Last modified: 2010-05-15 15:33:28 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 867 - Email authentication by a dummy "forgot my password" cycle
Email authentication by a dummy "forgot my password" cycle
Status: RESOLVED DUPLICATE of bug 866
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.4.x
All All
: Normal enhancement (vote)
: ---
Assigned To: T. Gries
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-12 02:33 UTC by T. Gries
Modified: 2010-05-15 15:33 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description T. Gries 2004-11-12 02:33:21 UTC
This is my proposal for email authentication:

We _already_ have this part in usermailer.php which mails a temporary password.
I would first allow users to store an email in the preferences. This is the
current path and so far only used for 1) temporary passwords and 2)
special:emailuser.

Now I would disallow(!) the user to receive email enotifs, unless that users has
cycled once through a "forgot my password" cycle, then, coming back and not
having changed that email address, this email address would have been
authenticated and I do not need any new code

That authenticated email address must now be flagged as "authenticated", what I
can manage with the new user_rights (see bugzilla:840
http://bugzilla.wikipedia.org/show_bug.cgi?id=840 ) if he changes the
email-address, it needs to be automatically flagged as "un-authenticated", this
seems to be clear.

So basically, you need to change the password to get authenticated, not that bad
I suppose

Everyone who does not invest a little effort, will not participate on the enotif
advantages, so there is a "small" obstacle, which everyone needs to overcome,
not too bad as far as wikimedia's servers are concerned.
Comment 1 T. Gries 2004-11-12 02:40:09 UTC
Added: if someone changes his/her emailaddress, this will become flagged as
"non-authenticated" and will substantially not be used for enotif, but only for
"forgot my password" mailing. 

If someone changes his password, this does not mean, that the emailaddress gets
un-authenticated.
Comment 2 Brion Vibber 2004-11-12 07:41:04 UTC

*** This bug has been marked as a duplicate of 866 ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links