Page MenuHomePhabricator

Accounts blocked on wikis with wgBlockDisablesLogin enabled should not continue to receive email notifications
Closed, ResolvedPublic

Description

Not sure if maybe Wikimedia/Site requests would be the appropiate place.

When an user account is blocked on a private wiki that has the 'wgBlockDisablesLogin' in the config, the blocked user should not continue to receive email notifications about pages changed on his watchlist. This is happening to me.

Blocked users on 'wgBlockDisablesLogin'-wikis won't be able to login and check the change made, and there's the posibility that private data may be leaked in the edit summary (data that the user is not suposed to access anymore).

Since blocking on those private wikis such as http://noc.wikimedia.org/conf/highlight.php?file=private.dblist (& I'm speaking for those that I know: CU and steward wikis) is not used as a way to prevent abuse, but as a tool to remove someone's access to the wiki, it makes sense IMHO to disable from blocked users the ability to continue to receive email notifications. I guess that that is the primary use of the tool in all of the other ones.

Thanks.


Version: 1.22.0
Severity: normal

Details

Reference
bz52453

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 1:46 AM
bzimport added a project: MediaWiki-Email.
bzimport set Reference to bz52453.
bzimport added a subscriber: Unknown Object (MLST).

We have the DisableAccount extension for this purpose, which according to https://noc.wikimedia.org/conf/highlight.php?file=InitialiseSettings.php is enabled on both stewardwiki and CUwiki.

Is that not sufficient?

Presumably not. That is tool that we use and seemingly this report is that they still receive notifications.

Deactivate an account (variation of Special:Block)

... deactivated MarcoAurelio (Talk | contribs) with an expiry time of infinite (account creation disabled) ...

(In reply to billinghurst from comment #2)

Presumably not. That is tool that we use and seemingly this report is that
they still receive notifications.
Deactivate an account (variation of Special:Block)
... deactivated MarcoAurelio (Talk | contribs) with an expiry time of
infinite (account creation disabled) ...

Nope. That is the normal 'block' option (the block log messages are customized over there).

Deactivation mentioned by Legoktm above is what is done via Special:DissableAccount. However it (is/was?) policy of that wiki not to use that powerful blocking tool unless it was strictly necessary (compromised accounts, etc.) as suggested by WMF because its use was not logged anywhere (cf. bug 32782 - not sure if that's really logged now, there was an ad hoc page created there for that purpose) and because its use is only reversible with system administrator intervention.

It is not rare that some CUs (and happened with stewards as well, tho less frequently) wants to take a break, drops the tools and it's access is removed, and after a couple of months the user regains the tools tho is allowed to have access to the Wiki again. It'd be overkill IMHO to call a sysadmin each time an account needs to be reactivated, when a simple "unblock" can be done.

Rename is an option, to free again the name and create a new account under the old name; however his/her former edits will be attributed to their old account, which is not an optimal situation IMHO.

Best regards.

Krenair added a subscriber: Krenair.
Se4598 added a subscriber: Se4598.Jan 31 2015, 1:27 PM

What if this task is being done and accounts need to be unblocked? Will the email then automatically be confirmed again? (ie. think about returning OTRS agents, CheckUsers and/or stewards)

What if this task is being done and accounts need to be unblocked? Will the email then automatically be confirmed again? (ie. think about returning OTRS agents, CheckUsers and/or stewards)

I don't think thats the right way that emailconfirmed should be revoked (as only the merged task title suggests) if the goal is, that the account don't get watchlist notifications. Instead I imagine, when generating the mails, it should be checked if wgBlockDisablesLogin && user is blocked, and not send it.
However user talkpage notifications could be still allowed.

Reconfirming the email when one is back doesn't look like a huge burden.

However user talkpage notifications could be still allowed.

What for, if they can't access their talk pages? Also, the user wouldn't be able to disable such emails because preferences would be inaccessible. I agree it's possible to break down tthe disabling in many conditions, but unconfirming the email address is a reasonable first implementation.

Aye, user talkpage notifications are unhelpful to the user who can't log in to their account and on private wikis (like this is meant for) this are a security issue too since the notification can have snippets of what is posted. [obviously there is not generally a reason to post private information to a blocked wikis talk page but I can imagine a situation where someone hadn't noticed they were gone already or something like that]

Aye, user talkpage notifications are unhelpful to the user who can't log in to their account and on private wikis (like this is meant for) this are a security issue too since the notification can have snippets of what is posted. [obviously there is not generally a reason to post private information to a blocked wikis talk page but I can imagine a situation where someone hadn't noticed they were gone already or something like that]

True, I got with the user's talkpage thing on a wrong way for this situation. They can't see them when they are not logged in....

Change 194525 had a related patch set uploaded (by Alex Monk):
Prevent user from receiving email while blocked with $wgBlockDisablesLogin on

https://gerrit.wikimedia.org/r/194525

Change 194525 abandoned by Alex Monk:
Prevent user from receiving email while blocked with $wgBlockDisablesLogin on

https://gerrit.wikimedia.org/r/194525

Krenair set Security to None.
saper added a subscriber: saper.

Change 218602 had a related patch set uploaded (by Glaisher):
Don't send email notifs to blocked users if $wgBlockDisablesLogin is true

https://gerrit.wikimedia.org/r/218602

Change 218602 merged by jenkins-bot:
Don't send email notifs to blocked users if $wgBlockDisablesLogin is true

https://gerrit.wikimedia.org/r/218602

Glaisher closed this task as Resolved.Aug 14 2015, 11:36 AM
Glaisher claimed this task.