Tracking bug for UI support in AuthManager and the special pages which use it.
- Mentioned In
- T30085: RFC: Allow user login with email address in addition to username
T111255: Review login / signup designs by some major sites / frameworks
T110291: Update all extensions to use AuthManager
T110282: Update extensions which are deployed on the Wikimedia cluster to use AuthManager
- Mentioned Here
- T228575: Decrease number of open tickets with assignee field set for more than two years (aka cookie licking) (March-June 2020 edition)
T26291: Show Captcha always at top
The first problem I am running into is how to group AuthRequest objects / form fields. For example, if we have three account creation providers: local password, captcha and facebook, then we probably want to check the captcha on passwords but not on a Facebook login. It is not clear how to do that. Should it be hardcoded into the captcha provider?
On the other side, it will probably make the life of the sitebuilder easier if the Facebook button and the username/password fields do not have to be in the same form element; but that means they are not submitted together and that's not something frontend code can safely decide.
I'm not sure, what extensions we have and how complex modifications they made to the login form, but what about a separation of authproviders. Providers that link to another auth service (e.g. Facebook, Google, Twitter or something else) normally need a button only, are Spam bot protected by the auth service and therefore shouldn't require any additional input (except the keep login checkbox, e.g.). These providers could set a specific class member and should ignore any other form input.
Any other auth provider (CAPTCHA, Token, domain (for LdapAuthentication, e.g.) normaly require any kind of data and checks?
This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!
For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)