mediawiki - new users can't log in to the wiki

[tingox]

Test: 1) create a new user in p2k16, with an email address as the username (I filled in manually, I don't know if using the link makes a difference) 2) test the new user by logging in to p2k16. 3) try to login on the wiki with the new user, get the error message Autooprrettelse av lokal konto mislyktes: Du har ikke oppgitt et gyldig brukernavn. This error is similar to #122, but then it was a problem with the mediawiki database, and was the same for all users.

[tingox]

Here is a screenshot

[tingox]

No, sorry, the problem exists for new users with a "normal" username also

[trygvis]

It think this is a generic error message, can be because of an issue in the local database or with the p2k16 integration.

[tingox]

Unfortunately, I can't find any error messages in mediawiiki or nginx logs related to this. Data point: the newest user on the wiki was (auto)created on December 5th, 2020.

[tingox]

the "mwuser" table looks ok, at least

mediawiki=> select column_default from information_schema.columns where table_name='mwuser' and column_name='user_id';
            column_default             
---------------------------------------
 nextval('user_user_id_seq'::regclass)
(1 row)

not sure where to look next.

[tingox]

today I can log into the wiki with my "Tingo-test7" test user, but my test user with the username "tingomob@gmail.com" still gets the same error message as before. AFAIK, I haven't made any changes to the wiki, or to anything else related. Strange.

[tingox]

tried stopping and starting the mediawiki container - no change; the test user with the email address as username still can't login.

[omega]

https://www.mediawiki.org/wiki/Manual:$wgInvalidUsernameCharacters says that @ is not allowed in usernames in mediawiki, so I assume that might be the reason? It also says something about how to allow it, so perhaps someone that knows mediawiki could check if ours is configured to allow it?

[tingox]

no, our mediawiki is not configured to allow it. There is no $wgInvalidUsernameCharacters defined in LocalSettings.php. And as far as I can see from git history, this setting has never been enabled for our wiki.

Data point: There are currently 5 (five) users in our wiki which have an email address (and thus the '@' sign) as their username; they were created on 2018.10.04, 2018.08.24, 2018.08.23, 2018.08.13 and 2018.07.17. These user have zero contributions -> they have registered, but not created any content on the wiki.

[tingox]

I tested with the following settings in LocalSettings

$wgInvalidUsernameCharacters = ':#';
$wgUserrightsInterwikiDelimiter = '#';

and my test user with an email address as the username was able to login. So this seems to be a workable solution.

If we allow this, email addresses (because they are usernames) will be exposed on the wiki (in User pages, contribution logs such as "Recent changes" and so on). This is very hard, if not impossible, to prevent on a public wiki. Are we happy with that?

[tingox]

Personlig, så har jeg ikke lyst til å sette det op slik at brukere kan bruke epost-adresse som brukernavn i wikien, nettopp fordi epost-aderssene blir eksponert på en webside (wikien), og det vil medføre (mer) søppelpost til disse epost-adressene.