Page MenuHomePhabricator

Central login fails when user logs in via redirect flow
Closed, ResolvedPublic

Description

Steps to reproduce:

  1. set up mediawiki with CentralAuth and GoogleLogin (https://authmanager.wmflabs.org/ is available, although it's on 1.27)
  2. log in via GoogleLogin

You will not be logged in centrally, nor on any of the other wikis.

The UserLoginComplete hook can fire in pageviews that are not exactly logins, but need the same behavior (e.g. redirect targeting) as a login. For example, the user has two tabs with login-requiring special pages; they close the browser; their session times out; they restore the browser (which will not show two login pages); they log in on one page; as a convenience, the other page can be refreshed and will redirect back to the special page. (See the comment block at the beginning of LoginSignupSpecialPage::execute.) In such a case, the hook needs to run even though this was not exactly a login (or maybe it doesn't need to, but that is the current behavior).

Doing a central login would break the redirect in such a case (T71834), so CentralAuthHooks::getDomainAutoLoginHtml checks whether the request was posted, to differentiate real logins from UserLoginComplete calls on non-logins. That does not really work with AuthManager.

(getDomainAutoLoginHtml tries to do an edge login instead of a redirect to the login wiki in such a case; as far as I can see that does little good when the user is not logged in on the login wiki.)

Details

Related Gerrit Patches:

Event Timeline

Tgr created this task.Jul 20 2016, 12:13 AM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJul 20 2016, 12:13 AM

Change 299918 had a related patch set uploaded (by Gergő Tisza):
Add $direct parameter to UserLoginComplete hook

https://gerrit.wikimedia.org/r/299918

Change 299920 had a related patch set uploaded (by Gergő Tisza):
Use UserLoginComplete parameter instead of request method for central login

https://gerrit.wikimedia.org/r/299920

Change 299918 merged by jenkins-bot:
Add $direct parameter to UserLoginComplete hook

https://gerrit.wikimedia.org/r/299918

Change 299920 merged by jenkins-bot:
Use UserLoginComplete parameter instead of request method for central login

https://gerrit.wikimedia.org/r/299920

Tgr closed this task as Resolved.Jan 28 2017, 1:53 AM
Tgr claimed this task.