|· · ·|
|Resolved||demon||T11838 Send notification to account owner on multiple unsuccessful login attempts|
|Resolved||Bawolff||T151414 LoginNotify cleanup|
|· · ·|
- Mentioned In
- rELGN03839f7d96bd: Remove EchoBasicFormatter - no longer in use
rELGNc836673986fd: [WIP] Remove EchoBasicFormatter - no longer in use
rELGNa142f2251bb9: [WIP] Remove EchoBasicFormatter - no longer in use
rELGNdcd03ec0a3c5: Remove EchoBasicFormatter - no longer in use
T153335: Investigation: Notify on multiple unsuccessful login attempts
T140167: Security Review of LoginNotify extension
- Mentioned Here
- T151413: Echo docs still mentions EchoBasicFormatter but class is gone
Theoretically the class extending EchoBasicFormatter should just be deleted - it won't be used because Echo now uses the presentation model and got rid of the old formatting system. See https://www.mediawiki.org/wiki/Extension:Echo/Creating_a_new_notification_type
I was looking at the code, and I think it currently treats primary and secondary authentication failures the same right ? I'm wonder if with 2FA there will be a very different failure rate on the 2FA auth, and if we need different weight depending on the Authmanager plugin throwing it.
I don't think we will be able to determine that before hand, but maybe we should have some logging, which would allow us to evaluate the experience ?