$wgBlockDisablesLogin = true; + $wgEmailConfirmToEdit = true; causes the wiki to be inaccessible for anonymous users
Open, Needs TriagePublic

Description

Setup

  • MediaWiki 1.27.1 (a52d35d)06:46, 23 August 2016
  • PHP 5.6.24-0+deb8u1 (apache2handler)
  • MariaDB 10.0.26-MariaDB-1~jessie

Issue
After updating a wiki form MW 1.27.0 to MW 1.27.1 it becomes inaccessible for anonymous users, i.e. they cannot read a page nor log in. I believe this may very well be caused by the fix for T129738.

Error message

Permission error

You do not have permission to read this page, for the following reason:

You must confirm your email address before editing pages. Please set and validate your email address through your user preferences.

LocalSettings.php

$wgEmailConfirmToEdit = true;
$wgBlockDisablesLogin = true;
$wgGroupPermissions['*']['edit'] = false;

After setting $wgEmailConfirmToEdit to "false" the wiki is back in business again. Since I do not want to loose this setting ... As a matter of fact all "my" wikis which require e-mail confirmation for editing also use the newly "fixed" configuration setting.

Kghbln created this task.Aug 24 2016, 2:18 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 24 2016, 2:18 PM
Kghbln updated the task description. (Show Details)Aug 24 2016, 2:19 PM

@Bawolff I subscribed you since you were the author of the patch set which I think is the most likely the cause of the issue.

Kghbln updated the task description. (Show Details)Aug 24 2016, 2:24 PM
Kghbln renamed this task from $wgBlockDisablesLogin = true; causes the wiki to be inaccessible to $wgBlockDisablesLogin = true; causes the wiki to be inaccessible for anonymous users.Aug 24 2016, 2:30 PM
Kghbln updated the task description. (Show Details)

Change 306863 had a related patch set uploaded (by Brian Wolff):
Make $wgEmailConfirmToEdit only affect edit actions.

https://gerrit.wikimedia.org/r/306863

Note that the $wgGroupPermissions['*']['edit'] = false; is unnecessary to reproduce the issue. You are correct that the fix for T129738 caused this issue.

Basically, $wgConfirmEmailToEdit was blocking all rights that use $title->userCan() instead of just edit. Previously read rights had special handling and wasn't caught up in that.

Bawolff renamed this task from $wgBlockDisablesLogin = true; causes the wiki to be inaccessible for anonymous users to $wgBlockDisablesLogin = true; + $wgEmailConfirmToEdit causes the wiki to be inaccessible for anonymous users.Aug 26 2016, 1:42 AM

Out of curiosity, what's the point of enabling $wgBlockDisablesLogin and having your wiki be publically readable?

@Bawolff Thank you for your notes and tackling this issue! I very much appreciate this!

Out of curiosity, what's the point of enabling $wgBlockDisablesLogin and having your wiki be publically readable?

There is actually no big point for having this on a publicly readable wiki. That's why I removed the setting instead of rolling back to MW 1.27.0 on that particular instance.

Since this issue however prevents anons from logging into a private wiki the fix is still very important. So backports to REL1_23 and REL1_26 are needed too.

Kghbln renamed this task from $wgBlockDisablesLogin = true; + $wgEmailConfirmToEdit causes the wiki to be inaccessible for anonymous users to $wgBlockDisablesLogin = true; + $wgEmailConfirmToEdit true; causes the wiki to be inaccessible for anonymous users.Aug 26 2016, 4:04 PM
Kghbln renamed this task from $wgBlockDisablesLogin = true; + $wgEmailConfirmToEdit true; causes the wiki to be inaccessible for anonymous users to $wgBlockDisablesLogin = true; + $wgEmailConfirmToEdit = true; causes the wiki to be inaccessible for anonymous users.

So backports to REL1_23 and REL1_26 are needed too.

Agreed. I marked it as blocking the 1.27.2 task, which should also ensure its appropriately backported (You probably can't see that task as 1.27.2 is primarily security related, so the tracker bug is in the "secret" security section, so it doesn't show up on the normal list)

Reedy added a subscriber: Reedy.Mar 20 2017, 2:56 AM

Patch causes test failures :(

Pretty sad. I now waited eight months for the fix with the new release and now learn that it is still broken. I figured that the patch got merged. :( I have a wiki at hand that uses $wgWhitelistRead for a couple of pages ...

I was bold and added MW-1.27 again hoping that will help the cause. Keeping the spirit of hope here.