Page MenuHomePhabricator
Create Task
Maniphest T411363

🧱 Respond with a blocked ip message for globally and locally blocked IPs
Closed, ResolvedPublic
Actions

Description

Currently, the Wikibase REST API responds with a blocked user message also when the block is done at the IP address level. In case a user is blocked by IP locally, a blocked user message will be returned (as seen below). Otherwise, a generic message is returned.

{
  "code": "permission-denied",
  "message": "Access to resource is denied",
  "context": {
    "denial_reason": "blocked-user"
  }
}

To improve signalling to API users, we would like to respond with the same error message both for locally and globally blocked users:

{
  "code": "permission-denied",
  "message": "Access to resource is denied",
  "context": {
    "denial_reason": "blocked-ip-address"
  }
}

Acceptance Criteria

  • Both locally and globally blocked IPs receive the error message described above

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Repo: Remove code to pass down a block target typemediawiki/extensions/Wikibasemaster+0 -22
Add Block Target Type to 'blockinfo'mediawiki/coremaster+7 -1
CRUD: Improve error messages for blocked IPsmediawiki/extensions/Wikibasemaster+77 -18
CRUD: Refactor blocked user detectionmediawiki/extensions/Wikibasemaster+24 -21
Repo: Add block target info to api datamediawiki/extensions/Wikibasemaster+22 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

ItamarWMDE created this task.Dec 1 2025, 12:41 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 1 2025, 12:41 PM
ItamarWMDE renamed this task from Respond with a blocked ip message for globally and locally blocked IPs to 🧱 Respond with a blocked ip message for globally and locally blocked IPs.Dec 1 2025, 12:41 PM
ItamarWMDE removed ItamarWMDE as the assignee of this task.
ItamarWMDE added a comment.Dec 1 2025, 1:24 PM

It seems as though that the status message key for locally blocked users and ips is the same message key, however, the message params are different. Perhaps we could differentiate using these somehow (though it feels completely wrong to do so)

ItamarWMDE claimed this task.Dec 1 2025, 7:36 PM
ItamarWMDE moved this task from To Do to Doing on the Wikibase Reuse Team (Sprint 58) board.
ItamarWMDE added a comment.EditedDec 2 2025, 8:21 AM

After some digging around I got these findings so far:

  • Relying on the message key returned from WikiPageEntityStorePermissionChecker.php is tricky. As mentioned in the previous comment, we would get the same message key both for when the permission target is an IP and when the permission target is a User (blockedtext).
  • I found another edge case that will return a generic permission error message: When a user is blocked by ID and the option to also block the last IPs this user edited from, the message key that will be returned is autoblockedtext for any other user trying to edit from this IP (anon or not).
  • Instead of relying on the message key we could rely on the BlockTarget instance that is included in the PermissionStatus returned from the permission manager in the above method (point 1). These can be either UserBlockTarget or AnonIpBlockTarget. That would however require a bit of a rewrite to our current method that relies on message keys. And requires some research if we can get the DatabaseBlock instance by the blockId (or otherwise somehow changing WikiPageEntityStorePermissionChecker to not throw away the DatabaseBlock instance).
Ifrahkhanyaree_WMDE moved this task from Backlog to Happening now on the Wikibase REST API (WPP) board.Dec 2 2025, 3:14 PM
gerritbot added a comment.Dec 4 2025, 9:04 AM

Change #1215079 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/extensions/Wikibase@master] [WIP] Repo: Add block target info to api data

https://gerrit.wikimedia.org/r/1215079

gerritbot added a project: Patch-For-Review.Dec 4 2025, 9:04 AM

Change #1215080 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/extensions/Wikibase@master] [WIP] CRUD: Improve error messages for blocked IPs

https://gerrit.wikimedia.org/r/1215080

gerritbot added a comment.Dec 4 2025, 6:13 PM

Change #1215220 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/extensions/Wikibase@master] [WIP] CRUD: Refactor blocked user detection

https://gerrit.wikimedia.org/r/1215220

gerritbot added a comment.Dec 5 2025, 10:57 PM

Change #1215728 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/core@master] Add Block Target Type to 'blockinfo'

https://gerrit.wikimedia.org/r/1215728

gerritbot added a comment.Dec 5 2025, 11:08 PM

Change #1215729 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/extensions/Wikibase@master] Repo: Remove code to pass down a block target type

https://gerrit.wikimedia.org/r/1215729

ItamarWMDE moved this task from Doing to Peer Review on the Wikibase Reuse Team (Sprint 58) board.Dec 5 2025, 11:20 PM
Silvan_WMDE moved this task from Sprint 58 to Sprint 59 on the Wikibase Reuse Team board.Dec 9 2025, 10:23 AM
Silvan_WMDE edited projects, added Wikibase Reuse Team (Sprint 59); removed Wikibase Reuse Team (Sprint 58).
Silvan_WMDE moved this task from To Do to Peer Review on the Wikibase Reuse Team (Sprint 59) board.
gerritbot added a comment.Dec 10 2025, 5:40 PM

Change #1215079 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] Repo: Add block target info to api data

https://gerrit.wikimedia.org/r/1215079

gerritbot added a comment.Dec 10 2025, 5:40 PM

Change #1215220 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] CRUD: Refactor blocked user detection

https://gerrit.wikimedia.org/r/1215220

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.7; 2025-12-16).Dec 10 2025, 6:00 PM
gerritbot added a comment.Dec 12 2025, 1:25 PM

Change #1215080 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] CRUD: Improve error messages for blocked IPs

https://gerrit.wikimedia.org/r/1215080

gerritbot added a comment.Dec 16 2025, 10:06 AM

Change #1215728 abandoned by Itamar Givon:

[mediawiki/core@master] Add Block Target Type to 'blockinfo'

Reason:

We decided to prioritize work on T411913 instead

https://gerrit.wikimedia.org/r/1215728

gerritbot added a comment.Dec 16 2025, 10:06 AM

Change #1215729 abandoned by Itamar Givon:

[mediawiki/extensions/Wikibase@master] Repo: Remove code to pass down a block target type

Reason:

We decided to prioritize T411913 instead

https://gerrit.wikimedia.org/r/1215729

Maintenance_bot removed a project: Patch-For-Review.Dec 16 2025, 10:30 AM
PatchDemoBot added a comment.Dec 16 2025, 12:30 PM

Test wiki created on Patch demo by ItamarWMDE using patch(es) linked to this task:
https://627937483f.catalyst.wmcloud.org/w/

ItamarWMDE added a comment.Dec 16 2025, 1:06 PM

Ready for validation. Instructions on how to block an IP:

  1. Go to https://627937483f.catalyst.wmcloud.org/w/
  2. Make an anonymous edit (in the browser console):
$.ajax({
  url: 'https://627937483f.catalyst.wmcloud.org/w/rest.php/wikibase/v1/entities/items/Q1/statements', 
  type: 'POST',
  contentType: 'application/json',
  data: JSON.stringify({
    "statement": {
      "property": {
        "id": "P1"
      },
      "value": {
        "type": "value",
        "content": "test"
      }
    }
  })
});
  1. Go to https://627937483f.catalyst.wmcloud.org/w/index.php?title=Item:Q1&action=history and check the ip address of the last edit.
  2. Log in as user "Patch Demo"
  3. Go to https://627937483f.catalyst.wmcloud.org/wiki/Special:Block
  4. Block the IP address from step (3)
  5. Log out
  6. Try to make the same call as in step (2)

To also test global blocking:

  1. Log in as "Patch Demo"
  2. Unblock the ip by going to https://627937483f.catalyst.wmcloud.org/wiki/Special:BlockList and pressing the "remove block" link for the ip's entry
  3. Go to https://627937483f.catalyst.wmcloud.org/wiki/Special:GlobalBlock and block the same ip from step (3)
  4. Log out
  5. Try to make the same call as in step (2)
ItamarWMDE moved this task from Peer Review to Product Verification on the Wikibase Reuse Team (Sprint 59) board.Dec 16 2025, 1:06 PM
Ifrahkhanyaree_WMDE closed this task as Resolved.Mon, Jan 5, 11:15 AM
Ifrahkhanyaree_WMDE moved this task from Happening now to Done on the Wikibase REST API (WPP) board.Mon, Jan 12, 1:59 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits