Page MenuHomePhabricator
Create Task
Maniphest T140853

Central login fails when user logs in via redirect flow
Closed, ResolvedPublic
Actions

Description

Steps to reproduce:

  1. set up mediawiki with CentralAuth and GoogleLogin (https://authmanager.wmflabs.org/ is available, although it's on 1.27)
  2. log in via GoogleLogin

You will not be logged in centrally, nor on any of the other wikis.

The UserLoginComplete hook can fire in pageviews that are not exactly logins, but need the same behavior (e.g. redirect targeting) as a login. For example, the user has two tabs with login-requiring special pages; they close the browser; their session times out; they restore the browser (which will not show two login pages); they log in on one page; as a convenience, the other page can be refreshed and will redirect back to the special page. (See the comment block at the beginning of LoginSignupSpecialPage::execute.) In such a case, the hook needs to run even though this was not exactly a login (or maybe it doesn't need to, but that is the current behavior).

Doing a central login would break the redirect in such a case (T71834), so CentralAuthHooks::getDomainAutoLoginHtml checks whether the request was posted, to differentiate real logins from UserLoginComplete calls on non-logins. That does not really work with AuthManager.

(getDomainAutoLoginHtml tries to do an edge login instead of a redirect to the login wiki in such a case; as far as I can see that does little good when the user is not logged in on the login wiki.)

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+12 -5Add $direct parameter to UserLoginComplete hook
mediawiki/extensions/CentralAuthmaster+12 -6Use UserLoginComplete parameter instead of request method for central login
Customize query in gerrit

Related Objects

Event Timeline

Tgr created this task.Jul 20 2016, 12:13 AM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJul 20 2016, 12:13 AM
Tgr added a project: MediaWiki-extensions-CentralAuth.Jul 20 2016, 12:15 AM
gerritbot added a subscriber: gerritbot.Jul 20 2016, 1:32 AM

Change 299918 had a related patch set uploaded (by Gergő Tisza):
Add $direct parameter to UserLoginComplete hook

https://gerrit.wikimedia.org/r/299918

gerritbot added a project: Patch-For-Review.Jul 20 2016, 1:32 AM
gerritbot added a comment.Jul 20 2016, 1:35 AM

Change 299920 had a related patch set uploaded (by Gergő Tisza):
Use UserLoginComplete parameter instead of request method for central login

https://gerrit.wikimedia.org/r/299920

gerritbot added a comment.Jul 20 2016, 8:29 PM

Change 299918 merged by jenkins-bot:
Add $direct parameter to UserLoginComplete hook

https://gerrit.wikimedia.org/r/299918

gerritbot added a comment.Jul 20 2016, 8:30 PM

Change 299920 merged by jenkins-bot:
Use UserLoginComplete parameter instead of request method for central login

https://gerrit.wikimedia.org/r/299920

ReleaseTaggerBot added projects: MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-07-26_(1.28.0-wmf.12)).Jul 20 2016, 9:00 PM
MZMcBride mentioned this in T112730: Failure to OAuth after login on mobile.Sep 30 2016, 2:21 AM
Tgr closed this task as Resolved.Jan 28 2017, 1:53 AM
Tgr claimed this task.
MarcoAurelio moved this task from Incoming to Done on the MediaWiki-extensions-CentralAuth board.Nov 22 2017, 9:46 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL