From 9cef38e80f5560c92a342eeb2249d0f7087d3123 Mon Sep 17 00:00:00 2001
From: Martin Urbanec <martin.urbanec@wikimedia.cz>
Date: Wed, 13 Sep 2023 23:07:52 +0200
Subject: [PATCH] IP Masking: Do not allow temporary users to thank other users

It has been decided to not allow temporary users to thank
other users (see task). This is because the transition
between anonymous and temporary account is nearly invisible,
and it might be confusing why the thanking ability appears
and hides.

Bug: T345679
Change-Id: I62e67327c9a80b3da9e98a2dccdd4ec2051f3026
---
 includes/Api/ApiThank.php              |  2 +-
 includes/Hooks.php                     |  3 ++-
 tests/phpunit/ApiCoreThankUnitTest.php | 12 ++++++------
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/includes/Api/ApiThank.php b/includes/Api/ApiThank.php
index 0160f072..6b0d6850 100644
--- a/includes/Api/ApiThank.php
+++ b/includes/Api/ApiThank.php
@@ -32,7 +32,7 @@ abstract class ApiThank extends ApiBase {
 	}
 
 	protected function dieOnBadUser( User $user ) {
-		if ( $user->isAnon() ) {
+		if ( !$user->isNamed() ) {
 			$this->dieWithError( 'thanks-error-notloggedin', 'notloggedin' );
 		} elseif ( $user->pingLimiter( 'thanks-notification' ) ) {
 			$this->dieWithError( [ 'thanks-error-ratelimited', $user->getName() ], 'ratelimited' );
diff --git a/includes/Hooks.php b/includes/Hooks.php
index 5ac49581..35b691cc 100644
--- a/includes/Hooks.php
+++ b/includes/Hooks.php
@@ -127,11 +127,12 @@ class Hooks implements
 
 		// Don't let users thank themselves.
 		// Exclude anonymous users.
+		// Exclude temp users (T345679)
 		// Exclude users who are blocked.
 		// Check whether bots are allowed to receive thanks.
 		// Don't allow thanking for a diff that includes multiple revisions
 		// Check whether we have a revision id to link to
-		if ( $userIdentity->isRegistered()
+		if ( $user->isNamed()
 			&& !$userIdentity->equals( $recipient )
 			&& !self::isUserBlockedFromTitle( $user, $revisionRecord->getPageAsLinkTarget() )
 			&& !self::isUserBlockedFromThanks( $user )
diff --git a/tests/phpunit/ApiCoreThankUnitTest.php b/tests/phpunit/ApiCoreThankUnitTest.php
index cd939590..12dae626 100644
--- a/tests/phpunit/ApiCoreThankUnitTest.php
+++ b/tests/phpunit/ApiCoreThankUnitTest.php
@@ -44,17 +44,17 @@ class ApiCoreThankUnitTest extends ApiTestCase {
 	 * @covers \MediaWiki\Extension\Thanks\Api\ApiThank::dieOnUserBlockedFromThanks
 	 */
 	public function testDieOnBadUser(
-		$mockAnon,
+		$mockisNamed,
 		$mockPingLimited,
 		$mockBlock,
 		$dieMethod,
 		$expectedError
 	) {
 		$user = $this->createMock( User::class );
-		if ( $mockAnon !== null ) {
+		if ( $mockisNamed !== null ) {
 			$user->expects( $this->once() )
-				->method( 'isAnon' )
-				->willReturn( $mockAnon );
+				->method( 'isNamed' )
+				->willReturn( $mockisNamed );
 		}
 		if ( $mockPingLimited !== null ) {
 			$user->expects( $this->once() )
@@ -83,14 +83,14 @@ class ApiCoreThankUnitTest extends ApiTestCase {
 	public static function provideDieOnBadUser() {
 		return [
 			'anon' => [
-				true,
+				false,
 				null,
 				null,
 				'dieOnBadUser',
 				'notloggedin'
 			],
 			'ping' => [
-				false,
+				true,
 				true,
 				null,
 				'dieOnBadUser',