Page MenuHomePhabricator

Role accounts unable to receive email
Closed, InvalidPublic

Description

Following the deployment of T182541: Update Wikimedia configuration to prevent some users from sending emails, emails cannot be sent to role accounts which have no "home" wiki, and which haven't edited. There aren't many of them (and the workaround is simply a dummy edit), but feel this is worth a subtask to deal with.

(See for example User:Wikipedia_Information_Team; it is currently not possible to send emails to this account.)

Event Timeline

jrbs created this task.Jan 4 2018, 6:55 PM

I suggest testing this on production after the 1.31.0-wmf.15 rollout hits English Wikipedia. It should complete by end of day today.

The rationale for such accounts is to create an email address that people can send oversight requests, arbitration queries and the like to.

jrbs moved this task from Backlog to Support on the Trust-and-Safety board.Jan 4 2018, 7:20 PM
DoRD added a subscriber: DoRD.Jan 4 2018, 10:34 PM
EddieGP removed a subscriber: EddieGP.Jan 5 2018, 1:12 AM
JJMC89 added a comment.Jan 5 2018, 7:08 PM

With 1.31.0-wmf.15 rollout complete, User:Wikipedia Information Team still cannot be emailed.

Reedy added a subscriber: Reedy.Jan 5 2018, 7:28 PM

The error message doesn't seem to tie up... It doesn't have the preference set to disable that...

mysql:wikiadmin@db1083 [enwiki]> select * from user_properties where up_user = 8151085;
+---------+----------------+----------+
| up_user | up_property    | up_value |
+---------+----------------+----------+
| 8151085 | ccmeonemails   | 1        |
| 8151085 | nickname       |          |
| 8151085 | timecorrection | Offset|0 |
| 8151085 | watchcreations |          |
+---------+----------------+----------+
4 rows in set (0.00 sec)

The error message is too vague to work out what's going on... And is used in multiple places. But that's not new, and is probably done to obscure the reason a bit

	/**
	 * Validate target User
	 *
	 * @param User $target Target user
	 * @param User|null $sender User sending the email
	 * @return string Error message or empty string if valid.
	 * @since 1.30
	 */
	public static function validateTarget( $target, User $sender = null ) {
		if ( $sender === null ) {
			wfDeprecated( __METHOD__ . ' without specifying the sending user', '1.30' );
		}

		if ( !$target instanceof User || !$target->getId() ) {
			wfDebug( "Target is invalid user.\n" );

			return 'notarget';
		}

		if ( !$target->isEmailConfirmed() ) {
			wfDebug( "User has no valid email.\n" );

			return 'noemail';
		}

		if ( !$target->canReceiveEmail() ) {
			wfDebug( "User does not allow user emails.\n" );

			return 'nowikiemail';
		}

		if ( $target->getEditCount() === 0 &&
			( $sender === null || !$sender->isAllowed( 'sendemail-new-users' ) )
		) {
			// Determine if target has any other logged actions.
			$dbr = wfGetDB( DB_REPLICA );
			$log_id = $dbr->selectField(
				'logging',
				'log_id',
				[
					'log_user' => $target->getId(),
					"NOT (log_type = 'newusers' AND log_action = 'autocreate')",
				],
				__METHOD__,
				[ 'LIMIT' => 1 ]
			);

			if ( !$log_id ) {
				wfDebug( "User has no logged actions on this wiki.\n" );

				return 'nowikiemail';
			}
		}

		if ( $sender !== null && !$target->getOption( 'email-allow-new-users' ) &&
			$sender->isNewbie()
		) {
				wfDebug( "User does not allow user emails from new users.\n" );

				return 'nowikiemail';
		}

		if ( $sender !== null ) {
			$blacklist = $target->getOption( 'email-blacklist', [] );
			if ( $blacklist ) {
				$lookup = CentralIdLookup::factory();
				$senderId = $lookup->centralIdFromLocalUser( $sender );
				if ( $senderId !== 0 && in_array( $senderId, $blacklist ) ) {
					wfDebug( "User does not allow user emails from this user.\n" );

					return 'nowikiemail';
				}
			}
		}

		return '';
	}

Of course, if it is the edits like you say...

		if ( $target->getEditCount() === 0 &&
			( $sender === null || !$sender->isAllowed( 'sendemail-new-users' ) )
		) {
			// Determine if target has any other logged actions.
			$dbr = wfGetDB( DB_REPLICA );
			$log_id = $dbr->selectField(
				'logging',
				'log_id',
				[
					'log_user' => $target->getId(),
					"NOT (log_type = 'newusers' AND log_action = 'autocreate')",
				],
				__METHOD__,
				[ 'LIMIT' => 1 ]
			);

			if ( !$log_id ) {
				wfDebug( "User has no logged actions on this wiki.\n" );

				return 'nowikiemail';
			}
		}

It's obviously caused by https://github.com/wikimedia/mediawiki/commit/b52421dedd45fc035a2993d10ea90c878cd77453, and is intended behaviour...

Should we add these users to $wgReservedUsernames in wmf-config (rather than adding some new config variable) and then add that as an exemption to this code?

Or when adding these sorts of accounts, just make them edit their user page, and don't worry about working around it?

JJMC89 added a comment.Jan 5 2018, 7:32 PM

It was planned that accounts without edits should be able to receive email on their home wiki. If that is not happening, then something is wrong that needs to be fixed.

User:Wikipedia Information Team was created on enwiki, so that should be the home wiki.

Reedy added a comment.Jan 5 2018, 7:34 PM

The user has no log entries whatsoever

mysql:wikiadmin@db1083 [enwiki]> select * from logging where log_user = 8151085;
Empty set (0.01 sec)

The account was created by another user.

We missed this during the development: that accounts created by other users have the log entry attributed to the creating user.

Or when adding these sorts of accounts, just make them edit their user page, and don't worry about working around it?

In my opinion this is the simplest way for Role Accounts created in the future.

We're considering how to determine the extent of Role Accounts (query for accounts that have 0 edits but receive email? something else?) so we can respond appropriately — either create a whitelist or inform the owning/responsible users to make edits with the accounts.

Framawiki added a comment.EditedJan 5 2018, 8:19 PM

The account was created by another user.

We're considering how to determine the extent of Role Accounts (query for accounts that have 0 edits but receive email? something else?) so we can respond appropriately — either create a whitelist or inform the owning/responsible users to make edits with the accounts.

These accounts are already categorized, this classification can be used as whitelist: https://www.wikidata.org/wiki/Q31954528

Should be mostly mitigated by T184318: Allow direct emails on home wikis regardless of log entries

This will not address Role Accounts that are used on multiple wikis or were created on one wiki but used on another.