Last modified: 2014-10-07 21:33:49 UTC
Spotted by Elitre and confirmed by me on translatewiki.net, verified by me on http://en.wikipedia.beta.wmflabs.org with a new account created on purpose: 1) Register an account with password and email 2) Confirm email 3) Log out 4) Visit Special:PasswordReset and enter username to get password by email 5) Try to login with the received email I) Expected: I'm logged in. II) Observed: Login error Incorrect password entered. Please try again. (With any number of attempts.) Last time something like this happened to me, on bug 56114, I was told it was some problem with wikitech's encryption package; there's also a similar report by another wiki on bug 52570.
Change 151647 had a related patch set uploaded by Florianschmidtwelzow: Don't override a new password in loadFromRow() https://gerrit.wikimedia.org/r/151647
I think I know the cause of this issue, but I cannot get email working on my vagrant instance, so if somebody else could test the patch once I get it up in a few minutes, I'd appreciate it.
@Tyler: I can test, but maybe it's the same approach as my patch? :)
Change 151649 had a related patch set uploaded by Parent5446: Add loadPasswords() calls to User password mutators https://gerrit.wikimedia.org/r/151649
Change 151649 merged by jenkins-bot: Add loadPasswords() calls to User password mutators https://gerrit.wikimedia.org/r/151649
Change 151647 abandoned by Florianschmidtwelzow: Don't override a new password in loadFromRow() Reason: Fixed in I0b881986323051abed7d1af816eae9eafdbd6782 https://gerrit.wikimedia.org/r/151647
Change 151691 had a related patch set uploaded by Florianschmidtwelzow: Add loadPasswords() calls to User password mutators https://gerrit.wikimedia.org/r/151691
To the "?" at the flag (i don't know, if someone look onto it), but this actually breaks the password reset completly and wmf16 is still created from master with this regression. That means: Without backport to wmf16 at August, 12 no non-wikipedia and at August, 14 all wikipedias aren't able to reset their passwords. What i want to say: Backport, backport, backport! :D (and remove the "?") :)
Yeah definitely. I don't have the permissions to set the WMF backport flag, so the best I can do is request it and wait for somebody to approve.
Right, ok, just to clarify, that we havethe same opinion :)
Change 151691 merged by jenkins-bot: Add loadPasswords() calls to User password mutators https://gerrit.wikimedia.org/r/151691
[Backport was merged into 1.24wmf16 upon a time, hence setting Backport_WMF flag to +]