Page MenuHomePhabricator
Create Task
Maniphest T127042

Remove LoginPage from mediawiki_selenium Ruby gem
Closed, DeclinedPublic
Actions

Description

LoginPage class was used for logging in before we had support for logging in via the API. Since the password is sent in clear text, it is a security risk. The page should be removed from the gem, and all use of LoginPage#login_with should be removed from all repositories.

RepositoryGerrit
mediawiki/selenium270905
mediawiki/core270932
mediawiki/extensions/CentralAuth271788
mediawiki/extensions/Flow270968
mediawiki/extensions/Gather270978
mediawiki/extensions/MobileFrontend271251
mediawiki/extensions/Translate271262
mediawiki/extensions/ZeroPortal271266
wmde/WikidataBrowserTests

Details

SubjectRepoBranchLines +/-
Logging in via LoginPage#login_with is a security riskmediawiki/seleniummaster+0 -28
Log in via the API instead of via the web sitemediawiki/extensions/Flowmaster+2 -4
Log in via the API instead of via the web sitemediawiki/extensions/CentralAuthmaster+8 -1
Log in via the API instead of logging in via the web sitemediawiki/extensions/Gathermaster+1 -1
Logging in via LoginPage#login_with is a security riskmediawiki/extensions/ZeroPortalmaster+1 -18
Logging in via LoginPage#login_with is a security riskmediawiki/extensions/MobileFrontendmaster+3 -13
Logging in via LoginPage#login_with is a security riskmediawiki/extensions/Translatemaster+1 -1
Browser test: fix log in Selenium testsmediawiki/coremaster+32 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

zeljkofilipin created this task.Feb 16 2016, 9:56 AM
zeljkofilipin claimed this task.
zeljkofilipin raised the priority of this task from to Medium.
zeljkofilipin updated the task description. (Show Details)
zeljkofilipin added a project: Browser-Tests-Infrastructure.
zeljkofilipin added subscribers: zeljkofilipin, dduvall, hashar.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 16 2016, 9:56 AM
gerritbot subscribed.Feb 16 2016, 9:59 AM

Change 270905 had a related patch set uploaded (by Zfilipin):
Logging in via LoginPage#login_with is a security risk

https://gerrit.wikimedia.org/r/270905

gerritbot added a project: Patch-For-Review.Feb 16 2016, 9:59 AM
zeljkofilipin updated the task description. (Show Details)Feb 16 2016, 10:24 AM
zeljkofilipin set Security to None.
zeljkofilipin updated the task description. (Show Details)Feb 16 2016, 10:31 AM
gerritbot added a comment.Feb 16 2016, 11:53 AM

Change 270932 had a related patch set uploaded (by Zfilipin):
Fixed log in Selenium tests

https://gerrit.wikimedia.org/r/270932

zeljkofilipin updated the task description. (Show Details)Feb 16 2016, 12:01 PM
gerritbot added a comment.Feb 16 2016, 3:18 PM

Change 270968 had a related patch set uploaded (by Zfilipin):
WIP Log in via the API instead of via the web site

https://gerrit.wikimedia.org/r/270968

zeljkofilipin updated the task description. (Show Details)Feb 16 2016, 3:21 PM
gerritbot added a comment.Feb 16 2016, 4:01 PM

Change 270978 had a related patch set uploaded (by Zfilipin):
Log in via the API instead of logging in via the web site

https://gerrit.wikimedia.org/r/270978

zeljkofilipin updated the task description. (Show Details)Feb 16 2016, 4:09 PM
JanZerebecki subscribed.Feb 16 2016, 4:46 PM
zeljkofilipin updated the task description. (Show Details)Feb 16 2016, 4:55 PM
gerritbot added a comment.Feb 17 2016, 2:06 PM

Change 271251 had a related patch set uploaded (by Zfilipin):
Logging in via LoginPage#login_with is a security risk

https://gerrit.wikimedia.org/r/271251

zeljkofilipin updated the task description. (Show Details)Feb 17 2016, 2:06 PM
gerritbot added a comment.Feb 17 2016, 2:23 PM

