Page MenuHomePhabricator
Create Task
Maniphest T331579

Email defaults for Temporary account should match those for anon users
Closed, ResolvedPublic
Actions

Assigned To
Tchanders
Authored By
Niharika
Mar 8 2023, 11:28 PM
Tags
Referenced Files
F37112889: T331579_IPMasking_SpecialConfirmEmail_TempOK.png
Jun 22 2023, 5:00 PM
F37111424: T331579_IPMasking_SpecialConfirmEmail_Temp2.png
Jun 21 2023, 7:20 PM
F37111422: T331579_IPMasking_SpecialConfirmEmail_Temp1.png
Jun 21 2023, 7:20 PM
F37111420: T331579_IPMasking_SpecialConfirmEmail_Anon.png
Jun 21 2023, 7:20 PM
Subscribers
Aklapper
ARamirez_WMF
โ€ข drochford
GMikesell-WMF
โ€ข JayCano
โ€ข MusikAnimal
Niharika
View All 10 Subscribers

Description

Motivation

For IP Masking MVP we want to keep the experience for temporary users as consistent as possible with the current experience of unregistered editors (with the exception of Notifications). This is so that we don't introduce too many major changes all at once. In the post-IP Masking MVP future these changes can be re-evaluated.

Spec
  • Email defaults/limits for temporary accounts should be the same as those for anon users currently.
Notes

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Update email for temporary usersmediawiki/coremaster+12 -5
Customize query in gerrit

Related Objects
Search...

Event Timeline

Niharika created this task.Mar 8 2023, 11:28 PM
Tchanders added a parent task: T331637: Update features in MediaWiki core for IP Masking.Mar 9 2023, 3:34 PM
Tchanders removed a parent task: T326816: [Epic] Update features for temporary accounts.
Tchanders mentioned this in T326759: Investigate: Which WMF deployed code might be affected by IP Masking?.Mar 14 2023, 5:31 PM
Tchanders edited projects, added Anti-Harassment-Team (AHaT Sprint 30: Avanton Gold Cone); removed Anti-Harassment-Team.May 8 2023, 1:20 PM
Tchanders claimed this task.May 8 2023, 6:35 PM
gerritbot added a comment.May 24 2023, 6:02 PM

Change 922919 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/core@master] WIP Disable email for temporary users

https://gerrit.wikimedia.org/r/922919

gerritbot added a project: Patch-For-Review.May 24 2023, 6:02 PM
Tchanders moved this task from Ready ๐ŸŽฌ (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress ๐Ÿ’ช on the Anti-Harassment-Team (AHaT Sprint 30: Avanton Gold Cone) board.May 24 2023, 6:03 PM
ARamirez_WMF edited projects, added Anti-Harassment-Team (AHaT Sprint 31 - The Fez); removed Anti-Harassment-Team (AHaT Sprint 30: Avanton Gold Cone).Jun 6 2023, 5:14 PM
ARamirez_WMF moved this task from Ready ๐ŸŽฌ (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress ๐Ÿ’ช on the Anti-Harassment-Team (AHaT Sprint 31 - The Fez) board.
Tchanders added a comment.Jun 7 2023, 2:30 PM

Email credentials are saved in the user table, so in theory a temporary user can be given email. However, as per the task description we're disabling this for the MVP.

Classes related to email that were flagged up by the code search:

ClassChange needed?Notes
maintenance/deleteUserEmail.phpNoWould currently work on a temporary user, but would only populate the table with the correct defaults, so no change needed
maintenance/resetUserEmail.phpNoThrows error if user has no valid email, so will throw an error for a temp user
includes/mail/EmailNotification.phpYesNotifications about messages to/from a temporary user need some customisations
includes/specials/SpecialConfirmEmail.phpYesCurrently prompts temporary users to set an email address in their preferences; however clicking through to preferences prompts them to log in (since preferences aren't available to temporary users). Should send a temporary user straight to the login page, as it does for IP users.
includes/specials/SpecialEmailInvalidate.phpNoAs with the maintenance script there doesn't seem to be any harm in leaving this here
includes/specials/SpecialChangeEmail.phpNoAlready requires a named user, meaning that it prompts temporary users to log in
includes/specials/SpecialEmailUser.phpNoThis already behaves the same for any user with no email, whether anon, temporary or named but with no email address
Tchanders added a comment.Jun 7 2023, 4:20 PM

I also looked into these public methods:

  • User::setEmail
  • User::setEmailWithConfirmation
  • User::sendConfirmationMail
  • User::sendMail
  • User::confirmEmail
  • User::invalidateEmail
  • User::setEmailAuthenticationTimestamp
  • User::canSendEmail
  • User::canReceiveEmail
  • User::isEmailConfirmed
  • User::isEmailConfirmationPending
  • EmailUser::validateTarget
  • EmailUser::getPermissionsError

Most of these work fine for temporary users, and just treat them as a user with no email.

