WordPress.org

Make WordPress Core

Opened 16 months ago

Last modified 3 weeks ago

#43890 assigned enhancement

Allow Admin to Skip e-mail confirmation for Export/Anonymization

Reported by: xkon Owned by: xkon
Milestone: 5.3 Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch dev-feedback needs-design-feedback
Focuses: Cc:

Description

We thought that it might be good to allow admins the option to avoid a user's e-mail confirmation.

We've talked a bit about it with @allendav and @mikejolley and 1 way was adding a drop down menu for the Admin to select if they want to skip it or not.

Attachments (4)

43890_preview.gif (302.1 KB) - added by xkon 16 months ago.
43890.diff (7.5 KB) - added by xkon 16 months ago.
43890.2.diff (7.8 KB) - added by xkon 5 months ago.
refresh
43890.3.diff (9.1 KB) - added by xkon 2 months ago.
refresh

Download all attachments as: .zip

Change History (30)

@xkon
16 months ago

@xkon
16 months ago

#1 @xkon
16 months ago

This first patch gives a try on skipping confirmation e-mails completely.

As far as my tests go on the Admin side everything works as supposed to but do take a good look please as I'm not sure if there's anything else hooked up that I missed :D .

Patch 43890.diff :

  • Adds a dropdown menu with 2 options With Confirmation / Without Confirmation
  • Add a new post_status of request-skipped - Confirmation Skipped
  • Adds new buttons on the Next Steps column that allow you to download / erase data from scratch
  • Avoids the request-confirmed update after every action to keep the same status

as seen in 43890_preview.gif

This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.


16 months ago

#3 @xkon
16 months ago

  • Keywords has-patch added

#4 @azaozz
16 months ago

I'm thinking this would be good for v2 perhaps? Also, why add a "user request" at all, admins can export any data at any time and as many times as they want. We can add the entry forms for the email address on the Tools => Privacy screen (that was the original intention anyway).

#5 @xkon
16 months ago

Yes v2 sounds good as it still needs stuff fixing and a full check at this point will be not worth the time.

On the Tools -> Privacy screen you mention. That page was named 'Tools' when it was hosting everything under it, there's nothing in there at the moment except the Privacy Page settings (see #43894 suggestion) but I think that keeping them in the actual Export/Erasure lists makes more sense as that's what they are about and you can easily find it (+ you can keep the logs and such as well in your list since they are kept there for the time being).

#6 @TZ Media
16 months ago

For our clients, we'll need the possibility to skip the confirmation completely. They have data in multiple systems and have confirmed the request before a request is entered into WordPress. So they need a way to export all user data for a given email address without any confirmation emails.

#7 @xkon
16 months ago

Well if we decide 'were to put' (I still think that under the respective tools is better) these 2 actions all the base code from the patch above works as I've tested. We can skip adding them to the tables as @azaozz mentions and just use the functions solely for an instant export/anonymization.

If you think it will absolutely help for v1 ( note that nobody says how soon a next version will be - that's what I gathered from the last core chat ) I can squeeze some time and maybe rework on it today if we can catch the deadline as well of course.

#8 @TZ Media
16 months ago

If I remember correctly I can still hook into the confirmation request email before it is sent and change the email address to prevent it from being sent to the user.

I would definitely like to see it in 4.9.6, but it is not the highest priority for me.

Instant export would also be great.

BTW: I'd also need an "instant erase" without confirmation email (again because confirmation happened already outside of WordPress. Should this go into a separate ticket? I can use the same workaround as above for now with our clients, though.

#10 @desrosj
15 months ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

#11 @iprg
15 months ago

#44066 was marked as a duplicate.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.


15 months ago

#13 @allendav
15 months ago

I also think we should also consider giving a box for the admin to give a reason for skipping confirmation - that will be useful in the logs eventually

#14 @allendav
15 months ago

Idea: instead of a dropdown, perhaps the no-confirmation flow could be started with a link next to the "primary" confirmation-flow button

#15 @desrosj
15 months ago

  • Keywords needs-design ui-feedback added

#16 @desrosj
14 months ago

  • Keywords gdpr removed

Removing the GDPR keyword. This has been replaced by the new Privacy component and privacy focuses in Trac.

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


12 months ago

#18 @wesselvandenberg
12 months ago

  • Keywords changed from has-patch, needs-design, ui-feedback to has-patch needs-design ui-feedback

Hey, we at Wordcamp Nijmegen saw that it needs design. We got a few questions; Why does this need a email conformation and why do we need an admin for this?

The main question here is:
What risk is mitigated with the double conformation?

Is it an option to let users export their personal data trough a button on their profile page?

@xkon
5 months ago

refresh

#19 @xkon
5 months ago

  • Keywords dev-feedback added
  • Milestone changed from Awaiting Review to 5.3
  • Owner set to xkon
  • Status changed from new to assigned

43890.2.diff is simply a refresh on the previous patch.

We would still like a feedback on ui and design of course whenever possible ( cc @melchoyce ) just to have it fully ready for a future release :) .

This ticket was mentioned in Slack in #core-privacy by xkon. View the logs.


5 months ago

#21 @karmatosed
3 months ago

  • Keywords needs-design-feedback added; needs-design ui-feedback removed

This seems to have a design, so I am going to remove that keyword and make sure it has the feedback one.

@xkon
2 months ago

refresh

#22 @xkon
2 months ago

@garrett-eclipse , could you take a look at 43890.3.diff as well? I don't think I've missed something and if all good we can mark this for commit.

Last edited 2 months ago by xkon (previous) (diff)

#23 @birgire
2 months ago

Thanks for the refresh @xkon

I noticed one thing in 43890.3.diff, it changes the signature of the wp_create_user_request() function from:

wp_create_user_request( $email_address = '', $action_name = '', $request_data = array() ) {

to:

wp_create_user_request( $email_address = '', $action_name = '', $request_confirmation = '', $request_data = array() ) {

To preserve backward support, I would rather suggest:

wp_create_user_request( $email_address = '', $action_name = '', $request_data = array(), $request_confirmation = '' ) {

#24 @birgire
2 months ago

Few random thoughts:

It looks like $request_confirmation is binary, what about using true/false instead of 'yes' vs 'no' or '' strings ?

Personally, I like the former better:

wp_create_user_request( ..., true );

wp_create_user_request( ..., 'yes' );

In that case one might use:

$request_confirmation      = ( 'yes' === $_POST['request_confirmation'] );

instead of

$request_confirmation      = sanitize_text_field( $_POST['request_confirmation'] );

Another thing, how should we handle missing $_POST['request_confirmation'] ?

Should it trigger an invalid action error?

Since this is a binary option, would a checkbox be suitable here, instead of a dropdown?

It looks like unit tests will need an update.

Cheers

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


4 weeks ago

#26 @karmatosed
3 weeks ago

I tried to test this but couldn't get it working, would it be possible to either have some steps (just to check I am not missing anything) or a screencast?

Note: See TracTickets for help on using tickets.