Page MenuHomePhabricator
Create Task
Maniphest T16347

SpecialUserlogin::onCookieRedirectCheck misses obscure case when using CentralAuth
Closed, ResolvedPublic
Actions

Description

Author: Bryan.TongMinh

Description:
When using CentralAuth SpecialUserlogin::onCookieRedirectCheck is useless:

  • Consider you login without an appropriate session cookie set
  • Your login succeeds and you get the appropriate UserId, UserName and session token
  • You are then redirected using wpCookieCheck which will trigger a check on your session cookie
  • Everything is ok so the UserLoginComplete will trigger
  • As there is no proper session attached, $wgUser will contain an anonymous user. CentralAuthHooks::onUserLoginComplete will run on that
  • CentralAuth will do undefined stuff and you will get the messsage 'You are now logged in to Meta as "83.81.x.y"'

Version: unspecified
Severity: normal

Details

Reference
bz14347

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:11 PM
bzimport added a project: MediaWiki-extensions-CentralAuth.
bzimport set Reference to bz14347.
bzimport created this task.May 30 2008, 5:55 PM
bzimport added a comment.May 30 2008, 5:59 PM

Bryan.TongMinh wrote:

Easy way to reproduce this behaviour:

  • Use FireFox and install the "View Cookies" add-on
  • Goto Special:Userlogin
  • Delete your session cookie
  • Login
brion added a comment.May 30 2008, 9:25 PM

The check works correctly for me for its primary purpose:

Tested in Safari 3.1.

bzimport added a comment.May 30 2008, 9:28 PM

Bryan.TongMinh wrote:

Yes, but not when you only clear your cookies after you've reached Special:Userlogin, but do not disable them. Should be extremely rare though.

brion added a comment.Jun 2 2008, 11:37 PM
  • Bug 14383 has been marked as a duplicate of this bug. ***
bzimport added a comment.Jun 3 2008, 12:16 AM

codemonk wrote:

This problem arises, if user has been browsing the web with cookies disabled, then he goes to login page, enables cookies, enters his password and... fails.

tstarling added a comment.Jun 5 2008, 2:52 PM

Should be fixed in r35932

MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-CentralAuth board.May 5 2015, 6:12 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL