Implement user verification process

[violine1101]

The Problem

There currently is no way to link a user's Discord account to their Mojira account. In some cases it's not obvious who which account belongs to, so a verification process for linking accounts between Discord and Mojira might be useful.

Possible Solution

Add a !verification <Mojira username> command. When it is run, MojiraBot replies with a message like To link your Discord account to your Mojira account "username", leave a comment on WEB-1234 with your Discord user ID (<user id>).

MojiraBot also regularily checks that ticket WEB-1234 for newly incoming comments and checks them against the known Discord accounts. It then keeps all the linkings in a data base which can then be used to look up who which account belongs to, for example with !jira who @<discord account> or !jira who <jira account>.

Additionally, it might be nice to give verified users a special role.

Discussion needed, I'm not sure if this is really something that we want or need.

[SPGoding]

If we decided to do this, it might be better that the user is required to post a random code generated by MojiraBot to that ticket instead of posting their Discord user ID as Mojira is a public place and everyone / every bot can see all those tasty user IDs

[dericksonmark]

Hello! If this functionality added to MojiraBot, it might be better to delete the !verification command sent by the user immediately, and then send a private message to the command user with the response instead of just responding in the #bot-commands tab. If a malicious user tried to access Discord user IDs, sending private messages would prevent the user from being able to tell exactly which Discord account links to which Mojira account.

The verification code could expire within 10 minutes of it being sent and any record of it could be deleted from the database; this could help reduce the amount of data that would need to be stored in the database and help secure an account in case it was compromised.

I'm not quite sure what you meant by 'special role', but it should definitely not be too powerful. The only thing I can think of that would fit here would be a different colored name in Discord or Mojira. Adding affected versions to tickets or something like that is way too powerful. A malicious user could use this low-effort action to pretty much destroy the tracker.

[violine1101]

If this functionality added to MojiraBot, it might be better to delete the !verification command sent by the user immediately, and then send a private message to the command user with the response instead of just responding in the #bot-commands tab.

It would also be possible to only enable the !verification command in DMs, that way a user can only verify itself by writing a DM to MojiraBot.

The code being random was another thing I thought about, would definitely also be a good option to do it.

I'm not quite sure what you meant by 'special role', but it should definitely not be too powerful.

I don't think it should make any difference permission-wise, I thought it should probably only be aesthetic (different color?), so that you know who has verified their account and who has not.

[dericksonmark]

Something that came up while developing a bot to do this was the permissions needed for the whois command (as I'm calling it). Do you think that it should be available for everyone, only users who have verified their accounts, or only volunteers?

The way I have my code set up right now is where the command !verify jira is used in #bot-commands. The bot immediately detects the command, removes the message from the channel, then generates and sends an embed to the user in a private message, giving them instructions on how to link their Discord account to their Mojira account. Essentially, they have to copy a random code (or set string if the bot is in beta mode) and paste it into a Mojira ticket. Then, the user must use the command !verify account <mojirausername> to make the bot check the ticket for their username and code in the same comment. This makes it impossible for a malicious user to verify an account that they do not own. An embed is then generated and sent to the user, and they receive a role. Their information is saved in JSON documents. As of now, the !whois d <discordusername> and !whois m <mojirausername> commands can be used only by users with a specific role (the role in the question at the top of this comment).

Also, I didn't think that it would be an issue to force the user to send the verification request in a private message, as other users knowing that they were verifying their account would not mean anything. All random codes are linked to the Discord username and cannot be used by a different user.

[urielsalis]

Regarding user ids, they are just a timestamp and usually public anyway (anyone can right click and get it)

I like this idea, it would allow us to show the username on requests, specially ownerships

[Jack-McKalling]

I really like this too. I might have a more streamlined workflow though:

1. User sends command to bot in a DM: /verify jira
2. Bot responds with instructions, namely the special code that you need to post in this or that mojira ticket
3. User posts special code on ticket
4. Bot can now link both discord and jira accounts

The code could be an encrypted piece of string that gets generated from the discord handle (including the hash) and some secret algorythm (supported by github secret key things), so multiple users won't ever have the same one and they can't fake them.

This way there would be no need to include any usernames in these commands. Because as soon as the user performs the command to the bot, the bot will remember the discord user handle together with the code that it then sends, and when the user posts the code in a comment on the ticket, and because the bot listens to new posts on that particular ticket, the bot will know which jira account is supposed to be associated with that code.

And for the reason that the first command is literally the same for everyone, it would be better to keep that in the bot's private DM in the first place (or be spammed with the same text from everyone in our channel)

[urielsalis]

The special code can just be a random number(so people cant link to random accounts) hashed together with the discord id

I would even go a bit further and make it a requirement before seeing any conversations in the discord, to prevent the spammers reading up on us

[Jack-McKalling]

The special code can just be a random number(so people cant link to random accounts) hashed together with the discord id

That's exactly what I meant with:

The code could be an encrypted piece of string that gets generated from the discord handle (including the hash) and some secret algorythm (supported by github secret key things), so multiple users won't ever have the same one and they can't fake them.

Anyway, essentially a bot could auto delete all posts on the special ticket, if they're not including a code that's previously been generated by mojirabot and registered with associated discord handle. Because people should only post on the ticket if they've initiated the mojira bot first. Even after that, if the mojirabot has finished verification, a bot could also delete the valid code comments to prevent long comment histories. (rephrased to say "a bot" instead of specifically either one, because I don't know what bot needs to do what)

[Jack-McKalling]

I would even go a bit further and make it a requirement before seeing any conversations in the discord, to prevent the spammers reading up on us

I don't think we can close "any conversation" behind verification like this. The role-specific channels could receive it, or just the request ones (which would not solve your mention of spammer issue), but we do need some channels in where people can go to communicate with us without having to also have an account on mojira.