Change 271262 had a related patch set uploaded (by Zfilipin):
Logging in via LoginPage#login_with is a security risk

https://gerrit.wikimedia.org/r/271262

gerritbot added a comment.Feb 17 2016, 2:24 PM

Change 270932 merged by jenkins-bot:
Browser test: fix log in Selenium tests

https://gerrit.wikimedia.org/r/270932

zeljkofilipin updated the task description. (Show Details)Feb 17 2016, 2:24 PM
gerritbot added a comment.Feb 17 2016, 2:40 PM

Change 271266 had a related patch set uploaded (by Zfilipin):
Logging in via LoginPage#login_with is a security risk

https://gerrit.wikimedia.org/r/271266

zeljkofilipin updated the task description. (Show Details)Feb 17 2016, 2:41 PM
gerritbot added a comment.Feb 17 2016, 6:13 PM

Change 271262 merged by jenkins-bot:
Logging in via LoginPage#login_with is a security risk

https://gerrit.wikimedia.org/r/271262

gerritbot added a comment.Feb 17 2016, 6:59 PM

Change 271251 merged by jenkins-bot:
Logging in via LoginPage#login_with is a security risk

https://gerrit.wikimedia.org/r/271251

ReleaseTaggerBot added projects: MW-1.27-release (WMF-deploy-2016-03-01_(1.27.0-wmf.15)), MW-1.27-release-notes.Feb 17 2016, 11:02 PM
gerritbot added a comment.Feb 17 2016, 11:34 PM

Change 271266 merged by jenkins-bot:
Logging in via LoginPage#login_with is a security risk

https://gerrit.wikimedia.org/r/271266

gerritbot added a comment.Feb 17 2016, 11:37 PM

Change 270978 merged by jenkins-bot:
Log in via the API instead of logging in via the web site

https://gerrit.wikimedia.org/r/270978

zeljkofilipin moved this task from Inbox to In Progress on the Browser-Tests-Infrastructure board.Feb 18 2016, 1:09 PM
gerritbot added a comment.Feb 19 2016, 2:55 PM

Change 271788 had a related patch set uploaded (by Zfilipin):
Log in via the API instead of via the web site

https://gerrit.wikimedia.org/r/271788

zeljkofilipin updated the task description. (Show Details)Feb 19 2016, 2:56 PM
gerritbot added a comment.Feb 19 2016, 6:25 PM

Change 271788 merged by jenkins-bot:
Log in via the API instead of via the web site

https://gerrit.wikimedia.org/r/271788

zeljkofilipin created subtask T128097: Merge tests/browser/environments.yml and tests/browser/config/config.yml in WikidataBrowserTests.Feb 25 2016, 4:41 PM
zeljkofilipin moved this task from In Progress to Next on the Browser-Tests-Infrastructure board.Feb 26 2016, 2:20 PM
zeljkofilipin added a comment.Mar 8 2016, 11:17 AM
This comment was removed by zeljkofilipin.
zeljkofilipin updated the task description. (Show Details)Mar 8 2016, 1:35 PM
zeljkofilipin removed zeljkofilipin as the assignee of this task.Mar 29 2016, 10:22 AM
zeljkofilipin added a project: User-zeljkofilipin.Jun 17 2016, 3:38 PM
gerritbot added a comment.Jun 17 2016, 3:41 PM

Change 270968 abandoned by Zfilipin:
Log in via the API instead of via the web site

Reason:
Not working on this.

https://gerrit.wikimedia.org/r/270968

gerritbot added a comment.Jun 17 2016, 3:41 PM

Change 270905 abandoned by Zfilipin:
Logging in via LoginPage#login_with is a security risk

Reason:
Not working on this.

https://gerrit.wikimedia.org/r/270905

Tobi_WMDE_SW closed subtask T128097: Merge tests/browser/environments.yml and tests/browser/config/config.yml in WikidataBrowserTests as Resolved.Jul 22 2016, 10:48 AM
zeljkofilipin moved this task from Next to Gems on the Browser-Tests-Infrastructure board.Sep 15 2016, 4:04 PM
SamanthaNguyen added a project: Ruby.Jan 16 2017, 4:55 PM
greg added a project: Release-Engineering-Team (Backlog).May 20 2017, 4:37 PM
zeljkofilipin closed this task as Declined.May 26 2017, 3:47 PM
zeljkofilipin lowered the priority of this task from Medium to Low.

Unlikely to ever be resolved because of T139740: Port Selenium tests from Ruby to Node.js.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL