Make email mandatory for user registration
Open, NormalPublic

davidev created this task.Nov 13 2015, 6:11 PM
davidev updated the task description. (Show Details)
davidev raised the priority of this task from to Needs Triage.
davidev added a project: WikiToLearn.
davidev moved this task to Infrastructure on the WikiToLearn board.
davidev added a subscriber: davidev.
ruphy added a subscriber: ruphy.Nov 15 2015, 4:44 PM

To be discussed. Do we really need this?

I think email must be required to avoid user re-registration due to lost password

I think that is not a big deal to provide a password.. It's normal nowadays

Any news about this task?

ruphy added a comment.Feb 6 2016, 7:17 PM

still unsure if it makes sense. If the majority of you want this, go ahead though.

I think we should do to prevent people from losing their account

is this fixed?

No, we have to decide if we want to make it mandatory and create our privacy page or not

this could be useful for lost passwords and avoiding spam, isn't it?

This was the original idea.

I think we have to go with this, add privacy page and make email mandatory

grigoletti added a subscriber: grigoletti.EditedJun 22 2016, 10:31 AM

I don't understand what you mean by privacy page

ruphy added a comment.Sep 1 2016, 1:16 PM

Pro side: better communication
Con side: it's harder to get an account on WikiToLearn.

can we check how many of our users are actively inserting an e-mail?

ruphy edited projects, added WikiToLearn (1.0-pre1); removed WikiToLearn.
ruphy moved this task from Backlog to Code on the WikiToLearn (1.0) board.Sep 7 2016, 12:29 PM
ruphy added a comment.Sep 8 2016, 12:15 PM

This would mean disabling anonymous editing. Thoughts on this? I have mixed feelings....

ruphy triaged this task as Normal priority.Sep 8 2016, 1:17 PM

Many people prefer to avoid inserting an email on every website.
Unless we really disclose what we are going to use the email for, there is no point in asking for it.
At the same time email is really useful to connect with the user and will fix some of the issues we have (or had in the past) such as spam.

In the end, for me it's ok to ask for it. Also Ok to make it mandatory as long as we tell the user all the potential things we will use the mail for.

The main rason to ask the email is for password recovery

Everyone forgot the password, and withouth an email is a nightmare the recovery process

Asking for an email nowadays is the standard way. Not asking it's wrong in my opinion

Also this:$wgEmailConfirmToEdit is very useful, should I go ahead and implement it then?

Also this:$wgEmailConfirmToEdit is very useful, should I go ahead and implement it then?

very good, in this way we can limit spammers.
Create a valid email address for each account is quite expensive

crisbal added a comment.EditedSep 18 2016, 12:19 PM

If we enable this should we drop captcha then?

I will test everything in a separate branch

No, is only a thing more.
Every valid user has its own valid email address, if you want to spam you have to have also a valid email address and create an address for each spam user is not easy

Ok, very dangerous thing:$wgEmailConfirmToEdit

As a result, this disables anonymous editing from IP addresses, since unregistered users cannot have confirmed email addresses.

I don't like it!

Ok after experimenting a bit it is not possible to enable Email Confirmation and at the same time allowing anonymous edits.

I tried to test this even by setting

$wgEmailConfirmToEdit = true;
 $wgGroupPermissions['*']['edit'/'create'] = true;

But $wgEmailConfirmToEdit is triggered when you request the edit page and $wgGroupPermissions is triggered when you press save on the edit page.

Other solutions involve setting the emailconfirmed's permissions manually but this could cause inconsistent behaviors (like we can allow only emailconfirmed users to post but we can't set required the email field in the registration form, so one can register without email but is asked to confirm his email anyway) and I am NOT going to implement it.

We can't even fix this on the WTLACL side since the nature of $wgEmailConfirmToEdit.

I could ask upstream about this, if you think it is worth.

The point is: what is the behiavour we want to have?

If we want to encourage a closer relationship, requiring an e-mail address allows us to send a newsletter, and to send password recovery when needed. Not requiring it makes casual editing or small typo fixing much easier, increasing the base of potential contributors.

crisbal closed this task as Resolved.Oct 12 2016, 7:45 PM
crisbal claimed this task.

Kinda fixed with the new skin, I hacked something with javascript, the mail is required if the js loads but one can still submit email-less registrations without js or via Curl or something

tomaluca reopened this task as Open.Dec 5 2016, 10:47 PM

I think we should make email mandatory and disable anonymous edit. As I could see in the last few months all anonymous edits was spam or from someone that who forgot to login.

If nobody has some strong opinion about leaving email optional and allowing anonymous edit i think we should go.

Also because AFAIK CourseEditor (that is a key feature for wikitolearn) don't work for anonymous users

I agree with Luca, but I think that instead dropping the edit button for non-logged use we should leave the edit button and make it redirect to login page, so that it is crystal clear that our page can be modified by logged in user and we do not risk that anyone wonders whether it is possible to edit our content.

Ok for me too. It is also possible to redirect to login.

+1. Totally agree with Dario.

Starting to work on this in commit #1282f69dc132d764307e46f903a310500ff5e084