Page MenuHomePhabricator
Create Task
Maniphest T249408

Show useragent data and username on new device login emails
Open, MediumPublic
Actions

Description

Right now you get the message:

Someone (probably you) recently logged in to your account from a new device. If this was you, then you can disregard this message. If it wasn't you, then it's recommended that you change your password, and check your account activity.

For me, I have bots that run off of 3 different servers (not including home testing). Because I have administrative tools on my bot, knowing if my bot is being accessed improperly is critical. Beyond this, most companies provide the data for recent logins to their accounts to the user. This should be no different for this email.

Please show:

  • Username (including the bot password username if appropriate)
  • The IP address the login came from See T174562 and T174388
  • The useragent of the login

Details

SubjectRepoBranchLines +/-
Add getter for EventPresentationModel::$distributionTypemediawiki/extensions/EchoREL1_31+9 -0
Add getter for EventPresentationModel::$distributionTypemediawiki/extensions/EchoREL1_34+9 -0
Add getter for EventPresentationModel::$distributionTypemediawiki/extensions/EchoREL1_33+9 -0
Add getter for EventPresentationModel::$distributionTypemediawiki/extensions/Echomaster+9 -0
Customize query in gerrit

Related Objects

Event Timeline

AmandaNP created this task.Apr 4 2020, 11:05 AM
Restricted Application added a project: Community-Tech. · View Herald TranscriptApr 4 2020, 11:05 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
AmandaNP added a parent task: T11838: Send notification to account owner on multiple unsuccessful login attempts.Apr 4 2020, 11:05 AM
RhinosF1 subscribed.Apr 4 2020, 11:22 AM
stwalkerster awarded a token.Apr 4 2020, 11:42 AM
stwalkerster subscribed.
Aklapper removed projects: Collaboration-Community-Engagement, User-notice-collaboration, User-notice, MediaWiki-Email, MediaWiki-User-login-and-signup, Community-Tech.Apr 4 2020, 12:06 PM
Aklapper removed a parent task: T11838: Send notification to account owner on multiple unsuccessful login attempts.
Reedy added a project: Privacy.Apr 4 2020, 1:38 PM
Reedy added a project: Privacy Engineering.
Amorymeltzer subscribed.Apr 4 2020, 1:56 PM

Largely duplicates T174562, which was spun off from T174388 (failed attempts). IP addresses appear to have been approved by Legal a few years ago, don't think user agent came up.

Reedy subscribed.Apr 4 2020, 2:08 PM

Bot username, if applicable (The "@whatever")

^ This one should be a no brainer; people use email addresses for multiple accounts

In T249408#6029208, @Amorymeltzer wrote:

Largely duplicates T174562, which was spun off from T174388 (failed attempts). IP addresses appear to have been approved by Legal a few years ago, don't think user agent came up.

As per these... Let's update the task to cover the other cases

Reedy renamed this task from Show IP, useragent data, and bot username on new device login emails to Show useragent data, and bot username on new device login emails.Apr 4 2020, 2:08 PM
Reedy updated the task description. (Show Details)
DannyS712 subscribed.Apr 4 2020, 2:35 PM
Reedy added a comment.Apr 5 2020, 6:46 PM

Bot username, if applicable (The "@whatever")

This is already in the subject, right? Just not in the body text?

Reedy added a project: Notifications.Apr 5 2020, 6:52 PM

I think the problem is the messages used for Notifications are re-used verbatim for email

	"notification-header-login-success": "Someone (probably {{GENDER:$1|you}}) recently logged in to your account from a new device. If this was you, then you can disregard this message. If it wasn't you, then it's recommended that you change your password, and check your account activity.",
	"notification-new-bundled-header-login-fail": "There {{PLURAL:$1|has been '''a failed attempt'''|have been '''$1 failed attempts'''}} to log in to your account from a new device since the last time you logged in. If it wasn't you, please make sure your account has a strong password.",
	"notification-known-header-login-fail": "There {{PLURAL:$1|has been '''a failed attempt'''|have been '''$1 failed attempts'''}} to log in to your account since the last time you logged in. If it wasn't you, please make sure your account has a strong password.",
	"notification-new-unbundled-header-login-fail": "There {{PLURAL:$1|has been '''a failed attempt'''|have been '''multiple failed attempts'''}} to log in to your account from a new device. Please make sure your account has a strong password."

So these work fine from the UI, but miss context from the email standpoint

Restricted Application added a project: Growth-Team. · View Herald TranscriptApr 5 2020, 6:52 PM
Reedy renamed this task from Show useragent data, and bot username on new device login emails to Show useragent data and bot username on new device login emails.Apr 5 2020, 6:53 PM
Reedy renamed this task from Show useragent data and bot username on new device login emails to Show useragent data and username on new device login emails.
Reedy moved this task from Backlog to External on the Notifications board.
Reedy updated the task description. (Show Details)
gerritbot added a comment.Apr 5 2020, 6:57 PM

Change 586127 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/extensions/Echo@master] Add getter for EventPresentationModel::$distributionType

https://gerrit.wikimedia.org/r/586127

gerritbot added a project: Patch-For-Review.Apr 5 2020, 6:57 PM
AmandaNP added a comment.Apr 6 2020, 2:38 AM
In T249408#6030438, @Reedy wrote:

Bot username, if applicable (The "@whatever")

This is already in the subject, right? Just not in the body text?

It is not if you are using a bot password login. It just lists the original username.

gerritbot added a comment.Apr 6 2020, 7:56 AM

Change 586127 merged by jenkins-bot:
[mediawiki/extensions/Echo@master] Add getter for EventPresentationModel::$distributionType

https://gerrit.wikimedia.org/r/586127

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.27; 2020-04-07).Apr 6 2020, 8:00 AM
Maintenance_bot removed a project: Patch-For-Review.Apr 6 2020, 8:10 AM
gerritbot added a comment.Apr 6 2020, 3:52 PM

Change 586381 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/extensions/Echo@REL1_34] Add getter for EventPresentationModel::$distributionType

https://gerrit.wikimedia.org/r/586381

gerritbot added a project: Patch-For-Review.Apr 6 2020, 3:52 PM

Change 586382 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/extensions/Echo@REL1_33] Add getter for EventPresentationModel::$distributionType

https://gerrit.wikimedia.org/r/586382

gerritbot added a comment.Apr 6 2020, 3:52 PM

Change 586383 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/extensions/Echo@REL1_31] Add getter for EventPresentationModel::$distributionType

https://gerrit.wikimedia.org/r/586383

JFishback_WMF triaged this task as Medium priority.Apr 6 2020, 3:52 PM
JFishback_WMF moved this task from Incoming to Backlog on the Privacy Engineering board.
Reedy updated the task description. (Show Details)Apr 6 2020, 3:53 PM
gerritbot added a comment.Apr 6 2020, 3:57 PM

Change 586382 merged by jenkins-bot:
[mediawiki/extensions/Echo@REL1_33] Add getter for EventPresentationModel::$distributionType

https://gerrit.wikimedia.org/r/586382

gerritbot added a comment.Apr 6 2020, 4:43 PM

Change 586381 merged by jenkins-bot:
[mediawiki/extensions/Echo@REL1_34] Add getter for EventPresentationModel::$distributionType

https://gerrit.wikimedia.org/r/586381

gerritbot added a comment.Apr 6 2020, 4:56 PM

Change 586383 merged by jenkins-bot:
[mediawiki/extensions/Echo@REL1_31] Add getter for EventPresentationModel::$distributionType

https://gerrit.wikimedia.org/r/586383

Maintenance_bot removed a project: Patch-For-Review.Apr 6 2020, 5:10 PM
taavi awarded a token.Jun 21 2020, 6:00 AM
taavi subscribed.
MBinder_WMF added a project: Growth-Team-Filtering.Apr 15 2021, 6:48 PM
Krinkle subscribed.Jan 11 2023, 9:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL