Last modified: 2014-09-01 23:12:20 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T56914, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 54914 - Login with the required password change doesn't log me in globally
Login with the required password change doesn't log me in globally
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
CentralAuth (Other open bugs)
unspecified
All All
: High normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-03 09:39 UTC by Liangent
Modified: 2014-09-01 23:12 UTC (History)
8 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Liangent 2013-10-03 09:39:12 UTC 
In the recent user data leaking issue, we forced users to change password on login. After password is changed, the user is logged locally (and also project-wise, eg, for other wikipedia sites) automatically, but not logged in on another project.
Comment 1 Liangent 2013-10-03 09:43:49 UTC 
Logins using temporary password ("Reset your password" feature) are also affected.
Comment 2 Chris Steipp 2013-10-03 17:09:10 UTC 
I saw this last night. You're actually logged in as your SUL user (as you noted, but being logged into other wikipedia.org subdomains), but we don't do the redirect through loginwiki since the normal login hooks aren't called, so you won't be logged into the other projects.

I'm planning to rework the patches we put in for this particular incident, which will do the full SUL2 handshake after the login finishes.
Comment 3 Andre Klapper 2014-01-09 11:40:05 UTC 
(In reply to comment #2 by csteipp)
> I'm planning to rework the patches we put in for this particular incident,
> which will do the full SUL2 handshake after the login finishes.

csteipp: Any vague timeframe (if this is still the plan)?
Comment 4 Chris Steipp 2014-01-09 18:13:46 UTC 
Platform has let me schedule some password work this quarter, which this falls under. So March-ish is a good target.
Comment 5 Andre Klapper 2014-05-12 07:00:48 UTC 
(In reply to Chris Steipp from comment #4)
> Platform has let me schedule some password work this quarter, which this
> falls under. So March-ish is a good target.

Chris: How did reality bite, and any new approx. timeframe? :)
Comment 6 Chris Steipp 2014-05-14 00:15:41 UTC 
I haven't been able to get to it yet
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links