Last modified: 2014-05-26 21:49:04 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T58025, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 56025 - AJAX validation of username for password reset
AJAX validation of username for password reset
Status: PATCH_TO_REVIEW
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.22.0
All All
: Normal normal (vote)
: ---
Assigned To: ganeshaditya1
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-22 23:15 UTC by Matthew Flaschen
Modified: 2014-05-26 21:49 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Matthew Flaschen 2013-10-22 23:15:24 UTC 
The list of usernames is public, so it would be useful to do client-side validation of usernames on the password reset screen. This is similar to the same bug 17544, bug 34447, and bug 47685.

It is not public which emails are in use, so we should not reveal that in any way (the current password reset interface does not either).
Comment 1 Jared Zimmerman (WMF) 2013-10-22 23:21:12 UTC 
Thanks Matt
Comment 2 Gerrit Notification Bot 2014-04-06 03:46:29 UTC 
Change 124139 had a related patch set uploaded by Ganeshaditya1:
AJAX validation of username in password reset page

https://gerrit.wikimedia.org/r/124139
Comment 3 Jared Zimmerman (WMF) 2014-04-06 06:25:13 UTC 
Can this be leveraged for Account creation as well?
Comment 4 ganeshaditya1 2014-04-06 11:00:28 UTC 
I think it can be, by factoring out the validateUserName function into a common file and making it common to both the account creation, login and password reset pages. What could I name this file ?

It might take me some time as I have exams so in the meantime I would even get feedback on my validateUserName function too.
Comment 5 Jared Zimmerman (WMF) 2014-04-07 19:54:52 UTC 
(In reply to ganeshaditya1 from comment #4)
Matt can probably point you in the right direction here, this is on our roadmaps but isn't a prioritized thing for us right now, so we really appreciate you taking the time to work on this.
Comment 6 Matthew Flaschen 2014-04-09 06:48:56 UTC 
(In reply to Jared Zimmerman (WMF) from comment #3)
> Can this be leveraged for Account creation as well?

Bartosz already implemented this in 74b22223 for account creation.  It's been live for a little while. :)

As for generalizing it, login and password reset could be common pretty easily (does the username exist?).  Signup is a little more difficult, since it's partly the opposite (username should *not* exist) and partly custom (must be valid username, which we don't have to worry about if it needs to exist anyway).
Comment 7 Andre Klapper 2014-05-26 15:03:54 UTC 
ganeshaditya1: Do you plan to extend your patch, based on comment 5 and comment 6?
Comment 8 Alex Monk 2014-05-26 21:49:04 UTC 
Also, there are more issues with it that I pointed out in Gerrit.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links