Make WordPress Core

Opened 3 years ago

Last modified 8 days ago

#43890 assigned enhancement

Allow Admin to Skip e-mail confirmation for Export/Anonymization

Reported by: xkon Owned by: xkon
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch dev-feedback needs-design-feedback 2nd-opinion needs-screenshots
Focuses: Cc:


We thought that it might be good to allow admins the option to avoid a user's e-mail confirmation.

We've talked a bit about it with @allendav and @mikejolley and 1 way was adding a drop down menu for the Admin to select if they want to skip it or not.

Attachments (4)

43890_preview.gif (302.1 KB) - added by xkon 3 years ago.
43890.diff (7.5 KB) - added by xkon 3 years ago.
43890.2.diff (7.8 KB) - added by xkon 21 months ago.
43890.3.diff (9.1 KB) - added by xkon 18 months ago.

Download all attachments as: .zip

Change History (39)

3 years ago

3 years ago

#1 @xkon
3 years ago

This first patch gives a try on skipping confirmation e-mails completely.

As far as my tests go on the Admin side everything works as supposed to but do take a good look please as I'm not sure if there's anything else hooked up that I missed :D .

Patch 43890.diff :

  • Adds a dropdown menu with 2 options With Confirmation / Without Confirmation
  • Add a new post_status of request-skipped - Confirmation Skipped
  • Adds new buttons on the Next Steps column that allow you to download / erase data from scratch
  • Avoids the request-confirmed update after every action to keep the same status

as seen in 43890_preview.gif

This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.

3 years ago

#3 @xkon
3 years ago

  • Keywords has-patch added

#4 @azaozz
3 years ago

I'm thinking this would be good for v2 perhaps? Also, why add a "user request" at all, admins can export any data at any time and as many times as they want. We can add the entry forms for the email address on the Tools => Privacy screen (that was the original intention anyway).

#5 @xkon
3 years ago

Yes v2 sounds good as it still needs stuff fixing and a full check at this point will be not worth the time.

On the Tools -> Privacy screen you mention. That page was named 'Tools' when it was hosting everything under it, there's nothing in there at the moment except the Privacy Page settings (see #43894 suggestion) but I think that keeping them in the actual Export/Erasure lists makes more sense as that's what they are about and you can easily find it (+ you can keep the logs and such as well in your list since they are kept there for the time being).

#6 @TZ Media
3 years ago

For our clients, we'll need the possibility to skip the confirmation completely. They have data in multiple systems and have confirmed the request before a request is entered into WordPress. So they need a way to export all user data for a given email address without any confirmation emails.

#7 @xkon
3 years ago

Well if we decide 'were to put' (I still think that under the respective tools is better) these 2 actions all the base code from the patch above works as I've tested. We can skip adding them to the tables as @azaozz mentions and just use the functions solely for an instant export/anonymization.

If you think it will absolutely help for v1 ( note that nobody says how soon a next version will be - that's what I gathered from the last core chat ) I can squeeze some time and maybe rework on it today if we can catch the deadline as well of course.

#8 @TZ Media
3 years ago

If I remember correctly I can still hook into the confirmation request email before it is sent and change the email address to prevent it from being sent to the user.

I would definitely like to see it in 4.9.6, but it is not the highest priority for me.

Instant export would also be great.

BTW: I'd also need an "instant erase" without confirmation email (again because confirmation happened already outside of WordPress. Should this go into a separate ticket? I can use the same workaround as above for now with our clients, though.

#9 @iandunn
3 years ago

Related: #44066

#10 @desrosj
3 years ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

#11 @iprg
3 years ago

#44066 was marked as a duplicate.

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.

3 years ago

#13 @allendav
3 years ago

I also think we should also consider giving a box for the admin to give a reason for skipping confirmation - that will be useful in the logs eventually

#14 @allendav
3 years ago

Idea: instead of a dropdown, perhaps the no-confirmation flow could be started with a link next to the "primary" confirmation-flow button

#15 @desrosj
3 years ago

  • Keywords needs-design ui-feedback added

#16 @desrosj
2 years ago

  • Keywords gdpr removed

Removing the GDPR keyword. This has been replaced by the new Privacy component and privacy focuses in Trac.

