Last modified: 2014-10-07 21:33:41 UTC
I'm used to entering the URL https://<host>/wiki/Special:UserLogin to login with a different username. It would warn "You are already logged in as S Page (WMF). Use the form below to log in as another user." and let me do just that. However, now when I do this on beta labs when I'm already logged in, I get a 302 redirect and then Internal error exception from http://en.wikipedia.beta.wmflabs.org/wiki/Special:CentralLogin/complete?token=921d7ed90f5b780db73c89673f1bb6d6 "The user account logged into does not exist." The full display is below. The workaround is to click Log out or visit Special:Logout, then log in. As I recall, visiting Special:UserLogin while logged in on mediawiki.org a week or so ago would just redirect me to the main page (not ideal but better than an exception); but now I'm getting the same Internal error exception except the production cluster truncates it to a pink "[7ed77f38] 2014-08-21 08:02:15: Fatal exception of type MWException". Below is the full error display on beta labs: [82d43ccf] /wiki/Special:CentralLogin/complete?token=921d7ed90f5b780db73c89673f1bb6d6 Exception from line 167 of /srv/common-local/php-master/extensions/CentralAuth/specials/SpecialCentralLogin.php: The user account logged into does not exist. Backtrace: #0 /srv/common-local/php-master/extensions/CentralAuth/specials/SpecialCentralLogin.php(33): SpecialCentralLogin->doLoginComplete(string) #1 /srv/common-local/php-master/includes/specialpage/SpecialPage.php(363): SpecialCentralLogin->execute(string) #2 /srv/common-local/php-master/includes/specialpage/SpecialPageFactory.php(516): SpecialPage->run(string) #3 /srv/common-local/php-master/includes/MediaWiki.php(300): SpecialPageFactory::executePath(Title, RequestContext) #4 /srv/common-local/php-master/includes/MediaWiki.php(609): MediaWiki->performRequest() #5 /srv/common-local/php-master/includes/MediaWiki.php(460): MediaWiki->main() #6 /srv/common-local/php-master/index.php(46): MediaWiki->run() #7 /srv/common-local/w/index.php(3): include(string) #8 {main}
It is pretty confusing when you go to https://en.wikipedia.org/wiki/Special:UserLogin?useNew=1 (being already logged in) and all you get is "[d1aecbd5] 2014-08-23 15:16:17: Fatal exception of type MWException" on a white page. Raising priority.
I think this was caused by Idd9325374cb5dc13c4c057f45f88a33bdff523a9. There have been no CA changes related to this except my patch changing the fatal into a MWException (I2488e1fd3109ce66c2cb42d9afc78097f2b7313d).
A white screen of death on the login page is more than normal priority, even if it only happens when you're already logged in. (In reply to spage from comment #0) > As I recall, visiting Special:UserLogin while logged in on mediawiki.org a > week or so ago would just redirect me to the main page (not ideal but better > than an exception); This is the new expected behavior. Specifically, it redirects you to the returnto, and the main page is the default returnto if another one is not specified in the query string. (In reply to Andre Klapper from comment #1) > It is pretty confusing when you go to > https://en.wikipedia.org/wiki/Special:UserLogin?useNew=1 (being already > logged in) and all you get is "[d1aecbd5] 2014-08-23 15:16:17: Fatal > exception of type MWException" on a white page. Just to avoid confusion, useNew was temporary and removed quite a while ago (except for some outdated qqq that crept back in; I just uploaded a patch to fix). It has no effect and is unrelated to this bug. (In reply to Kunal Mehta (Legoktm) from comment #2) > I think this was caused by Idd9325374cb5dc13c4c057f45f88a33bdff523a9. There > have been no CA changes related to this except my patch changing the fatal > into a MWException (I2488e1fd3109ce66c2cb42d9afc78097f2b7313d). If S is right that it redirected to the main page before in WMF production ("As I recall...") that indicates the bad CentralAuth interaction is more recent. I personally can't confirm this, so I don't remember if I tested this behavior in production.
