Page MenuHomePhabricator

Create user name verification API with AuthManager
Closed, ResolvedPublic

Description

Right now the signup form uses the users API to check username availability; this does not allow username control extensions to influence the process so the user might not get any warning about an invalid username until after posting the form. It also does not support a "this is how the username will actually look like" response (e.g. automatic sentence casing). There should be an API (a new one or a part of createaccount) which does this via AuthManager.

Related Objects

StatusSubtypeAssignedTask
Resolved Deskana
ResolvedAnomie
OpenNone
ResolvedAnomie
OpenNone
ResolvedTgr
ResolvedAnomie
OpenFeatureNone
OpenNone
ResolvedTgr
Resolvedmatmarex
ResolvedAnomie
DuplicateNone
ResolvedAnomie
ResolvedAnomie
ResolvedAnomie
ResolvedAnomie
Resolvedmatmarex
ResolvedNone
ResolvedAnomie

Event Timeline

Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added subscribers: Aklapper, Tgr.

Change 265201 had a related patch set uploaded (by Anomie):
WIP: API changes for AuthManager

https://gerrit.wikimedia.org/r/265201

Change 265201 merged by jenkins-bot:
API changes for AuthManager

https://gerrit.wikimedia.org/r/265201

Anomie claimed this task.
Anomie subscribed.

This is resolved now with the introduction of AuthManager, and specifically the addition of usprop=cancreate to API action=query&list=users.

There's no timeframe for when this will be available on WMF wikis, though, beyond "soon". The next step will be to resolve T110282, then a gradual deploy while watching for things to break.

Change 289122 had a related patch set uploaded (by Gergő Tisza):
API changes for AuthManager

https://gerrit.wikimedia.org/r/289122

Change 289122 merged by jenkins-bot:
API changes for AuthManager

https://gerrit.wikimedia.org/r/289122

Note that this API does not work well with extensions which have not been updated to support AuthManager, since the old interface does not have a separate concept of "can an account with this name be created" and "can an account with this name be created, given the contents of the account creation POST request" (so e.g. ConfirmEdit would block all usernames since it would be looking for the captcha solution in the API request).