Page MenuHomePhabricator

Investigation: Adding a check for the block cookie to the account creation process
Closed, ResolvedPublic3 Story Points

Description

When a person is trying to create a new account it should check for a block cookie and if such a cookie indicates the person is actively blocked (with account creation disabled), it should prevent them from creating an account (with normal autoblock treatment). If the user isn't blocked, it should allow the user to create the account as normal. It should use basically the same logic as the Editing check (https://gerrit.wikimedia.org/r/#/c/48029/).

  • Can this be implemented in one place to affect desktop login, app login, and API login?
  • If not, where are the different end points that would need to be targetted?
  • Do we need to target all 3 endpoints if they're separate? i.e. does it makes sense to target API login?

Event Timeline

kaldari created this task.Oct 27 2016, 4:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 27 2016, 4:35 PM
kaldari triaged this task as Normal priority.Oct 27 2016, 4:35 PM
kaldari moved this task from Untriaged to To be estimated/discussed on the Community-Tech board.
kaldari updated the task description. (Show Details)Oct 27 2016, 4:39 PM
kaldari updated the task description. (Show Details)Oct 27 2016, 4:41 PM
kaldari updated the task description. (Show Details)
kaldari renamed this task from Add check for block cookie to account creation process to Investigation: Adding a check for the block cookie to the account creation process.Oct 27 2016, 4:50 PM
kaldari updated the task description. (Show Details)
kaldari updated the task description. (Show Details)
kaldari set the point value for this task to 3.
kaldari moved this task from To be estimated/discussed to Estimated on the Community-Tech board.
Niharika claimed this task.Nov 14 2016, 1:28 PM
Niharika moved this task from Ready to In Development on the Community-Tech-Sprint board.
  • Can this be implemented in one place to affect desktop login, app login, and API login?
    • Yes. The likely place for this to be implemented for desktop implementation is CheckBlocksSecondaryAuthenticationProvider in core. The API uses the same provider for account creation purposes. The Android and iOS apps use the API for account creation so it's all covered.
kaldari closed this task as Resolved.Nov 15 2016, 12:05 AM

And since CheckBlocksSecondaryAuthenticationProvider::testUserForCreation() uses User::isBlockedFromCreateAccount() which uses User::getBlockedStatus(), it looks like we will get this behavior for free with Sam's changes (across all devices per Niharika).

Niharika moved this task from Estimated to Archive on the Community-Tech board.Nov 28 2016, 11:02 AM