Last modified: 2014-10-07 21:33:49 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
First Last Prev Next    This bug is not in your last search results.
Bug 69102 - Special:PasswordReset locks out of account: "Incorrect password entered"
Special:PasswordReset locks out of account: "Incorrect password entered"
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.24rc
All All
: Highest critical (vote)
: ---
Assigned To: Tyler Romeo
: code-update-regression, easy
Depends on:
Blocks: wmf-deployment
  Show dependency treegraph
 
Reported: 2014-08-04 13:19 UTC by Nemo
Modified: 2014-10-07 21:33 UTC (History)
8 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---
aklapper: Backport_WMF+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nemo 2014-08-04 13:19:57 UTC 
Spotted by Elitre and confirmed by me on translatewiki.net, verified by me on http://en.wikipedia.beta.wmflabs.org with a new account created on purpose:
1) Register an account with password and email 
2) Confirm email
3) Log out
4) Visit Special:PasswordReset and enter username to get password by email
5) Try to login with the received email

I) Expected: I'm logged in.
II) Observed:

Login error 
Incorrect password entered. Please try again.

(With any number of attempts.)

Last time something like this happened to me, on bug 56114, I was told it was some problem with wikitech's encryption package; there's also a similar report by another wiki on bug 52570.
Comment 1 Gerrit Notification Bot 2014-08-04 14:58:23 UTC 
Change 151647 had a related patch set uploaded by Florianschmidtwelzow:
Don't override a new password in loadFromRow()

https://gerrit.wikimedia.org/r/151647
Comment 2 Tyler Romeo 2014-08-04 15:05:15 UTC 
I think I know the cause of this issue, but I cannot get email working on my vagrant instance, so if somebody else could test the patch once I get it up in a few minutes, I'd appreciate it.
Comment 3 Florian 2014-08-04 15:06:23 UTC 
@Tyler: I can test, but maybe it's the same approach as my patch? :)
Comment 4 Gerrit Notification Bot 2014-08-04 15:11:21 UTC 
Change 151649 had a related patch set uploaded by Parent5446:
Add loadPasswords() calls to User password mutators

https://gerrit.wikimedia.org/r/151649
Comment 5 Gerrit Notification Bot 2014-08-04 18:26:53 UTC 
Change 151649 merged by jenkins-bot:
Add loadPasswords() calls to User password mutators

https://gerrit.wikimedia.org/r/151649
Comment 6 Gerrit Notification Bot 2014-08-04 18:37:39 UTC 
Change 151647 abandoned by Florianschmidtwelzow:
Don't override a new password in loadFromRow()

Reason:
Fixed in I0b881986323051abed7d1af816eae9eafdbd6782

https://gerrit.wikimedia.org/r/151647
Comment 7 Gerrit Notification Bot 2014-08-04 18:39:52 UTC 
Change 151691 had a related patch set uploaded by Florianschmidtwelzow:
Add loadPasswords() calls to User password mutators

https://gerrit.wikimedia.org/r/151691
Comment 8 Florian 2014-08-04 18:46:29 UTC 
To the "?" at the flag (i don't know, if someone look onto it), but this actually breaks the password reset completly and wmf16 is still created from master with this regression. That means: Without backport to wmf16 at August, 12 no non-wikipedia and at August, 14 all wikipedias aren't able to reset their passwords. What i want to say: Backport, backport, backport! :D (and remove the "?") :)
Comment 9 Tyler Romeo 2014-08-04 18:47:34 UTC 
Yeah definitely. I don't have the permissions to set the WMF backport flag, so the best I can do is request it and wait for somebody to approve.
Comment 10 Florian 2014-08-04 18:49:21 UTC 
Right, ok, just to clarify, that we havethe same opinion :)
Comment 11 Gerrit Notification Bot 2014-08-04 19:01:07 UTC 
Change 151691 merged by jenkins-bot:
Add loadPasswords() calls to User password mutators

https://gerrit.wikimedia.org/r/151691
Comment 12 Andre Klapper 2014-10-07 21:33:49 UTC 
[Backport was merged into 1.24wmf16 upon a time, hence setting Backport_WMF flag to +]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links