Page MenuHomePhabricator
Create Task
Maniphest T419949

Support blocking all connected temporary accounts from Special:Block
Closed, ResolvedPublic
Actions

Description

To make it easier to block connected temporary accounts, it should be possible to more easily apply the same block to all of them.

See T418860: Design exploration for connected accounts blocking T419526: Design exploration for “Block all related TAs” feature for designs.

Acceptance Criteria:

  • If the target on Special:Block is a temporary account, enable an option that allows the block to be applied to all connected temporary accounts
  • Option needs to be able to list all the connected temporary accounts and the block states of them (blocked or not)
  • Submitting the block on the target temporary account and with the option checked should apply the block to the other temporary accounts as well
    • In cases where a block already exists on a connected temporary account, do nothing instead

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Don't try to get connected accounts in invalid casesmediawiki/extensions/CheckUsermaster+5 -0
Support blocking all connected temporary accounts on Special:Blockmediawiki/extensions/CheckUsermaster+418 -10
Allow extensions to make additional blocks through ApiBlockmediawiki/coremaster+148 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

STran created this task.Mar 13 2026, 9:46 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 13 2026, 9:46 AM
STran moved this task from Backlog to In progress on the Product Safety and Integrity (Sprint Crocus (Mar 2 - Mar 20)) board.Mar 13 2026, 9:46 AM
Bugreporter subscribed.Mar 13 2026, 10:16 AM

In cases where a block already exists on a connected temporary account, do nothing instead

But if this is only a temporary block then an indefinite one would still be useful. And also we need to handle partial blocks.

Madalina added a parent task: T419509: [Epic] Add “Block all related Temporary Accounts” option to Special:Block.Mar 18 2026, 5:45 PM
Madalina updated the task description. (Show Details)Mar 18 2026, 5:59 PM
Johannnes89 subscribed.Mar 18 2026, 6:22 PM
OKryva-WMF edited projects, added: Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))); removed: Product Safety and Integrity (Sprint Crocus (Mar 2 - Mar 20)).Mar 23 2026, 4:08 PM
OKryva-WMF moved this task from Backlog to In progress on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.
gerritbot added a comment.Mar 25 2026, 9:05 AM

Change #1254219 had a related patch set uploaded (by STran; author: STran):

[mediawiki/core@master] Allow extensions to make additional blocks through ApiBlock

https://gerrit.wikimedia.org/r/1254219

gerritbot added a project: Patch-For-Review.Mar 25 2026, 9:06 AM
gerritbot added a comment.Mar 25 2026, 9:27 AM

Change #1254220 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Support blocking all connected temporary accounts on Special:Block

https://gerrit.wikimedia.org/r/1254220

sgrabarczuk subscribed.Mar 25 2026, 1:46 PM
STran moved this task from In progress to Needs review on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Mar 26 2026, 12:47 PM
gerritbot added a comment.Mar 27 2026, 9:11 AM

Change #1254219 merged by jenkins-bot:

[mediawiki/core@master] Allow extensions to make additional blocks through ApiBlock

https://gerrit.wikimedia.org/r/1254219

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.22; 2026-03-31).Mar 27 2026, 10:00 AM
OKryva-WMF moved this task from Backlog to In current sprint on the Temporary accounts (4.8 TA Patrolling) board.Mar 27 2026, 10:04 AM
gerritbot added a comment.Mar 27 2026, 12:27 PM

Change #1254220 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Support blocking all connected temporary accounts on Special:Block

https://gerrit.wikimedia.org/r/1254220

Maintenance_bot removed a project: Patch-For-Review.Mar 27 2026, 12:30 PM
STran moved this task from Needs review to Needs QA on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Mar 27 2026, 12:45 PM
gerritbot added a comment.Mar 27 2026, 1:01 PM

Change #1262095 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Don't try to get connected accounts in invalid cases

https://gerrit.wikimedia.org/r/1262095

gerritbot added a project: Patch-For-Review.Mar 27 2026, 1:01 PM
gerritbot added a comment.Mar 27 2026, 2:21 PM

Change #1262095 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Don't try to get connected accounts in invalid cases

https://gerrit.wikimedia.org/r/1262095

Maintenance_bot removed a project: Patch-For-Review.Mar 27 2026, 2:30 PM
dom_walden moved this task from Needs QA to Done on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Apr 9 2026, 11:01 AM
dom_walden subscribed.

I tested blocking various temporary accounts and checking blocks are created against all the associated temp accounts listed in Special:Block and that log entries are created in the block log and IP Reveal log (the latter stating <admin> viewed related temporary accounts for <temp user>).

I cannot use the feature if the target temp account has more than 15 associated temp accounts. Instead, there is a yellow warning stating There are too many associated temporary accounts to add to this block. We only allow up to 15 accounts to be blocked at one time.

I checked that autoblock gets created, but just for the original target temp account.

Identical blocks are not created, instead I see a warning after submit:

assoc_temp_accounts_duplicate.png (918×683 px, 96 KB)

Did some regression testing that blocks against registered users, IPs and ranges can be created.

I briefly tested different skins, on a mobile (iPhone) and RTL.

I checked that an appropriate log was created when using the blockConnectedTempAccounts parameter via the API.

I checked that an admin user who had not enabled their "Temporary account IP reveal" option could not see this feature. Nor could they use the blockConnectedTempAccounts parameter via the API.

I did not test that what is returned by /w/rest.php/checkuser/v0/connectedtemporaryaccounts/<temp acct> is correct.

I did my testing mostly on testwiki.

Some questions @STran:

  • The Watch the target's user page and talk page checkbox only watches the original target user's talk page, not the talk pages of any associated temp users.
  • I am unclear whether the blockConnectedTempAccounts parameter should be a boolean or a string. Special:ApiSandbox suggests it is a boolean but we set it to a string when we make the API request in Special:Block. The value of the string does not seem to affect which temp accounts get blocked. Perhaps this is OK.
  • There are some items from the AC which we have not completely done, but I assume it is OK.
  • Option needs to be able to list all the connected temporary accounts and the block states of them (blocked or not)

We list the temp accounts, but not their current blocked status.

  • In cases where a block already exists on a connected temporary account, do nothing instead

As stated above, this is only the case if the block you are creating is an exact duplicate of an existing one. It is possible to create multiple blocks against the same group of temp users. I don't think this is a problem.

STran closed this task as Resolved.May 14 2026, 11:41 AM

Sorry, I missed this ping!

The Watch the target's user page and talk page checkbox only watches the original target user's talk page, not the talk pages of any associated temp users.

We never talked about this feature and no one who has used this feature since has complained about it so I think we're okay to no-op.

I am unclear whether the blockConnectedTempAccounts parameter should be a boolean or a string. Special:ApiSandbox suggests it is a boolean but we set it to a string when we make the API request in Special:Block. The value of the string does not seem to affect which temp accounts get blocked. Perhaps this is OK.

It was meant to be a bool but I see I accidentally passed the container instead, which evaluates to truthy later on. This is okay in practice as this parameter doesn't have any validation associated with it and is purely an existence check.

We list the temp accounts, but not their current blocked status.

Sorry, this spec changed as development was happening. This is confirmed okay and now expected.

As stated above, this is only the case if the block you are creating is an exact duplicate of an existing one. It is possible to create multiple blocks against the same group of temp users. I don't think this is a problem.

This was accepted as we have no good way to communicate this to the user.

This feature has been in production for a bit and we haven't heard any negative feedback about it or these issues. I think we're safe to resolve and we'll raise new tickets if anything pops up. Thanks!

Johannnes89 added a comment.Fri, May 15, 4:00 PM
In T419949#11803806, @dom_walden wrote:

I cannot use the feature if the target temp account has more than 15 associated temp accounts. Instead, there is a yellow warning stating There are too many associated temporary accounts to add to this block. We only allow up to 15 accounts to be blocked at one time.

This has recently been broad up on dewiki's admin chat. I believe it's ok to only allow blocking a certain number of TA, there's not much value in blocking old TA anyway. But if the number of connected TA exceeds this limit, ideally instead of just showing this warning the 15 most recent TA should get blocked.

Johannnes89 mentioned this in T426537: Temporary Account Autoblock all related Accounts: Existing Blocks should not be overwritten.Sun, May 17, 1:21 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits