Author: alexfusco5
Description:
On Wikipedia at [[WP:ACC]] when accounts are created, sometimes the email does not exist and the email bounces the account is still created and the password is permanently lost. If posse please change the software so that an error message will appear when attempting to create an account by email and the email bounces.
Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=46640
ais523 wrote:
This bug relates to the creation of accounts 'by email'. Sometimes the email cannot be sent (maybe because the email address is invalid); in such cases, an error message appears saying that the email could not be sent but the account is created anyway, meaning that the account is unusable (nobody has the password and the email is invalid) and a bureaucrat needs to be involved to rename the account out of the way. Desired behaviour would be to delete the account again if the initial emailing of password fails, for by-email creations only.
Hmm, this might be a little tricky to implement as the wiki by default will have no way to know if sending succeeded or failed beyond the first leg (getting it to the local SMTP server), which will probably only check for basic format validity.
There's a couple ways to consider going...
Generally, being able to mark the account as being in a pre-confirmed state would probably be good here. (Eg, if we know that the user hasn't yet logged in to activate the account, it's left marked as awaiting confirmation.) We could go on from there to allow admins/crats to change the email and resend when an account's still in this state, so a misspelling can be corrected easily.
A more complex route would be to create some kind of feedback mechanism whereby MediaWiki could receive notifications of bounce messages, so that in at least some cases we could confirm that the mail *did not* reach its destination.
In the case where we fail the mail right off, we should be able to detect that too...
I just had the same issue, but it's not that the email was sent, but didn't get through the system without a nice red warning saying something like invalid email.
The original error caused by https://jira.toolserver.org/browse/ACC-175.
(In reply to comment #2)
Generally, being able to mark the account as being in a pre-confirmed state
would probably be good here. (Eg, if we know that the user hasn't yet logged in
to activate the account, it's left marked as awaiting confirmation.) We could
go on from there to allow admins/crats to change the email and resend when an
account's still in this state, so a misspelling can be corrected easily.
Wouldn't it be easier (not easy) for the account to simply expire if not confirmed, after a few days? This is what most websites do.
(In reply to comment #2)
Hmm, this might be a little tricky to implement as the wiki by default will
have no way to know if sending succeeded or failed beyond the first leg
(getting it to the local SMTP server), which will probably only check for
basic
format validity.
That was split to bug 46640.