[Bug 40050] New: Allow password reset requests to be handled centrally for unified users

Thu, 06 Sep 2012 04:25:01 -0700 

https://bugzilla.wikimedia.org/show_bug.cgi?id=40050

       Web browser: ---
             Bug #: 40050
           Summary: Allow password reset requests to be handled centrally
                    for unified users
           Product: MediaWiki extensions
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: CentralAuth
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected], [email protected],
                    [email protected]
    Classification: Unclassified
   Mobile Platform: ---


For unified users, password reset requests dont work on wikis where the user
has not visited before. This is because a local account for that user has not
been created in that wiki.  So, after trying to reset password on that wiki, we
get an error "The username '$username' is not registered on this wiki, but it
does exist in the unified login system". Even if I wanted to create a new
account on this current wiki, I wont be allowed to do so citing that my desired
username is very similar to/ same as the existing one. As a user, now I need to
remember which wiki I had created that account on or any other wiki which I
have visited before (as a logged in user) and then try to reset the password
there. 

As Dantman suggested we cannot allow creating local accounts on wikis where the
user has not visited before because you could abuse that to force MW to create
local users on wikis that a user will never go. It could be used both as a form
of user harassment and as a way to spam the RC even when blocked.

A better approach would be to improve CentralAuth to allow resetting all
passwords centrally for unified users. 

Should this approach be approved & if it requires significant efforts, I would
be interested on making these changes after I am done with SignupAPI

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to