Page MenuHomePhabricator

"Username in use by unified login system" warning not appearing until after the signup form is submitted
Closed, ResolvedPublic


When registering as a new user, the name you choose is checked as soon as you leave the name-textfield. If you choose a name that's actively in use, you get the warning:

"Username entered already in use. Please choose a different name."

This should also catch registered usernames that are inactive (have no edits?). Currently those aren't caught until the form is submitted.

In those cases, you get a different error after submission:

"[...] the requested username is already taken in the unified login system"

(This is on most WM wikis. Some have checks for name-similarity which evaluate first.)

Version: unspecified
Severity: normal
See Also:

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:24 AM
bzimport set Reference to bz64728.
bzimport added a subscriber: Unknown Object (MLST).

"unified login system" -> that is SUL and that is part of CentralAuth extension.

At the moment the extensions are missing on that check, so also AntiSpoof or the TitleBlacklist are missing.

But I am not sure, if that should be fixed in core (by calling the existing checks per api) or in each extension (by calling each api seperatly), so keeping it in core first. See bug 61416 for the core change.

Hmm, I thought this was fixed by bug 34447

See also bug 40648 (for AntiSpoof and TitleBlacklist)

Looks like bug 34447 was only about the core part, not extensions like CentralAuth with SUL and global accounts. When a global account does not exist an that local wiki, the check will not working.

  • Bug 70058 has been marked as a duplicate of this bug. ***

(From dup bug 70058)

The check in
resources/src/mediawiki.special/mediawiki.special.userlogin.signup.js that
attempts to help the user choose an available username is not aware of
CentralAuth accounts that have not been attached to the local wiki. This is
due to the use of /w/api.php?action=query&list=users to power the check.


The conflict will be noticed when the form is submitted, but it would be
nicer if users were warned about global user conflicts by the pre-submit

From irc:
< csteipp> Yeah, there's a centralauth api that is similar to the list=users api...
< csteipp> bd808:

So switching from the list=users api to the meta=globaluserinfo api might be a good way to fix this for WMF wikis. That leaves the problem of doing the right thing on wikis where globaluserinfo isn't installed:

Switching the api would still leave the problem of AntiSpoof, TitleBlacklist and anything else hooking AbortNewAccount not being done in the pre-submit call as well.

AuthManager providers can implement testUserForCreation( $user, $isAutocreation ) and/or testUserExists( $username ). Patch for CentralAuth is

Change 283847 had a related patch set uploaded (by Gergő Tisza):
[WIP] Update signup form validation to use AuthManager

matmarex assigned this task to Anomie.
matmarex removed a project: Patch-For-Review.

That change has been merged. Testing with the example given above (T66728#710599), this seems indeed resolved.

image.png (1×1 px, 152 KB)

Change 283847 abandoned by Bartosz Dziewoński:

[mediawiki/core@master] [WIP] Update signup form validation to use AuthManager


Done in