Page MenuHomePhabricator
Create Task
Maniphest T339276

Remove email field, and rely on user having a verified email address
Closed, ResolvedPublic
Actions

Assigned To
kostajh
Authored By
JKieserman
Jun 15 2023, 5:52 PM
Tags
Referenced Files
F39779592: image.png
Oct 25 2023, 5:32 AM
F40000463: image.png
Oct 25 2023, 5:32 AM
F40000455: image.png
Oct 25 2023, 5:32 AM
F40000472: image.png
Oct 25 2023, 5:32 AM
F38816647: image.png
Oct 19 2023, 12:44 PM
F37997847: IRS (Email ID missing).png
Oct 6 2023, 11:53 AM
F37917915: Screenshot 2023-10-02 at 14.18.03.png
Oct 2 2023, 12:20 PM
F37917068: Screenshot 2023-10-02 at 09.11.31.png
Oct 2 2023, 7:12 AM
View All 16 Files
Subscribers
Aklapper
Djackson-ctr
Dreamy_Jazz
JSengupta-WMF
kostajh
Madalina
Tchanders

Description

User Stories:

  • As a user I need to be able to securely share my email address with the responder so that they can follow-up with me privately.
  • As a responder I need to be able to contact the reporting user privately so that I can follow-up on their report.

Acceptance criteria:

  • For convenience, email contains a link to contact reporting user via the Special:EmailUser
  • There is no email field in the form

Steps to verify

  1. Use MediaWiki-Docker
  2. Follow steps on https://www.mediawiki.org/wiki/MediaWiki-Docker/Configuration_recipes/Mail_handling to setup a mail server
  3. Rebuild the docker containers to apply the changes to the docker override file (docker compose down and then docker compose up -d)
  4. Install the ReportIncident extension
  5. Add the following to your LocalSettings.php:
$wgReportIncidentRecipientEmails = [ 'test@test.com' ];
$wgReportIncidentEmailFromAddress = 'test@localhost';
  1. Go to a user talk page
  2. Click on the "Report" button
  3. Click through the first window of the report form

Expected behaviour for the second acceptance criteria: There should be no email field in the form

  1. Fill out the form with test data
  2. Submit the form
  3. Load http://localhost:8025/

Expected behaviour for the first acceptance criteria: The latest email in that inbox should have a link to Special:EmailUser at the bottom of the email body.

Details

SubjectRepoBranchLines +/-
Add jest tests for EmailAlertDialog.vuemediawiki/extensions/ReportIncidentmaster+51 -2
form: Show dialog to visit Special:ChangeEmailmediawiki/extensions/ReportIncidentmaster+307 -23
emailer: Provide a link to Special:EmailUser/{user}mediawiki/extensions/ReportIncidentmaster+9 -4
form: Remove email fieldmediawiki/extensions/ReportIncidentmaster+1 -34
Customize query in gerrit

Related Objects
Search...

Event Timeline

JKieserman created this task.Jun 15 2023, 5:52 PM
kostajh added subscribers: JSengupta-WMF, Madalina, kostajh.EditedSep 5 2023, 4:56 PM

@Madalina @JSengupta-WMF

In MediaWiki, we have three email states for user accounts:

  • no email: We do not require an email address from users in order to create accounts
  • unverified: For users who set an email address, we send them a link asking them to verify their email address
  • verified: If a user clicks the link we've sent to their inbox, the user has a verified email

Users can set their email address upon account creation or later on, in Special:Preferences, which directs the user to Special:ChangeEmail.

One security / abuse scenario with allowing a user to specify an arbitrary email address in this form: a malicious user could submit a bogus harassment report using an email address of the target of their harassment. This would have two consequences:

  • the response team would follow up with the person being harassed, causing them more stress and wasting the response team's time
  • if we send a copy of the report to the email address when the user submits the form ("Send me a copy", fairly standard practice) then the target of the harassment would get spammed

For this reason, I'd propose we make use of MediaWiki's built-in functionality for using the email address associated with the user account that is filing the report. If we do that, there are some questions:

  • Should we require that users have a verified email address?
    • What is the UX for users who want to file a report but haven't verified their email address yet?
  • What is the UX for users who want to file a report but haven't supplied any email address for their account?

It would be possible to provide a link to the user in the incident report form that would take them to Special:ChangeEmail with a returnTo query parameter that would bring them back to the page they are on, and we can add some more query parameters to the URL so that we can open up the form and allow them to continue where they left off. I don't think we would be able to (or necessarily want to) set the returnTo query parameter in the email verification link.

JSengupta-WMF added a comment.Sep 6 2023, 6:32 AM

@kostajh can we leverage any of the existing user flow from mediawiki that prompts user to provide an email and verify it if it's missing? Say when someone becomes an admin or requests for admin rights? I am not sure under what all circumstances providing an email address is mandatory.

kostajh added a comment.Sep 6 2023, 8:52 AM
In T339276#9144895, @JSengupta-WMF wrote:

@kostajh can we leverage any of the existing user flow from mediawiki that prompts user to provide an email and verify it if it's missing? Say when someone becomes an admin or requests for admin rights?

As far as I know, we have very few places outside of the "User profile" tab of Special:Preferences where we prompt the user to think about their email address. Looking at this codesearch, we have:

  1. The notifications tab, which provides a link to change or remove an email address. (Note that this doesn't inform the user if their email address is unverified, so the user could change the email address, but until they've verified it, they wouldn't see any email arrive there)

image.png (748×1 px, 98 KB)

  1. GrowthExperiements Special:Homepage feature
No email
image.png (748×1 px, 87 KB)
Unverified
image.png (748×1 px, 91 KB)
Verified
image.png (748×1 px, 91 KB)
  1. GrowthExperiments Help panel feature, after posting a question to a mentor's talk page:
No email
image.png (1×740 px, 106 KB)
Unverified
image.png (1×740 px, 112 KB)
Verified
image.png (1×740 px, 101 KB)

I am not sure under what all circumstances providing an email address is mandatory.

AFAIK, MediaWiki will not send emails unless the user has a confirmed email address. If you change your email address, you'll see this message:

A confirmation email has been sent to the specified email address. Before any other email is sent to the account, you will have to follow the instructions in the email, to confirm that the account is actually yours.

kostajh mentioned this in T338818: Implement rules for form validation.Sep 6 2023, 10:02 AM
Madalina added a comment.Sep 21 2023, 10:42 AM

We discussed this in our BXT meeting on Sept 20 and agreed on the following:

  • We will eliminate the email field from the form
  • In the case of reporting users with a verified email address: The report received by the responder will include a link to Special:EmailUser so that they can follow-up privately with the reporting user.
  • Design will create flows for setting and verifying an email address for reporting users who haven’t provided them
kostajh claimed this task.Sep 21 2023, 6:39 PM
gerritbot added a comment.Sep 21 2023, 6:45 PM

Change 959840 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/ReportIncident@master] form: Remove email field

https://gerrit.wikimedia.org/r/959840

gerritbot added a project: Patch-For-Review.Sep 21 2023, 6:45 PM
gerritbot added a comment.Sep 21 2023, 7:35 PM

Change 959851 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/ReportIncident@master] emailer: Provide a link to Special:EmailUser/{user}

https://gerrit.wikimedia.org/r/959851

gerritbot added a comment.Sep 21 2023, 8:49 PM

Change 959840 merged by jenkins-bot:

[mediawiki/extensions/ReportIncident@master] form: Remove email field

https://gerrit.wikimedia.org/r/959840

kostajh mentioned this in rEREI7c4a70f5d965: form: Remove email field.Sep 21 2023, 8:49 PM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.28; 2023-09-26).Sep 21 2023, 9:00 PM
Madalina removed kostajh as the assignee of this task.Sep 22 2023, 6:19 AM
Madalina updated the task description. (Show Details)
kostajh renamed this task from Prepopulate user's email when filing a report to Remove email field, and rely on user having a verified email address.Sep 22 2023, 6:38 AM
kostajh updated the task description. (Show Details)
In T339276#9186463, @Madalina wrote:
  • Design will create flows for setting and verifying an email address for reporting users who haven’t provided them

@JSengupta-WMF when designs for this are ready, I would propose we create it as a new task, to keep this task more narrowly focused.

kostajh claimed this task.Sep 22 2023, 8:38 AM
kostajh updated the task description. (Show Details)Sep 22 2023, 10:40 AM
kostajh removed a subscriber: JKieserman.
gerritbot added a comment.Sep 22 2023, 10:45 AM

Change 959851 merged by jenkins-bot:

[mediawiki/extensions/ReportIncident@master] emailer: Provide a link to Special:EmailUser/{user}

https://gerrit.wikimedia.org/r/959851

kostajh mentioned this in rEREI775bd57df3b2: emailer: Provide a link to Special:EmailUser/{user}.Sep 22 2023, 10:45 AM
Maintenance_bot removed a project: Patch-For-Review.Sep 22 2023, 11:10 AM
Dreamy_Jazz updated the task description. (Show Details)Sep 22 2023, 1:47 PM
Dreamy_Jazz edited projects, added Trust and Safety Tools Team Backlog (Kanban); removed Trust and Safety Tools Team Backlog.Sep 22 2023, 1:52 PM
Dreamy_Jazz moved this task from 🎬 Ready to 🐛 QA on the Trust and Safety Tools Team Backlog (Kanban) board.
PatchDemoBot added a comment.Sep 22 2023, 11:10 PM

Test wiki created on Patch demo by DJacksonA using patch(es) linked to this task:
https://patchdemo.wmflabs.org/wikis/3a25c09a67/w

Djackson-ctr subscribed.EditedSep 25 2023, 2:52 PM

I will need to put this ticket into the Hold / Blocked column until the email group is created...
For more information see comments regarding the creation of an email group for incident-report-system-beta (ticket https://phabricator.wikimedia.org/T339275)

Djackson-ctr moved this task from 🐛 QA to ⌛ On Hold / Blocked on the Trust and Safety Tools Team Backlog (Kanban) board.Sep 25 2023, 2:54 PM
Madalina added a comment.Sep 29 2023, 12:43 PM

Email group has been created, we're now using: incident-report-system-beta@wikimedia.org

JSengupta-WMF added a comment.EditedOct 2 2023, 7:10 AM

Here is the generic message when user has a missing or unverified email address

Screenshot 2023-10-02 at 14.18.03.png (1×572 px, 130 KB)

Title: Please update your email address

Message: We need your verified email address to provide update on the report or follow up if necessary. Please add or verify your email address from your user account settings before filing a report.

kostajh added a comment.Oct 2 2023, 8:20 AM
In T339276#9214299, @JSengupta-WMF wrote:

Here is the generic message when user has a missing or unverified email address

Screenshot 2023-10-02 at 09.11.31.png (1×556 px, 128 KB)

@JSengupta-WMF it doesn't look like the file is attached, could you please try that again?

JSengupta-WMF attached a referenced file: F37917068: Screenshot 2023-10-02 at 09.11.31.png. (Show Details)Oct 2 2023, 10:37 AM
JSengupta-WMF attached a referenced file: F37917915: Screenshot 2023-10-02 at 14.18.03.png. (Show Details)Oct 2 2023, 12:21 PM
kostajh added a comment.Oct 6 2023, 11:27 AM
In T339276#9214415, @kostajh wrote:
In T339276#9214299, @JSengupta-WMF wrote:

Here is the generic message when user has a missing or unverified email address

Screenshot 2023-10-02 at 09.11.31.png (1×556 px, 128 KB)

@JSengupta-WMF it doesn't look like the file is attached, could you please try that again?

@JSengupta-WMF @Madalina Could "Please update your email address" be misinterpreted by the user (e.g. "Does the form want me to set a different email address?")? I would suggest something like "Verified email address required" as the title.

JSengupta-WMF added a comment.Oct 6 2023, 11:53 AM

Makes sense. Here is the updated UI

IRS (Email ID missing).png (812×375 px, 57 KB)

gerritbot added a comment.Oct 6 2023, 12:31 PM

Change 964002 had a related patch set uploaded (by Kosta Harlan; author: Kosta Harlan):

[mediawiki/extensions/ReportIncident@master] [WIP] form: Show dialog to visit Special:ChangeEmail

https://gerrit.wikimedia.org/r/964002

gerritbot added a project: Patch-For-Review.Oct 6 2023, 12:31 PM
kostajh added a subscriber: Tchanders.Oct 19 2023, 12:44 PM

@JSengupta-WMF @Madalina this was flagged by @Tchanders in review of the patch above: should we allow users who have unchecked the box for "Allow other users to email me" to submit the form?

image.png (520×884 px, 74 KB)

If we allow users who have unchecked this box to submit an incident report, it means the admin will have the report, and a link to Special:Emailuser/{user who submitted report}, but would be unable to contact the user for follow-up.

On enwiki, there are 664,760 users with disablemail set, out of 46,331,541 accounts, or 1.43% of accounts.

kostajh added a comment.Oct 19 2023, 12:45 PM
In T339276#9264694, @kostajh wrote:

@JSengupta-WMF @Madalina this was flagged by @Tchanders in review of the patch above: should we allow users who have unchecked the box for "Allow other users to email me" to submit the form?

image.png (520×884 px, 74 KB)

If we allow users who have unchecked this box to submit an incident report, it means the admin will have the report, and a link to Special:Emailuser/{user who submitted report}, but would be unable to contact the user for follow-up.

On enwiki, there are 664,760 users with disablemail set, out of 46,331,541 accounts, or 1.43% of accounts.

Some options:

  • Warn the user that they have disablemail set, and ask them to change it, before or after they submit the incident report
  • Don't allow users to submit a report with disablemail set, and explain to the user why
Dreamy_Jazz subscribed.Oct 19 2023, 12:56 PM
In T339276#9264698, @kostajh wrote:
In T339276#9264694, @kostajh wrote:

@JSengupta-WMF @Madalina this was flagged by @Tchanders in review of the patch above: should we allow users who have unchecked the box for "Allow other users to email me" to submit the form?

image.png (520×884 px, 74 KB)

If we allow users who have unchecked this box to submit an incident report, it means the admin will have the report, and a link to Special:Emailuser/{user who submitted report}, but would be unable to contact the user for follow-up.

On enwiki, there are 664,760 users with disablemail set, out of 46,331,541 accounts, or 1.43% of accounts.

Some options:

  • Warn the user that they have disablemail set, and ask them to change it, before or after they submit the incident report
  • Don't allow users to submit a report with disablemail set, and explain to the user why

Another option (already done by Special:EmailUser):

  • Warn the user that their email address would be shared with the administrators and include the email address as the "reply-to".
Dreamy_Jazz added a comment.EditedOct 19 2023, 2:12 PM

To expand on my idea, the English Wikipedia uses Special:EmailUser for private reports to the oversighters. An example scenario:

  1. A user finds content they want to report for suppression on the English Wikipedia
  2. This needs to be sent privately
  3. The user loads https://en.wikipedia.org/wiki/Special:EmailUser/Oversight, which is linked to from https://en.wikipedia.org/wiki/Wikipedia:Oversight
  4. They send an email and their email is added to the "Reply-to" such that the oversighter can email the user who sent the report.
  5. The oversighter dealing with the report addresses the report and sends back an email confirming what action was taken.

The Incident-Reporting-System could follow this in a similar way and allow the administrators dealing with the request to email the user who reported the abuse directly without needing to use on-wiki methods or Special:EmailUser. However, a user reporting abuse by an administrator or someone they believe to be an administrator (new users often mistake non-admins who are regular users as administrators) may not feel comfortable sending the report as the user who they are reporting may then get their email address (or at least seems like they would).

gerritbot added a comment.Oct 19 2023, 2:43 PM

Change 964002 merged by jenkins-bot:

[mediawiki/extensions/ReportIncident@master] form: Show dialog to visit Special:ChangeEmail

https://gerrit.wikimedia.org/r/964002

kostajh mentioned this in rEREI404454b38e8c: form: Show dialog to visit Special:ChangeEmail.Oct 19 2023, 2:44 PM
ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.2; 2023-10-24).Oct 19 2023, 3:00 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 19 2023, 3:10 PM
gerritbot added a comment.Oct 19 2023, 3:38 PM

Change 967237 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/ReportIncident@master] Add jest tests for EmailAlertDialog.vue

https://gerrit.wikimedia.org/r/967237

gerritbot added a project: Patch-For-Review.Oct 19 2023, 3:38 PM
gerritbot added a comment.Oct 19 2023, 8:33 PM

Change 967237 merged by jenkins-bot:

[mediawiki/extensions/ReportIncident@master] Add jest tests for EmailAlertDialog.vue

https://gerrit.wikimedia.org/r/967237

Dreamy_Jazz mentioned this in rEREIe66e30460ca5: Add jest tests for EmailAlertDialog.vue.Oct 19 2023, 8:33 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 19 2023, 9:10 PM
Dreamy_Jazz moved this task from ⌛ On Hold / Blocked to 🐛 QA on the Trust and Safety Tools Team Backlog (Kanban) board.EditedOct 23 2023, 11:04 PM

Suggested QA steps specific to Patch Demo (let me know if you would like steps specific to wikis other than patch demo wikis):

  1. Create a Patch Demo wiki with the Inbox and ReportIncident extension installed
  2. Log into an account
  3. Go to Special:Preferences#mw-prefsection-personal-email
  4. Click Change or remove email address
  5. Re-login to verify your identity if prompted to do so
  6. Use the form to change the email address for the Patch Demo account to a@example.com
  7. Open a user talk page
  8. Create the user talk page if it does not exist
  9. Click on Report in the Tools menu
  10. Verification step 1: A dialog should appear asking you to confirm your email address
  11. Load Special:Inbox
  12. Click on the email with the subject similar to Patch demo ... email address confirmation
  13. Find link with that includes the text Special:ConfirmEmail and copy the entire URL
  14. Paste the URL in a new tab
  15. Open the user talk page again
  16. Click on Report in the Tools menu
  17. Verification step 2: Verify that the step 1 of the dialog is shown (and not the dialog asking you to confirm your email address).
  18. Navigate to step 2 (the form step)
  19. Verification step 3: Verify that there is no email field in the form
  20. Fill in the form with valid data
  21. Submit the form
  22. Load Special:Inbox
  23. Click on the email from b@example.com (by clicking the link on the subject text)
  24. Verification step 4: The body of the email contains a link to Special:EmailUser for the user who submitted the form (for example Special:EmailUser/Account where Account is replaced with the username of the account you are using with spaces replaced with underscores (_)).
PatchDemoBot added a comment.Oct 24 2023, 1:42 AM

Test wiki created on Patch demo by DJacksonA using patch(es) linked to this task:
https://patchdemo.wmflabs.org/wikis/c45087b29b/w

Djackson-ctr added a comment.Oct 25 2023, 5:32 AM

I have verified the following items have been implemented, and are displaying and functioning as expected at url https://patchdemo.wmflabs.org/wikis/c45087b29b/wiki/User_talk:Bob#Topic_Header_for_Report_Incident_for_English_Beta_Wiki
Good Work as always @Dreamy_Jazz, and thank you for the QA Steps!!!!

  • No email text field is displayed on page 2 of the Incident Report

image.png (936×1 px, 380 KB)

image.png (905×476 px, 293 KB)

image.png (927×667 px, 175 KB)

  • A link to Special:EmailUser at the bottom of the email body is displaying

image.png (195×864 px, 21 KB)

Djackson-ctr moved this task from 🐛 QA to 🤘 Done on the Trust and Safety Tools Team Backlog (Kanban) board.Oct 25 2023, 5:34 AM
Dreamy_Jazz closed this task as Resolved.Oct 25 2023, 1:13 PM
Dreamy_Jazz mentioned this in T348322: Set up anti abuse measures.Oct 27 2023, 3:42 PM
PatchDemoBot added a comment.Oct 27 2023, 11:54 PM

Test wiki created on Patch demo by DJacksonA using patch(es) linked to this task:
https://patchdemo.wmflabs.org/wikis/716b4d9ced/w

PatchDemoBot added a comment.Oct 28 2023, 4:25 PM

Test wiki created on Patch demo by DJacksonA using patch(es) linked to this task:
https://patchdemo.wmflabs.org/wikis/c6508c125e/w

PatchDemoBot added a comment.Tue, Apr 23, 1:23 PM

Test wiki on Patch demo by DJacksonA using patch(es) linked to this task was deleted:

https://patchdemo.wmflabs.org/wikis/3a25c09a67/w/

PatchDemoBot added a comment.Tue, Apr 23, 3:51 PM

Test wiki on Patch demo by DJacksonA using patch(es) linked to this task was deleted:

https://patchdemo.wmflabs.org/wikis/c45087b29b/w/

PatchDemoBot added a comment.Tue, Apr 23, 4:29 PM

Test wiki on Patch demo by DJacksonA using patch(es) linked to this task was deleted:

https://patchdemo.wmflabs.org/wikis/716b4d9ced/w/

PatchDemoBot added a comment.Tue, Apr 23, 4:30 PM

Test wiki on Patch demo by DJacksonA using patch(es) linked to this task was deleted:

https://patchdemo.wmflabs.org/wikis/c6508c125e/w/

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL