Page MenuHomePhabricator
Create Task
Maniphest T216196

Changes on {f15ecc6} might cause a fatal exception when trying to update the password through `Special:ChangeCredentials`
Closed, ResolvedPublic
Actions

Description

Changes on rMWf15ecc60cd94: Add force option to password policy might cause a fatal exception when trying to update the password through Special:ChangeCredentials

if the policies MinimalPasswordLength or MinimalPasswordLengthToLogin have an array of values as per the above change, it will end up sending an array to \PasswordFactory::generateRandomPasswordString() here resulting in a fatal exception

[a85fd37d539fccc22189fe87] /w/index.php?title=Special:ChangeCredentials/MediaWiki%5CAuth%5CPasswordAuthenticationRequest&returnto=Special%3APreferences Error from line 230 of /vagrant/mediawiki/includes/password/PasswordFactory.php: Unsupported operand types

Backtrace:

#0 /vagrant/mediawiki/includes/auth/TemporaryPasswordAuthenticationRequest.php(80): PasswordFactory::generateRandomPasswordString(array)
#1 /vagrant/mediawiki/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php(98): MediaWiki\Auth\TemporaryPasswordAuthenticationRequest::newRandom()
#2 /vagrant/mediawiki/includes/auth/AuthManager.php(2104): MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider->getAuthenticationRequests(string, array)
#3 /vagrant/mediawiki/includes/auth/AuthManager.php(2082): MediaWiki\Auth\AuthManager->getAuthenticationRequestsInternal(string, array, array, User)
#4 /vagrant/mediawiki/includes/specialpage/AuthManagerSpecialPage.php(256): MediaWiki\Auth\AuthManager->getAuthenticationRequests(string, User)
#5 /vagrant/mediawiki/includes/specials/SpecialChangeCredentials.php(114): AuthManagerSpecialPage->loadAuth(string, NULL)
#6 /vagrant/mediawiki/includes/specials/SpecialChangeCredentials.php(77): SpecialChangeCredentials->loadAuth(string)

Details

SubjectRepoBranchLines +/-
Fix password policy handling in temporary password providermediawiki/coremaster+21 -10
Customize query in gerrit

Related Objects

Event Timeline

dmaza created this task.Feb 14 2019, 10:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 14 2019, 10:32 PM
dbarratt added projects: MediaWiki-User-management, MediaWiki-extensions-PasswordReset.Feb 15 2019, 12:23 AM
Tgr edited projects, added MediaWiki-Core-AuthManager; removed MediaWiki-extensions-PasswordReset.Feb 19 2019, 4:13 AM

Not related to the long dead PasswordReset extension, unless I'm missing something.

gerritbot subscribed.Feb 19 2019, 4:36 AM

Change 491404 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/core@master] Fix password policy handling in temporary password provider

https://gerrit.wikimedia.org/r/491404

gerritbot added a project: Patch-For-Review.Feb 19 2019, 4:36 AM
gerritbot added a comment.Feb 20 2019, 8:48 PM

Change 491404 merged by jenkins-bot:
[mediawiki/core@master] Fix password policy handling in temporary password provider

https://gerrit.wikimedia.org/r/491404

ReleaseTaggerBot added a project: MW-1.33-notes (1.33.0-wmf.19; 2019-02-26).Feb 20 2019, 9:01 PM
Tgr closed this task as Resolved.Feb 20 2019, 9:47 PM
Tgr claimed this task.
Tgr removed a project: Patch-For-Review.
Aklapper added a project: MediaWiki-User-login-and-signup.May 16 2023, 12:19 PM
Aklapper removed a subscriber: MediaWiki-User-login-and-signup.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL