Last modified: 2011-05-15 10:10:02 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T15015, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 13015 - Ability to retrieve forgotten usernames
Ability to retrieve forgotten usernames
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
All All
: Low enhancement with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
: schema-change
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-14 01:41 UTC by Anakin
Modified: 2011-05-15 10:10 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Anakin 2008-02-14 01:41:44 UTC
On the Special:Userlogin page, "E-mail new password" requires people to remember the username first. It would be a nice enhancement if there was an "E-mail username" link, taking you to a different screen to enter your email address, which would then send a list of the username(s) connected with that email address. Is that possible? Might cut down on the number of unused accounts that get created by forgetful people.

There is a privacy issue I can think of: the page after you click the final button "Retrieve username" should display the same message whether there was actually any name associated with that e-mail or not. Something like: "Thank you. If you registered an account using this e-mail address, it will be sent to you." Otherwise it would be possible to find out if someone had registered if you knew the email address they commonly used.

I guess it would involve a couple of boring bits of programming (new HTML form, localization), but also a fun bit (the database query to get the usernames). (Or is it just me who thinks that? Always liked databases. ^_^)
Comment 1 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-02-14 01:47:36 UTC
This is a good idea . . . why don't we have this already?  Of course, there could be multiple usernames associated with the e-mail address, but we can just send all the relevant usernames in that case.  (The database query isn't so interesting: SELECT user_name FROM user WHERE user_email='bob@hotmail.com';)

This will need a key on user_email.
Comment 2 Anakin 2008-02-14 02:26:40 UTC
Is a key needed for performance reasons, or will some database engines not allow the text query otherwise? With MySQL at least, the tinytext field for user_email seems to allow the query anyway.
Comment 3 Charlie Huggard 2008-02-14 02:28:44 UTC
I also think this would be a really cool idea. In implementing username retrieval, we would need the ability to (partially) disable it as well. (This may be obvious to everyone, but I figured writing it down to make sure it's considered would be a good thing) Corporate Installations that are using External Authentication plugins and websites using Mediawiki as a sort of private CMS are 2 common cases that would likely not want this functionality.
Comment 4 Tim Laqua 2008-02-14 02:30:34 UTC
I don't feel utilization will be high enough to justify any schema changes.

Should it email just the username?  Or username and new randomly generated password?
Comment 5 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-02-14 02:33:50 UTC
(In reply to comment #2)
> Is a key needed for performance reasons, or will some database engines not
> allow the text query otherwise?

A key is needed for performance reasons.

(In reply to comment #4)
> I don't feel utilization will be high enough to justify any schema changes.

A table scan of millions of rows is not acceptable at *any* usage rate, period.  If this is going to be added, it has to be with an index.

> Should it email just the username?  Or username and new randomly generated
> password?

Just username is okay, but username and password reset links would be better.  Note that we don't ever immediately reset the password, we send a reset link.
Comment 6 Daniel Friesen 2008-02-14 05:10:02 UTC
(In reply to comment #5)
> Just username is okay, but username and password reset links would be better. 
> Note that we don't ever immediately reset the password, we send a reset link.

Well, perhaps, though if you think about strait logic.

For forgot password we give the form a username, it finds the e-mail, and sends a random password.

So for forgot username we give the form a e-mail, it finds the username(s), and sends a username.

Kind-of a map of one input, find one associated type, send information requested.

However, there is another thing to think of.

Say, I add my address eg: dantman@example.com to my account, and I put the password "foo" on them. I know my password is foo, and I know my e-mail is "dantman@example.com", however, I do not know my Username. So I ask for my username... I'm not asking for a password, and I don't expect the e-mail to return a temporary password. If I need a new password, I expect to request that myself.

So, perhaps we should keep with returning one requested thing for the input.
Comment 7 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-02-14 21:59:23 UTC
(In reply to comment #6)
> Say, I add my address eg: dantman@example.com to my account, and I put the
> password "foo" on them. I know my password is foo, and I know my e-mail is
> "dantman@example.com", however, I do not know my Username. So I ask for my
> username... I'm not asking for a password, and I don't expect the e-mail to
> return a temporary password. If I need a new password, I expect to request that
> myself.
> 
> So, perhaps we should keep with returning one requested thing for the input.

Yes, I see your logic.  You may have a point.  What does other software usually do?
Comment 8 Anakin 2008-02-14 22:35:05 UTC
YouTube, for one, just sends out a list of user names. But I really think that people who have forgotten their username are likely to have forgotten the password as well. Sending out both sounds more user-friendly. Sometimes the emails take a while to come through, etc., so waiting twice would be annoying.
Comment 9 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-02-14 22:44:04 UTC
Some wording like this would be good (with some more context, e.g., what the site is, who sent it, unsubscribe info, . . .):

Your username is [username].  Additionally, if you have also forgotten your password and would like to reset it now, you can go to this link to do so: [link]  If you do not wish to reset your password, do not visit the link, and it will expire in one day.

----

You have N usernames: [1], [2], ....  If you have also forgotten the passwords to one or more of your accounts and would like to reset them now, you can go to the appropriate link(s) below to do so:

[1]: [link for 1]
[2]: [link for 2]
...

The links will all expire in one day.
Comment 10 Tim Laqua 2008-02-15 14:11:58 UTC
For the form where the email address is entered, should it use a new QuickTemplate  class like the UserloginTemplate() and UsercreateTemplate() classes?  

Or it doesn't matter?  I can see arguments either way - this form will only be called from SpecialUserlogin, and all the other forms for that class are QuickTemplate classes.

I'm partial to not making another QuickTemplate template as it's an incredibly simple form.
Comment 11 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-02-19 00:57:18 UTC
It sounds like more of a code style issue than anything.  Do whatever you think is best.
Comment 12 Happy-melon 2011-04-20 15:28:20 UTC
Fixed in r86482.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links