User:DWalden (WMF)/GlobalBlocking
Feature documentation
[edit]GlobalBlocking allows administrators to block IP/IP ranges across all wikis.
Globally blocked IPs will not be allowed to perform certain actions on any wiki, such as editing and uploading files.
It adds the special pages:
- Special:GlobalBlock (block an IP or IP range)
- Special:GlobalUnblock (unblock an IP or IP range)
- Special:GlobalBlockList (lists all the IP/ranges currently globally blocked)
- Special:GlobalBlockWhitelist (disable a global block for an IP/range only on the current wiki)
It also has an API.
Usage doc: Extension:GlobalBlocking#Usage
Test documentation
[edit]Where to test it
[edit]It can be tested on beta if your user has administrator/sysop permissions.
How to install locally
[edit]See MediaWiki-Docker/Extension/GlobalBlocking.
Coverage criteria
[edit]Types of block:
- IP (IPv4 and IPv6)
- IP range (must be in "CIDR" notation, see Help:Range_blocks or Manual:IP_ranges)
Parameters when creating a block:
- "Globally block anonymous users only"
- "Also block the given IP address locally on this wiki" (creates a local database block)
- Expiry
- Reason (can include wikitext markup, templates, HTML(?), etc.)
Actions which are globally blocked (I don't think this is exhaustive):
- editing
- uploading
- moving pages
- deleting/undeleting pages
- Special:UserRights
- various extension actions
Other things:
- X-Forward-For
Oracles
[edit]If you are on an IP which is globally blocked, you will be prevented from performing several actions (some are noted above).
When attempting to perform blocked actions, you will instead be shown a message informing you of the block. The message should be accurate (i.e. have the correct information about who blocked you, for how long, etc.) and provide helpful information for users who want to go about being unblocked (e.g. it should say who to contact, which IP address is being blocked, through which mechanism the block was created, the ID of the block, etc. so admins know which block is being referred to).
You should be able to perform other actions as usual (such as reading an article and I believe creating an account).
Risks
[edit]- Reason is not correctly stored in the database or is parsed incorrectly when shown to the user
- Example bug showing a Reason being stored in the database incorrectly phab:T306431
Quality criteria
[edit]Techniques
[edit]- Combination testing, see block combinations matrix.
Test data
[edit]Test tools and scripts
[edit]Simulate a different IP address locally (on docker)
[edit]Add this to LocalSettings.php
:
$wgCdnServersNoPurge = [ '172.0.0.1/8' ];
$wgUsePrivateIPs = true;
Install a browser extension which allows you to change your X-Forward-For header. For example, this one for Firefox or Chrome.
Follow the instructions provided by the addon to change your X-Forward-For header to the IP you want to simulate.
Then interact with the wiki as usual.
Add an IP address to your X-Forward-For header
[edit]Follow the instructions about simulating a different IP address but do not add anything to your LocalSettings.php
(comment that part out if you have added it).
This should also work on beta and production.
Logs and debugging
[edit]Current testing status
[edit]Test strategy
[edit]Testing done
[edit]TODOs
[edit]Testing which will not be done
[edit]How-to guides
[edit]e.g. how to checkout a previous version of a patch.
Other documentation
[edit]e.g. links to other documentation about the feature or project.