@flamisz opened this Pull Request on May 7th 2021 Contributor

Description:

Send email notifications when critical action happened.

Critical actions:

  • making any kind of changes to the 2FA -> user
  • if a token auth was created or deleted -> user
  • changes to the brute force logic, two FA and CORS were made -> superusers
  • when users are created/deleted -> user

Review

  • [ ] Functional review done
  • [ ] Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
  • [ ] Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • [ ] Security review done see checklist
  • [ ] Code review done
  • [ ] Tests were added if useful/possible
  • [ ] Reviewed for breaking changes
  • [ ] Developer changelog updated if needed
  • [ ] Documentation added if needed
  • [ ] Existing documentation updated if needed
@Findus23 commented on May 10th 2021 Member

One thing: To anticipate an issue like https://github.com/matomo-org/matomo/issues/14447, I guess it would be useful to have an option to disable those E-Mails (even though I find it hard to know where to draw the line)

@tsteur commented on May 10th 2021 Member

One thing: To anticipate an issue like #14447, I guess it would be useful to have an option to disable those E-Mails (even though I find it hard to know where to draw the line)

For MVP this might not be needed and we could wait until this comes up as a request and then someone could even develop a plugin for this etc.

@diosmosis commented on May 17th 2021 Member

@tsteur can you look at the comments pinging you above? There are some questions I can't answer.

@bluikko commented on August 8th 2021

I believe that this change breaks install via the ExtraTools. I really wish team Matomo would realize what the time is and #10257 got some attention.

@tsteur commented on August 8th 2021 Member

@bluikko I've had a look through the PR and not sure where this could break ExtraTools. Have you created an issue for this problem on the ExtraTools issue tracker? It may be related to something else or maybe the plugin developer can work around it. Re #10257 we may put some focus on it in the near future but I can't promise anything.

This Pull Request was closed on May 26th 2021
Powered by GitHub Issue Mirror