IPs
  • Set the expiry to beyond 24 hours from now. E.g.:
    • Paste Math.round( Date.now() / 1000 + 86400 + 1000 ) into your browser console. The result is a timestamp over 24 hours in the future.
    • Set this value as your auto-reveal expiry, e.g. by visiting Special:ApiSandbox and filling out action=globalpreferences, optionname=checkuser-temporary-account-enable-auto-reveal, optionvalue=<the timestamp>
  • Visit a history page on your wiki (this should trigger a lookup to the preference, which should find the invalid preference and unset it). You should find that IP auto-reveal mode is now switched off.
Tchanders moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Key Lime Pie (May 5 - May 23)) board.May 6 2025, 5:03 PM
Maintenance_bot removed a project: Patch-For-Review.May 6 2025, 5:30 PM
Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Key Lime Pie (May 5 - May 23)) board.May 9 2025, 12:28 PM
Djackson-ctr subscribed.

QA is completed, I have verified the new code has been implemented and is functioning as expected (Auto-reveal cannot be extended more than 24 hours via the UI... If Auto-reveal expiration is set to more than 24 hours in the future via the API: it will Turn Off the IP Auto-reveal, and the Show IP button will be displayed / IP Address will not be displayed ). Outstanding Testing Notes @Tchanders, Thank You.

Tchanders closed this task as Resolved.May 9 2025, 12:31 PM
Tchanders mentioned this in T397891: User without checkuser-temporary-account-auto-reveal permission can auto-reveal IPs.Jun 27 2025, 1:34 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits