Last modified: 2014-05-13 15:43:35 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T66959, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 64959 - MobileFrontend: Trying to create a username with a hash in should present the user with an error
MobileFrontend: Trying to create a username with a hash in should present the...
Status: RESOLVED FIXED
Product: MobileFrontend
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-06 17:43 UTC by Dan Garry
Modified: 2014-05-13 15:43 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Dan Garry 2014-05-06 17:43:14 UTC
If you try to create a username that has a hash in, we've got three totally different behaviours on four platforms:

1) Desktop: Refuses to create username because it has a hash in it.
2) iOS App: Lets you create the username, but silently truncates everything including and after the hash, then fails to log you in saying that you provided an illegal username because it tried to log you in to the username that has a hash in.
3) Android App and Mobile Web: Lets your create the username, but silently truncates everything including and after the hash, then logs you in successfully to the truncated username.

If desktop doesn't let you create these usernames then neither should any of our mobile platforms.

I'm unclear what the correct engineering solution is though. Do we change the API used to create accounts to error if you try to include hashes (instead of silently truncating and creating), or do we just include client-side validation to disallow hashes?
Comment 1 Bingle 2014-05-06 17:45:19 UTC
Prioritization and scheduling of this bug is tracked on Trello card https://trello.com/c/6hlPB67n
Comment 2 Liangent 2014-05-06 17:56:08 UTC
On desktop an error (or better to say, warning :p as it's ignorable) is shown to users with JavaScript enabled only, and you can ignore the error and go on to create the account, and the rest is the same as Android.
Comment 3 Jon 2014-05-06 17:59:33 UTC
Disable JavaScript on desktop - you'll get yet another scenario.

Kill the problem at the root - in core. Mobile Web doesn't use the API to create an account - it just submits a username the same way as core but doesn't use JavaScript to check it. If we don't want to allow silent truncation the creation of a username shouldn't truncate and instead throw an error.

I would suggest moving this to a core bug that doesn't allow the creation of usernames with invalid characters. This will force consistency across all platforms.
Comment 4 Dan Garry 2014-05-06 18:01:10 UTC
(In reply to Liangent from comment #2)
> On desktop an error (or better to say, warning :p as it's ignorable) is
> shown to users with JavaScript enabled only, and you can ignore the error
> and go on to create the account, and the rest is the same as Android.

Good point! When I saw the big red message that had the exact same format as the errors, I assumed it was an error. The whole point is probably to trick people into thinking it's an error and not trying to create an account, so I don't feel so bad about it. ;-)
Comment 5 Dan Garry 2014-05-06 18:10:39 UTC
Bug filed in Core for this: bug 64960.
Comment 6 Ryan Kaldari 2014-05-13 00:38:44 UTC
It now displays the error "You have not specified a valid username."
Comment 7 Liangent 2014-05-13 07:52:45 UTC
still not fixed? 20140510 version on live enwiki
Comment 8 Jon 2014-05-13 15:20:49 UTC
Works fine for me on master. On desktop and mobile like Kaldari I see

I see this locally and on beta labs.
It looks like the wonderful Bartosz might have fixed this in I88c479cea2bc9d2eab882e0ee8ebcbe2d1dd125e
Comment 9 Liangent 2014-05-13 15:43:35 UTC
(In reply to Jon from comment #8)
> Works fine for me on master. On desktop and mobile like Kaldari I see
> 
> I see this locally and on beta labs.
> It looks like the wonderful Bartosz might have fixed this in
> I88c479cea2bc9d2eab882e0ee8ebcbe2d1dd125e

btw. how can I configure the app to use beta labs then? Better to have a hidden preference but Yuvi doesn't like it.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links