Last modified: 2012-11-03 19:20:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T16824, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 14824 - Renaming users to a globally-reserved name should verify password/email first
Renaming users to a globally-reserved name should verify password/email first
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
CentralAuth (Other open bugs)
unspecified
All All
: Low enhancement with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks: SWMT
  Show dependency treegraph
 
Reported: 2008-07-15 18:58 UTC by Mike.lifeguard
Modified: 2012-11-03 19:20 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Mike.lifeguard 2008-07-15 18:58:33 UTC 
Bureaucrats should be able to rename users to a globally-reserved (ie unified) name /only/ if the accounts belong to the same person. This should use the same logic as merging accounts (Checks password and/or email, IIRC. Change summary as required to fit what it actually does.). In cases where that logic would require the user to enter a password, the rename should be aborted. This ensures that 'crats never unknowingly give the account to someone else.

(Better would be the user is actually asked for the password on their next pageview - if successful, 'crat is notified the rename went through; if unsuccessful the rename is aborted and the 'crat is notified of this. But that is probably very difficult.)
Comment 1 Victor Vasiliev 2008-07-15 19:07:42 UTC 
I disagree that it should be only if password/email match, since email isn't always set and password can't be always matched. But we should probably improve warnings so bureaucrats will know that they have to confirm users' identity by themselves
Comment 2 Mike.lifeguard 2008-07-15 19:09:54 UTC 
Well /some sort/ of check akin to what is done when merging is really needed. But until that can be done, a warning to 'crats that they must confirm this is definitely needed!
Comment 3 Filip Maljkovic [Dungodung] 2008-08-03 21:46:47 UTC 
Isn't the current confirmation message enough?
Comment 4 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-08-03 21:58:13 UTC 
(In reply to comment #1)
> I disagree that it should be only if password/email match, since email isn't
> always set and password can't be always matched.

If the user has access to the account, they can always change the password/e-mail so they match.  If they don't have access to the account, bureaucrats should not have the ability to give them access.  That has historically been a privilege reserved for sysadmins, which is the narrowest possible group that should have it, and it needs to remain that way barring higher-level discussion.

The status quo allows bureaucrats to take over any unmerged account, or more to the point, give it to anyone who asks.  I think this is definitely a bad thing that needs to be changed ASAP; bureaucrats do not need this right and should not have it.  Brion, what do you think?
Comment 5 Mike.lifeguard 2008-08-03 22:24:37 UTC 
> (In reply to comment #1)
> The status quo allows bureaucrats to take over any unmerged account, or more to
> the point, give it to anyone who asks.  I think this is definitely a bad thing
> that needs to be changed ASAP; bureaucrats do not need this right and should
> not have it.  Brion, what do you think?
> 

I am more concerned with /inadvertently/ giving away access. Unless one knows better, it is perfectly reasonable to assume that the system is doing verification backstage.
Comment 6 Victor Vasiliev 2008-08-04 07:27:38 UTC 
(In reply to comment #4)
> The status quo allows bureaucrats to take over any unmerged account, or more to
> the point, give it to anyone who asks.

It does not. Newly-renamed account is unmerged, therefore it may not access attached accounts. The largest problem rename may cause is a conflict between two account.
Comment 7 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-08-04 14:20:06 UTC 
Oh, I take it back then.  This would be good to have, but not a bug, I agree.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links