Cenarium has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/333684 )
Change subject: Allow checkusers to view which IPs attempted to create a
blacklisted account
......................................................................
Allow checkusers to view which IPs attempted to create a blacklisted account
This allows checkusers to view which IPs attempted to create an account
blocked from creation by the title blacklist. This is integrated inside
Special:Checkuser and each access is logged.
Bug: T155969
Change-Id: Ifc96d273a4187b17370f5bac4f836d068d1527a0
---
M i18n/en.json
M i18n/qqq.json
M specials/SpecialCheckUser.php
3 files changed, 96 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CheckUser
refs/changes/84/333684/1
diff --git a/i18n/en.json b/i18n/en.json
index 435f7c6..a3f90f9 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -28,6 +28,7 @@
"checkuser-users": "Get users",
"checkuser-edits": "Get edits",
"checkuser-ips": "Get IP addresses",
+ "checkuser-account-creation-attempts": "Get creation attempts",
"checkuser-period": "Duration:",
"checkuser-week-1": "last week",
"checkuser-week-2": "last two weeks",
@@ -76,6 +77,7 @@
"checkuser-log-entry-ipedits-xff": "$3, $1 got edits for XFF $2",
"checkuser-log-entry-ipusers-xff": "$3, $1 got users for XFF $2",
"checkuser-log-entry-useredits": "$3, $1 got edits for $2",
+ "checkuser-log-entry-creationattempts": "$3, $1 got creation attempts
for $2",
"checkuser-autocreate-action": "was automatically created",
"checkuser-create-action": "was created",
"checkuser-email-action": "sent an email to user \"$1\"",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 3b0bf0c..b55b691 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -47,6 +47,7 @@
"checkuser-users": "Radio button option on CheckUser Special page. See
screenshot '[[mw:Extension:CheckUser#Basic_interface|Basic CheckUser
interface]]'.",
"checkuser-edits": "Radio button option on CheckUser Special page. See
screenshot '[[mw:Extension:CheckUser#Basic_interface|Basic CheckUser
interface]]'.",
"checkuser-ips": "Option on CheckUser Special page. See screenshot
'[[mw:Extension:CheckUser#Basic_interface|Basic CheckUser interface]]'.",
+ "checkuser-account-creation-attempts": "Option on CheckUser Special
page to check creation attempts of the username blocked by the title blacklist",
"checkuser-period": "Field name next to drop-down input box on
CheckUser Special page. See screenshot
'[[mw:Extension:CheckUser#Basic_interface|Basic CheckUser
interface]]'.\n{{Identical|Duration}}",
"checkuser-week-1": "Option in drop-down input box \"Duration\" on
CheckUser Special page. See screenshot
'[[mw:Extension:CheckUser#Basic_interface|Basic CheckUser
interface]]'.\n{{Identical|Last week}}",
"checkuser-week-2": "Option in drop-down input box \"Duration\" on
CheckUser Special page. See screenshot
'[[mw:Extension:CheckUser#Basic_interface|Basic CheckUser interface]]'.",
@@ -95,6 +96,7 @@
"checkuser-log-entry-ipedits-xff": "This is an entry in the checkuser
log when a checkuser checks which edits have been done from an XFF IP address
(XFF means X-Forwarded-For. Some providers use proxies to forward user
requests. This effectively means anonymization of requests. To make the
requesting user identifiable again, the original requesting IP is transmitted
in a separate HTTP header, the XFF header.).\n\nParameters:\n* $1 - the user
who did the check\n* $2 - the IP address that was checked\n* $3 - a formatted
timestamp of the event\n\nSee screenshot
\"[[mw:Extension:CheckUser#Basic_interface|Example
log]]\".\n{{Related|Checkuser-log}}",
"checkuser-log-entry-ipusers-xff": "This is an entry in the checkuser
log when a checkuser checks which users have used an XFF IP address (XFF means
X-Forwarded-For. Some providers use proxies to forward user requests. This
effectively means anonymization of requests. To make the requesting user
identifiable again, the original requesting IP is transmitted in a separate
HTTP header, the XFF header.).\n\nParameters:\n* $1 - the user who did the
check\n* $2 - the IP address\n* $3 - a formatted timestamp of the event\n\nSee
screenshot \"[[mw:Extension:CheckUser#Basic_interface|Example
log]]\".\n{{Related|Checkuser-log}}",
"checkuser-log-entry-useredits": "This is an entry in the checkuser log
when a checkuser checks which edits have been done from an IP
address.\n\nParameters:\n* $1 - name of checkuser\n* $2 - name of user whose
edits were inspected\n* $3 - a formatted timestamp of the event\n\nSee
screenshot \"[[mw:Extension:CheckUser#Basic_interface|Example
log]]\".\n{{Related|Checkuser-log}}",
+ "checkuser-log-entry-creationattempts": "This is an entry in the
checkuser log when a checkuser checks which IP addresses have attempted to
create an account but were blocked from doing so by the title
blacklist.\n\nParameters:\n* $1 - name of checkuser\n* $2 - name of user whose
edits were inspected\n* $3 - a formatted timestamp of the event\n\nSee
screenshot \"[[mw:Extension:CheckUser#Basic_interface|Example
log]]\".\n{{Related|Checkuser-log}}",
"checkuser-autocreate-action": "Text of the event displayed in the
CheckUser results, corresponding to the automatic creation of a new user
account (by CentralAuth).",
"checkuser-create-action": "Text of the event displayed in the
CheckUser results. Indicates creation of the user.",
"checkuser-email-action": "Logged text when a user sends an e-mail.
Probably preceded by the name of the checkuser.\n\nParameters:\n* $1 - a salted
MD5 hash for the user an email was sent to",
diff --git a/specials/SpecialCheckUser.php b/specials/SpecialCheckUser.php
index 0692f0c..1421fc8 100644
--- a/specials/SpecialCheckUser.php
+++ b/specials/SpecialCheckUser.php
@@ -12,6 +12,11 @@
return true; // logging
}
+ private function usesTitleBlacklist() {
+ global $wgTitleBlacklistLogHits;
+ return class_exists( TitleBlacklist ) &&
$wgTitleBlacklistLogHits;
+ }
+
public function execute( $subpage ) {
$request = $this->getRequest();
@@ -86,6 +91,8 @@
$this->doIPUsersRequest( $xff, true, $reason,
$period, $tag, $talkTag );
} elseif ( $checktype == 'subipusers' ) {
$this->doIPUsersRequest( $ip, false, $reason,
$period, $tag, $talkTag );
+ } elseif ( $this->usesTitleBlacklist() && $checktype ==
'subcreateaccount' ) {
+ $this->doAccountCreationAttemptsRequest( $name,
$reason, $period );
}
}
# Add CIDR calculation convenience form
@@ -135,6 +142,8 @@
$encuserips = 1;
} elseif ( $checktype == 'subedits' ) {
$encedits = 1;
+ } elseif ( $this->usesTitleBlacklist() && $checktype ==
'subcreateaccount' ) {
+ $enccreateaccount = 1;
# Defaults otherwise
} elseif ( $ip || $xff ) {
$encedits = 1;
@@ -167,6 +176,12 @@
$form .= '<td>' .
Xml::radio( 'checktype', 'subipusers', $encipusers,
array( 'id' => 'subipusers' ) );
$form .= ' ' . Xml::label( $this->msg( 'checkuser-users'
)->text(), 'subipusers' ) . '</td>';
+ if ( $this->usesTitleBlacklist() ) {
+ $form .= '<td>' .
+ Xml::radio( 'checktype', 'subcreateaccount',
$enccreateaccount, array( 'id' => 'subcreateaccount' ) );
+ $form .= ' ' . Xml::label( $this->msg(
'checkuser-account-creation-attempts' )->text(), 'subsubcreateaccount' )
+ . '</td>';
+ }
$form .= '</tr>';
$form .= Xml::closeElement( 'table' );
$form .= Xml::closeElement( 'td' );
@@ -1150,6 +1165,83 @@
}
/**
+ * @param string $user
+ * @param string $reason
+ * @param int $period
+ * Lists all IPs or users in title blacklist username hit log that
tried to create the account
+ */
+ protected function doAccountCreationAttemptsRequest( $user, $reason,
$period ) {
+ $out = $this->getOutput();
+
+ $userTitle = Title::newFromText( $user, NS_USER );
+ if ( !is_null( $userTitle ) ) {
+ // normalize the username
+ $user = $userTitle->getText();
+ }
+ # IPs are passed in as a blank string
+ if ( !$user ) {
+ $out->addWikiMsg( 'nouserspecified' );
+ return;
+ }
+
+ # Record check...
+ if ( !self::addLogEntry( 'creationattempts', 'user', $user,
$reason, 0 ) ) {
+ // FIXME: addWikiMsg
+ $out->addHTML( '<p>' . $this->msg( 'checkuser-log-fail'
)->escaped() . '</p>' );
+ }
+
+ $dbr = wfGetDB( DB_SLAVE );
+ $conds = array(
+ 'log_type' => 'titleblacklist',
+ 'log_action' => 'hit-username',
+ 'log_namespace' => NS_USER,
+ 'log_title' => $user,
+ );
+ if ( $period ) {
+ $cutoff_unixtime = time() - ( $period * 24 * 3600 );
+ $cutoff_unixtime = $cutoff_unixtime - (
$cutoff_unixtime % 86400 );
+ $cutoff = $dbr->addQuotes( $dbr->timestamp(
$cutoff_unixtime ) );
+ $conds[] = "log_timestamp > $cutoff";
+ }
+
+ $ret = $dbr->select(
+ 'logging',
+ array(
+ 'log_user_text'
+ ),
+ $conds,
+ __METHOD__,
+ array(
+ 'GROUP BY' => 'log_user_text',
+ )
+ );
+ $attemptingUsers = [];
+ foreach( $ret as $row ) {
+ $attemptingUsers[] = $row->log_user_text;
+ }
+ if ( !$attemptingUsers ) {
+ $s = $this->noMatchesMessage( $user, false ) . "\n";
+ $out->addHTML( $s );
+ return;
+ }
+ $s = '';
+ $s .= '<div id="checkuserresults"><ul>';
+ foreach ( $attemptingUsers as $name ) {
+ $s .= '<li>';
+ # Add user tool links
+ $s .= Linker::userLink( - 1 , $name ) .
Linker::userToolLinks( - 1 , $name );
+ # Add CheckUser link
+ $s .= ' (<a href="' . htmlspecialchars(
$this->getPageTitle()->getLocalURL( array(
+ 'user' => $name,
+ 'reason' => $reason
+ ) ) ) . '">' . $this->msg( 'checkuser-check'
)->escaped() . '</a>)';
+ $s .= '</li>';
+ }
+ $s .= '</div></ul>';
+ $out->addHTML( $s );
+ }
+
+ /**
* @param $ip
* @param $userId
* @param $user User
--
To view, visit https://gerrit.wikimedia.org/r/333684
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifc96d273a4187b17370f5bac4f836d068d1527a0
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CheckUser
Gerrit-Branch: master
Gerrit-Owner: Cenarium <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
