Last modified: 2011-05-25 22:27:08 UTC
A problem arises when a wiki with the OpenID extension is set to allow OpenID logins only ($wgOpenIDOnly=true), and when a user page url shall serve as OpenID identity to another (wiki, non-wiki) site, and when no password is set in the user's account. The authentication process which is initiated by the other site then talks to our wiki with the extension and prompts the user for their password - if they are not logged in by cookie or session. But there is no possibility for users to assign a password by themselves because normal logins are disabled when having $wgOpenIDOnly=true. There is also no way to let simply a temporary password be mailed, because users cannot access the standard login page. I will find a solution to this dilemma. Also the theoretically possible solution "user must first login to the Wiki usign OpenID and "change" their password does not work, because this currently requires the knowledge of the "old" password - but there is no which is known to the user" (filed for better tracking)
fixed in r88848 . When having the OpenID extension, the preference window basic information is changed. The section "Password" shows now links to case i) Change Password and Reset Password: if a password already exists case ii) Reset Password only: if no password has been set for this account yet, because the user opened their account by OpenID - which setPassword( null ) This is at least one possible way and avoids modification of Special:PasswordReset (there is no login page when only OpenID logins and account creations are possible ($wgOpenIDOnly==true) or Special:ChangePassword pages.
