@flamisz opened this Pull Request on May 7th 2021 Contributor

Description:

Send email notifications when critical action happened.

Critical actions:

  • making any kind of changes to the 2FA -> user
  • if a token auth was created or deleted -> user
  • changes to the brute force logic, two FA and CORS were made -> superusers
  • when users are created/deleted -> user

Review

  • [ ] Functional review done
  • [ ] Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
  • [ ] Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • [ ] Security review done see checklist
  • [ ] Code review done
  • [ ] Tests were added if useful/possible
  • [ ] Reviewed for breaking changes
  • [ ] Developer changelog updated if needed
  • [ ] Documentation added if needed
  • [ ] Existing documentation updated if needed
@Findus23 commented on May 10th 2021 Member

One thing: To anticipate an issue like https://github.com/matomo-org/matomo/issues/14447, I guess it would be useful to have an option to disable those E-Mails (even though I find it hard to know where to draw the line)

@tsteur commented on May 10th 2021 Member

One thing: To anticipate an issue like #14447, I guess it would be useful to have an option to disable those E-Mails (even though I find it hard to know where to draw the line)

For MVP this might not be needed and we could wait until this comes up as a request and then someone could even develop a plugin for this etc.

@diosmosis commented on May 17th 2021 Member

@tsteur can you look at the comments pinging you above? There are some questions I can't answer.

This Pull Request was closed on May 26th 2021
Powered by GitHub Issue Mirror