Page MenuHomePhabricator
Create Task
Maniphest T233969

Update Temporary Password Email with Preference Info [x-small]
Closed, ResolvedPublic
Actions

Assigned To
HMonroy
Authored By
ifried
Sep 26 2019, 4:29 PM
Tags
Referenced Files
F31514719: Screen Shot 2020-01-16 at 6.32.56 PM.png
Jan 16 2020, 11:34 PM
F31313624: Screen Shot 2019-11-27 at 9.20.54 AM.png
Nov 27 2019, 8:24 AM
F30916239: pw_email.png
Oct 29 2019, 12:03 PM
F30474299: Screenshot 2019-09-25 at 3.26.55 PM.png
Sep 26 2019, 4:56 PM
Subscribers
aezell
Aklapper
Ammarpad
dom_walden
ifried
Mooeypoo
Prtksxna
Samwilson

Description

As a Wikimedia user, I want to be informed of the preference reset preference when I receive a password reset email, so that I can enable the preference (if desired).

Acceptance Criteria:

  • The password reset email should contain a new text section at the bottom that informs users of the password reset update. Note that the image below displays the location (but do not use the text from image).
  • The message text should read: "However, if you did not generate this request and want to prevent unsolicited emails, you may want to update your Email Options. You can require both username and email address to generate password reset emails. This may reduce the number of such incidents."
  • The text for "Email Options" should link to Preferences (and, ideally, the correct section in 'Email Options') for their particular wiki that the password reset email came from

Visual Example:

Screenshot 2019-09-25 at 3.26.55 PM.png (1×1 px, 201 KB)

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+1 -1Add linefeed in password reset message
mediawiki/coremaster+29 -3Mention requiring email address in password reset emails
Customize query in gerrit

Related Objects

Event Timeline

ifried created this task.Sep 26 2019, 4:29 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 26 2019, 4:29 PM
ifried updated the task description. (Show Details)Sep 26 2019, 4:56 PM
Prtksxna updated the task description. (Show Details)Sep 26 2019, 4:56 PM
ifried renamed this task from PLACEHOLDER: Update Temporary Password Email with Preference Info to Update Temporary Password Email with Preference Info.Sep 26 2019, 4:56 PM
ifried renamed this task from Update Temporary Password Email with Preference Info to Update Temporary Password Email with Preference Info [x-small].Sep 26 2019, 5:26 PM
ifried moved this task from To Be Estimated/Discussed to Estimated on the Community-Tech board.
ifried updated the task description. (Show Details)Sep 26 2019, 5:44 PM
ifried updated the task description. (Show Details)
ifried updated the task description. (Show Details)Sep 26 2019, 5:59 PM
ifried moved this task from Estimated to Kanban (Q1 2019-20) on the Community-Tech board.
ifried edited projects, added Community-Tech (Kanban (Q1 2019-20)); removed Community-Tech.
MaxSem claimed this task.Sep 27 2019, 2:24 AM
MaxSem moved this task from Ready to In Development on the Community-Tech (Kanban (Q1 2019-20)) board.
MaxSem added a subscriber: MaxSem.

password reset preference does not explain what preference is this, can we clarify this?

ifried added a subscriber: Prtksxna.Sep 27 2019, 4:19 AM

@MaxSem Great point. The current language may be too vague. Prateek and I came up with the wording right before estimation, and I agree that it can be improved.

@Prtksxna Any thoughts? Maybe we can add an extra sentence, so the full paragraph states: "However, if you did not generate this request and want to prevent unsolicited emails, you may want to enable the password reset preference. This enhances the privacy of your password reset, by requiring both the username and email address in order to generate a password reset email."

MaxSem moved this task from Backlog to In progress on the Password-Reset-Update board.Sep 30 2019, 8:44 AM
Prtksxna added a comment.Oct 2 2019, 9:00 AM

@MaxSem, yeah, password reset preference doesn't really explain much, and we don't call it that on the settings page either.

I like your suggestion @ifried, but we could possibly eliminate the phrase — password reset preference completely: However, if you did not generate this request and want to prevent unsolicited emails, you may want to enable the preference that requires both username and email address to generate password reset emails from Email Options. This may reduce the number of such incidents.

ifried added a comment.EditedOct 2 2019, 3:38 PM

@Prtksxna Thanks for the suggestion! I also see why we may want to remove the mention of "password reset preference," since it's confusing and people don't know what it means. I just reworded the sentence so it was less wordy and more straight-forward. We can finalize it in our meeting today. Here's what I had in mind:

However, if you did not generate this request and want to prevent unsolicited emails, you may want to update your Email Options. You can require both username and email address to generate password reset emails. This may reduce the number of such incidents.

ifried updated the task description. (Show Details)Oct 2 2019, 4:04 PM

@MaxSem Thanks for your patience! :) We have updated the ticket with the new wording and it's ready for development.

Prtksxna added a comment.Oct 2 2019, 4:27 PM

Looks good 👍🏽

Prtksxna mentioned this in T232785: Password Reset: Consider Default On/Off Options.Oct 3 2019, 12:43 PM
MBinder_WMF edited projects, added Community-Tech (Kanban-Q2-2019-20); removed Community-Tech (Kanban (Q1 2019-20)).Oct 3 2019, 10:18 PM
MBinder_WMF moved this task from Ready to In Development on the Community-Tech (Kanban-Q2-2019-20) board.Oct 3 2019, 10:40 PM
gerritbot added a comment.Oct 4 2019, 11:10 PM

Change 540220 had a related patch set uploaded (by MaxSem; owner: MaxSem):
[mediawiki/core@master] Mention requiring email address in password reset emails

https://gerrit.wikimedia.org/r/540220

gerritbot added a project: Patch-For-Review.Oct 4 2019, 11:10 PM
MaxSem moved this task from In Development to Needs Review/Feedback on the Community-Tech (Kanban-Q2-2019-20) board.Oct 5 2019, 1:10 AM

Ready for review.

ifried mentioned this in T234952: Password Reset: Inform Users of Preference in Basic Info Section [small].Oct 15 2019, 8:43 PM
Samwilson added a subscriber: Samwilson.Oct 22 2019, 7:37 AM

Is 540220 the patch that's ready for review? It's commit message says WIP. Or do you mean the underlying two patches for that one?

Restricted Application edited projects, added Community-Tech; removed Community-Tech (Kanban-Q2-2019-20). · View Herald TranscriptOct 22 2019, 7:37 AM
Samwilson edited projects, added Community-Tech (Kanban-Q2-2019-20); removed Community-Tech.Oct 22 2019, 7:38 AM
MaxSem added a comment.Oct 22 2019, 9:27 PM

Err, I both forgot to update the commit message and it's kinda moot, considering that it depends on two changes that have been waiting to be merged for a month.

aezell added a subscriber: aezell.Oct 22 2019, 9:31 PM

I can +2 the base patch.

gerritbot added a comment.Oct 23 2019, 9:19 PM

Change 540220 merged by jenkins-bot:
[mediawiki/core@master] Mention requiring email address in password reset emails

https://gerrit.wikimedia.org/r/540220

Maintenance_bot removed a project: Patch-For-Review.Oct 23 2019, 10:10 PM
ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.4; 2019-10-29).Oct 24 2019, 5:00 AM
MaxSem moved this task from Needs Review/Feedback to QA on the Community-Tech (Kanban-Q2-2019-20) board.Oct 28 2019, 5:06 PM
dom_walden added a subscriber: dom_walden.EditedOct 29 2019, 12:03 PM

The password reset email now looks like (on Gmail's web client):

pw_email.png (465×1 px, 46 KB)

@MaxSem Can we limit the width of the new paragraph, so it is consistent with the rest of the email?

