warehouse icon indicating copy to clipboard operation
warehouse copied to clipboard

Published 20 hours ago verified publisher icon pypi

Implement admin tools for account recovery

Open di opened this issue 3 years ago • 4 comments

To make it easier for PyPI admins & moderators to process account recovery requests, there are few things we can do to make it possible for any admin/moderator to handle these requests and make it self-service as much as possible.

  • [x] Exposing the functionality for disabling 2FA in the admin (including issuing User events) so this doesn't require prod DB access
  • [ ] Codify the initial process of sending an email to initiate the recovery process (as described here)
  • [ ] Summarizing recent actions on the User account and their projects
  • [ ] Summarizing download counts for the user's project to determine criticality
  • [ ] Some link to allow the affected user to notify admins that the initial steps have been completed
  • [ ] Take into account critical projects & maintainers, possibly requiring admin intervention in these cases.
  • [ ] Notify co-maintainers, publish an event (possibly publicly)

Regardless of improvements, we'll still require that a human in the loop does the final review before resetting access to the account. We'll also need to handle edge cases where a project doesn't have a public source repository.

Open questions:

  • Keep the original requests in the GitHub tracker? This helps with associating w/ a GitHub account, but strongly ties us to GitHub
    • Possibly explore generating these in PyPI based on a GitHub action in that repository
  • Possibly: drop all roles that aren't sole owner, notify co-maintainers that they will need to vet and re-add?
  • How do we establish & document a shared understanding of what requires further inspection
  • Should we establish tiers? e.g. Tier 0: you have no projects. Tier 1: you have sole-owned projects that aren't widely used. Tier 2: you are co-maintainer on other projects. Tier 3: You are primary maintainer of a critical project.

ref: https://github.com/pypa/pypi-support/issues/796

di avatar Jul 08 '22 15:07 di

After chatting with @ewdurbin: Two things that have the biggest impact:

  • codifying the initial process of sending the email (with some human input to select the out-of-band URL used for proof of ownership)
  • an admin button for disabling all 2FA, recovery codes for the user.

di avatar Oct 14 '22 15:10 di

an admin button for disabling all 2FA, recovery codes for the user.

Doing this now.

woodruffw avatar Jun 03 '23 03:06 woodruffw

  • [ ] Notify co-maintainers, publish an event (possibly publicly)

Should this be another set of emails? If so, I can add it to https://github.com/pypi/warehouse/issues/13234.

woodruffw avatar Jun 03 '23 12:06 woodruffw

Codify the initial process of sending an email to initiate the recovery process (as described https://github.com/pypa/pypi-support/issues/796#issuecomment-1100081874)

In process at #16266

ewdurbin avatar Jul 11 '24 21:07 ewdurbin