Page MenuHomePhabricator
Create Task
Maniphest T110751

Create user name verification API with AuthManager
Closed, ResolvedPublic
Actions

Description

Right now the signup form uses the users API to check username availability; this does not allow username control extensions to influence the process so the user might not get any warning about an invalid username until after posting the form. It also does not support a "this is how the username will actually look like" response (e.g. automatic sentence casing). There should be an API (a new one or a part of createaccount) which does this via AuthManager.

Details

SubjectRepoBranchLines +/-
API changes for AuthManagermediawiki/coreREL1_27+1 K -207
API changes for AuthManagermediawiki/coremaster+1 K -207
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved DeskanaT75616 Tracking: API/backend issues blocking Wikipedia app development
 ResolvedAnomieT32788 Allow triggering of user password reset email via the API
 OpenNoneT90925 General authentication improvements for MediaWiki
 ResolvedAnomieT48179 Allow a challenge stage during authentication
 OpenNoneT5709 Refactoring to make external authentication and identity systems easier
 ResolvedTgrT43201 UserLoadFromSession considered evil
 ResolvedAnomieT67493 Session is started by EditAction (problem for extensions using UserLoadFromSession hook)
 OpenFeatureNoneT55156 Provide option to force a login session to end within a certain time
 OpenNoneT89459 Modernize MediaWiki authentication system (AuthManager)
 ResolvedTgrT110279 Rewrite core classes which need to be clients of AuthManager
 ResolvedmatmarexT63416 Give warning on account creation when user name is adjusted silently
 ResolvedAnomieT19544 Client-side validation of the username availability (done) and that password meets requirements
 DuplicateNoneT19312 Separate UserLogin from authentication process; create account creation and identification internal API
 ResolvedAnomieT76103 Createaccount API should support username validation without having to try to create an account
 ResolvedAnomieT110747 Rewrite the account creation API to use AuthManager
 ResolvedAnomieT42648 Can't validate username against blocking extensions AntiSpoof & TitleBlacklist
 ResolvedAnomieT66728 "Username in use by unified login system" warning not appearing until after the signup form is submitted
 ResolvedmatmarexT36447 "Check Availability" feature for usernames at registration interface
 ResolvedNoneT94656 Trying to register an account name with a namespace or interwiki prefix results in the prefix being dropped
 ResolvedAnomieT110751 Create user name verification API with AuthManager

Event Timeline

Tgr created this task.Aug 28 2015, 10:57 PM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added projects: Reading-Infrastructure-Team-Old (Don't use), MediaWiki-Core-AuthManager, MediaWiki-Action-API.
Tgr added subscribers: Aklapper, Tgr.
Tgr mentioned this in T110747: Rewrite the account creation API to use AuthManager.Aug 28 2015, 11:01 PM
Tgr added a parent task: T42648: Can't validate username against blocking extensions AntiSpoof & TitleBlacklist.
Tgr added a parent task: T66728: "Username in use by unified login system" warning not appearing until after the signup form is submitted.
Tgr added a parent task: T63416: Give warning on account creation when user name is adjusted silently.Aug 28 2015, 11:04 PM
Anomie moved this task from Unsorted to Needs details or plan on the MediaWiki-Action-API board.Aug 31 2015, 2:07 PM
Tgr added a parent task: T94656: Trying to register an account name with a namespace or interwiki prefix results in the prefix being dropped.Sep 1 2015, 3:48 AM
Tgr added a comment.Sep 3 2015, 2:44 AM

See also T111303.

bd808 moved this task from Backlog to AuthManager Backlog on the MediaWiki-Core-AuthManager board.Sep 9 2015, 6:18 PM
gerritbot subscribed.Jan 20 2016, 3:17 AM

Change 265201 had a related patch set uploaded (by Anomie):
WIP: API changes for AuthManager

https://gerrit.wikimedia.org/r/265201

Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptJan 20 2016, 3:17 AM
gerritbot added a project: Patch-For-Review.Jan 20 2016, 3:17 AM
Anomie moved this task from Needs details or plan to In Dev on the MediaWiki-Action-API board.Feb 18 2016, 6:05 PM
gerritbot added a comment.May 16 2016, 7:01 PM

Change 265201 merged by jenkins-bot:
API changes for AuthManager

https://gerrit.wikimedia.org/r/265201

Anomie closed this task as Resolved.May 16 2016, 7:22 PM
Anomie claimed this task.
Anomie subscribed.

This is resolved now with the introduction of AuthManager, and specifically the addition of usprop=cancreate to API action=query&list=users.

There's no timeframe for when this will be available on WMF wikis, though, beyond "soon". The next step will be to resolve T110282, then a gradual deploy while watching for things to break.

gerritbot added a comment.May 17 2016, 1:14 AM

Change 289122 had a related patch set uploaded (by Gergő Tisza):
API changes for AuthManager

https://gerrit.wikimedia.org/r/289122

gerritbot added a comment.May 17 2016, 1:42 AM

Change 289122 merged by jenkins-bot:
API changes for AuthManager

https://gerrit.wikimedia.org/r/289122

Tgr added a comment.May 17 2016, 8:46 AM

Note that this API does not work well with extensions which have not been updated to support AuthManager, since the old interface does not have a separate concept of "can an account with this name be created" and "can an account with this name be created, given the contents of the account creation POST request" (so e.g. ConfirmEdit would block all usernames since it would be looking for the captcha solution in the API request).

bd808 mentioned this in T147024: Striker should respect TitleBlacklist bans on new account names.Sep 29 2016, 11:15 PM
Fjalapeno edited projects, added Product-Infrastructure-Team-Backlog-Deprecated; removed Reading-Infrastructure-Team-Old (Don't use).Jun 7 2017, 2:57 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:39 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL