Page MenuHomePhabricator
Create Task
Maniphest T26756

Check auto created usernames as well
Closed, ResolvedPublic
Actions

Description

The current state is, if enwiki blacklists A but dewiki doesn't, a user can register the name A on dewiki, then autocreate the name A on enwiki. Ideally, the name can exist on dewiki, but cannot be autocreated on enwiki.

I tried to implement this in r67347 and it's CentralAuth-specific (not really sure whether this is good). Besides, this can actually work only after bug 24755 is fixed.

Assigning this bug to myself, but nothing really need to be done after bug 24755 is fixed, unless the "CentralAuth-specific" feature needs reconsideration.

Version: unspecified
Severity: enhancement

Details

Reference
bz24756

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:07 PM
bzimport added a project: TitleBlacklist.
bzimport set Reference to bz24756.
liangent created this task.Aug 11 2010, 6:20 PM
Platonides added a comment.Nov 10 2010, 11:52 PM

I think that CentralAuthHooks::attemptAddUser() should call AbortNewAccount not (just) an extension specific CentralAuthAutoCreate

brion added a comment.Apr 4 2011, 11:44 PM

IIRC, we need them to be separate in part so we can still have things like AntiSpoof preventing initial account creation, while still allowing an account that's been explicitly allowed in by a sysop or grandfathered in to work as expected.

brion added a comment.Apr 5 2011, 1:21 AM

r85410 covers this:

  • (bug 24755) AuthPlugin auto-creation of local accounts can now be aborted by other extensions by handling the 'AbortAutoAccount' hook, similar to the 'AbortNewAccount' triggered by explicit account creations. (They are separate to avoid loops and confusion; auth plugins like CentralAuth need to handle AbortNewAccount separately.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL