Page MenuHomePhabricator

"Username in use by unified login system" warning not appearing until after the signup form is submitted
Closed, ResolvedPublic

Description

When registering as a new user, the name you choose is checked as soon as you leave the name-textfield. If you choose a name that's actively in use, you get the warning:

"Username entered already in use. Please choose a different name."

This should also catch registered usernames that are inactive (have no edits?). Currently those aren't caught until the form is submitted.

In those cases, you get a different error after submission:

"[...] the requested username is already taken in the unified login system"

(This is on most WM wikis. Some have checks for name-similarity which evaluate first.)


Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=70058

Details

Reference
bz64728

Event Timeline

bzimport raised the priority of this task from to Normal.Nov 22 2014, 3:24 AM
bzimport set Reference to bz64728.
bzimport added a subscriber: Unknown Object (MLST).
Sj created this task.May 2 2014, 12:54 AM

"unified login system" -> that is SUL and that is part of CentralAuth extension.

At the moment the extensions are missing on that check, so also AntiSpoof or the TitleBlacklist are missing.

But I am not sure, if that should be fixed in core (by calling the existing checks per api) or in each extension (by calling each api seperatly), so keeping it in core first. See bug 61416 for the core change.

Hmm, I thought this was fixed by bug 34447

See also bug 40648 (for AntiSpoof and TitleBlacklist)

Looks like bug 34447 was only about the core part, not extensions like CentralAuth with SUL and global accounts. When a global account does not exist an that local wiki, the check will not working.

bd808 added a comment.Aug 26 2014, 7:47 PM
  • Bug 70058 has been marked as a duplicate of this bug. ***
bd808 added a comment.Aug 26 2014, 7:48 PM

(From dup bug 70058)

The check in
resources/src/mediawiki.special/mediawiki.special.userlogin.signup.js that
attempts to help the user choose an available username is not aware of
CentralAuth accounts that have not been attached to the local wiki. This is
due to the use of /w/api.php?action=query&list=users to power the check.
Example:

http://en.wikipedia.org/w/api.php?action=query&list=users&ususers=BryanDavis

http://fr.wikipedia.org/w/api.php?action=query&list=users&ususers=BryanDavis
The conflict will be noticed when the form is submitted, but it would be
nicer if users were warned about global user conflicts by the pre-submit
validation.

bd808 added a comment.Aug 26 2014, 8:31 PM

From irc:
< csteipp> Yeah, there's a centralauth api that is similar to the list=users api...
< csteipp> bd808: https://fr.wikipedia.org/w/api.php?action=query&meta=globaluserinfo&guiuser=BryanDavis

So switching from the list=users api to the meta=globaluserinfo api might be a good way to fix this for WMF wikis. That leaves the problem of doing the right thing on wikis where globaluserinfo isn't installed:

bd808 added a comment.Aug 26 2014, 8:34 PM

Switching the api would still leave the problem of AntiSpoof, TitleBlacklist and anything else hooking AbortNewAccount not being done in the pre-submit call as well.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 28 2015, 11:03 PM
Tgr added a subscriber: Tgr.May 17 2016, 9:06 AM

AuthManager providers can implement testUserForCreation( $user, $isAutocreation ) and/or testUserExists( $username ). Patch for CentralAuth is https://gerrit.wikimedia.org/r/#/c/284499/

Change 283847 had a related patch set uploaded (by Gergő Tisza):
[WIP] Update signup form validation to use AuthManager

https://gerrit.wikimedia.org/r/283847

matmarex closed this task as Resolved.May 29 2017, 5:05 PM
matmarex assigned this task to Anomie.
matmarex removed a project: Patch-For-Review.

That change has been merged. Testing with the example given above (T66728#710599), this seems indeed resolved.