Page MenuHomePhabricator
Create Task
Maniphest T90301

Add "forgot my password" support for self-service password resets
Closed, ResolvedPublic
Actions

Description

There was a rash of reviewers for the 2015 Wikimania cycle who either never got or couldn't find there passwords. The "fix" for this was to delete the user's account and allow an admin to create a new account for them. It would be better to have a password reset process via email for existing user accounts. This could be a self-serve "forgot my password/username" feature where an email address is entered by the user and a time limited (48 hours?) token is sent that will allow the email account holder to authenticate and change password.

This feature should not expose the emails known by the system, so even if no account is found with a matching email the same "account recovery email sent" message should be given in the user interface.

The email should include a URL that contains the unique recovery token and the username associated with the email address along with an explanation that a password reset was requested through the application and that this can be ignored if the recipient did not ask for the reset.

Details

SubjectRepoBranchLines +/-
Add support for self-service password resetswikimedia/wikimania-scholarshipsmaster+450 -2
Customize query in gerrit

Related Objects

Event Timeline

bd808 created this task.Feb 20 2015, 11:26 PM
bd808 raised the priority of this task from to Low.
bd808 updated the task description. (Show Details)
bd808 added a project: Wikimedia-Wikimania-Scholarships.
bd808 subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 20 2015, 11:26 PM
bd808 mentioned this in T93244: Change password.Mar 20 2015, 3:38 AM
bd808 added a comment.Oct 27 2015, 5:42 PM

We built this recently as T116110: Add method for user to request a password reset for Wikimedia-IEG-grant-review. It should be fairly straight forward to port the functionality over to this app.

bd808 moved this task from Backlog to Must have on the Wikimedia-Wikimania-Scholarships board.Oct 27 2015, 5:42 PM
gerritbot subscribed.Nov 23 2015, 4:08 AM

Change 254801 had a related patch set uploaded (by BryanDavis):
Add support for self-service password resets

https://gerrit.wikimedia.org/r/254801

gerritbot added a project: Patch-For-Review.Nov 23 2015, 4:08 AM
bd808 moved this task from Must have to Needs Review on the Wikimedia-Wikimania-Scholarships board.Nov 23 2015, 4:11 AM
gerritbot added a comment.Nov 24 2015, 8:31 AM

Change 254801 merged by jenkins-bot:
Add support for self-service password resets

https://gerrit.wikimedia.org/r/254801

Niharika assigned this task to bd808.Nov 24 2015, 11:31 AM
Niharika moved this task from Needs Review to Done on the Wikimedia-Wikimania-Scholarships board.
Niharika set Security to None.
Restricted Application added a project: User-bd808. · View Herald TranscriptNov 24 2015, 11:31 AM
bd808 moved this task from To Do to Done on the User-bd808 board.Nov 30 2015, 1:22 AM
bd808 closed this task as Resolved.Dec 5 2015, 12:29 AM
bd808 moved this task from Done to Archive on the Wikimedia-Wikimania-Scholarships board.Dec 5 2015, 12:32 AM
bd808 moved this task from Done to Archive on the User-bd808 board.Dec 10 2015, 5:08 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL