From MozillaWiki
Jump to: navigation, search

BMO / TellUsMore


  1. Input collects information from the user
    • Ideally using the possible_duplicates service prior to submission
  2. Input submits bug to BMO using the provided XML-RPC web serivce
  3. BMO stores bug in a transient tracking table
  4. A token is generated and emailed to user to verify email address
  5. When token is verified:
    • If the reporter's email is not in BMO, an account will be created for them
    • Or create a bug using the reporter's BMO account in the untriaged product

The Bugzilla extension development work is tracked in Bug 678146.

XML-RPC Interface

    'creator'        [req]    email address of reporter
    'product'        [req]    product name (must match component in untriaged-bugs product)
    'summary'        [req]    summary
    'description'    [req]    issue description (STR, etc)
    'user_agent'     [req]    reporter's user agent (used to map to o/s & platform)
    'restricted'     [req]    "1" or "0"; when "1" the bug will be marked as security sensitive
    'creator_name'   [opt]    real name of the reporter
    'version'        [opt]    product version (must exist in untriaged-bugs product), defaults to 'unspecified'
    'url'            [opt]    URL provided by reporter
    'attachments'    [opt]    array of (max 2):
        'filename'       [req]    attachment filename
        'content_type'   [req]    content-type
        'description'    [opt]    description, defaults to filename
        'content'        [req]    attachment payload (max size 500k?, base64 encoded)
) : integer

Returns unique ID for the request (NOT the bug number)

Access to this web service will be limited to a single BMO account: "tellusmore@input.bugs".

The following fields are validated at submission time:

  • creator (rudimentary "is a valid email address" check)
  • product
  • version


The following information is required from the Input team prior to go-live. Simple placeholder data will be used during development.

  • emails (for all emails we need it in html and plain text, as well as the subject and sender)
    • "follow this link to create a bmo account"
    • "follow this link to verify your existing bmo account
  • html pages (can be styled to look like Input, but will be hosted on BMO)
    • "bug created, and you now have a bmo account"
      • It's a good idea to include a link to the "forgot password" as a mechanism for the user to set their password
    • "bug created with your existing bmo account"
    • "something went wrong, here's the error"

There are also a few limits which we've guessed at, and need feedback from the Input team:

  • maximum number of attachments (currently 2)
  • maximum size of an individual attachment (currently 512k)
  • maximum number of reports per minute (currently 2)


  1. XML-RPC web-service for submitting a bug
  2. If (email is registered on BMO)
    • If the BMO account is disabled, reject bug creation
    • Create token with "please confirm this is your email address"
    • Use a custom validation page, eg /tellusmore/validate?1234567890
  3. If (email is not registered)
    • Create a new account token
    • On token validation, create a new bugzilla account with a non-working password
      • Set password to *
      • If the user wants to log into BMO with their new account, they can use the "forgot password"
    • Use a custom validation page, eg /tellusmore/validate?1234567890
  4. Create a bug with the user as the reporter
    • "Untriaged Bugs" product
    • Component -> "firefox" or "fennec" or whatever
  5. Redirect the user to a hosted page to display results:

Implementation Note

  • sync versions between firefox and 'untriaged bugs'
    • hook object create/update/delete for versions
  • don't allow more than 2 reports per minute per email address
  • delete stale tokens
    • trigger - page.cgi token validation
    • older than 1 week
  • schema:
    • id (identity)
    • token (varchar 16)
    • mail (varchar 255)
    • creation_ts (datetime)
    • content (longblob) Data::Dumper serialized