From a0c72523c7a2c9ca16329f903ca6b269ccccb787 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bartosz=20Dziewo=C5=84ski?= <matma.rex@gmail.com>
Date: Thu, 20 Feb 2014 02:30:58 +0100
Subject: [PATCH] Warn on account creation when username is adjusted
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The user name can be adjusted due to various technical restrictions:
the first letter is capitalized, underscores are changed to spaces,
numerous other less visible changes happen. Some of these tweaks can
be unwanted by some users.

Generate a warning if that happens. If the user has JavaScript
enabled, the check happens entirely client-side – a little warning box
is shown, the user doesn't have to do anything. Otherwise the check
happens server-side and the user has to resubmit the form.

The way this is done makes it trivial to also check if the username
is invalid or already taken, so let's do that. It also means that we
can't check for all error conditions, e.g. these enforced by
extensions – that is still handled server-side. (Client-side we
intentionally never say that whatever the user typed in is valid – we
only warn when we know it's not.)

API behavior is unchanged.

Co-Authored-By: umherirrender <umherirrender_de.wp@web.de>
Co-Authored-By: Bartosz Dziewoński <matma.rex@gmail.com>
Bug: 34447
Bug: 61416
Change-Id: Ic461a5e597ad71b854dc65bbf8a395c0f55d1fc3
---
 RELEASE-NOTES-1.23                            |   4 +
 includes/specials/SpecialUserlogin.php        |  21 +++-
 includes/templates/Usercreate.php             |  12 +-
 languages/messages/MessagesEn.php             |   1 +
 languages/messages/MessagesQqq.php            |   3 +
 maintenance/language/messages.inc             |   1 +
 resources/Resources.php                       |  10 +-
 .../mediawiki.special.userlogin.signup.js     | 119 +++++++++++++++++-
 8 files changed, 162 insertions(+), 9 deletions(-)

diff --git a/RELEASE-NOTES-1.23 b/RELEASE-NOTES-1.23
index 2b91f88f88..798d59c607 100644
--- a/RELEASE-NOTES-1.23
+++ b/RELEASE-NOTES-1.23
@@ -116,6 +116,10 @@ production.
   creations, similar to the topOnly option.
 * Add mediawiki.ui.button styling to all pages so wiki content can use styled
   buttons.
+* Special:UserLogin/signup now does AJAX checks for invalid and taken usernames,
+  displaying the error live.
+* Special:UserLogin/signup now warns the user if their chosen username has to be
+  normalized.
 
 === Bug fixes in 1.23 ===
 * (bug 41759) The "updated since last visit" markers (on history pages, recent
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index bbe56ecca3..67e33b30b6 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -223,7 +223,7 @@ class LoginForm extends SpecialPage {
 		$status = $this->addNewAccountInternal();
 		if ( !$status->isGood() ) {
 			$error = $status->getMessage();
-			$this->mainLoginForm( $error->toString() );
+			$this->mainLoginForm( $error->toString(), $status->isOK() ? 'warning' : 'error' );
 			return;
 		}
 
@@ -259,7 +259,7 @@ class LoginForm extends SpecialPage {
 		$status = $this->addNewAccountInternal();
 		if ( !$status->isGood() ) {
 			$error = $status->getMessage();
-			$this->mainLoginForm( $error->toString() );
+			$this->mainLoginForm( $error->toString(), $status->isOK() ? 'warning' : 'error' );
 			return false;
 		}
 
@@ -401,6 +401,10 @@ class LoginForm extends SpecialPage {
 			return Status::newFatal( 'sorbs_create_account_reason' );
 		}
 
+		// Leading/trailing/multiple whitespace characters are never accepted in usernames and users
+		// know that, don't warn if someone accidentally types it. We do warn about underscores.
+		$name = trim( preg_replace( '/\s+/', ' ', $this->mUsername ) );
+
 		// Normalize the name so that silly things don't cause "invalid username" errors.
 		// User::newFromName does some rather strict checking, rejecting e.g. leading/trailing/multiple spaces.
 		$title = Title::makeTitleSafe( NS_USER, $this->mUsername );
@@ -408,12 +412,23 @@ class LoginForm extends SpecialPage {
 			return Status::newFatal( 'noname' );
 		}
 
