Last modified: 2014-04-11 08:27:43 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T48995, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 46995 - Username validation message does not describe failure reason, only "You have not specified a valid username"
Username validation message does not describe failure reason, only "You have ...
Status: NEW
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.22.0
All All
: Normal normal (vote)
: ---
Assigned To: spage
: easy, i18n
Depends on:
Blocks: messages
  Show dependency treegraph
 
Reported: 2013-04-07 20:25 UTC by Justin Rohrman
Modified: 2014-04-11 08:27 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Justin Rohrman 2013-04-07 20:25:41 UTC
URL: http://toro.wmflabs.org/w/index.php?title=Special:UserLogin&action=submitlogin&type=signup

Description:
Error messages for user name do not adequately describe the reason for the failure. This could make it difficult to know what to fix.

Example:
1 - Enter the following user name: !@#$%^&*()_+-={}[]|\:";'<>?,./
2 - populate other required fields
3 - click Create Account button

note: 
User receives the following validation message

Login error
You have not specified a valid username.

note:
there is no description of why the username is not valid.
Comment 1 spage 2013-04-27 10:20:24 UTC
Yes, it's very unfriendly. When extensions such as TitleBlackList and AntiSpoof reject a name they sometimes display a more friendly error, but the core User.php code returns no useful information as to why it rejected a name, so the error message ('noname') is unavoidably vague.

In this case, '#' isn't allowed in page titles, so not allowed in user names. (Remember that every user has a User:<username> page on the wiki, so usernames must be OK as titles.) Next $wgInvalidUsernameCharacters is checked, it defaults to '@', so that's a no-no. Then there's a check for "invalid due to empty, IP, slash, length, or lowercase starting letter".  Etc., etc. -- 11 years of accreted ad hoc rules that resist summary. For what it's worth "!$%^&*()_+-=:"?,."  is a valid username in a stock MediaWiki install, but the AntiSpoof extension rejects it.

The form links to _Help me choose_ for user guidance, which on enwiki is http://en.wikipedia.org/wiki/Wikipedia:Username_policy . But that doesn't say much about things not to try..
Comment 2 Nemo 2013-08-11 10:33:42 UTC
Proper solution for this case is, IMHO, to make the username field AJAXy so that as soon as you enter an invalid character it becomes red (or whatever) and it's obvious what you've done wrong.

However yes, there are several bugs about hardly actionable error messages produced by titleblacklist and friends, see e.g. bug 38303.
Comment 3 spage 2013-08-12 07:21:51 UTC
Interactive username validation is bug 21416.  The "account creation user experience" experiment on enwiki had interactive username validation, but it wasn't ideal because of bug 40648 (can't validate username against blocking extensions like AntiSpoof). The extensions run *during* the creation of a new account, not *before* creating an account.
Comment 4 Nemo 2013-08-12 10:43:57 UTC
(In reply to comment #3)
> Interactive username validation is bug 21416. 

Yes, thanks for linking it. I know it's a different issue, but if fixed completely it would supersede this.

> The "account creation user
> experience" experiment on enwiki had interactive username validation, but it
> wasn't ideal because of bug 40648 (can't validate username against blocking
> extensions like AntiSpoof). The extensions run *during* the creation of a new
> account, not *before* creating an account.

I that unfixable?
Comment 5 Steven Walling 2013-08-28 00:27:42 UTC
(In reply to comment #4)
> (In reply to comment #3)
> > Interactive username validation is bug 21416. 
> 
> Yes, thanks for linking it. I know it's a different issue, but if fixed
> completely it would supersede this.
> 
> > The "account creation user
> > experience" experiment on enwiki had interactive username validation, but it
> > wasn't ideal because of bug 40648 (can't validate username against blocking
> > extensions like AntiSpoof). The extensions run *during* the creation of a new
> > account, not *before* creating an account.
> 
> I that unfixable?

If there is someone willing to tackle fixing the extensions listed in bug 40648 (TitleBlacklist, AntiSpoof, maybe others), then it's not unfixable.
Comment 6 Nemo 2013-11-19 12:35:53 UTC
Adding many blockers of bug 38638 to the list of "easy" bugs, to mark them as candidates for [[mw:Google Code-in]] tasks (gci2013). If you think this bug is not suitable, remove the keyword.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links