Page MenuHomePhabricator
Create Task
Maniphest T110278

Improve interaction between AuthManager and the UI layer
Open, MediumPublic
Actions

Description

Tracking bug for UI support in AuthManager and the special pages which use it.

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved DeskanaT75616 Tracking: API/backend issues blocking Wikipedia app development
 ResolvedAnomieT32788 Allow triggering of user password reset email via the API
 OpenNoneT90925 General authentication improvements for MediaWiki
 ResolvedAnomieT48179 Allow a challenge stage during authentication
 OpenNoneT5709 Refactoring to make external authentication and identity systems easier
 ResolvedTgrT43201 UserLoadFromSession considered evil
 ResolvedAnomieT67493 Session is started by EditAction (problem for extensions using UserLoadFromSession hook)
 OpenFeatureNoneT55156 Provide option to force a login session to end within a certain time
 OpenNoneT89459 Modernize MediaWiki authentication system (AuthManager)
 OpenNoneT110278 Improve interaction between AuthManager and the UI layer
 ResolvedAnomieT91699 Create AuthManager framework and core classes
 ResolvedJoeT97675 Custom session handler corrupted by session_destroy, "Failed to initialize storage module"
 ResolvedJoeT106483 Create new HHVM package for HHVM 3.6.5 + patches
 ResolvedhasharT106699 Upgrade HHVM related packages on Trusty Jenkins slaves
 Resolvedbd808T95864 Mocking abstract objects fails on HHVM
 ResolvedAnomieT110274 Fix PHPUnit version incompatibility between AuthManager and Jenkins
 ResolvedKrinkleT99982 Upgrade PHPUnit to 4.0+
 ResolvedNoneT90303 Fetch dependencies using composer instead of cloning mediawiki/vendor for non-wmf branches
 ResolvedJanZerebeckiT106433 replace inline perl in builder wd-mw-composer-merged-install with a proper script
 ResolvedKrinkleT112895 Support installing composer require-dev packages together with mediawiki/vendor
 ResolvedTgrT110628 Improve AuthManager documentation
 ResolvedTgrT111255 Review login / signup designs by some major sites / frameworks
 ResolvedTgrT111258 Create a list of authentication fields and field types used by existing auth plugins
 ResolvedJdlrobsonT132501 Spike [1 HR]: Test mobile web interface of AuthManager
ResolvedAnomieT110283 Update CentralAuth to use AuthManager
 ResolvedTgrT135779 Change credential improvements / regressions with AuthManager
 ResolvedTgrT135775 Sign up page not applying mobile styles correctly
 OpenNoneT134952 Review AuthManager account linking UI
 OpenNoneT136000 Unify Special:UnlinkAccounts and Special:RemoveCredentials
 ResolvedFlorianT135924 AuthManager PrimaryAuthenticationProvider that returns one redirect AuthenticationResponse breaks returnto mechanism
 OpenNoneT136710 Add links to Special:LinkAccounts, Special:UnlinkAccounts, Special:ChangeCredentials, and Special:RemoveCredentials to Special:Preferences somewhere
 ResolvedTgrT136725 Make login/signup footer customizable by extensions
 ResolvedTgrT136809 Cancel on Special:ChangeCredentials causes validation
 ResolvedcicaleseT141474 Automatic start of authentication workflow for link provider (if it's the only available one)
 ResolvedFlorianT141471 Login button shouldn't be displayed if no input fields are there
 InvalidNoneT141478 "Keep me logged in" checkbox should not be displayed when it has no effect
 OpenNoneT180886 AuthManager special pages should honor $wgSecureLogin

Event Timeline

Tgr created this task.Aug 26 2015, 6:00 AM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added projects: MediaWiki-Core-AuthManager, Reading-Infrastructure-Team-Old (Don't use).
Tgr subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 26 2015, 6:00 AM
Tgr added a subtask: T91699: Create AuthManager framework and core classes.Aug 26 2015, 6:00 AM
Tgr added a parent task: T110277: Rewrite Special:UserLogin (and signup) and Special:UserLogout to use AuthManager.
Tgr added a parent task: T89459: Modernize MediaWiki authentication system (AuthManager).
Tgr added a parent task: T110282: Update extensions which are deployed on the Wikimedia cluster to use AuthManager.Aug 26 2015, 6:22 AM
Tgr mentioned this in T110282: Update extensions which are deployed on the Wikimedia cluster to use AuthManager.Aug 26 2015, 6:27 AM
Tgr mentioned this in T110291: Update all extensions to use AuthManager.Aug 26 2015, 6:42 AM
Tgr added a parent task: T110291: Update all extensions to use AuthManager.
Krenair subscribed.Aug 26 2015, 1:09 PM
bd808 moved this task from Backlog to AuthManager Backlog on the MediaWiki-Core-AuthManager board.Aug 26 2015, 5:33 PM
bd808 moved this task from AuthManager Backlog to AuthManager Next on the MediaWiki-Core-AuthManager board.Aug 28 2015, 5:23 PM
bd808 triaged this task as Medium priority.Aug 28 2015, 5:36 PM
bd808 subscribed.
Tgr claimed this task.Sep 2 2015, 9:52 PM
Tgr mentioned this in T111255: Review login / signup designs by some major sites / frameworks.Sep 2 2015, 9:54 PM
Tgr added a comment.Sep 8 2015, 8:54 AM

The first problem I am running into is how to group AuthRequest objects / form fields. For example, if we have three account creation providers: local password, captcha and facebook, then we probably want to check the captcha on passwords but not on a Facebook login. It is not clear how to do that. Should it be hardcoded into the captcha provider?

On the other side, it will probably make the life of the sitebuilder easier if the Facebook button and the username/password fields do not have to be in the same form element; but that means they are not submitted together and that's not something frontend code can safely decide.

