Last modified: 2006-08-17 07:29:56 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T9031, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 7031 - Don't report that a new password was emailed if no email address was set
Don't report that a new password was emailed if no email address was set
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
unspecified
All All
: Normal minor with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
: patch, patch-need-review
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-16 17:29 UTC by Raimond Spekking
Modified: 2006-08-17 07:29 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Proposed patch (444 bytes, patch)
2006-08-16 21:42 UTC, Aryeh Gregor (not reading bugmail, please e-mail directly) 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Raimond Spekking 2006-08-16 17:29:37 UTC 
If an user requests at [[Special:Userlogin]] a new password, the system responds
always with [[MediaWiki:Passwordsent]] ("A new password has been sent to the
e-mail address registered for "$1". Please log in again after you receive it.")
as well a no password is stored in user preferences.

This is very illogical and user complains then via email (ask the OTRS support
teams) that no new password comes.

And believe me... most users don't know if they have entered an email adress at
time of account creating or later.

Solution: Create a new message like "Sorry, for this account no email is stored,
we cannot send you a new password" and check at time of requesting a new password.
Comment 1 Daniel Kinzler 2006-08-16 18:02:34 UTC 
this would give anons a way to determine if a mail address is stored for a given
user. Not sure how much of a risk that would be though.
Comment 2 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-16 19:26:28 UTC 
It's already possible to guess based on what the response is to
Special:Emailuser.  Of course, they could have always disabled e-mail from other
users, which isn't a possibility here, but the additional information that would
be given for this isn't sufficient to justify the confusion this aims to fix.
Comment 3 Daniel Kinzler 2006-08-16 19:47:31 UTC 
Anons can't use Special:Emailuser. But I also don't see how exposing this info
would be a lot of trouble. I'd like to get some more input on that though - the
current "confusing" behavior feels intentional.
Comment 4 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-16 19:49:53 UTC 
Anyone who signs up can use Special:Emailuser (provided they give a valid e-mail
address, and why not, it's secret).  It should at least say "if that user has
entered a valid e-mail address".
Comment 5 Aryeh Gregor (not reading bugmail, please e-mail directly) 2006-08-16 21:42:49 UTC 
Created attachment 2235 [details]
Proposed patch

It *looks* like brion broke this in r8618.  He changed
SpecialUserlogin::mailPasswordInternal to return WikiError on failure, but it
continued to return a string if there was no e-mail provided.  Therefore, the
else statement failed to do its job correctly.

Since WikiError.php starts with "Since PHP4 doesn't have exceptions", I'm
guessing it's probably deprecated in favor of MWException, but on inspection it
appears that multiple functions that could be called from all sorts of places
would have to be modified and retested, so I've just had it return a WikiError.
 Tested and works correctly on my install.
Comment 6 Brion Vibber 2006-08-17 07:29:56 UTC 
Applied on r16101
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links