Last modified: 2014-08-06 15:54:13 UTC
This doesn't seem to affect all accounts (I am able to login just fine), but some accounts seem to have issues logging in since today on mediawiki.org, and 1.24wmf16 was deployed yesterday. This can't be just a coincidence. [b596cdd3] 2014-08-01 09:04:31: Fatal exception of type PasswordError [979b6eb4] 2014-08-01 12:49:06: Fatal exception of type PasswordError See URL for those reports.
2014-08-01 12:49:06 mw1042 mediawikiwiki: [979b6eb4] /w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=MediaWiki Exception from line 108 of /usr/local/apache/common-local/php-1.24wmf16/includes/password/PasswordFactory.php: Invalid hash given #0 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthUser.php(1532): PasswordFactory->newFromCiphertext('<REDACTED>...') #1 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthUser.php(921): CentralAuthUser->matchHash('<REDACTED>', '433457', '<REDACTED>...') #2 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthPlugin.php(60): CentralAuthUser->attemptPasswordMigration('<REDACTED>') #3 /usr/local/apache/common-local/php-1.24wmf16/includes/User.php(3769): CentralAuthPlugin->authenticate('Reinheitsgebot', '<REDACTED>') #4 /usr/local/apache/common-local/wmf-config/Bug54847.php(134): User->checkPassword('<REDACTED>') #5 [internal function]: {closure}(Object(User), '<REDACTED>', 8, NULL) #6 /usr/local/apache/common-local/php-1.24wmf16/includes/Hooks.php(206): call_user_func_array(Object(Closure), Array) #7 /usr/local/apache/common-local/php-1.24wmf16/includes/GlobalFunctions.php(4031): Hooks::run('AbortLogin', Array, NULL) #8 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(655): wfRunHooks('AbortLogin', Array) #9 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(827): LoginForm->authenticateUserData() #10 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(230): LoginForm->processLogin() #11 /usr/local/apache/common-local/php-1.24wmf16/includes/specialpage/SpecialPage.php(382): LoginForm->execute(NULL) #12 /usr/local/apache/common-local/php-1.24wmf16/includes/specialpage/SpecialPageFactory.php(516): SpecialPage->run(NULL) #13 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(294): SpecialPageFactory::executePath(Object(Title), Object(RequestContext)) #14 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(609): MediaWiki->performRequest() #15 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(458): MediaWiki->main() #16 /usr/local/apache/common-local/php-1.24wmf16/index.php(46): MediaWiki->run() #17 /usr/local/apache/common-local/w/index.php(3): require('/usr/local/apac...') #18 {main}
Found it. CentralAuth doesn't do the md5 handling that User::loadFromRow() does, if ( preg_match( '/^[0-9a-f]{32}$/', $row->user_password ) ) { $row->user_password = ":A:{$this->mId}:{$row->user_password}"; } Patch in just a minute..
Change 151118 had a related patch set uploaded by CSteipp: Add prefix for old style hashes https://gerrit.wikimedia.org/r/151118
Change 151118 merged by jenkins-bot: Add prefix for old style hashes https://gerrit.wikimedia.org/r/151118
Change 151120 had a related patch set uploaded by CSteipp: Add prefix for old style hashes https://gerrit.wikimedia.org/r/151120
Change 151120 merged by jenkins-bot: Add prefix for old style hashes https://gerrit.wikimedia.org/r/151120
Change 151126 had a related patch set uploaded by CSteipp: Update CentralAuth for bug 69007 https://gerrit.wikimedia.org/r/151126
Change 151126 merged by jenkins-bot: Update CentralAuth for bug 69007 https://gerrit.wikimedia.org/r/151126
Deployed into 1.24wmf16
Ciencia Al Poder: Thank you for quickly reporting this problem in Bugzilla!
And thanks for the fix :)