Liuxinyu970226 set Security to None.Sep 10 2015, 1:42 AM
MZMcBride subscribed.Oct 1 2015, 12:54 AM
Spage mentioned this in T30085: RFC: Allow user login with email address in addition to username.Oct 8 2015, 7:57 PM
Liuxinyu970226 subscribed.Nov 16 2015, 8:53 AM
Florian subscribed.Nov 17 2015, 1:23 PM

I'm not sure, what extensions we have and how complex modifications they made to the login form, but what about a separation of authproviders. Providers that link to another auth service (e.g. Facebook, Google, Twitter or something else) normally need a button only, are Spam bot protected by the auth service and therefore shouldn't require any additional input (except the keep login checkbox, e.g.). These providers could set a specific class member and should ignore any other form input.

Any other auth provider (CAPTCHA, Token, domain (for LdapAuthentication, e.g.) normaly require any kind of data and checks?

bd808 moved this task from Backlog to In Dev/Progress on the Reading-Infrastructure-Team-Old (Don't use) board.Jan 25 2016, 5:38 PM
Tgr added subtasks: T132501: Spike [1 HR]: Test mobile web interface of AuthManager , T134952: Review AuthManager account linking UI.May 10 2016, 11:26 PM
Jdlrobson changed the status of subtask T132501: Spike [1 HR]: Test mobile web interface of AuthManager from Open to Stalled.May 11 2016, 7:02 PM
Anomie closed this task as Resolved.May 16 2016, 7:17 PM
Anomie subscribed.

Since the core AuthManager patches are merged now, I think we can call this done.

Liuxinyu970226 unsubscribed.May 19 2016, 5:10 AM
Jdlrobson changed the status of subtask T132501: Spike [1 HR]: Test mobile web interface of AuthManager from Stalled to Open.May 19 2016, 5:38 PM
Jdlrobson changed the status of subtask T132501: Spike [1 HR]: Test mobile web interface of AuthManager from Open to Stalled.May 19 2016, 9:51 PM
Tgr added a subtask: T136000: Unify Special:UnlinkAccounts and Special:RemoveCredentials.May 23 2016, 3:11 PM
Tgr added a subtask: T135924: AuthManager PrimaryAuthenticationProvider that returns one redirect AuthenticationResponse breaks returnto mechanism.May 24 2016, 8:43 PM
Tgr closed subtask T111258: Create a list of authentication fields and field types used by existing auth plugins as Resolved.May 24 2016, 8:47 PM
Tgr closed subtask T111255: Review login / signup designs by some major sites / frameworks as Resolved.
Anomie closed subtask T91699: Create AuthManager framework and core classes as Resolved.May 25 2016, 6:51 PM
Tgr changed the status of subtask T132501: Spike [1 HR]: Test mobile web interface of AuthManager from Stalled to Open.May 27 2016, 3:44 PM
Anomie added a subtask: T136710: Add links to Special:LinkAccounts, Special:UnlinkAccounts, Special:ChangeCredentials, and Special:RemoveCredentials to Special:Preferences somewhere.Jun 1 2016, 3:57 PM
Anomie closed subtask T135924: AuthManager PrimaryAuthenticationProvider that returns one redirect AuthenticationResponse breaks returnto mechanism as Resolved.Jun 1 2016, 4:16 PM
Tgr reopened this task as Open.Jun 1 2016, 6:33 PM
Tgr added a subtask: T136725: Make login/signup footer customizable by extensions.
Tgr edited projects, added Tracking-Neverending; removed Reading-Infrastructure-Team-Old (Don't use).

I have been using this for a while as a tracking bug so let's make it official.

Tgr updated the task description. (Show Details)Jun 1 2016, 6:36 PM
Anomie renamed this task from Specify interaction between AuthManager and the UI layer to Improve interaction between AuthManager and the UI layer.Jun 1 2016, 7:13 PM
Anomie removed a parent task: T110291: Update all extensions to use AuthManager.Jun 1 2016, 7:17 PM
Anomie removed a parent task: T110282: Update extensions which are deployed on the Wikimedia cluster to use AuthManager.
Anomie removed a parent task: T110277: Rewrite Special:UserLogin (and signup) and Special:UserLogout to use AuthManager.

I've adjusted the title and the blocked tasks to match the new use for this task.

Tgr added a subtask: T136809: Cancel on Special:ChangeCredentials causes validation.Jun 2 2016, 10:04 AM
Tgr closed subtask T136809: Cancel on Special:ChangeCredentials causes validation as Resolved.Jun 2 2016, 8:17 PM
bmansurov closed subtask T132501: Spike [1 HR]: Test mobile web interface of AuthManager as Resolved.Jun 9 2016, 9:05 AM
bmansurov reopened subtask T132501: Spike [1 HR]: Test mobile web interface of AuthManager as Open.
Jdlrobson closed subtask T132501: Spike [1 HR]: Test mobile web interface of AuthManager as Resolved.Jun 14 2016, 1:34 AM
Tgr added a subtask: T141474: Automatic start of authentication workflow for link provider (if it's the only available one).Jul 28 2016, 12:17 AM
Tgr closed subtask T136725: Make login/signup footer customizable by extensions as Resolved.Aug 23 2016, 9:54 PM
Liuxinyu970226 subscribed.Dec 11 2016, 12:31 AM
Florian closed subtask T141474: Automatic start of authentication workflow for link provider (if it's the only available one) as Resolved.Jun 14 2017, 3:22 PM
Tgr added a subtask: T180886: AuthManager special pages should honor $wgSecureLogin.Nov 18 2017, 10:08 PM
Aklapper removed Tgr as the assignee of this task.Jun 19 2020, 4:24 PM

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits