User:DWalden (WMF)/GlobalBlocking

Feature documentation

edit

GlobalBlocking allows administrators to block IP/IP ranges across all wikis.

Globally blocked IPs will not be allowed to perform certain actions on any wiki, such as editing and uploading files.

It adds the special pages:

  • Special:GlobalBlock (block an IP or IP range)
  • Special:GlobalUnblock (unblock an IP or IP range)
  • Special:GlobalBlockList (lists all the IP/ranges currently globally blocked)
  • Special:GlobalBlockWhitelist (disable a global block for an IP/range only on the current wiki)

It also has an API.

Usage doc: Extension:GlobalBlocking#Usage

Test documentation

edit

Where to test it

edit

It can be tested on beta if your user has administrator/sysop permissions.

How to install locally

edit

See MediaWiki-Docker/Extension/GlobalBlocking.

Coverage criteria

edit

Types of block:

Parameters when creating a block:

  • "Globally block anonymous users only"
  • "Also block the given IP address locally on this wiki" (creates a local database block)
  • Expiry
  • Reason (can include wikitext markup, templates, HTML(?), etc.)

Actions which are globally blocked (I don't think this is exhaustive):

  • editing
  • uploading
  • moving pages
  • deleting/undeleting pages
  • Special:UserRights
  • various extension actions

Other things:

  • X-Forward-For

Oracles

edit

If you are on an IP which is globally blocked, you will be prevented from performing several actions (some are noted above).

When attempting to perform blocked actions, you will instead be shown a message informing you of the block. The message should be accurate (i.e. have the correct information about who blocked you, for how long, etc.) and provide helpful information for users who want to go about being unblocked (e.g. it should say who to contact, which IP address is being blocked, through which mechanism the block was created, the ID of the block, etc. so admins know which block is being referred to).

You should be able to perform other actions as usual (such as reading an article and I believe creating an account).

Risks

edit
  • Reason is not correctly stored in the database or is parsed incorrectly when shown to the user
    • Example bug showing a Reason being stored in the database incorrectly phab:T306431

Quality criteria

edit

Techniques

edit

Test data

edit

Test tools and scripts

edit

Simulate a different IP address locally (on docker)

edit

Add this to LocalSettings.php:

$wgCdnServersNoPurge = [ '172.0.0.1/8' ];
$wgUsePrivateIPs = true;

Install a browser extension which allows you to change your X-Forward-For header. For example, this one for Firefox or Chrome.

Follow the instructions provided by the addon to change your X-Forward-For header to the IP you want to simulate.

Then interact with the wiki as usual.

Add an IP address to your X-Forward-For header

edit

Follow the instructions about simulating a different IP address but do not add anything to your LocalSettings.php (comment that part out if you have added it).

This should also work on beta and production.

Logs and debugging

edit

Current testing status

edit

Test strategy

edit

Testing done

edit

TODOs

edit

Testing which will not be done

edit

How-to guides

edit

e.g. how to checkout a previous version of a patch.

Other documentation

edit

e.g. links to other documentation about the feature or project.