Page MenuHomePhabricator
Create Task
Maniphest T146122

Loging into Phabricator with MediaWiki account on mobile device can cause endless loop
Closed, ResolvedPublic
Actions

Description

Steps to reproduce:

  1. Open a browser on a mobile device or manipulate your desktop browser to load the mobile version of Wikipedia.
  2. Make sure you are neither logged into Phabricator nor into your global Wikimedia account.
  3. Go to Wikipedia, log into your global Wikimedia account.
  4. Go to Phabricator, log in using your MediaWiki account.

Expected result: You are sent the mediawiki.org, logged in automatically (since your are logged in on Wikipedia), and asked to allow logging in Phabricator using OAuth.

Actual result: Special:Login is loaded and reloaded in an endless loop.

When you visit mediawiki.org before, it works as expected. In the desktop version it too works as expected, so it seems to be caused by some unfortunate combination of OAuth, SUL, and the mobile version.

I tested this both with Firefox on an actual mobile device, and with desktop Vivaldi with user agent set to Firefox/Android.

Related Objects

Event Timeline

Schnark created this task.Sep 20 2016, 7:41 AM
Restricted Application added subscribers: TerraCodes, Aklapper. · View Herald TranscriptSep 20 2016, 7:41 AM
Tgr subscribed.Sep 20 2016, 6:29 PM

Can't reproduce. Can you make the steps more exact (open a browser in incognito mode, visit URL X, log in, visit URL Y...)?

SamanthaNguyen renamed this task from Loging into Phabricator with MediaWiki account on mobile device can caus endless loop to Loging into Phabricator with MediaWiki account on mobile device can cause endless loop.Sep 21 2016, 3:19 AM
SamanthaNguyen subscribed.
Schnark added a comment.EditedSep 21 2016, 7:36 AM

Long version:

  1. Open Firefox on desktop, install the add-on "User Agent Switcher", restart your browser to activate it, set your user agent to "iPhone 3.0", open a "private mode" window.
  2. Go to https://de.wikipedia.org. You should be redirected to https://de.m.wikipedia.org/wiki/Wikipedia:Hauptseite.
  3. Click the hamburger icon, select "Anmelden". You should go to https://de.m.wikipedia.org/w/index.php?title=Spezial:Anmelden&returnto=Wikipedia%3AHauptseite&returntoquery=welcome%3Dyes.
  4. Enter your name and password and log in. You should return to https://de.m.wikipedia.org/w/index.php?title=Wikipedia:Hauptseite&welcome=yes, now logged in.
  5. Enter "phab:" in the search bar, press enter. You should go to https://phabricator.wikimedia.org/.
  6. Click on the log-in icon, you should go to https://phabricator.wikimedia.org/auth/start/?next=%2F.
  7. Click the "MediaWiki" button.

Result: The page https://www.mediawiki.org/w/index.php?title=Special:UserLogin&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef is loaded in an endless loop (of course the hex numbers are different). The page shows you as not logged in.

According to the web console the load order is the following:

  1. https://www.mediawiki.org/w/index.php?title=Special:OAuth/authorize&oauth_token=0123456789abcdef&oauth_consumer_key=0123456789abcdef -> 302 Found
  2. https://www.mediawiki.org/w/index.php?title=Special:UserLogin&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef -> 200 OK
  3. Calls to some resource loader modules.
  4. A call to https://login.wikimedia.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=mediawikiwiki&proto=https&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef -> 302 Found
  5. https://www.mediawiki.org/wiki/Special:CentralAutoLogin/createSession?token=0123456789abcdef&type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 302 Found
  6. https://m.mediawiki.org/wiki/Special:CentralAutoLogin/createSession?token=0123456789abcdef&type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 302 Found
  7. https://login.wikimedia.org/wiki/Special:CentralAutoLogin/validateSession?token=0123456789abcdef&wikiid=mediawikiwiki&type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 302 Found
  8. https://www.mediawiki.org/wiki/Special:CentralAutoLogin/setCookies?type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 302 Found
  9. https://m.mediawiki.org/wiki/Special:CentralAutoLogin/setCookies?type=script&return=1&returnto=Special%3AOAuth%2Fauthorize&returntoquery=oauth_token%3D0123456789abcdef%26oauth_consumer_key%3D0123456789abcdef&proto=https -> 200 OK

At this point the loop starts again.

Jdlrobson edited projects, added Mobile, Web-Team-Backlog; removed MobileFrontend.Sep 21 2016, 5:40 PM
Jdlrobson subscribed.

After research, if you find this is specific to the MobileFrontend extension, please re-add MobileFrontend, (it shouldn't be).

Jdlrobson moved this task from Incoming to 2014-15 Q4 on the Web-Team-Backlog board.Sep 21 2016, 5:42 PM
MZMcBride mentioned this in T112730: Failure to OAuth after login on mobile.Sep 30 2016, 2:20 AM
Tgr triaged this task as High priority.Mar 7 2017, 3:45 AM
Nemo_bis subscribed.Jun 8 2017, 2:54 PM

Isn't this a duplicate of T119343: OAuth login for phabricator impossible on MobileFrontend?

Jdlrobson removed a project: Web-Team-Backlog.Jun 29 2017, 8:32 PM
Jdlrobson merged a task: T119343: OAuth login for phabricator impossible on MobileFrontend.Jun 29 2017, 8:35 PM
Jdlrobson added subscribers: Kaartic, ovasileva, MZMcBride, StudiesWorld.
Jdlrobson moved this task from Needs triage to Triaged on the Mobile board.Jul 25 2017, 5:45 PM
SamanthaNguyen unsubscribed.Aug 12 2017, 1:38 AM
Aklapper mentioned this in T179124: Integrate login with SUL.Oct 27 2017, 10:39 AM
Framawiki subscribed.Nov 11 2017, 10:51 AM
mmodell removed a project: Phabricator.Jan 31 2018, 10:47 PM
mmodell subscribed.

This is apparently not actually a phabricator bug.

Framawiki added a comment.Jan 31 2018, 10:59 PM

I've tested just now with my phone and I can log me into phabricator. @Schnark, can you re-check to see if this task was solved by T119343: OAuth login for phabricator impossible on MobileFrontend ?

Schnark closed this task as Resolved.Feb 1 2018, 8:14 AM
Schnark claimed this task.

I, too, can confirm that logging into Phabricator now works as expected.

Framawiki removed Schnark as the assignee of this task.Feb 4 2018, 5:25 PM
Framawiki closed this task as a duplicate of T119343: OAuth login for phabricator impossible on MobileFrontend.
Tgr changed the task status from Duplicate to Resolved.Feb 13 2018, 7:53 PM

Removing duplicate loop.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits