double-check new accounts with BMO to catch and notify of username squatting

RESOLVED FIXED

Status

()

Product:
bugzilla.mozilla.org
Component:
Extensions: PhabBugz
Type:
defect
Status:
RESOLVED FIXED
Opened:
Last year
Updated:
Last year

People

(Reporter: dkl, Assigned: dkl)

Tracking

Version:
Production
Dependency tree / graph
Duplicates:
1402431

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

github pull request
45 bytes, text/x-github-pull-request
Details | Review
Assignee

Description

Last year 
using the current feed daemon code that detects when new users are created, look at the username of the new user and check it against any nicks in the BMO profiles that match. If the nick matches and the email addresses do not, then create some kind of alert or log message that can be used to alleviate the issue.
Assignee

Comment 1

Last year
Posted file github pull request
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Attachment #8967854 - Flags: review?(dylan)
Assignee

Comment 2

Last year 
In the code I have currently, I am logging as a WARN when it finds a username that is potentially a squatter for someone else's nick. I am not sure if that is enough or if we should be taking a more aggressive approach. Should I disable the account with some explanatory text, should I email bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

dkl
Flags: needinfo?(mcote)
Flags: needinfo?(dylan)

Comment 3

Last year 
(In reply to David Lawrence [:dkl] from comment #2)
> In the code I have currently, I am logging as a WARN when it finds a
> username that is potentially a squatter for someone else's nick. I am not
> sure if that is enough or if we should be taking a more aggressive approach.
> Should I disable the account with some explanatory text, should I email
> bugzilla-admin, or will the warn log messages be sufficient. Thoughts?

given the current state of monitoring i think a WARN and an email to phabricator-admin makes sense (don't know if phabriator-admin exists, if not we should create one; it's self-service).

Comment 4

Last year 
Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
Flags: needinfo?(mcote)
Assignee

Comment 5

Last year 
(In reply to Mark Côté [:mcote] from comment #4)
> Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.

RITM0061908 Created

Comment 6

Last year 
(In reply to David Lawrence [:dkl] from comment #5)
> (In reply to Mark Côté [:mcote] from comment #4)
> > Yeah, agreed.  dkl, can you see about creating a phabricator-admin list if
> > one doesn't exist?  Ensure glob, smacleod, yourself, and I are all on it.
> 
> RITM0061908 Created

for next time here's how to create one yourself: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=43718013
 Assignee

Updated

Last year
Flags: needinfo?(dylan)
 Assignee

Comment 7

Last year 
This is done
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Duplicate of this bug: 1402431

Comment 9

Last year 
Out of curiosity, were there any exceptions noted in the first pass of this?

Comment 10

Last year 
Not that I am aware of.  dkl?
Flags: needinfo?(dkl)
 Assignee

Comment 11

Last year 
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> Out of curiosity, were there any exceptions noted in the first pass of this?

When you say exceptions, do you mean did it find any username squatters already in the system?

dkl
Flags: needinfo?(dkl)
 Assignee

Updated

Last year
Flags: needinfo?(jclaudius)

Comment 12

Last year 
(In reply to David Lawrence [:dkl] from comment #11)
> (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > Out of curiosity, were there any exceptions noted in the first pass of this?
> 
> When you say exceptions, do you mean did it find any username squatters
> already in the system?
> 
> dkl

Yes, exactly that.
Flags: needinfo?(jclaudius)
 Assignee

Comment 13

Last year 
(In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #12)
> (In reply to David Lawrence [:dkl] from comment #11)
> > (In reply to Jonathan Claudius [:claudijd] (use NEEDINFO) from comment #9)
> > > Out of curiosity, were there any exceptions noted in the first pass of this?
> > 
> > When you say exceptions, do you mean did it find any username squatters
> > already in the system?
> > 
> > dkl
> 
> Yes, exactly that.

The code we implemented looks at accounts as they are created so I would need to go through the list pre-deployment and see if anything sticks out right away. I didn't really do that before as Phab was still being used by a small group of Mozilla people so I didn't feel like I would fine any. I can make a point to take a look soon though.

This is the current list of users https://phabricator.services.mozilla.com/people/ if you want to look as well.

dkl
 Assignee

Updated

Last year
Attachment #8967854 - Flags: review?(dylan)
You need to log in before you can comment on or make changes to this bug.