Page MenuHomePhabricator

Allow user accounts to be 'linked' to a master account
Open, LowestPublic

Description

T16326: Bot related issues addressed a number of different requests. The bug there in general is useless, however there was one potentially useful feature idea.

Perhaps a method of linking user accounts back to a primary account. The use of this feature is limited only by local policies. On wiki that allow use of multiple user accounts, this could be use to connect a group of accounts together to one user. Or on wiki like Wikipedia this could be used to allow a user to link bot accounts to their user account.

But extensions could even hook in and add extra functionality, perhaps for things like auto redirection of talkpages, or making the new-message notification show up for all users.

The one builtin feature for this involves user subpages. An account would be able to edit the .css and .js subpages of any account linked to the same master account as it. This way a user would be able to edit the interface stuff for it's other accounts. Such as their bots, without needing to change their login. This could be especially useful if extensions like KeepYourHandsToYourself,
EditOnlyYourOwnPage were installed, because those extensions limit user page editing even further.

See Also:
T50892: Echo: Ability to link accounts for notifications

Details

Reference
bz14409

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 10:15 PM
bzimport set Reference to bz14409.
bzimport added a subscriber: Unknown Object (MLST).

Sorry, a number got stripped out. That's bug 14326 not 1432.

This sounds like a very specific use case that would typically be added by an extension. Changing categorisation and priorities.

More general/applicable use cases include support for things like echo forwarding notifications from secondary accounts (Bug 48892), tracking user renames more easily, and also issues with finding the owners of cross-project bots and other cross-project use with SUL in general, since otherwise folks need to manually redirect their secondary accounts to their main account on many projects, which gets confusing/ridiculous.

So yeah, this is something that we probably do want now and definitely will in the future with SUL as more features begin to support global accounts and usage.

Nowadays you can define a user page in Meta that will become your user page in Wikimedia projects where you don't have any. Old request fulfilled?

Nowadays you can define a user page in Meta that will become your user page in Wikimedia projects where you don't have any. Old request fulfilled?

No, this request is about if you have multiple accounts like User:Legoktm has User:Legobot and having a way to link them in the software that they are both owned by the same human.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 9 2015, 9:35 AM
Qgil removed a subscriber: Qgil.Jan 7 2017, 10:46 AM
brion added a subscriber: brion.Feb 28 2018, 9:38 PM

Per T188197, TechCom thinks a blocker RFC is not needed; if interest in implementing, needs product owner & momentum to move forward.

Ltrlg added a subscriber: Ltrlg.Mar 1 2018, 6:13 AM
Tgr updated the task description. (Show Details)Mar 2 2018, 12:24 AM
Tgr updated the task description. (Show Details)
Tgr updated the task description. (Show Details)Mar 2 2018, 12:26 AM
Tgr added a subscriber: Tgr.Mar 2 2018, 12:32 AM

The one builtin feature for this involves user subpages. An account would be able to edit the .css and .js subpages of any account linked to the same master account as it.

No, that's a pretty terrible idea. Allowing someone to edit your .js subpages is roughly equivalent to giving them your password. Bot accounts tend to have weak passwords which are regularly used or sometimes even stored in insecure servers like Labs or university machines. Bot accounts usually do not have 2FA, do not respond to password strength warnings etc.

Why would you want to add user scripts for your bot, anyway?

DannyS712 added a subscriber: DannyS712.EditedFeb 25 2019, 1:07 AM
In T16409#4016211, @Tgr wrote:

The one builtin feature for this involves user subpages. An account would be able to edit the .css and .js subpages of any account linked to the same master account as it.

No, that's a pretty terrible idea. Allowing someone to edit your .js subpages is roughly equivalent to giving them your password. Bot accounts tend to have weak passwords which are regularly used or sometimes even stored in insecure servers like Labs or university machines. Bot accounts usually do not have 2FA, do not respond to password strength warnings etc.
Why would you want to add user scripts for your bot, anyway?

I execute my bot's tasks through user scripts. See, eg, https://en.wikipedia.org/wiki/User:DannyS712_test/DNC_bot.js