Last modified: 2014-10-07 21:33:49 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T71102, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 69102 - Special:PasswordReset locks out of account: "Incorrect password entered"
Special:PasswordReset locks out of account: "Incorrect password entered"
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.24rc
All All
: Highest critical (vote)
: ---
Assigned To: Tyler Romeo
: code-update-regression, easy
Depends on:
Blocks: wmf-deployment
  Show dependency treegraph
 
Reported: 2014-08-04 13:19 UTC by Nemo
Modified: 2014-10-07 21:33 UTC (History)
8 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---
aklapper: Backport_WMF+


Attachments

Description Nemo 2014-08-04 13:19:57 UTC
Spotted by Elitre and confirmed by me on translatewiki.net, verified by me on http://en.wikipedia.beta.wmflabs.org with a new account created on purpose:
1) Register an account with password and email 
2) Confirm email
3) Log out
4) Visit Special:PasswordReset and enter username to get password by email
5) Try to login with the received email

I) Expected: I'm logged in.
II) Observed:

Login error 
Incorrect password entered. Please try again.

(With any number of attempts.)

Last time something like this happened to me, on bug 56114, I was told it was some problem with wikitech's encryption package; there's also a similar report by another wiki on bug 52570.
Comment 1 Gerrit Notification Bot 2014-08-04 14:58:23 UTC
Change 151647 had a related patch set uploaded by Florianschmidtwelzow:
Don't override a new password in loadFromRow()

https://gerrit.wikimedia.org/r/151647
Comment 2 Tyler Romeo 2014-08-04 15:05:15 UTC
I think I know the cause of this issue, but I cannot get email working on my vagrant instance, so if somebody else could test the patch once I get it up in a few minutes, I'd appreciate it.
Comment 3 Florian 2014-08-04 15:06:23 UTC
@Tyler: I can test, but maybe it's the same approach as my patch? :)
Comment 4 Gerrit Notification Bot 2014-08-04 15:11:21 UTC
Change 151649 had a related patch set uploaded by Parent5446:
Add loadPasswords() calls to User password mutators

https://gerrit.wikimedia.org/r/151649
Comment 5 Gerrit Notification Bot 2014-08-04 18:26:53 UTC
Change 151649 merged by jenkins-bot:
Add loadPasswords() calls to User password mutators

https://gerrit.wikimedia.org/r/151649
Comment 6 Gerrit Notification Bot 2014-08-04 18:37:39 UTC
Change 151647 abandoned by Florianschmidtwelzow:
Don't override a new password in loadFromRow()

Reason:
Fixed in I0b881986323051abed7d1af816eae9eafdbd6782

https://gerrit.wikimedia.org/r/151647
Comment 7 Gerrit Notification Bot 2014-08-04 18:39:52 UTC
Change 151691 had a related patch set uploaded by Florianschmidtwelzow:
Add loadPasswords() calls to User password mutators

https://gerrit.wikimedia.org/r/151691
Comment 8 Florian 2014-08-04 18:46:29 UTC
To the "?" at the flag (i don't know, if someone look onto it), but this actually breaks the password reset completly and wmf16 is still created from master with this regression. That means: Without backport to wmf16 at August, 12 no non-wikipedia and at August, 14 all wikipedias aren't able to reset their passwords. What i want to say: Backport, backport, backport! :D (and remove the "?") :)
Comment 9 Tyler Romeo 2014-08-04 18:47:34 UTC
Yeah definitely. I don't have the permissions to set the WMF backport flag, so the best I can do is request it and wait for somebody to approve.
Comment 10 Florian 2014-08-04 18:49:21 UTC
Right, ok, just to clarify, that we havethe same opinion :)
Comment 11 Gerrit Notification Bot 2014-08-04 19:01:07 UTC
Change 151691 merged by jenkins-bot:
Add loadPasswords() calls to User password mutators

https://gerrit.wikimedia.org/r/151691
Comment 12 Andre Klapper 2014-10-07 21:33:49 UTC
[Backport was merged into 1.24wmf16 upon a time, hence setting Backport_WMF flag to +]

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links