Last modified: 2014-08-26 20:34:16 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T66728, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 64728 - "Username in use by unified login system" warning not appearing until after the signup form is submitted
"Username in use by unified login system" warning not appearing until after t...
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
CentralAuth (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 70058 (view as bug list)
Depends on: 34447
Blocks: 17544
  Show dependency treegraph
 
Reported: 2014-05-02 00:54 UTC by SJ
Modified: 2014-08-26 20:34 UTC (History)
9 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description SJ 2014-05-02 00:54:47 UTC
When registering as a new user, the name you choose is checked as soon as you leave the name-textfield.  If you choose a name that's actively in use, you get the warning:

"Username entered already in use. Please choose a different name."

This should also catch registered usernames that are inactive (have no edits?).  Currently those aren't caught until the form is submitted. 

In those cases, you get a different error after submission:

"[...] the requested username is already taken in the unified login system"

(This is on most WM wikis. Some have checks for name-similarity which evaluate first.)
Comment 1 Umherirrender 2014-05-02 06:54:22 UTC
"unified login system" -> that is SUL and that is part of CentralAuth extension.

At the moment the extensions are missing on that check, so also AntiSpoof or the TitleBlacklist are missing.

But I am not sure, if that should be fixed in core (by calling the existing checks per api) or in each extension (by calling each api seperatly), so keeping it in core first. See bug 61416 for the core change.
Comment 2 Andre Klapper 2014-05-02 11:33:12 UTC
Hmm, I thought this was fixed by bug 34447
Comment 3 Umherirrender 2014-05-02 12:27:56 UTC
See also bug 40648 (for AntiSpoof and TitleBlacklist)

Looks like bug 34447 was only about the core part, not extensions like CentralAuth with SUL and global accounts. When a global account does not exist an that local wiki, the check will not working.
Comment 4 Bryan Davis 2014-08-26 19:47:31 UTC
*** Bug 70058 has been marked as a duplicate of this bug. ***
Comment 5 Bryan Davis 2014-08-26 19:48:44 UTC
(From dup bug 70058)
> The check in
> resources/src/mediawiki.special/mediawiki.special.userlogin.signup.js that
> attempts to help the user choose an available username is not aware of
> CentralAuth accounts that have not been attached to the local wiki. This is
> due to the use of /w/api.php?action=query&list=users to power the check.
> 
> Example:
> 
> *
> http://en.wikipedia.org/w/api.php?action=query&list=users&ususers=BryanDavis
> *
> http://fr.wikipedia.org/w/api.php?action=query&list=users&ususers=BryanDavis
> 
> The conflict will be noticed when the form is submitted, but it would be
> nicer if users were warned about global user conflicts by the pre-submit
> validation.
Comment 6 Bryan Davis 2014-08-26 20:31:49 UTC
From irc:
<  csteipp>	 Yeah, there's a centralauth api that is similar to the list=users api...
<  csteipp>	 bd808: https://fr.wikipedia.org/w/api.php?action=query&meta=globaluserinfo&guiuser=BryanDavis

So switching from the list=users api to the meta=globaluserinfo api might be a good way to fix this for WMF wikis. That leaves the problem of doing the right thing on wikis where globaluserinfo isn't installed:

* https://wikimediafoundation.org/w/api.php?action=query&meta=globaluserinfo&guiuser=BryanDavis
Comment 7 Bryan Davis 2014-08-26 20:34:16 UTC
Switching the api would still leave the problem of AntiSpoof, TitleBlacklist and anything else hooking AbortNewAccount not being done in the pre-submit call as well.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links