Page MenuHomePhabricator
Create Task
Maniphest T151415

Log email changes for all users
Closed, ResolvedPublic
Actions

Description

Right now we log sysop email changes in badpass (from a hook in wmf-config)

We should log this in core to the authentication channel and we should do it for all users

For example, in the event of compromise and attacker changes email, we want to know the old email so we can return account to original users, as well as the new email in the logs for ease of grepping

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+9 -0SpecialChangeEmail: Log email changes
mediawiki/coreREL1_31+10 -0SpecialChangeEmail: Log email changes
mediawiki/coreREL1_27+10 -0SpecialChangeEmail: Log email changes
mediawiki/coreREL1_30+10 -0SpecialChangeEmail: Log email changes
mediawiki/coreREL1_29+10 -0SpecialChangeEmail: Log email changes
Customize query in gerrit

Event Timeline

Bawolff created this task.Nov 22 2016, 10:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 22 2016, 10:34 PM
dpatrick triaged this task as High priority.Dec 7 2016, 5:48 PM
Reedy added a project: MediaWiki-User-preferences.Sep 13 2017, 4:45 PM
jrbs added a subscriber: jrbs.Jul 6 2018, 11:58 PM
Reedy added a project: MediaWiki-Authentication-and-authorization.Jul 6 2018, 11:58 PM
Reedy added subscribers: Anomie, Tgr, Reedy.

@Anomie or @Tgr any chance one of you could get a patch sorted for this ASAP?

Reedy added a project: MediaWiki-Special-pages.Jul 7 2018, 12:00 AM
Reedy updated the task description. (Show Details)
Nikerabbit added a subscriber: Nikerabbit.Jul 7 2018, 8:40 AM
Anomie added a project: MediaWiki-Platform-Team (MWPT-Q1-Jul-Sep-2018).Jul 10 2018, 6:15 PM
Anomie moved this task from Ready to Waiting for Review on the MediaWiki-Platform-Team (MWPT-Q1-Jul-Sep-2018) board.

0001-SpecialChangeEmail-Log-email-changes.patch1 KBDownload

Reedy added a comment.Jul 10 2018, 6:31 PM

LGTM. Any reason we can't just push this one in public?

Anomie added a comment.Jul 10 2018, 6:37 PM

Fine by me. I only put it here because that's what we do for private Security tasks.

Reedy added a comment.Jul 10 2018, 7:00 PM

Yup, I know :)

Just thinking we might aswell make life easier all around by putting it into gerrit. It's not fixing a security bug particularly, but it is a form of hardening :)

Then we can backport/cherry pick to the branches and get it there too

Anomie added a comment.Jul 10 2018, 8:49 PM

Now in Gerrit as https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/445016

Reedy closed this task as Resolved.Jul 11 2018, 12:13 PM
Reedy claimed this task.

All merged and backported. Thanks! :)

Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".Jul 11 2018, 12:14 PM
CCicalese_WMF edited projects, added Core-Platform-Team-Old (CPT-Q1-Jul-Sep-2018); removed MediaWiki-Platform-Team (MWPT-Q1-Jul-Sep-2018).Jul 11 2018, 9:18 PM
CCicalese_WMF moved this task from Backlog to Closed on the Core-Platform-Team-Old (CPT-Q1-Jul-Sep-2018) board.Jul 13 2018, 9:44 PM
chasemp added a project: Security.Feb 10 2020, 10:55 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:15 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:40 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL