[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 Tyler Romeo changed: What|Removed |Added Status|PATCH_TO_REVIEW |NEW --- Comment #35 from Tyler Romeo --- (In reply to Jared Zimmerman (WMF) from comment #34) > Is this really PATCH_TO_REVIEW or is the status incorrect? Status is incorrect. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #34 from Jared Zimmerman (WMF) --- Is this really PATCH_TO_REVIEW or is the status incorrect? -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #33 from Jared Zimmerman (WMF) --- Is this being picked up by someone else? -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #32 from Gerrit Notification Bot --- Change 42084 abandoned by Hashar: (bug 28085) Allow login with e-mail address Reason: Lets keep the discussion on bug 28085 which might end up being abandoned. https://gerrit.wikimedia.org/r/42084 -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 John Mark Vandenberg changed: What|Removed |Added CC||jay...@gmail.com See Also||https://bugzilla.wikimedia. ||org/show_bug.cgi?id=34590 -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 Andre Klapper changed: What|Removed |Added Keywords|patch-in-gerrit | Status|REOPENED|PATCH_TO_REVIEW -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #31 from Matthew Flaschen --- (In reply to comment #30) > So checking that passwords are unique just isn't going to happen. Good point. I wasn't thinking, and I forgot about the per-user salt. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #30 from Daniel Friesen --- (In reply to comment #26) > (In reply to comment #25) > > C. If a login (email) and password combination are valid they can only point > > to 1 account, that account should be logged in to. > > That constraint does not exist yet. Of course, we do not store passwords in > plain text (very insecure). So to enforce this constraint, we would have to > enforce that (email, hashedPassword) is unique. > > I'm not sure all the passwords use the same algorithm (legacy reasons). That > would also have to be fixed (either all at once, or on login), then enforced > going forward. You're basing this all on the assumption that as long as the same password algorithm and same password is used the hashed password will always be the same and can be checked for uniqueness through equality. This is completely false. Unless you set `$wgPasswordSalt = false;` (which is insecure and only exists to support 3rd party systems doing login to MW wikis by directly messing with the database) we salt passwords when we hash them (well they're not really hashes, but that's another topic). This means that if you hash the same password with the same algorithm you're practically guaranteed that the end hash is going to be different each time. This is the very intent of salting passwords for security. It's not going to to away, otherwise we'd be vulnerable to rainbow tables. So checking that passwords are unique just isn't going to happen. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #29 from Jared Zimmerman --- I'm ok with that setup, it supports new users who may have forgotten their user name while basically having no effect on "power users" who run bots all under their same email or malicious users who are running sock puppet accounts. Either way it seems like a win for new, and normal users without affecting other adversely. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #28 from Chris Steipp --- (In reply to comment #27) > Here is the only solution I think we should be willing to consider due to our > privacy and security constraints: if and only if the given username/email > matches a single unique account and the password is correct for that account, > the user will be logged in. Otherwise a generic "Username/password > combination > is wrong" message is displayed. I agree. There are going to be too many issues if we try to guess the right account when multiple accounts have the same email address. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #27 from Tyler Romeo --- Here is the only solution I think we should be willing to consider due to our privacy and security constraints: if and only if the given username/email matches a single unique account and the password is correct for that account, the user will be logged in. Otherwise a generic "Username/password combination is wrong" message is displayed. Ideally, I'd much prefer if this was implemented *after* gerrit 27022 and gerrit 27472 are merged, that way we're not persisting old and shaky architecture. I can probably make a patch on top of gerrit 27022 in a few hours if a lot of people want this fixed. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 Matthew Flaschen changed: What|Removed |Added CC||cste...@wikimedia.org --- Comment #26 from Matthew Flaschen --- (In reply to comment #25) > CURRENT: > "Login error > There is no user by the name "jared.zimmer...@wikimedia.org". Check your > spelling, or go to Wikipedia's signup page to create a new user account." Of course you can not currently log in with an email. If you mean 'there is no user by the name "InvalidUsername"', that's not actually a privacy issue. Anyone can check what usernames exist (https://en.wikipedia.org/w/index.php?title=Special%3AListUsers&username=InvalidUsername&limit=1) Many sites are like MW in allowing you to enumerate the usernames one way or another. However, email should certainly not be enumerable. > PROPOSED: > "Login error > The user account for "jared.zimmer...@wikimedia.org" is not found or your > password was entered incorrectly. Check your spelling or password and try > again. If you do not have an account you can _create one._" I think this is fine. If done correctly (exact same error used for valid email, wrong password) It doesn't leak information about whether the email exists. > MULTIPLE ACCOUNTS WITH SAME EMAIL — > If multiple account exist with the input email address but no password is > entered… I don't understand why "no password" should be a special case. Can we just say "an incorrect password" (the minimum length is currently 1, so any empty/omitted password is incorrect). > A. Ideal experience would be that the form cannon be submitted unless login > and password fields have valid content, login button would disabled By valid content, do you mean the username/password or email/password are correct, or just that the fields are non-empty? We could do username/password check with AJAX authentication, but I'm not sure if that's really that useful. > C. If a login (email) and password combination are valid they can only point > to 1 account, that account should be logged in to. That constraint does not exist yet. Of course, we do not store passwords in plain text (very insecure). So to enforce this constraint, we would have to enforce that (email, hashedPassword) is unique. I'm not sure all the passwords use the same algorithm (legacy reasons). That would also have to be fixed (either all at once, or on login), then enforced going forward. For accounts with an authenticated email, we can email them to request they change their password (to fulfill the unique constraint you mentioned above). However, there's no guarantee they'll actually click the link to do so (and they could have lost their email in the meantime). We have to decide what to do for accounts that continue to have non-unique (email, password). I think it's a bit weird to give them a choice on login, so the simplest solution for this edge case is to simply reject (email, password) for these cases. Until they had unique (email, password), they would have to continue using (username, password). -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 Jared Zimmerman changed: What|Removed |Added URL||http://en.wikipedia.org/w/i ||ndex.php?title=Special:User ||Login&returnto=Main+Page&ty ||pe=signup --- Comment #25 from Jared Zimmerman --- Hi, Just became aware of the limitation today that user cannot log in to the system with their email address, I've read over the thread and i have a few things to add. I'd love to see this implemented, however it looks like development on this bug is a little stuck. Proposal: User should be able to log in to the system with either their user name or the email they have associated with their account. Issues: PRIVACY ISSUES WITH SHOWING AN ACCOUNT EXISTS — If a login is attempted with an email address only and no password the login error should be updated as follows CURRENT: "Login error There is no user by the name "jared.zimmer...@wikimedia.org". Check your spelling, or go to Wikipedia's signup page to create a new user account." PROPOSED: "Login error The user account for "jared.zimmer...@wikimedia.org" is not found or your password was entered incorrectly. Check your spelling or password and try again. If you do not have an account you can _create one._" MULTIPLE ACCOUNTS WITH SAME EMAIL — If multiple account exist with the input email address but no password is entered… A. Ideal experience would be that the form cannon be submitted unless login and password fields have valid content, login button would disabled B. If form validation cannon be fixed, the above error should be displayed even if the email address is valid for a user C. If a login (email) and password combination are valid they can only point to 1 account, that account should be logged in to. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #24 from Tyler Romeo --- The issue is that you're attempting login to multiple accounts simultaneously. I mean, let's say somebody uses three accounts (main, alternate, and bot) and they use a different password for each. If you know one of the passwords but not the account name, you can then try all at the same time. It could probably be fixed if we increased the login throttle by however many accounts with that email. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #23 from Luis Felipe Schenone --- Tyler, I know it's not standard practice, but how could it go wrong? -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #22 from Luis Felipe Schenone --- Regarding Tyler Romeo's concern about email privacy, a solution would be to throw a "Email doesn't exist or incorrect password" error whenever someone tries to login with an email and fails. Doing so wouldn't reveal if there is an account with that email. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 --- Comment #21 from Tyler Romeo --- (In reply to comment #20) > Just a note: if an email matches many accounts, it may be possible to spare > the > user from selecting his/her desired account, if the password entered matches > only one of the accounts. I mean: if the user enters his/her email and > password, and 3 accounts match the email, but only one matches the password, > then it's safe to assume that the user wants to log in to that account, not > the > others. However this may not always work, because many users will also repeat > their passwords. That's not a viable solution due to security. The username and password should be a 1-1 association, meaning you *must* have both in order to login. The only time it would be OK to let people log in with email is if only one account has that email. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 Luis Felipe Schenone changed: What|Removed |Added CC||scheno...@gmail.com --- Comment #20 from Luis Felipe Schenone --- Just a note: if an email matches many accounts, it may be possible to spare the user from selecting his/her desired account, if the password entered matches only one of the accounts. I mean: if the user enters his/her email and password, and 3 accounts match the email, but only one matches the password, then it's safe to assume that the user wants to log in to that account, not the others. However this may not always work, because many users will also repeat their passwords. -- You are receiving this mail because: You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 Michelle Lee Kosik changed: What|Removed |Added CC||kosi...@mail.com -- You are receiving this mail because: You are watching all bug changes. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 Matthew Flaschen changed: What|Removed |Added CC||mflasc...@wikimedia.org -- You are receiving this mail because: You are watching all bug changes. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 Daniel Friesen changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WONTFIX |--- --- Comment #19 from Daniel Friesen --- Undoing uncommented change to WONTFIX. The discussion so far doesn't seem to support one person suddenly marking it as WONTIFIX without an associated comment on why. -- You are receiving this mail because: You are watching all bug changes. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 JuneHyeon Bae changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WONTFIX -- You are receiving this mail because: You are watching all bug changes. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 28085] Allow user login with email address in addition to username
https://bugzilla.wikimedia.org/show_bug.cgi?id=28085 MZMcBride changed: What|Removed |Added Summary|allow login with email as |Allow user login with email |well as username|address in addition to ||username -- You are receiving this mail because: You are watching all bug changes. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l