Page MenuHomePhabricator

CentralAuth should have its own temporary password handling
Open, Needs TriagePublic


Right now temporary passwords are handled by MediaWiki core, not the central login extension, which has various disadvantages (e.g. throttling is per-wiki and easy to get around; the temp password only works on the wiki where you got it; T149003: TemporaryPasswordPrimaryAuthenticationProvider does not work with non-DB-based passwords). CentralAuth should probably duplicate the temp password handling logic and store the data in the central DB.