Page MenuHomePhabricator

Changes on {f15ecc6} might cause a fatal exception when trying to update the password through `Special:ChangeCredentials`
Closed, ResolvedPublic

Description

Changes on rMWf15ecc60cd94: Add force option to password policy might cause a fatal exception when trying to update the password through Special:ChangeCredentials

if the policies MinimalPasswordLength or MinimalPasswordLengthToLogin have an array of values as per the above change, it will end up sending an array to \PasswordFactory::generateRandomPasswordString() here resulting in a fatal exception


[a85fd37d539fccc22189fe87] /w/index.php?title=Special:ChangeCredentials/MediaWiki%5CAuth%5CPasswordAuthenticationRequest&returnto=Special%3APreferences Error from line 230 of /vagrant/mediawiki/includes/password/PasswordFactory.php: Unsupported operand types

Backtrace:

#0 /vagrant/mediawiki/includes/auth/TemporaryPasswordAuthenticationRequest.php(80): PasswordFactory::generateRandomPasswordString(array)
#1 /vagrant/mediawiki/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php(98): MediaWiki\Auth\TemporaryPasswordAuthenticationRequest::newRandom()
#2 /vagrant/mediawiki/includes/auth/AuthManager.php(2104): MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider->getAuthenticationRequests(string, array)
#3 /vagrant/mediawiki/includes/auth/AuthManager.php(2082): MediaWiki\Auth\AuthManager->getAuthenticationRequestsInternal(string, array, array, User)
#4 /vagrant/mediawiki/includes/specialpage/AuthManagerSpecialPage.php(256): MediaWiki\Auth\AuthManager->getAuthenticationRequests(string, User)
#5 /vagrant/mediawiki/includes/specials/SpecialChangeCredentials.php(114): AuthManagerSpecialPage->loadAuth(string, NULL)
#6 /vagrant/mediawiki/includes/specials/SpecialChangeCredentials.php(77): SpecialChangeCredentials->loadAuth(string)

Event Timeline

dmaza created this task.Feb 14 2019, 10:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 14 2019, 10:32 PM

Not related to the long dead PasswordReset extension, unless I'm missing something.

Change 491404 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/core@master] Fix password policy handling in temporary password provider

https://gerrit.wikimedia.org/r/491404

Change 491404 merged by jenkins-bot:
[mediawiki/core@master] Fix password policy handling in temporary password provider

https://gerrit.wikimedia.org/r/491404

Tgr closed this task as Resolved.Feb 20 2019, 9:47 PM
Tgr claimed this task.
Tgr removed a project: Patch-For-Review.