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.

2 years ago

#18 @wesselvandenberg
2 years ago

  • Keywords changed from has-patch, needs-design, ui-feedback to has-patch needs-design ui-feedback

Hey, we at Wordcamp Nijmegen saw that it needs design. We got a few questions; Why does this need a email conformation and why do we need an admin for this?

The main question here is:
What risk is mitigated with the double conformation?

Is it an option to let users export their personal data trough a button on their profile page?

21 months ago


#19 @xkon
21 months ago

  • Keywords dev-feedback added
  • Milestone changed from Awaiting Review to 5.3
  • Owner set to xkon
  • Status changed from new to assigned

43890.2.diff is simply a refresh on the previous patch.

We would still like a feedback on ui and design of course whenever possible ( cc @melchoyce ) just to have it fully ready for a future release :) .

This ticket was mentioned in Slack in #core-privacy by xkon. View the logs.

21 months ago

#21 @karmatosed
19 months ago

  • Keywords needs-design-feedback added; needs-design ui-feedback removed

This seems to have a design, so I am going to remove that keyword and make sure it has the feedback one.

18 months ago


#22 @xkon
18 months ago

@garrett-eclipse , could you take a look at 43890.3.diff as well? I don't think I've missed something and if all good we can mark this for commit.

Last edited 18 months ago by xkon (previous) (diff)

#23 @birgire
18 months ago

Thanks for the refresh @xkon

I noticed one thing in 43890.3.diff, it changes the signature of the wp_create_user_request() function from:

wp_create_user_request( $email_address = '', $action_name = '', $request_data = array() ) {


wp_create_user_request( $email_address = '', $action_name = '', $request_confirmation = '', $request_data = array() ) {

To preserve backward support, I would rather suggest:

wp_create_user_request( $email_address = '', $action_name = '', $request_data = array(), $request_confirmation = '' ) {

#24 @birgire
18 months ago

Few random thoughts:

It looks like $request_confirmation is binary, what about using true/false instead of 'yes' vs 'no' or '' strings ?

Personally, I like the former better:

wp_create_user_request( ..., true );

wp_create_user_request( ..., 'yes' );

In that case one might use:

$request_confirmation      = ( 'yes' === $_POST['request_confirmation'] );

instead of

$request_confirmation      = sanitize_text_field( $_POST['request_confirmation'] );

Another thing, how should we handle missing $_POST['request_confirmation'] ?

Should it trigger an invalid action error?

Since this is a binary option, would a checkbox be suitable here, instead of a dropdown?

It looks like unit tests will need an update.


This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.

17 months ago

#26 @karmatosed
16 months ago

I tried to test this but couldn't get it working, would it be possible to either have some steps (just to check I am not missing anything) or a screencast?

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.

15 months ago

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.

15 months ago

This ticket was mentioned in Slack in #core-privacy by karmatosed. View the logs.

15 months ago

#30 @davidbaumwald
15 months ago

  • Keywords 2nd-opinion added
  • Milestone changed from 5.3 to Future Release

This ticket still needs some work. I'm adding a 2nd-opinion tag to hopefully have some more input and movement toward inclusion in a Future Release.

This ticket was mentioned in Slack in #design by estelaris. View the logs.

5 months ago

#32 @estelaris
5 months ago

  • Keywords needs-screenshots added

As discussed in the design meeting, we would like to request a new screenshot to be able to provide design feedback

This ticket was mentioned in Slack in #core by garrett-eclipse. View the logs.

6 weeks ago

This ticket was mentioned in Slack in #design by paaljoachim. View the logs.

8 days ago

#35 @paaljoachim
8 days ago

It would be helpful with a screenshot so we can see where it is at right now.
@davidbaumwald can you add a screenshot?

Note: See TracTickets for help on using tickets.