Closed Bug 1452984 Opened 2 years ago Closed 2 years ago

double-check new accounts with BMO to catch and notify of username squatting

Categories

(bugzilla.mozilla.org :: Phabricator Integration, defect)

Product:
bugzilla.mozilla.org
Component:
Phabricator Integration
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dkl, Assigned: dkl)

References

Details

Attachments

(1 file)

github pull request
45 bytes, text/x-github-pull-request
Details | Review 
using the current feed daemon code that detects when new users are created, look at the username of the new user and check it against any nicks in the BMO profiles that match. If the nick matches and the email addresses do not, then create some kind of alert or log message that can be used to alleviate the issue.
Attached file github pull request
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Attachment #8967854 - Flags: review?(dylan)
In the code I have currently, I am logging as a WARN when it finds a username that is potentially a squatter for someone else's nick. I am not sure if that is enough or if we should be taking a more aggressive approach. Should I disable the account with some explanatory text, should I email bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

dkl
Flags: needinfo?(mcote)
Flags: needinfo?(dylan)
(In reply to David Lawrence [:dkl] from comment #2)
> In the code I have currently, I am logging as a WARN when it finds a
> username that is potentially a squatter for someone else's nick. I am not
> sure if that is enough or if we should be taking a more aggressive approach.
> Should I disable the account with some explanatory text, should I email
> bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

given the current state of monitoring i think a WARN and an email to phabricator-admin makes sense (don't know if phabriator-admin exists, if not we should create one; it's self-service).
Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
Flags: needinfo?(mcote)
(In reply to Mark Côté [:mcote] from comment #4)
> Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.

RITM0061908 Created
(In reply to David Lawrence [:dkl] from comment #5)
> (In reply to Mark Côté [:mcote] from comment #4)
> > Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> > one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
> 
> RITM0061908 Created

for next time here's how to create one yourself: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=43718013
Flags: needinfo?(dylan)
This is done
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Duplicate of this bug: 1402431
Out of curiosity, were there any exceptions noted in the first pass of this?
Not that I am aware of.  dkl?
Flags: needinfo?(dkl)
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> Out of curiosity, were there any exceptions noted in the first pass of this?

When you say exceptions, do you mean did it find any username squatters already in the system?

dkl
Flags: needinfo?(dkl)
Flags: needinfo?(jclaudius)
(In reply to David Lawrence [:dkl] from comment #11)
> (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > Out of curiosity, were there any exceptions noted in the first pass of this?
> 
> When you say exceptions, do you mean did it find any username squatters
> already in the system?
> 
> dkl

Yes, exactly that.
Flags: needinfo?(jclaudius)
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #12)
> (In reply to David Lawrence [:dkl] from comment #11)
> > (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > > Out of curiosity, were there any exceptions noted in the first pass of this?
> > 
> > When you say exceptions, do you mean did it find any username squatters
> > already in the system?
> > 
> > dkl
> 
> Yes, exactly that.

The code we implemented looks at accounts as they are created so I would need to go through the list pre-deployment and see if anything sticks out right away. I didn't really do that before as Phab was still being used by a small group of Mozilla people so I didn't feel like I would fine any. I can make a point to take a look soon though.

This is the current list of users https://phabricator.services.mozilla.com/people/ if you want to look as well.

dkl
Attachment #8967854 - Flags: review?(dylan)
You need to log in before you can comment on or make changes to this bug.