Fix multiple/repetitive notifications with LoginNotify
Closed, ResolvedPublic3 Story Points

Description

LoginNotify issues multiple notifications if there have been multiple login attempts. Solving this could be somewhat tricky because, if I understand correctly, once you issue an Echo notification, it's done and can't be modified. So we'd likely have to settle for a single notification for each login attempt. Or the current thing.

Bundle the notifications. Make the bundle say something like "There have been multiple failed attempts to log into your account...". Leave the unknown device threshold at 2. So the bundled notifications should say 2, 3, 4, etc. attempts.

New Notification Request Form

Filling out this form will help developers and product people understand your idea and will provide the information required to implement it. To see examples of the types of answers required, have a look at this sample form. To understand unfamiliar terms, visit the glossary. 

Basic information

  - Purpose of the notification:  
  - Notification name:  
  - What triggers notification?: 
  - "Notice" or "Alert"?:  
  - Notification type (standard, bundled, expandable bundle):  

Wording

For a single message

  • Header: 
  • Body:  

For Bundled Messages

  • Main, bundling message:
  • Subsidiary, bundled message:

Links

  - Primary link target:
  - Primary link label (for email display only):

  - #1 secondary link target: 
  - #1 secondary link label:

  - #2 secondary link target:
  - #2 secondary link label:

Icon

  - Icon name:  
  - Link to graphic/example: 

Niharika created this task.Apr 4 2017, 12:02 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 4 2017, 12:02 AM
Niharika renamed this task from Fix multiple/repetitive notifications with LginNotify to Fix multiple/repetitive notifications with LoginNotify.Apr 4 2017, 12:02 AM
kaldari updated the task description. (Show Details)Apr 4 2017, 10:43 PM
kaldari set the point value for this task to 3.
kaldari triaged this task as Normal priority.
Niharika claimed this task.Apr 5 2017, 8:07 PM
Niharika edited projects, added Community-Tech-Sprint; removed Community-Tech.

Couple more things:

  1. See T158878#3158714
  2. The bundles we create can be expandable or non-expandable:

Expandable - https://usercontent.irccloud-cdn.com/file/oVDsPMqC/echo-expandable-bundle.png
Non-expandable - https://usercontent.irccloud-cdn.com/file/U6cZY2SV/echo-bundle-nonexpandable.png

So the ideal thing to do here would be to bundle the notifications and not make them expandable but just give a single message. I'm going to play around with this and come up with some screenshots for y'all to look at.

kaldari added a subscriber: kaldari.Apr 5 2017, 9:42 PM

Agreed, having them be non-expandable seems ideal.

And in case this is useful: https://www.mediawiki.org/wiki/Notifications/Developer_guide#Bundled_notifications

How the notification would appear when you login (and until the point you mark it as read):

It is a bundled notification, except that the bundle doesn't open.

How it'd appear after you mark it as read:

Bundles disperse once you mark them as read.
I kept the message intentionally brief for the above because once the person has read the first message, we don't need the second one to be very elaborate.

Thoughts?

Here's what I got:

Unread, bundled notification.

Dispersed notifications once you mark them as read.

What you see when you check your notifications on a different wiki.

One problem - when the notifications disperse, it makes most sense for them all to say "one attempt" but for that, we'd have to lower the threshold to 1.

Change 347120 had a related patch set uploaded (by Niharika29):
[mediawiki/extensions/LoginNotify@master] Bundle notifications and show a single header message

https://gerrit.wikimedia.org/r/347120

Working on showing the actual attempt count in the message and generic messages in the individual messages.

Here's the notification now:

Generic sub-message:

Now there's a discrepancy between the number on the icon and the one in the message. 3 - number of bundles. 6 - number of attempts.

Change 348003 had a related patch set uploaded (by Niharika29):
[operations/mediawiki-config@master] Update the LoginNotify config to match what would be going into prod

https://gerrit.wikimedia.org/r/348003

Change 348003 merged by jenkins-bot:
[operations/mediawiki-config@master] Update the LoginNotify config to match what would be going into prod

https://gerrit.wikimedia.org/r/348003

Change 347120 merged by jenkins-bot:
[mediawiki/extensions/LoginNotify@master] Bundle notifications and show a single header message

https://gerrit.wikimedia.org/r/347120

jmatazzoni updated the task description. (Show Details)Apr 20 2017, 11:33 PM
jmatazzoni added a subscriber: jmatazzoni.

I added the Notification Request Form into the Description at top. If you don't mind, having this filled out is very helpful for anyone reviewing the notification for proper style and completeness.

I added the Notification Request Form into the Description at top. If you don't mind, having this filled out is very helpful for anyone reviewing the notification for proper style and completeness.

I think this is the wrong task to do that. They've already implemented this notification as part of different tasks: T11838 and T160031.

Yeah, T11838 is probably the best place for us to put that info.

Here's the current email notification (for failed attempt from unknown IP):

There have been multiple failed login attempts to your account. Please make sure your account has a strong password.

:  <>

Change password:  <http://core.local/index.php/Special:ChangePassword>

Looks like there's a designated spot for the primary link which doesn't have anything in it. We may need to override this in the PresentationModel.

... account. Please make sure your account has a strong password.

Would it be possible to change this wording to:

... account. Please make sure your account has a strong and unique password.

?

... account. Please make sure your account has a strong password.

Would it be possible to change this wording to:

... account. Please make sure your account has a strong and unique password.

que
?

"Unique" is somewhat ambiguous here. I know the implication is unique from passwords on other websites but not everybody will get the implication. The other thing is that we need to keep the message string as short as possible to avoid showing them a very long notification without it being truncated.

kaldari closed this task as Resolved.Apr 24 2017, 9:09 PM
kaldari added a subscriber: DannyH.

... account. Please make sure your account has a strong and unique password.

Seems worth considering. It is true that we want to keep the message short, but encouraging people to use a unique password is also a good idea. @DannyH: Any thoughts on this.

As the main aspect of this task (making notifications less redundant) has been completed, I'm going to go ahead and mark as resolved. Let's continue discussion at T163130.

If you have questions about how to fill out the form (in the Description),here is an example that might help clarify.