"Username in use by unified login system" warning not appearing until after the signup form is submitted
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Sj
	May 2 2014, 12:54 AM

Description

When registering as a new user, the name you choose is checked as soon as you leave the name-textfield. If you choose a name that's actively in use, you get the warning:

"Username entered already in use. Please choose a different name."

This should also catch registered usernames that are inactive (have no edits?). Currently those aren't caught until the form is submitted.

In those cases, you get a different error after submission:

"[...] the requested username is already taken in the unified login system"

(This is on most WM wikis. Some have checks for name-similarity which evaluate first.)

Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=70058

Details

Reference: bz64728

	Subject	Repo	Branch	Lines +/-
	[WIP] Update signup form validation to use AuthManager	mediawiki/core	master	+38 -5

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	matmarex	T63416 Give warning on account creation when user name is adjusted silently
Resolved	Anomie	T19544 Client-side validation of the username availability (done) and that password meets requirements
Resolved	Anomie	T66728 "Username in use by unified login system" warning not appearing until after the signup form is submitted
Resolved	matmarex	T36447 "Check Availability" feature for usernames at registration interface
Resolved	Anomie	T110751 Create user name verification API with AuthManager
Duplicate	None	T78479 API error messages should be localised

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:24 AM

• bzimport added a project: MediaWiki-extensions-CentralAuth.

• bzimport set Reference to bz64728.

• bzimport added a subscriber: Unknown Object (MLST).

Sj created this task.May 2 2014, 12:54 AM

"unified login system" -> that is SUL and that is part of CentralAuth extension.

At the moment the extensions are missing on that check, so also AntiSpoof or the TitleBlacklist are missing.

But I am not sure, if that should be fixed in core (by calling the existing checks per api) or in each extension (by calling each api seperatly), so keeping it in core first. See bug 61416 for the core change.

Hmm, I thought this was fixed by bug 34447

See also bug 40648 (for AntiSpoof and TitleBlacklist)

Looks like bug 34447 was only about the core part, not extensions like CentralAuth with SUL and global accounts. When a global account does not exist an that local wiki, the check will not working.

Bug 70058 has been marked as a duplicate of this bug. ***

(From dup bug 70058)

The check in
resources/src/mediawiki.special/mediawiki.special.userlogin.signup.js that
attempts to help the user choose an available username is not aware of
CentralAuth accounts that have not been attached to the local wiki. This is
due to the use of /w/api.php?action=query&list=users to power the check.

Example:

http://en.wikipedia.org/w/api.php?action=query&list=users&ususers=BryanDavis

http://fr.wikipedia.org/w/api.php?action=query&list=users&ususers=BryanDavis

The conflict will be noticed when the form is submitted, but it would be
nicer if users were warned about global user conflicts by the pre-submit
validation.

From irc:
< csteipp> Yeah, there's a centralauth api that is similar to the list=users api...
< csteipp> bd808: https://fr.wikipedia.org/w/api.php?action=query&meta=globaluserinfo&guiuser=BryanDavis

So switching from the list=users api to the meta=globaluserinfo api might be a good way to fix this for WMF wikis. That leaves the problem of doing the right thing on wikis where globaluserinfo isn't installed:

https://wikimediafoundation.org/w/api.php?action=query&meta=globaluserinfo&guiuser=BryanDavis

Switching the api would still leave the problem of AntiSpoof, TitleBlacklist and anything else hooking AbortNewAccount not being done in the pre-submit call as well.

• werdna unsubscribed.Dec 10 2014, 5:24 PM

Umherirrender unsubscribed.Feb 24 2015, 7:52 PM

Tgr added a subtask: T110751: Create user name verification API with AuthManager.Aug 28 2015, 11:03 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 28 2015, 11:03 PM

Anomie closed subtask T110751: Create user name verification API with AuthManager as Resolved.May 16 2016, 7:22 PM

AuthManager providers can implement testUserForCreation( $user, $isAutocreation ) and/or testUserExists( $username ). Patch for CentralAuth is https://gerrit.wikimedia.org/r/#/c/284499/

Change 283847 had a related patch set uploaded (by Gergő Tisza):
[WIP] Update signup form validation to use AuthManager

https://gerrit.wikimedia.org/r/283847

gerritbot added a project: Patch-For-Review.May 17 2016, 9:07 AM

Glaisher merged a task: T116665: Existing global/unified usernames not immediately checked for availability on sign-up.May 17 2016, 9:11 AM

Glaisher added subscribers: Glaisher, eranroz, Ata and 4 others.

Tgr added a subtask: T78479: API error messages should be localised.Jul 29 2016, 10:46 PM

Will be fixed by https://gerrit.wikimedia.org/r/#/c/324969.

MarkTraceur unsubscribed.Jan 27 2017, 10:11 PM

That change has been merged. Testing with the example given above (T66728#710599), this seems indeed resolved.

MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.Nov 22 2017, 9:47 AM

MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.

Change 283847 abandoned by Bartosz Dziewoński:

[mediawiki/core@master] [WIP] Update signup form validation to use AuthManager

Reason:

Done in https://gerrit.wikimedia.org/r/324969