Setters

However it is possible to save email attributes on a temporary user by calling the setters (setEmail, setEmailWithConfirmation, setEmailAuthenticationTimestamp), then User::saveSettings. After this, all the other methods treat them as regular named users with email.

These setters shouldn't be called on users that can't have email. I confirmed that core isn't doing this, but I didn't go through every extension. We could act defensively and throw errors/return early for temp users from these setters, but it shouldn't be possible for a temporary user to reach a workflow that allows them to set an email since they can't fill in a registration form or access Special:Preferences or ApiOptions. So I think we can leave this as is.

Tchanders moved this task from In Progress ๐Ÿ’ช to Code Review ๐Ÿ” on the Anti-Harassment-Team (AHaT Sprint 31 - The Fez) board.Jun 7 2023, 4:22 PM
gerritbot added a comment.Jun 13 2023, 9:28 PM

Change 922919 merged by jenkins-bot:

[mediawiki/core@master] Update email for temporary users

https://gerrit.wikimedia.org/r/922919

Maintenance_bot removed a project: Patch-For-Review.Jun 13 2023, 9:30 PM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.15; 2023-06-27).Jun 13 2023, 10:00 PM
โ€ข AGueyte moved this task from Code Review ๐Ÿ” to QA/Testing ๐Ÿž on the Anti-Harassment-Team (AHaT Sprint 31 - The Fez) board.Jun 19 2023, 2:33 PM
Niharika edited projects, added Anti-Harassment-Team (AHaT Sprint 32 - Baseball Cap); removed Anti-Harassment-Team (AHaT Sprint 31 - The Fez).Jun 20 2023, 6:04 PM
Niharika moved this task from Ready ๐ŸŽฌ (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to QA/Testing ๐Ÿž on the Anti-Harassment-Team (AHaT Sprint 32 - Baseball Cap) board.Jun 20 2023, 6:05 PM
Tchanders added a subscriber: GMikesell-WMF.Jun 21 2023, 4:55 PM

Testing notes

The only one that needs testing here is Special:ConfirmEmail - just check that you get the same login redirect when accessing the page as a temporary user as you do when accessing as an anon.

Thanks @GMikesell-WMF

GMikesell-WMF added a comment.Jun 21 2023, 7:20 PM

@Tchanders For anonymous, it redirected me to the login screen but as a temp user, it went to you do not have a valid email address as seen in the screenshots below.

Anonymous

T331579_IPMasking_SpecialConfirmEmail_Anon.png (877ร—3 px, 247 KB)

Temp User

T331579_IPMasking_SpecialConfirmEmail_Temp1.png (733ร—3 px, 236 KB)

T331579_IPMasking_SpecialConfirmEmail_Temp2.png (502ร—3 px, 157 KB)

Tchanders added a comment.Jun 22 2023, 2:07 PM

@GMikesell-WMF Hmm, I'm not quite sure what's going on here - I just tried it again locally (downloaded the latest master branch) and was redirected to login when I tried to access the page as a temp user. What's the commit hash of the latest commit if you do git log in core? And what's the exact URL you visited?

GMikesell-WMF added a comment.Jun 22 2023, 5:00 PM

@Tchanders Thanks, the npm i was the issue. After, that I was able to get core back up to date again. As seen in the screenshot below, temp user is now the same as anonymous. I will move this to Done now. Thanks again!

Browsers: Chrome 114, FireFox 114, Safari 16.5
Skins: Vector, Timeless, Monobook

T331579_IPMasking_SpecialConfirmEmail_TempOK.png (500ร—3 px, 166 KB)

GMikesell-WMF moved this task from QA/Testing ๐Ÿž to Done Q1 2023-2024 on the Anti-Harassment-Team (AHaT Sprint 32 - Baseball Cap) board.Jun 22 2023, 5:01 PM
Tchanders closed this task as Resolved.Aug 14 2023, 10:32 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. ยท Wikimedia Foundation ยท Privacy Policy ยท Code of Conduct ยท Terms of Use ยท Disclaimer ยท CC-BY-SA ยท GPL ยท Credits