Page MenuHomePhabricator

bot_passwords table expected to exist despite wgEnableBotPasswords = false
Closed, ResolvedPublic

Description

I've logged in with old password.
I've been taken immediately to page to change the password claiming the password is invalid due to not being at least 10 chars long.
I've filled old password, new (valid) password and its confirmation and hit the submit button.
I've got the https://wikitech.wikimedia.org/wiki/Special:ChangePassword page with folowing message:

Database error
A database query error has occurred. This may indicate a bug in the software.

Function: BotPassword::invalidateAllPasswordsForCentralId
Error: 1146 Table 'labswiki.bot_passwords' doesn't exist (208.80.154.136)

"wgHostname":"silver" if that helps.

Details

Related Gerrit Patches:

Event Timeline

Maniphest changed the visibility from "Public (No Login Required)" to "Custom Policy".Jan 21 2016, 7:33 PM
Maniphest changed the edit policy from "All Users" to "Custom Policy".
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 21 2016, 7:33 PM
Danny_B created this task.Jan 21 2016, 7:33 PM
Danny_B triaged this task as Unbreak Now! priority.
Danny_B updated the task description. (Show Details)
Danny_B changed Security from None to Software security bug.
Danny_B edited subscribers, added: Danny_B; removed: Aklapper.
Restricted Application added a project: Cloud-Services. · View Herald TranscriptJan 21 2016, 7:33 PM
Andrew added a subscriber: Andrew.Jan 21 2016, 7:35 PM

Why is this in the security area?

Looks like wikitechwiki Missing schema change for wmf11

@Danny_B are you uncomfortable with people knowing you have a password <10 chars? Otherwise we should make this public so all the right people are aware of it.

Krenair renamed this task from Database error on wikitech to bot_passwords table expected to exist despite wgEnableBotPasswords = false.Jan 21 2016, 8:01 PM
Tgr added a comment.EditedJan 21 2016, 8:06 PM

Config change was https://gerrit.wikimedia.org/r/#/c/263804/2/wmf-config/InitialiseSettings.php , apparently that missed labswiki.

Anomie closed this task as Resolved.Jan 21 2016, 8:50 PM
Anomie claimed this task.

Should be fixed by https://gerrit.wikimedia.org/r/#/c/265561/, we missed a few code paths where the setting needed to be checked.

@Danny_B are you uncomfortable with people knowing you have a password <10 chars? Otherwise we should make this public so all the right people are aware of it.

I am from other projects used to report all db errors like this as private due to possible security issues. Feel free to make it public.

Krenair changed the visibility from "Custom Policy" to "Public (No Login Required)".
Krenair changed the edit policy from "Custom Policy" to "All Users".
Krenair changed Security from Software security bug to None.