BMO / TellUsMore

Overview

1. Input collects information from the user
   • Ideally using the possible_duplicates service prior to submission
2. Input submits bug to BMO using the provided XML-RPC web serivce
3. BMO stores bug in a transient tracking table
4. A token is generated and emailed to user to verify email address
5. When token is verified:
   • If the reporter's email is not in BMO, an account will be created for them
   • Or create a bug using the reporter's BMO account in the untriaged product

The Bugzilla extension development work is tracked in Bug 678146.

XML-RPC Interface

TellUsMore.submit(
    'creator'        [req]    email address of reporter
    'product'        [req]    product name (must match component in untriaged-bugs product)
    'summary'        [req]    summary
    'description'    [req]    issue description (STR, etc)
    'user_agent'     [req]    reporter's user agent (used to map to o/s & platform)
    'restricted'     [req]    "1" or "0"; when "1" the bug will be marked as security sensitive
    'creator_name'   [opt]    real name of the reporter
    'version'        [opt]    product version (must exist in untriaged-bugs product), defaults to 'unspecified'
    'url'            [opt]    URL provided by reporter
    'attachments'    [opt]    array of (max 2):
        'filename'       [req]    attachment filename
        'content_type'   [req]    content-type
        'description'    [opt]    description, defaults to filename
        'content'        [req]    attachment payload (max size 500k?, base64 encoded)
) : integer

Returns unique ID for the request (NOT the bug number)

Access to this web service will be limited to a single BMO account: "tellusmore@input.bugs".

The following fields are validated at submission time:

• creator (rudimentary "is a valid email address" check)
• product
• version

Requirements

The following information is required from the Input team prior to go-live. Simple placeholder data will be used during development.

• emails (for all emails we need it in html and plain text, as well as the subject and sender)
  • "follow this link to create a bmo account"
  • "follow this link to verify your existing bmo account
• html pages (can be styled to look like Input, but will be hosted on BMO)
  • "bug created, and you now have a bmo account"
    • It's a good idea to include a link to the "forgot password" as a mechanism for the user to set their password
  • "bug created with your existing bmo account"
  • "something went wrong, here's the error"

There are also a few limits which we've guessed at, and need feedback from the Input team:

• maximum number of attachments (currently 2)
• maximum size of an individual attachment (currently 512k)
• maximum number of reports per minute (currently 2)

Workflow

1. XML-RPC web-service for submitting a bug
2. If (email is registered on BMO)
   • If the BMO account is disabled, reject bug creation
   • Create token with "please confirm this is your email address"
   • Use a custom validation page, eg /tellusmore/validate?1234567890
3. If (email is not registered)
   • Create a new account token
   • On token validation, create a new bugzilla account with a non-working password
     • Set password to *
     • If the user wants to log into BMO with their new account, they can use the "forgot password"
   • Use a custom validation page, eg /tellusmore/validate?1234567890
4. Create a bug with the user as the reporter
   • "Untriaged Bugs" product
   • Component -> "firefox" or "fennec" or whatever
5. Redirect the user to a input.mozilla.org hosted page to display results:
   • Successful: http://input.mozilla.org/bug/thanks/?bug_id=%s&is_new_user=%s
     • bug_id = numeric bug ID
     • is_new_user = 1 if a new BMO account was created, 0 if an existing account was used
   • Failure: http://input.mozilla.org/bug/thanks/?error=%s&cs=%s
     • error = Error message
     • cs = checksum, calculated as MD5 hex of a shared secret + the error message

Implementation Note

• sync versions between firefox and 'untriaged bugs'
  • hook object create/update/delete for versions
• don't allow more than 2 reports per minute per email address
• delete stale tokens
  • trigger - page.cgi token validation
  • older than 1 week
• schema:
  • id (identity)
  • token (varchar 16)
  • mail (varchar 255)
  • creation_ts (datetime)
  • content (longblob) Data::Dumper serialized