(In reply to spage from comment #0) > As I recall, visiting Special:UserLogin while logged in on mediawiki.org a > week or so ago would just redirect me to the main page (not ideal but better > than an exception); but now I'm getting the same Internal error exception > except the production cluster truncates it to a pink "[7ed77f38] 2014-08-21 > 08:02:15: Fatal exception of type MWException". If i go to https://www.mediawiki.org/wiki/Special:UserLogin i will be redirected to the main page? No exception there (but in other projects, like en.wiki) On betalabs i get redirected to main page, too.
Bug 69947 might be a dup?
*** Bug 69947 has been marked as a duplicate of this bug. ***
So the cause is Idd9325374cb5dc13c4c057f45f88a33bdff523a9, and this code: // In the case where the user is already logged in, do not show the login page. // The use case scenario for this is when a user opens a large number of tabs, is // redirected to the login page on all of them, and then logs in on one, expecting // all the others to work properly. if ( $this->mType !== 'signup' && !$this->mPosted && $this->getUser()->isLoggedIn() ) { $this->successfulLogin(); } CentralAuth hooks UserLoginComplete from successfulLogin, which redirects through loginwiki's Special:CentralLogin/start and /complete. I think the exception is happening because it tries to get the username out of $_SESSION, but since the user logged in a while ago, and > echo ini_get( 'session.gc_maxlifetime' ); 1440 we only keep sessions around server side for 24 minutes, the username from $_SESSION is probably null, so the exception is triggered. Tyler, can you explain the use case you put in that comment? I'm not sure I follow why that is needed. We can probably flag CentralAuth not to redirect if we have to, but I'm trying to understand the whole picture.
I am experiencing this. I am getting "[fe654767] 2014-09-03 05:20:50: Fatal exception of type MWException"m even after I try Special:UserLogout then try to log back in. When I try to edit, I get the normal logged out IP traced banner. Any ideas?
Easy/quick/hackish fix in CentralAuth is to check in the onUserLoginComplete function that $wgRequest->wasPosted() === false, and not start the central login process if that's the case. I wonder if we should even be triggering the UserLoginComplete hook if the user wasn't actually newly logged in.
(In reply to Chris Steipp from comment #7) > Tyler, can you explain the use case you put in that comment? I'm not sure I > follow why that is needed. We can probably flag CentralAuth not to redirect > if we have to, but I'm trying to understand the whole picture. I mean, it says everything in the comment. Let's say a user has two tabs open, their watchlist and their preferences page. However, they have been logged out because of the session expiry. So when they open their browser, Special:Watchlist and Special:Preferences redirect them to the login page. The user logs in in just one of those pages, such that they can then just refresh all the other pages and have them auto-return to where they intended to go to.
*** Bug 70381 has been marked as a duplicate of this bug. ***
Change 158547 had a related patch set uploaded by CSteipp: Don't do central login if not POSTed https://gerrit.wikimedia.org/r/158547
Patch got a +1 by legoktm; is more needed or can this get merged?
Change 158547 merged by jenkins-bot: Don't do central login if not POSTed https://gerrit.wikimedia.org/r/158547
I was hoping someone else more familiar with auth stuff would look at it but I guess not. Flagging for backport...
(In reply to Kunal Mehta (Legoktm) from comment #9) > I wonder if we should even be triggering the UserLoginComplete hook if the > user wasn't actually newly logged in. That sounds a little more future proof (and current-proof for other extensions) to me as well, FWIW. When you're already logged in, visiting the login page (even if you're then redirected to your returnto) is not really a UserLoginComplete. You were already logged in, so you didn't just complete a login.
*** Bug 70660 has been marked as a duplicate of this bug. ***
Change 159491 had a related patch set uploaded by Reedy: Don't do central login if not POSTed https://gerrit.wikimedia.org/r/159491
Change 159492 had a related patch set uploaded by Reedy: Don't do central login if not POSTed https://gerrit.wikimedia.org/r/159492
Change 159491 merged by jenkins-bot: Don't do central login if not POSTed https://gerrit.wikimedia.org/r/159491
Change 159492 merged by jenkins-bot: Don't do central login if not POSTed https://gerrit.wikimedia.org/r/159492
*** Bug 70666 has been marked as a duplicate of this bug. ***
Visiting "Special:UserLogin" on en.wp and test.wp now directly redirect me to the main page, no exception thrown.
[Backport was merged into 1.24wmf19 and 1.24wmf20 upon a time, hence setting Backport_WMF flag to +]