Page MenuHomePhabricator
Create Task
Maniphest T124335

bot_passwords table expected to exist despite wgEnableBotPasswords = false
Closed, ResolvedPublic
Actions

Description

I've logged in with old password.
I've been taken immediately to page to change the password claiming the password is invalid due to not being at least 10 chars long.
I've filled old password, new (valid) password and its confirmation and hit the submit button.
I've got the https://wikitech.wikimedia.org/wiki/Special:ChangePassword page with folowing message:

Database error

A database query error has occurred. This may indicate a bug in the software.

Function: BotPassword::invalidateAllPasswordsForCentralId
Error: 1146 Table 'labswiki.bot_passwords' doesn't exist (208.80.154.136)

"wgHostname":"silver" if that helps.

Details

SubjectRepoBranchLines +/-
Add checks of $wgEnableBotPasswords in more placesmediawiki/corewmf/1.27.0-wmf.11+18 -0
Add checks of $wgEnableBotPasswords in more placesmediawiki/coremaster+18 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Maniphest changed the visibility from "Public (No Login Required)" to "Custom Policy".Jan 21 2016, 7:33 PM
Maniphest changed the edit policy from "All Users" to "Custom Policy".
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 21 2016, 7:33 PM
Danny_B created this task.Jan 21 2016, 7:33 PM
Danny_B triaged this task as Unbreak Now! priority.
Danny_B updated the task description. (Show Details)
Danny_B added projects: wikitech.wikimedia.org, acl*security.
Danny_B changed Security from None to Software security bug.
Danny_B edited subscribers, added: Danny_B; removed: Aklapper.
Restricted Application added a project: Cloud-Services. · View Herald TranscriptJan 21 2016, 7:33 PM
Andrew subscribed.Jan 21 2016, 7:35 PM
Krenair subscribed.Jan 21 2016, 7:53 PM

Why is this in the security area?

csteipp subscribed.Jan 21 2016, 7:57 PM

Looks like wikitechwiki Missing schema change for wmf11

csteipp added a comment.Jan 21 2016, 7:58 PM

@Danny_B are you uncomfortable with people knowing you have a password <10 chars? Otherwise we should make this public so all the right people are aware of it.

Krenair renamed this task from Database error on wikitech to bot_passwords table expected to exist despite wgEnableBotPasswords = false.Jan 21 2016, 8:01 PM
Krenair edited projects, added MediaWiki-User-login-and-signup; removed Cloud-Services, wikitech.wikimedia.org.
Legoktm added subscribers: Tgr, Anomie.Jan 21 2016, 8:02 PM
Tgr added a comment.EditedJan 21 2016, 8:06 PM

Config change was https://gerrit.wikimedia.org/r/#/c/263804/2/wmf-config/InitialiseSettings.php , apparently that missed labswiki.

Anomie closed this task as Resolved.Jan 21 2016, 8:50 PM
Anomie claimed this task.

Should be fixed by https://gerrit.wikimedia.org/r/#/c/265561/, we missed a few code paths where the setting needed to be checked.

Danny_B added a comment.Jan 21 2016, 9:13 PM
In T124335#1953120, @csteipp wrote:

@Danny_B are you uncomfortable with people knowing you have a password <10 chars? Otherwise we should make this public so all the right people are aware of it.

I am from other projects used to report all db errors like this as private due to possible security issues. Feel free to make it public.

Krenair removed a project: acl*security.Jan 21 2016, 9:15 PM
Krenair changed the visibility from "Custom Policy" to "Public (No Login Required)".
Krenair changed the edit policy from "Custom Policy" to "All Users".
Krenair changed Security from Software security bug to None.
ReleaseTaggerBot added projects: MW-1.27-release (WMF-deploy-2016-01-19_(1.27.0-wmf.11)), MW-1.27-release-notes, MW-1.27-release (WMF-deploy-2016-02-02_(1.27.0-wmf.12)).Jan 21 2016, 10:00 PM
Tgr added a parent task: T123451: Deploy SessionManager and bot passwords.Jan 21 2016, 10:29 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:38 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits