Page MenuHomePhabricator

Password Reset: Update Preference to Require both username & email address [medium]
Closed, ResolvedPublic

Description

Acceptance Criteria:

  • Require both username and email address to generate password reset email on Special:PasswordReset (if PRU is enabled)

As an example:

  • If only en email is provided in the PasswordReset form
  • If that email has 5 users
  • The process will go over each user (already happening) to send the email -- but will only actually send the email to users who have not enabled the PRU preference.

PRU = password reset update (the name of the project)

Event Timeline

ifried renamed this task from Password Reset: Update Preference to Require both username & email address to Password Reset: Update Preference to Require both username & email address [medium].Oct 1 2019, 11:54 PM
ifried moved this task from To Be Estimated/Discussed to Estimated on the Community-Tech board.

Change 544355 had a related patch set uploaded (by HMonroy; owner: HMonroy):
[mediawiki/core@master] Send reset password email to users with PRU off when only email provided

https://gerrit.wikimedia.org/r/544355

Change 544355 merged by jenkins-bot:
[mediawiki/core@master] Email only users with require username and email option off when only email given

https://gerrit.wikimedia.org/r/544355

dom_walden added a subscriber: dom_walden.

For 3 users who all have the same email.

Admin has PRU disabled.

Eve and Steve have PRU enabled.

CombinationAdminEveSteve
UsernameForm submitted; Email sentForm not submitted; Validation errorForm not submitted; Validation error
EmailForm submitted; Email sentForm submitted; Email not sentForm submitted; Email not sent
Username + EmailForm submitted; Email sentForm submitted; Email sentForm submitted; Email sent

Testing on my local vagrant environment.

On https://en.wikipedia.beta.wmflabs.org, I tested enabling the option in Global Preferences (in Special:GlobalPreferences).

I enabled PRU globally and the outcome was the same as for the Eve and Steve columns above.

I disabled PRU globally but set a local exception (in Special:Preferences) which enabled it, and again the outcome was the same.

ifried moved this task from Product sign-off to Done on the Community-Tech (Kanban-Q2-2019-20) board.

This looks good. I'm marking this work as Done.