Disable user accounts which have no authentication provider
Closed, InvalidPublicFeature
Actions

Assigned To

None

Authored By

	Aklapper
	May 24 2021, 8:15 AM

Description

It seems possible for a user to strip all their account auth providers under https://phabricator.wikimedia.org/settings/panel/external/ so they could not log in anymore (in my understanding).

The task UI does not show any hints about this (in contrast to e.g. deactivated user accounts), so I just replied to someone who will likely never see my comment in that task in https://phabricator.wikimedia.org/T283199#7106617

(And so far I fail to write a proper SQL query for this. SELECT u.userName FROM phabricator_user.user u WHERE u.phid NOT IN (SELECT uea.userPHID FROM phabricator_user.user_externalaccount uea; does not do what I'd expect.)

Related Objects

Mentioned Here: T283199: Increased or decreased font size displayed in Watchlist and Categories section

Event Timeline

Aklapper created this task.May 24 2021, 8:15 AM

Aklapper changed the subtype of this task from "Task" to "Feature Request".

Aklapper triaged this task as Low priority.May 24 2021, 9:02 AM

Aklapper edited projects, added Phabricator (Upstream), Upstream; removed Phabricator.

Close as invalid: even if you removed SUL and LDAP account from Phabricator account, you can still log in via e-mail address ("If you lose access to your account, you can recover access by sending yourself an email login link from the login screen.") It is not possible to remove e-mail address from an account. I have reproduced above using a test account (@Test_20210610).

Huh! Now that is interesting, hadn't thought about that. Thanks (also for the testing)! :)

Disable user accounts which have no authentication providerClosed, InvalidPublicFeatureActions

Description

Related Objects

Event Timeline

Disable user accounts which have no authentication provider
Closed, InvalidPublicFeature
Actions