Last modified: 2014-08-06 15:54:13 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T71007, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 69007 - On login: Fatal exception of type PasswordError on 1.24wmf16
On login: Fatal exception of type PasswordError on 1.24wmf16
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
wmf-deployment
All All
: Highest major with 1 vote (vote)
: ---
Assigned To: Chris Steipp
https://www.mediawiki.org/wiki/Thread...
:
Depends on:
Blocks: wmf-deployment
  Show dependency treegraph
 
Reported: 2014-08-01 14:49 UTC by Jesús Martínez Novo (Ciencia Al Poder)
Modified: 2014-08-06 15:54 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---
greg: Backport_WMF+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jesús Martínez Novo (Ciencia Al Poder) 2014-08-01 14:49:48 UTC 
This doesn't seem to affect all accounts (I am able to login just fine), but some accounts seem to have issues logging in since today on mediawiki.org, and 1.24wmf16 was deployed yesterday. This can't be just a coincidence.

[b596cdd3] 2014-08-01 09:04:31: Fatal exception of type PasswordError
[979b6eb4] 2014-08-01 12:49:06: Fatal exception of type PasswordError

See URL for those reports.
Comment 1 Sam Reed (reedy) 2014-08-01 16:42:50 UTC 
2014-08-01 12:49:06 mw1042 mediawikiwiki: [979b6eb4] /w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=MediaWiki   Exception from line 108 of /usr/local/apache/common-local/php-1.24wmf16/includes/password/PasswordFactory.php: Invalid hash given
#0 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthUser.php(1532): PasswordFactory->newFromCiphertext('<REDACTED>...')
#1 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthUser.php(921): CentralAuthUser->matchHash('<REDACTED>', '433457', '<REDACTED>...')
#2 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthPlugin.php(60): CentralAuthUser->attemptPasswordMigration('<REDACTED>')
#3 /usr/local/apache/common-local/php-1.24wmf16/includes/User.php(3769): CentralAuthPlugin->authenticate('Reinheitsgebot', '<REDACTED>')
#4 /usr/local/apache/common-local/wmf-config/Bug54847.php(134): User->checkPassword('<REDACTED>')
#5 [internal function]: {closure}(Object(User), '<REDACTED>', 8, NULL)
#6 /usr/local/apache/common-local/php-1.24wmf16/includes/Hooks.php(206): call_user_func_array(Object(Closure), Array)
#7 /usr/local/apache/common-local/php-1.24wmf16/includes/GlobalFunctions.php(4031): Hooks::run('AbortLogin', Array, NULL)
#8 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(655): wfRunHooks('AbortLogin', Array)
#9 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(827): LoginForm->authenticateUserData()
#10 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(230): LoginForm->processLogin()
#11 /usr/local/apache/common-local/php-1.24wmf16/includes/specialpage/SpecialPage.php(382): LoginForm->execute(NULL)
#12 /usr/local/apache/common-local/php-1.24wmf16/includes/specialpage/SpecialPageFactory.php(516): SpecialPage->run(NULL)
#13 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(294): SpecialPageFactory::executePath(Object(Title), Object(RequestContext))
#14 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(609): MediaWiki->performRequest()
#15 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(458): MediaWiki->main()
#16 /usr/local/apache/common-local/php-1.24wmf16/index.php(46): MediaWiki->run()
#17 /usr/local/apache/common-local/w/index.php(3): require('/usr/local/apac...')
#18 {main}
Comment 2 Chris Steipp 2014-08-01 17:00:05 UTC 
Found it. CentralAuth doesn't do the md5 handling that User::loadFromRow() does,

if ( preg_match( '/^[0-9a-f]{32}$/', $row->user_password ) ) {
    $row->user_password = ":A:{$this->mId}:{$row->user_password}";
}

Patch in just a minute..
Comment 3 Gerrit Notification Bot 2014-08-01 17:31:00 UTC 
Change 151118 had a related patch set uploaded by CSteipp:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151118
Comment 4 Gerrit Notification Bot 2014-08-01 17:41:59 UTC 
Change 151118 merged by jenkins-bot:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151118
Comment 5 Gerrit Notification Bot 2014-08-01 17:43:51 UTC 
Change 151120 had a related patch set uploaded by CSteipp:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151120
Comment 6 Gerrit Notification Bot 2014-08-01 17:56:05 UTC 
Change 151120 merged by jenkins-bot:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151120
Comment 7 Gerrit Notification Bot 2014-08-01 18:03:43 UTC 
Change 151126 had a related patch set uploaded by CSteipp:
Update CentralAuth for bug 69007

https://gerrit.wikimedia.org/r/151126
Comment 8 Gerrit Notification Bot 2014-08-01 18:07:31 UTC 
Change 151126 merged by jenkins-bot:
Update CentralAuth for bug 69007

https://gerrit.wikimedia.org/r/151126
Comment 9 Chris Steipp 2014-08-01 18:14:35 UTC 
Deployed into 1.24wmf16
Comment 10 Andre Klapper 2014-08-01 19:15:21 UTC 
Ciencia Al Poder: Thank you for quickly reporting this problem in Bugzilla!
Comment 11 Jesús Martínez Novo (Ciencia Al Poder) 2014-08-01 20:17:13 UTC 
And thanks for the fix :)
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links