Page MenuHomePhabricator

Loging into Phabricator with MediaWiki account on mobile device can cause endless loop
Closed, ResolvedPublic

Description

Steps to reproduce:

  1. Open a browser on a mobile device or manipulate your desktop browser to load the mobile version of Wikipedia.
  2. Make sure you are neither logged into Phabricator nor into your global Wikimedia account.
  3. Go to Wikipedia, log into your global Wikimedia account.
  4. Go to Phabricator, log in using your MediaWiki account.

Expected result: You are sent the mediawiki.org, logged in automatically (since your are logged in on Wikipedia), and asked to allow logging in Phabricator using OAuth.

Actual result: Special:Login is loaded and reloaded in an endless loop.

When you visit mediawiki.org before, it works as expected. In the desktop version it too works as expected, so it seems to be caused by some unfortunate combination of OAuth, SUL, and the mobile version.

I tested this both with Firefox on an actual mobile device, and with desktop Vivaldi with user agent set to Firefox/Android.

Event Timeline

Schnark created this task.Sep 20 2016, 7:41 AM
Restricted Application added subscribers: TerraCodes, Aklapper. · View Herald TranscriptSep 20 2016, 7:41 AM
Tgr added a subscriber: Tgr.Sep 20 2016, 6:29 PM

Can't reproduce. Can you make the steps more exact (open a browser in incognito mode, visit URL X, log in, visit URL Y...)?

SamanthaNguyen renamed this task from Loging into Phabricator with MediaWiki account on mobile device can caus endless loop to Loging into Phabricator with MediaWiki account on mobile device can cause endless loop.Sep 21 2016, 3:19 AM
SamanthaNguyen added a subscriber: SamanthaNguyen.
Schnark added a comment.EditedSep 21 2016, 7:36 AM

Long version:

  1. Open Firefox on desktop, install the add-on "User Agent Switcher", restart your browser to activate it, set your user agent to "iPhone 3.0", open a "private mode" window.
  2. Go to https://de.wikipedia.org. You should be redirected to https://de.m.wikipedia.org/wiki/Wikipedia:Hauptseite.
  3. Click the hamburger icon, select "Anmelden". You should go to https://de.m.wikipedia.org/w/index.php?title=Spezial:Anmelden&returnto=Wikipedia%3AHauptseite&returntoquery=welcome%3Dyes.
  4. Enter your name and password and log in. You should return to https://de.m.wikipedia.org/w/index.php?title=Wikipedia:Hauptseite&welcome=yes, now logged in.
  5. Enter "phab:" in the search bar, press enter. You should go to https://phabricator.wikimedia.org/.
  6. Click on the log-in icon, you should go to https://phabricator.wikimedia.org/auth/start/?next=%2F.
  7. Click the "MediaWiki" button.

Result: The page https://www.mediawiki.org/w/index.php?title=Special:UserLogin&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef is loaded in an endless loop (of course the hex numbers are different). The page shows you as not logged in.

According to the web console the load order is the following:

  1. https://www.mediawiki.org/w/index.php?title=Special:OAuth/authorize&oauth_token=0123456789abcdef&oauth_consumer_key=0123456789abcdef -> 302 Found
  2. https://www.mediawiki.org/w/index.php?title=Special:UserLogin&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef -> 200 OK
  3. Calls to some resource loader modules.
  4. A call to https://login.wikimedia.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=mediawikiwiki&proto=https&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef -> 302 Found
  5. https://www.mediawiki.org/wiki/Special:CentralAutoLogin/createSession?token=0123456789abcdef&type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 302 Found
  6. https://m.mediawiki.org/wiki/Special:CentralAutoLogin/createSession?token=0123456789abcdef&type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 302 Found
  7. https://login.wikimedia.org/wiki/Special:CentralAutoLogin/validateSession?token=0123456789abcdef&wikiid=mediawikiwiki&type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 302 Found
  8. https://www.mediawiki.org/wiki/Special:CentralAutoLogin/setCookies?type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 302 Found
  9. https://m.mediawiki.org/wiki/Special:CentralAutoLogin/setCookies?type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 200 OK

At this point the loop starts again.

Jdlrobson added a subscriber: Jdlrobson.

After research, if you find this is specific to the MobileFrontend extension, please re-add MobileFrontend, (it shouldn't be).

Tgr triaged this task as High priority.Mar 7 2017, 3:45 AM
Jdlrobson moved this task from Needs triage to Triaged on the Mobile board.Jul 25 2017, 5:45 PM
mmodell added a subscriber: mmodell.

This is apparently not actually a phabricator bug.

I've tested just now with my phone and I can log me into phabricator. @Schnark, can you re-check to see if this task was solved by T119343: OAuth login for phabricator impossible on MobileFrontend ?

Schnark closed this task as Resolved.Feb 1 2018, 8:14 AM
Schnark claimed this task.

I, too, can confirm that logging into Phabricator now works as expected.

Framawiki removed Schnark as the assignee of this task.Feb 4 2018, 5:25 PM
Tgr changed the task status from Duplicate to Resolved.Feb 13 2018, 7:53 PM

Removing duplicate loop.