Page MenuHomePhabricator

"Forgot your password?" text is displayed on Login page, even when external auth plugin doesnt allow local password reset
Closed, ResolvedPublic

Description

How to reproduce :

  1. create an external auth plugin (extends AbstractPrimaryAuthenticationProvider / implements PrimaryAuthenticationProvider ... )
  2. Observe whatever providerAllowsAuthenticationDataChange method returns, "Forgot your password?" link is always displayed on login page (link leads to an internal error page when password reset actually disabled by providerAllowsAuthenticationDataChange)

How to fix :
REL 1.27.1, includes/specialpage/LoginSignupSpecialPage.php line 662 (search for $passwordReset->isAllowed( $this->getUser()....)

This statement doesnt make sense and will Always be true, since isAllowed always returns a StatusValue object.
if ( $passwordReset->isAllowed( $this->getUser() ) ) {

Should be replaced by : if ( $passwordReset->isAllowed( $this->getUser() )->isGood() ) {
or isAllowed method should return true|false...

Event Timeline

Remi updated the task description. (Show Details)
Remi updated the task description. (Show Details)

This was already fixed in T144705: Password reset link is shown when no reset options are available and is available in MediaWiki 1.28. As MW 1.27 is a LTS release (I assume you're using 1.27), I cherry-picked the change to the REL1_27 branch, however, it's up to Release-Engineering-Team if this is something which will be in the release of the LTS version or not :)

Change 372767 had a related patch set uploaded (by Florianschmidtwelzow; owner: Huji):
[mediawiki/core@REL1_27] Password reset link is shown when no reset options are available

https://gerrit.wikimedia.org/r/372767

Change 372767 merged by jenkins-bot:
[mediawiki/core@REL1_27] Password reset link is shown when no reset options are available

https://gerrit.wikimedia.org/r/372767

Florian claimed this task.