Page MenuHomePhabricator

CentralAuth and local account creation are not working on beta cluster wikis
Closed, ResolvedPublicBUG REPORT

Description

I have an account on Beta cluster with the username "Masumrezarock100". I was trying to log in to the home deployment wiki but for some reason, I can not create a local account there.

Steps to Reproduce:

  • Go to a beta cluster wiki (eg. enwikibeta)
  • Create an account there and sign in.
  • Then go to another beta wiki where you don't have a local account. (eg. Beta cluster homewiki)
  • Try to login using the same credentials.

Actual Results:

  • Local account creation fails. and it returns the following message "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Please resubmit the form." The problem still occurs even if I refresh the page or clear my cookies.

Expected Results:

  • Creates a local account automatically and logs me in.

Alternative

Results

  • Automatic local account creation fails and it returns the following error message "Auto-creation of a local account failed: An account creation for this user name is already in progress. Please wait." It still happens no matter how much I wait.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 21 2019, 5:21 PM
Masumrezarock100 triaged this task as Unbreak Now! priority.Sep 21 2019, 5:32 PM
Masumrezarock100 updated the task description. (Show Details)
Restricted Application added a subscriber: Liuxinyu970226. · View Herald TranscriptSep 21 2019, 5:32 PM

Hey @Krinkle I tried globalizing SUL using your Global SUL script but it is also not working. It attempted to create new accounts but it couldn't for some reason.

Zoranzoki21 lowered the priority of this task from Unbreak Now! to Needs Triage.Sep 21 2019, 6:57 PM
Zoranzoki21 added a subscriber: Zoranzoki21.

Please don't change priority on Unbreak now! without correct reason. Thanks!

Please don't change priority on Unbreak now! without correct reason. Thanks!

I thought this bug is urgent enough to be set to Unbreak now!. Sorry if I was wrong.

Please don't change priority on Unbreak now! without correct reason. Thanks!

I thought this bug is urgent enough to be set to Unbreak now!. Sorry if I was wrong.

No urgent so much, see https://www.mediawiki.org/wiki/Phabricator/Project_management#Priority_levels.

Aklapper triaged this task as Unbreak Now! priority.Sep 21 2019, 7:14 PM

Please don't change priority on Unbreak now! without correct reason. Thanks!

That's not helpful if you don't explain why there is no "correct reason" in this task. :)
If it turns out that this is due to some code change that would get onto the train and into production, then this might be Unbreak Now. To be investigated...

Masumrezarock100 renamed this task from CentralAuth and local account creation is not working on beta cluster wikis to CentralAuth and local account creation are not working on beta cluster wikis.Sep 21 2019, 7:29 PM

My first thought would be that there's something wrong with the tokens. However, if I try to log in with the browser console open, I see:

[Report Only] Refused to load the script 'https://login.wikimedia.beta.wmflabs.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=eswiki&proto=https&return=1&returnto=P%C3%A1gina+principal' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self' meta.wikimedia.beta.wmflabs.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
[Report Only] Refused to load the script 'https://login.wikimedia.beta.wmflabs.org/wiki/Special:CentralAutoLogin/validateSession?token=[REDACTED]&wikiid=eswiki&type=script&return=1&returnto=P%C3%A1gina+principal&proto=https' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self' meta.wikimedia.beta.wmflabs.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

so this is due to CSP, it seems.

There was a task about enabling CSP on the BC recently, but I cannot find it right now.

So it looks like we're not properly changing the CSP header to beta.wmflabs.org addresses. That would be bad, except they're listed as Report Only?

So it looks like we're not properly changing the CSP header to beta.wmflabs.org addresses. That would be bad, except they're listed as Report Only?

Pretty much. It should be fixed but i dont think its causing this bug

Hah, right, they're report only. Aside from that, the second call to validateSession would be a good candidate.

Masumrezarock100 added a comment.EditedSep 24 2019, 2:45 PM

I am loosing my patience here. When it is going to be fixed? I can not create local accounts on beta cluster wikis.

zeljkofilipin closed this task as Resolved.Sep 25 2019, 10:44 AM
zeljkofilipin assigned this task to hashar.
zeljkofilipin added subscribers: hashar, zeljkofilipin.

Resolved by @hashar in T232796.

Please reopen if the problem is not resolved completely.

Yes, Looks like it has been resolved. I was able to create new local accounts. Yay!