Ideas and comments
← Older revision
Revision as of 21:26, 18 October 2013
Line 5:
Line 5:
* Obviously the blocker for accepting the redesign is converting all of mediawiki.ui to conform to the Flow updated style. I doubt this is going to happen quickly, and we need to work out points of disagreement like the blue input area highlights.
* Obviously the blocker for accepting the redesign is converting all of mediawiki.ui to conform to the Flow updated style. I doubt this is going to happen quickly, and we need to work out points of disagreement like the blue input area highlights.
−
* Do we really need a cancel button? Since cancel would probably only clear the fields, this seems strange.
+
* {{Done}} Do we really need a cancel button? Since cancel would probably only clear the fields, this seems strange.
* I like the move to placeholders for sure. The labels we currently have take up more space and feel cluttered.
* I like the move to placeholders for sure. The labels we currently have take up more space and feel cluttered.
−
* On the mailing list, we discussed combining the two fields in to one, labeled as "Username or email address". Users do not have to enter both: they can enter a username or an email, so it's confusing to have two fields. I really think this could improve usability, but there is potentially a technical hurdle in validating both email or username in a single field. Also note that if you're logged in, the form will autofill your current username. One alternative could be having a single field, with a required radio button to choose username or password. This we could potentially do without needing the rest of the redesign of the mediawiki.ui controls and vform style in place.
+
* {{Done}} On the mailing list, we discussed combining the two fields in to one, labeled as "Username or email address". Users do not have to enter both: they can enter a username or an email, so it's confusing to have two fields. I really think this could improve usability, but there is potentially a technical hurdle in validating both email or username in a single field. Also note that if you're logged in, the form will autofill your current username. One alternative could be having a single field, with a required radio button to choose username or password. This we could potentially do without needing the rest of the redesign of the mediawiki.ui controls and vform style in place.
<font style="font-family:Georgia, serif;">[[User:Steven (WMF)|Steven Walling (WMF)]] • [[User talk:Steven (WMF)|<span style="color: #8080b0">talk</span>]]</font> 01:48, 18 October 2013 (UTC) CC: {{U|Jaredzimmerman (WMF)}}, {{U|S Page (WMF)}}, {{U|Superm401}}
<font style="font-family:Georgia, serif;">[[User:Steven (WMF)|Steven Walling (WMF)]] • [[User talk:Steven (WMF)|<span style="color: #8080b0">talk</span>]]</font> 01:48, 18 October 2013 (UTC) CC: {{U|Jaredzimmerman (WMF)}}, {{U|S Page (WMF)}}, {{U|Superm401}}
Line 30:
Line 30:
:::: [[User:Jdforrester (WMF)|Jdforrester]]: From what I can tell, "@" was formally banned (in a hardcoded fashion) from usernames in [[rev:16658]] (September 2006). The implementation was later changed to the global configuration variable [[Manual:$wgInvalidUsernameCharacters|$wgInvalidUsernameCharacters]] in [[rev:48765]] (March 2009). --[[User:MZMcBride|MZMcBride]] ([[User talk:MZMcBride|talk]]) 18:58, 18 October 2013 (UTC)
:::: [[User:Jdforrester (WMF)|Jdforrester]]: From what I can tell, "@" was formally banned (in a hardcoded fashion) from usernames in [[rev:16658]] (September 2006). The implementation was later changed to the global configuration variable [[Manual:$wgInvalidUsernameCharacters|$wgInvalidUsernameCharacters]] in [[rev:48765]] (March 2009). --[[User:MZMcBride|MZMcBride]] ([[User talk:MZMcBride|talk]]) 18:58, 18 October 2013 (UTC)
::::: {{ping|MZMcBride}} Lovely. :-( Thanks for the investigative work; we may need to force those accounts to be renamed given that other code assumes "@" is an invalid username character. But that's rather a big change to force on (admittedly a small pool of) users, and is outwith the context of this page. [[User:Jdforrester (WMF)|Jdforrester (WMF)]] ([[User talk:Jdforrester (WMF)|talk]]) 19:06, 18 October 2013 (UTC)
::::: {{ping|MZMcBride}} Lovely. :-( Thanks for the investigative work; we may need to force those accounts to be renamed given that other code assumes "@" is an invalid username character. But that's rather a big change to force on (admittedly a small pool of) users, and is outwith the context of this page. [[User:Jdforrester (WMF)|Jdforrester (WMF)]] ([[User talk:Jdforrester (WMF)|talk]]) 19:06, 18 October 2013 (UTC)
+
+
{{outdent}} {{replyto|Jaredzimmerman (WMF)}} the second iteration looks good. To answer your questions not already addressed...
+
*Do we know the frequency of password resets by logged in users? ''No, I don't think so.''
+
*Can we detect if the input is a valid email vs something else (lets assume a user name) i.e. can a user name be some.thing@something.abc.ab? ''Yes this is not hard I think''
+
*Can we check both username and email and only ask if there is a dual match e.g. input matches both a user name and email address which is not the same account ''Answered above''
+
*If we allow multiple accounts with the same email address, what do we currently do? ''I don't know, need to check.''
+
*How do we handle if a user name with no associated email address is entered? ''It throws an error: "There is no email address recorded for user "WMF Test Account 049f00"."''
+
*At what point do we validate the input? does the user have to submit the form before we attempt to validate the input, is this an actual tech limitation? ''Input is validated after submission. Since we don't have a clientside validatin tool that's handy, I have no idea how hard it would be to build one. In this case, I think it's probably out of scope for now.''
+
*Is there any security issues with prepopulating the form with the logged in users name? ''Not to my knowledge. This only happens when the user is already logged in and visits password reset.''
+
*When a password reset email is sent does the users password actually reset unless action is taken from the email? ''Password reset emails you a temp password to use that works for seven days. It does not actually reset your password, and your old password will continue to work. This negates abusive use, where I enter in someone else's username to reset their password unbeknownst to them.''
+
+
I think the style of error you provide works whether the validation is pre or post submission, BTW. <font style="font-family:Georgia, serif;">[[User:Steven (WMF)|Steven Walling (WMF)]] • [[User talk:Steven (WMF)|<span style="color: #8080b0">talk</span>]]</font> 21:26, 18 October 2013 (UTC)
== [[Requests for comment]] ==
== [[Requests for comment]] ==