MaxSem removed MaxSem as the assignee of this task.Nov 22 2019, 11:27 PM
gerritbot added a comment.Nov 26 2019, 7:30 AM

Change 552966 had a related patch set uploaded (by Ammarpad; owner: Ammarpad):
[mediawiki/core@master] Add linefeed in password reset message

https://gerrit.wikimedia.org/r/552966

gerritbot added a project: Patch-For-Review.Nov 26 2019, 7:30 AM
gerritbot added a comment.Nov 27 2019, 12:45 AM

Change 552966 merged by jenkins-bot:
[mediawiki/core@master] Add linefeed in password reset message

https://gerrit.wikimedia.org/r/552966

ReleaseTaggerBot edited projects, added MW-1.35-notes (1.35.0-wmf.10; 2019-12-10); removed MW-1.35-notes (1.35.0-wmf.4; 2019-10-29).Nov 27 2019, 1:00 AM
Maintenance_bot removed a project: Patch-For-Review.Nov 27 2019, 1:10 AM
Ammarpad added a subscriber: Ammarpad.Nov 27 2019, 8:24 AM

@dom_walden, updated to this

Screen Shot 2019-11-27 at 9.20.54 AM.png (489×904 px, 113 KB)

dom_walden moved this task from QA to Product sign-off on the Community-Tech (Kanban-Q2-2019-20) board.EditedNov 28 2019, 8:01 AM
In T233969#5696170, @Ammarpad wrote:

@dom_walden, updated to this

Screen Shot 2019-11-27 at 9.20.54 AM.png (489×904 px, 113 KB)

Thanks!

I think the acceptance criteria have been met. Bear in mind that, because the emails are plain text (I do not think we support HTML), the "Email Options" text is not a link.

I have not looked at the width of the paragraph in other languages. Presumably the translations would potentially need to add linefeeds as well.

Moving to Product Sign-Off.

ifried edited projects, added Community-Tech (Kanban-Q3-2019-20); removed Community-Tech (Kanban-Q2-2019-20).Jan 7 2020, 6:52 PM
ifried moved this task from Ready to Product sign-off on the Community-Tech (Kanban-Q3-2019-20) board.
ifried moved this task from Product sign-off to In Development on the Community-Tech (Kanban-Q3-2019-20) board.Jan 15 2020, 6:07 PM
ifried added a subscriber: Mooeypoo.

I'm unable to see the behavior change when I tested on https://test.wikipedia.org/. Can someone look into this? Thanks! Tagging @Mooeypoo

MaxSem removed a subscriber: MaxSem.Jan 15 2020, 6:20 PM
HMonroy claimed this task.Jan 15 2020, 7:36 PM
HMonroy added a comment.Jan 15 2020, 10:32 PM
In T233969#5806411, @ifried wrote:

I'm unable to see the behavior change when I tested on https://test.wikipedia.org/. Can someone look into this? Thanks! Tagging @Mooeypoo

It works for me. The text only shows up when the feature flag is turned on and the PRU setting is not checked in your user profile. If the feature flag is on and the PRU preference is not checked then the last paragraph (""However, if you did not generate this request and want...") will be appended to the email's body.

@ifried is the PRU setting unchecked in your user profile?

ifried moved this task from In Development to Product sign-off on the Community-Tech (Kanban-Q3-2019-20) board.Jan 16 2020, 11:34 PM

I have tested this, and the message appears (see screenshot from email sent from testwiki) when the user has not yet turned on PRU in Preferences. This behavior is fine, so I'll mark this work as Done.

Screen Shot 2020-01-16 at 6.32.56 PM.png (131×529 px, 29 KB)

ifried closed this task as Resolved.Jan 16 2020, 11:34 PM
ifried moved this task from Product sign-off to Done on the Community-Tech (Kanban-Q3-2019-20) board.
Reedy mentioned this in T270734: Link to preferences in password reset emails do not include URL protocol.Dec 23 2020, 3:24 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL