Page MenuHomePhabricator
Create Task
Maniphest T349336

BotPasswords + Toolforge combination causing daily "login from new device" warning emails
Closed, DuplicatePublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

  • create an account (e.g. NovemBot)
  • create a bot password (e.g. NovemBot@Task_1)
  • set up a bot on Toolforge to use the bot password
  • set up a cron job to run the bot every half hour

What happens?:

  • 3 notifications emails per day with the subject line "Login to Wikipedia as NovemBot from a device you have not recently used"

What should have happened instead?:

  • no notification emails

Software version (skip for WMF-hosted wikis like Wikipedia):

Other information (browser name/version, screenshots, etc.):

  • Even if working as designed, suggest fixing to reduce spam and banner blindness.
  • Possible change to loginnotify code recently that might have caused this?
  • Two of my bots use the same BotPassword. A third bot has its own BotPassword.
  • The timestamps in the emails suggest that these are just bots following their normal cron jobs, and not unauthorized users. 05, 22, and 52 are times specified in my cronjob .yaml files.

image.png (447×410 px, 17 KB)

image.png (662×1 px, 47 KB)

Related Objects

Event Timeline

Novem_Linguae created this task.Oct 19 2023, 6:04 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptOct 19 2023, 6:04 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Novem_Linguae updated the task description. (Show Details)Oct 19 2023, 6:06 PM
Novem_Linguae updated the task description. (Show Details)Oct 19 2023, 6:08 PM
Novem_Linguae updated the task description. (Show Details)Oct 19 2023, 6:13 PM
ClydeFranklin subscribed.Oct 19 2023, 6:13 PM
Ammarpad added a project: MediaWiki-extensions-LoginNotify.Oct 19 2023, 7:04 PM
Restricted Application added a project: Community-Tech. · View Herald TranscriptOct 19 2023, 7:04 PM
MusikAnimal subscribed.Oct 19 2023, 7:42 PM

Possible change to loginnotify code recently that might have caused this?

That would probably be fixing LoginNotify: T344785: LoginNotify fully broken since January 2023

This is a duplicate of the long-standing T182867. I'm going to merge, but here's some things you can do now that will help:

  • Disable the emails in your preferences ("Login from an unfamiliar device")
  • Use cookies to prevent your bot from having to login on every run
  • Switch to OAuth2
MusikAnimal closed this task as a duplicate of T182867: BotPasswords + Toolforge combination causing daily "login from new device" warning emails.Oct 19 2023, 7:42 PM
MusikAnimal mentioned this in T182867: BotPasswords + Toolforge combination causing daily "login from new device" warning emails.Oct 19 2023, 7:47 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits