Page MenuHomePhabricator
Create Task
Maniphest T149330

Investigation: Adding a check for the block cookie to the account creation process
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

When a person is trying to create a new account it should check for a block cookie and if such a cookie indicates the person is actively blocked (with account creation disabled), it should prevent them from creating an account (with normal autoblock treatment). If the user isn't blocked, it should allow the user to create the account as normal. It should use basically the same logic as the Editing check (https://gerrit.wikimedia.org/r/#/c/48029/).

  • Can this be implemented in one place to affect desktop login, app login, and API login?
  • If not, where are the different end points that would need to be targetted?
  • Do we need to target all 3 endpoints if they're separate? i.e. does it makes sense to target API login?

Related Objects
Search...

Event Timeline

kaldari created this task.Oct 27 2016, 4:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 27 2016, 4:35 PM
kaldari triaged this task as Medium priority.Oct 27 2016, 4:35 PM
kaldari moved this task from New & TBD Tickets to Needs Discussion on the Community-Tech board.
kaldari updated the task description. (Show Details)Oct 27 2016, 4:39 PM
kaldari updated the task description. (Show Details)Oct 27 2016, 4:41 PM
kaldari updated the task description. (Show Details)
kaldari renamed this task from Add check for block cookie to account creation process to Investigation: Adding a check for the block cookie to the account creation process.Oct 27 2016, 4:50 PM
kaldari updated the task description. (Show Details)
kaldari updated the task description. (Show Details)
kaldari set the point value for this task to 3.
kaldari moved this task from Needs Discussion to Up Next (June 3-21) on the Community-Tech board.
DannyH mentioned this in T106930: Throttle account creation and email sending per browser as well as IP address.Oct 28 2016, 11:51 PM
DannyH edited projects, added Community-Tech-Sprint; removed Community-Tech.Nov 8 2016, 10:42 PM
Niharika claimed this task.Nov 14 2016, 1:28 PM
Niharika moved this task from Ready to In Development on the Community-Tech-Sprint board.
Niharika moved this task from In Development to Needs Review/Feedback on the Community-Tech-Sprint board.Nov 14 2016, 6:44 PM
  • Can this be implemented in one place to affect desktop login, app login, and API login?
    • Yes. The likely place for this to be implemented for desktop implementation is CheckBlocksSecondaryAuthenticationProvider in core. The API uses the same provider for account creation purposes. The Android and iOS apps use the API for account creation so it's all covered.
kaldari closed this task as Resolved.Nov 15 2016, 12:05 AM

And since CheckBlocksSecondaryAuthenticationProvider::testUserForCreation() uses User::isBlockedFromCreateAccount() which uses User::getBlockedStatus(), it looks like we will get this behavior for free with Sam's changes (across all devices per Niharika).

kaldari moved this task from Needs Review/Feedback to Q1 2018-19 on the Community-Tech-Sprint board.Nov 15 2016, 12:05 AM
Niharika edited projects, added Community-Tech; removed Community-Tech-Sprint.Nov 28 2016, 10:33 AM
Niharika moved this task from Up Next (June 3-21) to Archive on the Community-Tech board.Nov 28 2016, 11:02 AM
DannyH added a parent task: T5233: Send a cookie with each block.Jan 30 2017, 7:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits