Le 18 févr. 2012 à 23:41, Nicolas Brouard a écrit:
> Le 16 févr. 2012 à 22:26, Platonides a écrit :
>
>> On 16/02/12 09:51, Nicolas Brouard INED wrote:
>>> Thanks to Platonides for his comment and also to Olivier (the author of the
>>> Realnames extension) who told me to forward the following patch to
>>> wikitech-l (which I just subscribed to) for advices, comments and critics.
>>>
>>> I was just wondering if this small patch in User.php (function idFromName)
>>> was enough in most cases:
(...)
>> This is only patching User::idFromName(), which won't be enough.
>
> Sorry, could you detail why it won't be enough!
>
>> You could well be storing the email instead of the username in the page
>> history.
>
> I was probably not clear enough: I don't want the email in the page history.
> Also the Realnames extension (quoted above) is trying to do what you seem
> suggesting but it is a complex extension which did not work on 1.18 for
> example.
>
> The proposed patch is also a solution which manages the transition for
> Wikipedians. Having an authentication with e-mail only is brutal and won't be
> understood. I like the possibility of having both option with a priority to
> username for performance also.
>
> But allowing new authors from Arabic or Asian (or Russian or ...) countries
> (with non Roman characters) to sign new articles in their own language with
> their own standard, not transliterated, signature will be appreciated if they
> also have an easy way to authenticate on an English keyboard (pad, smartphone
> etc.).
I didn't express it right.
If you do $user = User::newFromName("[email protected]"), that gets
cached, and if youlater use that object for eg. storing the username in
the history, boom, $uset->getName() will say it's called [email protected]
That's probably not happening, but you would need to check all paths in
core and the extensions...
>> As I said, you should fix it in SpecialUserlogin.php.
>
> What should I fix? Is there something wrong in the proposed patch?
The patch should go against SpecialUserlogin.php, authenticateUserData()
function.
>>> Then, just try to enter your e-mail on a standard wiki in place of your
>>> username and you will be authenticated to the first ID (and user_name)
>>> having your e-mail.
>>>
>>> The importance of e-mails as a simple way to authenticate on modern sites
>>> can't be ignored.
>>
>> It can also expose the fact that someone is registered there with that
>> email address.
>
> I don't understand what you mean and if someone has already entered an email
> for a username what is the problem?
>
>> In the patch provided, it would also happily show under some
>> circunstances the username associated to an email (not a problem for the
>> internal wiki of a company, where everybody know each other's mail, an
>> issue for public wikis out there).
>
> That is the reason why I was asking this mailing list. But, as I said in a
> previous and detailed answer to Bergi,
> the patch is very short (a single "if") and thus consequences are not
tremendous.
Go to Special:Contributions and enter the email of an existing user.
I think it may show the user contributions.
> We made some tests on various wikis, and we haven't found yet any
> circumstance where the username associated to an email is displayed:
> - it can't happen when the authentication works;
> - the only situation that I have found is when you are asking for a new
> password: then the username associated with the email entered (in place of
> the username) is displayed in the received email, but it is not a security
> issue because you are the only person to read your email.
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
