2016-02-17 00:12:50 mw1091 enwiki 1.27.0-wmf.13 exception ERROR: [31494c50] /w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=redacted&returntoquery=redacted PasswordError from line 2418 of /srv/mediawiki/php-1.27.0-wmf.13/includes/user/User.php: Passwords must be at least 1 character. {"exception_id":"31494c50"} [Exception PasswordError] (/srv/mediawiki/php-1.27.0-wmf.13/includes/user/User.php:2418) Passwords must be at least 1 character. #0 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(691): User->setPassword(string) #1 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(967): LoginForm->initUser(User, boolean) #2 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(789): LoginForm->attemptAutoCreate(User) #3 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(983): LoginForm->authenticateUserData() #4 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(361): LoginForm->processLogin() #5 /srv/mediawiki/php-1.27.0-wmf.13/includes/specialpage/SpecialPage.php(407): LoginForm->execute(NULL) #6 /srv/mediawiki/php-1.27.0-wmf.13/includes/specialpage/SpecialPageFactory.php(565): SpecialPage->run(NULL) #7 /srv/mediawiki/php-1.27.0-wmf.13/includes/MediaWiki.php(280): SpecialPageFactory::executePath(Title, RequestContext) #8 /srv/mediawiki/php-1.27.0-wmf.13/includes/MediaWiki.php(736): MediaWiki->performRequest() #9 /srv/mediawiki/php-1.27.0-wmf.13/includes/MediaWiki.php(517): MediaWiki->main()
Description
Description
Event Timeline
Comment Actions
Also similar exceptions like this:
2016-02-16 20:57:45 mw1090 enwiki 1.27.0-wmf.13 exception ERROR: [e906ea3d] /w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=redacted&returntoquery=redacted PasswordError from line 2418 of /srv/mediawiki/php-1.27.0-wmf.13/includes/user/User.php: Your password must be different from your username. {"exception_id":"e906ea3d"} [Exception PasswordError] (/srv/mediawiki/php-1.27.0-wmf.13/includes/user/User.php:2418) Your password must be different from your username. #0 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(691): User->setPassword(string) #1 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(967): LoginForm->initUser(User, boolean) #2 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(789): LoginForm->attemptAutoCreate(User) #3 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(983): LoginForm->authenticateUserData() #4 /srv/mediawiki/php-1.27.0-wmf.13/includes/specials/SpecialUserlogin.php(361): LoginForm->processLogin() #5 /srv/mediawiki/php-1.27.0-wmf.13/includes/specialpage/SpecialPage.php(407): LoginForm->execute(NULL) #6 /srv/mediawiki/php-1.27.0-wmf.13/includes/specialpage/SpecialPageFactory.php(565): SpecialPage->run(NULL) #7 /srv/mediawiki/php-1.27.0-wmf.13/includes/MediaWiki.php(280): SpecialPageFactory::executePath(Title, RequestContext) #8 /srv/mediawiki/php-1.27.0-wmf.13/includes/MediaWiki.php(736): MediaWiki->performRequest() #9 /srv/mediawiki/php-1.27.0-wmf.13/includes/MediaWiki.php(517): MediaWiki->main()
Comment Actions
Duplicated this. Yes, we should catch that and either reject the login with an error about it, or funnel them into the password change flow.
Comment Actions
Actually, we really shouldn't even be setting the password on the local wiki when the user is autocreated from a global account.
Comment Actions
I would say we should fix AuthPlugin, but with AuthManger coming out soon, might be best to just wait for that. In the meantime, I think we could put up a small patch that will just set a long random password on the local wiki, since the password is validated by the AuthPlugin (CentralAuth in our case), the local wiki password hash should never be used.