Making WordPress.org

#6875 closed defect (bug) (fixed)

"Receive notifications by email" feature getting unchecked intermittently

Reported by: mrfoxtalbot's profile mrfoxtalbot Owned by: dd32's profile dd32
Milestone: Priority: high
Component: General Keywords:
Cc:

Description

Under "notifications", there is an option to monitor certain words.

"The WordPress.org notification system is a way for you to get alerted via email whenever you, or phrases of your choosing, are directly referenced in a post or forum anywhere in the WordPress.org ecosystem."

I have noticed that this box gets unchecked on my account for no particular reason. I have noticed and re-checked this at least 4 times over a 3-week period. This might be related to a separate issue where the "Also viewing" forum option would get unchecked in a similar way.

https://profiles.wordpress.org/usename/profile/notifications

Change History (12)

#1 @mrfoxtalbot
13 months ago

I forgot to include a link to the "Also viewing" issue I mentioned, it's #6509

#2 @dd32
13 months ago

  • Owner set to dd32
  • Status changed from new to accepted

I have noticed that this box gets unchecked on my account for no particular reason.

Do you perform any actions that might trigger it being deactivated? I haven't been able to find any.

There are two code branches that touch this user meta:

  • The notifications admin, in the save_settings action, protected by a nonce
  • The email unsubscribe links, which I've verified to be unique per-user, but disable ALL of the matcher notification emails (via this checkbox) not just the specific matcher phrase which the email relates to.

on my account

To be clear, your account or the notifications account?

#3 follow-up: @mrfoxtalbot
13 months ago

Thank you @dd32 .

To be clear, your account or the notifications account?

I should have been clearer. This issue is only happening on an account called cometnotifications. We use this account to subscribe to certain forums and topics but we do not post any replies with it. Yesterday, I noticed that the box was unchecked. I reactivated the notification for cometnotifications and they started working again but when I checked a few minutes ago, it was unchecked again.

Do you perform any actions that might trigger it being deactivated? I haven't been able to find any.

None that I am aware of. We do not post replies or create new threads using this account. Its sole purpose is to subscribe to forums and receive notifications. These emails are then fed into a Trello board but I use my personal account mrfoxtalbot to post replies.

Comparing these two accounts, the only difference I see is that cometnotifications does not have an associated Slack user. Could this be relevant somehow?

The email unsubscribe links

Do you think it could be this? Do we have a way to track when one of these unsubscribe links is used?

Thanks again for your help.

Last edited 13 months ago by mrfoxtalbot (previous) (diff)

#4 @mrfoxtalbot
13 months ago

I checked the notification settings for cometnotifications just now and saw that the checkbox is unmarked again only after a few hours :(

#5 @mrfoxtalbot
13 months ago

I checked the box after my previous comment and two hours later, it is unchecked again :(

#6 in reply to: ↑ 3 @ocean90
13 months ago

Replying to mrfoxtalbot:

These emails are then fed into a Trello board

I just checked how these unsubscribe links are working and they don't require any additional user action which means the unsubscription can also be triggered by link previews or any other link scanners which may be the case for Trello.

#7 @mrfoxtalbot
13 months ago

Thank you so much for taking a look, @ocean90. That could very well be the case! The interesting thing is that:

  • We use the same system to feed subscription to regular forums (as opposed to specific words). Those emails have never stopped working even though they also include a subscribe link.
  • A few of those notification emails do come in before the unsuscription is triggered. Maybe there is a delay?

I am going to investigate if there is a way to deactivate these link previews. Thanks again.

#8 @dd32
13 months ago

We use the same system to feed subscription to regular forums (as opposed to specific words). Those emails have never stopped working even though they also include a subscribe link.

The difference, I believe, is that forums have a confirmation click on the actual unsub page, rather than profiles (which I implemented earlier) which simply disables immediately.

I believe @ocean90 is on the money here, and is what I had suspected was happening - I had setup the same notifications on my email account to see if it affected just that account or others too, and it seems to confirm what I expected, that it's not a problem for others.

I'll see about updating the Notifications unsub flow to have a click-to-confirm flow like forums, while still supporting the Google unsub flow (which is instant, and happens in the background when someone uses the "unsubscribe" button in the google UI)

#9 follow-up: @mrfoxtalbot
13 months ago

  • Resolution set to invalid
  • Status changed from accepted to closed

Thank you for checking @dd32. After a few more tests, I am also 99% convinced that it is indeed Trello's "zoom preview" feature that's causing this problem. I looked this up and it looks like it cannot be disabled.

We will need for some other work around. I will close this as "Invalid". Thanks again!

#10 in reply to: ↑ 9 @dd32
13 months ago

  • Priority changed from low to high
  • Resolution invalid deleted
  • Status changed from closed to reopened

Replying to mrfoxtalbot:

I am also 99% convinced that it is indeed Trello's "zoom preview" feature that's causing this problem.

Thanks for confirming!

This is going to be fixed on the w.org side, we have to have user-interaction on the unsubscribe links to avoid issues with previews and email security scanners. Re-opening this to reflect that.

I'll see about updating the Notifications unsub flow to have a click-to-confirm flow like forums

#11 @dd32
13 months ago

  • Status changed from reopened to accepted

#12 @dd32
13 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

r20169-dotorg

Matchers: Don't perform the unsubscribe immediately upon the GET request occuring, wait for the user to confirm with a POST request.

This prevents email scanners and link previewers unsubscribing someone accidentally.

Fixes https://meta.trac.wordpress.org/ticket/6875

The link now leads to a page which asks if you're sure you want to unsubscribe before doing so. The gmail "mark as spam and unsubscribe" flow should also continue to work.

Note: See TracTickets for help on using tickets.