Right now temporary passwords are handled by MediaWiki core, not the central login extension, which has various disadvantages (e.g. throttling is per-wiki and easy to get around; the temp password only works on the wiki where you got it; T149003: TemporaryPasswordPrimaryAuthenticationProvider does not work with non-DB-based passwords). CentralAuth should probably duplicate the temp password handling logic and store the data in the central DB.
Description
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | None | T14884 Login and account creation should be by secure http. | |||
Invalid | None | T11816 Improve security for Special:Userlogin (tracking) | |||
Open | None | T19487 mail password per user rate limit should be global for SUL accounts | |||
Open | None | T42050 Allow password reset requests to be handled centrally for unified users | |||
Open | None | T151012 CentralAuth should have its own temporary password handling |