Last modified: 2010-05-15 15:33:28 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T2867, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 867 - Email authentication by a dummy "forgot my password" cycle
Email authentication by a dummy "forgot my password" cycle
Status: RESOLVED DUPLICATE of bug 866
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.4.x
All All
: Normal enhancement (vote)
: ---
Assigned To: T. Gries
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-12 02:33 UTC by T. Gries
Modified: 2010-05-15 15:33 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description T. Gries 2004-11-12 02:33:21 UTC
This is my proposal for email authentication:

We _already_ have this part in usermailer.php which mails a temporary password.
I would first allow users to store an email in the preferences. This is the
current path and so far only used for 1) temporary passwords and 2)
special:emailuser.

Now I would disallow(!) the user to receive email enotifs, unless that users has
cycled once through a "forgot my password" cycle, then, coming back and not
having changed that email address, this email address would have been
authenticated and I do not need any new code

That authenticated email address must now be flagged as "authenticated", what I
can manage with the new user_rights (see bugzilla:840
http://bugzilla.wikipedia.org/show_bug.cgi?id=840 ) if he changes the
email-address, it needs to be automatically flagged as "un-authenticated", this
seems to be clear.

So basically, you need to change the password to get authenticated, not that bad
I suppose

Everyone who does not invest a little effort, will not participate on the enotif
advantages, so there is a "small" obstacle, which everyone needs to overcome,
not too bad as far as wikimedia's servers are concerned.
Comment 1 T. Gries 2004-11-12 02:40:09 UTC
Added: if someone changes his/her emailaddress, this will become flagged as
"non-authenticated" and will substantially not be used for enotif, but only for
"forgot my password" mailing. 

If someone changes his password, this does not mean, that the emailaddress gets
un-authenticated.
Comment 2 Brion Vibber 2004-11-12 07:41:04 UTC

*** This bug has been marked as a duplicate of 866 ***

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links