Page MenuHomePhabricator

Createaccount API should support username validation without having to try to create an account
Closed, ResolvedPublic

Description

User story: "As a user, I'd like to know whether the username I have chosen is valid before I try to create it, so that I can fix it first."

Expected API input: username=Deskana
Expected API output: boolean, saying whether this is a valid username that could be created

Basically, in the app the user has to continually resubmit requests before they know whether their username is valid or not. It'd be nice if, after they've typed in their username, we could send a request to the API to see whether it's valid or not, while they continue with the rest of the form. That way, we can inform them to change it before they submit.

Right now it's only possible to validate the username by trying to create it.

Related Objects

StatusSubtypeAssignedTask
OpenNone
OpenNone
OpenNone
ResolvedMarkTraceur
Resolvedmatmarex
Resolvedmatmarex
Resolvedmatmarex
Resolvedmatmarex
DuplicateNone
InvalidNone
ResolvedJdlrobson
ResolvedBUG REPORTmatmarex
Resolvedmatmarex
OpenNone
ResolvedEsanders
DuplicateNone
ResolvedTTO
ResolvedJayprakash12345
DuplicateNone
ResolvedJdlrobson
ResolvedNone
Resolvedmatmarex
ResolvedAnomie
OpenNone
ResolvedAnomie
OpenNone
ResolvedTgr
ResolvedAnomie
OpenFeatureNone
Resolved Deskana
ResolvedAnomie
OpenNone
DuplicateNone
ResolvedAnomie
ResolvedAnomie

Event Timeline

Deskana renamed this task from Pre-validation of username by createaccount API to see whether it's a valid username to Createaccount API should support username validation without having to try to create an account.
Deskana raised the priority of this task from to Needs Triage.
Deskana updated the task description. (Show Details)
Deskana changed Security from none to None.
Deskana updated the task description. (Show Details)
Deskana subscribed.
Dereckson subscribed.

This would be a nice addition to the API.

As we have a well defined API code and a separate function exists to validate usernames, I add the good first task label: this task is suitable for a first approach of our MediaWiki code base.

What does validate mean in this context? Does that mean it passes the normalization checks, or do we also include AntiSpoof, TitleBlacklist, etc.?

What does validate mean in this context? Does that mean it passes the normalization checks, or do we also include AntiSpoof, TitleBlacklist, etc.?

It should check everything. This API function should return true if the account could be created, and false if it can not (for whatever reason) with some additional meaningful information about why the account could not have been created.

I think it would be reasonable for an MVP for this function to not validate *everything*, as long it never incorrectly says that an account cannot be created when it actually can.

This would probably require refactoring User::addNewAccountInternal() into two functions: one that does everything up to the 'ExemptFromAccountCreationThrottle' hook call and one that does that and the bits after.

gerritbot subscribed.

Change 182886 had a related patch set uploaded (by Deskana):
Separate out username validation from addNewAccountInternal()

https://gerrit.wikimedia.org/r/182886

Patch-For-Review

Aklapper triaged this task as Medium priority.Mar 23 2015, 8:56 PM
Aklapper subscribed.

Change 182886 abandoned by Deskana:
Separate out username validation from addNewAccountInternal()

Reason:
I've not touched this in months and probably won't get around to it again, so I'm abandoning. If someone else wants to take over, feel free to restore this and take ownership.

https://gerrit.wikimedia.org/r/182886

Change 265201 had a related patch set uploaded (by Anomie):
WIP: API changes for AuthManager

https://gerrit.wikimedia.org/r/265201

Anomie claimed this task.

This is resolved now with the introduction of AuthManager, and specifically the addition of usprop=cancreate to API action=query&list=users.

There's no timeframe for when this will be available on WMF wikis, though, beyond "soon". The next step will be to resolve T110282, then a gradual deploy while watching for things to break.

Change 289122 had a related patch set uploaded (by Gergő Tisza):
API changes for AuthManager

https://gerrit.wikimedia.org/r/289122