-		# Now create a dummy user ($u) and check if it is valid
+		// Now create a dummy user ($u) and check if it is valid.
 		$u = User::newFromName( $title->getText(), 'creatable' );
+
 		if ( !is_object( $u ) ) {
 			return Status::newFatal( 'noname' );
 		} elseif ( 0 != $u->idForName() ) {
 			return Status::newFatal( 'userexists' );
+		} elseif ( $name !== $u->getName() ) {
+			// User name was adjusted due to technical restrictions (e.g. first letter capitalized).
+			// This is normally handled by a client-side check, but users with JavaScript disabled get here.
+			$status = Status::newGood();
+			$status->warning( 'createacct-normalization', $name, $u->getName() );
+
+			// Set the form field to the correct name, so the user can just hit the button again.
+			$this->mUsername = $u->getName();
+
+			return $status;
 		}
 
 		if ( $this->mCreateaccountMail ) {
diff --git a/includes/templates/Usercreate.php b/includes/templates/Usercreate.php
index 0cb83d555e..aba0d2767c 100644
--- a/includes/templates/Usercreate.php
+++ b/includes/templates/Usercreate.php
@@ -58,15 +58,23 @@ class UsercreateTemplate extends BaseTemplate {
 			<section class="mw-form-header">
 				<?php $this->html( 'header' ); /* extensions such as ConfirmEdit add form HTML here */ ?>
 			</section>
+			<!-- This element is used by the mediawiki.special.userlogin.signup.js module. -->
+			<div
+				id="mw-createacct-status-area"
+				<?php if ( $this->data['message'] ) { ?>
+					class="<?php echo $this->data['messagetype']; ?>box"
+				<?php } else { ?>
+					style="display: none;"
+				<?php } ?>
+			>
 			<?php if ( $this->data['message'] ) { ?>
-				<div class="<?php $this->text( 'messagetype' ); ?>box">
 					<?php if ( $this->data['messagetype'] == 'error' ) { ?>
 						<strong><?php $this->msg( 'createacct-error' ); ?></strong>
 						<br />
 					<?php } ?>
 					<?php $this->html( 'message' ); ?>
-				</div>
 			<?php } ?>
+			</div>
 
 			<div>
 				<label for='wpName2'>
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 4210c0c684..f16784acb9 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1161,6 +1161,7 @@ Use the form below to log in as another user.',
 'badretype'                       => 'The passwords you entered do not match.',
 'userexists'                      => 'Username entered already in use.
 Please choose a different name.',
+'createacct-normalization'        => 'Your username will be adjusted to "$2" due to technical restrictions.',
 'loginerror'                      => 'Login error',
 'createacct-error'                => 'Account creation error',
 'createaccounterror'              => 'Could not create account: $1',
diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php
index 8aad59be82..56fafd0640 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -1436,6 +1436,9 @@ Parameters:
 * $1 - number of contributors (users)',
 'badretype' => 'Used as error message when the new password and its retype do not match.',
 'userexists' => 'Used as error message in creating a user account.',
+'createacct-normalization' => 'Used as warning message on account creation when user name is adjusted silently due to technical restrictions (e.g. first letter capitalized, underscores converted to spaces).
+* $1 - the old username
+* $2 - the new username',
 'loginerror' => 'Used as title of error message.
 {{Identical|Login error}}',
 'createacct-error' => 'Used as heading for the error message.',
diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index d97a4cd53a..dda68a8874 100644
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -503,6 +503,7 @@ $wgMessageStructure = array(
 		'createacct-benefit-body3',
 		'badretype',
 		'userexists',
+		'createacct-normalization',
 		'loginerror',
 		'createacct-error',
 		'createaccounterror',
diff --git a/resources/Resources.php b/resources/Resources.php
index 5ceda32142..a2958eb341 100644
--- a/resources/Resources.php
+++ b/resources/Resources.php
@@ -1249,9 +1249,17 @@ return array(
 	'mediawiki.special.userlogin.signup.js' => array(
 		'scripts' => 'resources/mediawiki.special/mediawiki.special.userlogin.signup.js',
 		'messages' => array(
+			'createacct-error',
 			'createacct-emailrequired',
+			'createacct-normalization',
+			'noname',
+			'userexists',
+		),
+		'dependencies' => array(
+			'mediawiki.api',
+			'mediawiki.jqueryMsg',
+			'jquery.throttle-debounce',
 		),
-		'dependencies' => 'mediawiki.jqueryMsg',
 	),
 	'mediawiki.special.javaScriptTest' => array(
 		'scripts' => 'resources/mediawiki.special/mediawiki.special.javaScriptTest.js',
diff --git a/resources/mediawiki.special/mediawiki.special.userlogin.signup.js b/resources/mediawiki.special/mediawiki.special.userlogin.signup.js
index c293f655ff..4fafd6dfd1 100644
--- a/resources/mediawiki.special/mediawiki.special.userlogin.signup.js
+++ b/resources/mediawiki.special/mediawiki.special.userlogin.signup.js
@@ -3,7 +3,7 @@
  */
 ( function ( mw, $ ) {
 	// When sending password by email, hide the password input fields.
-	function hidePasswordOnEmail() {
+	$( function () {
 		// Always required if checked, otherwise it depends, so we use the original
 		var $emailLabel = $( 'label[for="wpEmail"]' ),
 			originalText = $emailLabel.text(),
@@ -28,7 +28,120 @@
 
 		$createByMailCheckbox.on( 'change', updateForCheckbox );
 		updateForCheckbox();
-	}
+	} );
 
-	$( hidePasswordOnEmail );
+	// Show username normalisation warning
+	$( function () {
+		var
+			// All of these are apparently required to be sure we detect any changes.
+			events = 'keyup keydown change mouseup cut paste focus blur',
+			$input = $( '#wpName2' ),
+			$warningContainer = $( '#mw-createacct-status-area' ),
+			api = new mw.Api(),
+			currentRequest,
+			tweakedUsername;
+
+		// Hide any warnings / errors.
+		function cleanup() {
+			$warningContainer.slideUp( function () {
+				$warningContainer
+					.removeAttr( 'class' )
+					.empty();
+			} );
+		}
+
+		function updateUsernameStatus() {
+			var
+				// Leading/trailing/multiple whitespace characters are never accepted in usernames and users
+				// know that, don't warn if someone accidentally types it. We do warn about underscores.
+				username = $.trim( $input.val().replace( /\s+/g, ' ' ) ),
+				currentRequestInternal;
+
+			// Abort any pending requests.
+			if ( currentRequest ) {
+				currentRequest.abort();
+			}
+
+			if ( username === '' ) {
+				cleanup();
+				return;
+			}
+
+			currentRequest = currentRequestInternal = api.get( {
+				action: 'query',
+				list: 'users',
+				ususers: username // '|' in usernames is handled below
+			} ).done( function ( resp ) {
+				var userinfo, state;
+
+				// Another request was fired in the meantime, the result we got here is no longer current.
+				// This shouldn't happen as we abort pending requests, but you never know.
+				if ( currentRequest !== currentRequestInternal ) {
+					return;
+				}
+
+				tweakedUsername = undefined;
+
+				userinfo = resp.query.users[0];
+
+				if ( resp.query.users.length !== 1 ) {
+					// Happens if the user types '|' into the field
+					state = 'invalid';
+				} else if ( userinfo.invalid !== undefined ) {
+					state = 'invalid';
+				} else if ( userinfo.userid !== undefined ) {
+					state = 'taken';
+				} else if ( username !== userinfo.name ) {
+					state = 'tweaked';
+				} else {
+					state = 'ok';
+				}
+
+				if ( state === 'ok' ) {
+					cleanup();
+				} else if ( state === 'tweaked' ) {
+					$warningContainer
+						.attr( 'class', 'warningbox' )
+						.text( mw.message( 'createacct-normalization', username, userinfo.name ).text() )
+						.slideDown();
+
+					tweakedUsername = userinfo.name;
+				} else {
+					$warningContainer
+						.attr( 'class', 'errorbox' )
+						.empty()
+						.append(
+							$( '<strong>' ).text( mw.message( 'createacct-error' ).text() ),
+							$( '<br>' ) // Ugh
+						);
+
+					if ( state === 'invalid' ) {
+						$warningContainer
+							.attr( 'class', 'errorbox' )
+							.append( document.createTextNode( mw.message( 'noname' ).text() ) )
+							.slideDown();
+					} else if ( state === 'taken' ) {
+						$warningContainer
+							.attr( 'class', 'errorbox' )
+							.append( document.createTextNode( mw.message( 'userexists' ).text() ) )
+							.slideDown();
+					}
+
+					$warningContainer.slideDown();
+				}
+			} ).fail( function () {
+				cleanup();
+			} );
+		}
+
+		$input.on( events, $.debounce( 250, updateUsernameStatus ) );
+
+		$input.closest( 'form' ).on( 'submit', function () {
+			// If the username has to be adjusted before it's accepted, server-side check will force the
+			// form to be resubmitted. Let's prevent that.
+			if ( tweakedUsername !== undefined ) {
+				$input.val( tweakedUsername );
+			}
+		} );
+	} );
 }( mediaWiki, jQuery ) );
-- 
2.20.1