As a Wikimedia user, I want the undefined offset bug fixed, so that the password reset process can run more smoothly.
Background: We have conducted some tests and looked into data on this issue. So far, this does not seem to be a user-facing bug and it is unlikely to occur. However, we want to be cautious, so we will be fixing this bug before we enable Enhanced Password Reset on other wikis.
Acceptance Criteria:
- Fix the bug that throws an error (in the back-end) when user has an email associated with 2 accounts, enables enhanced password reset on 1 account, and then inputs only email address on Special:PasswordReset.
What is the problem?
Sometimes, when resetting password via Special:PasswordReset, the below exception occurs.
I think what is happening is:
- When Special:PasswordReset is submitted, it finds all users who match the username/email and puts them all into the $users array (starting here?)
- If only username or email was submitted, it removes from the $users array any user who has the Enhanced Password Reset preference enabled in Special:Preferences (here)
- This can lead to a $users array where the first item is undefined
- The SpecialPasswordResetOnSubmit hook is called, which passes the $users array as a parameter (here)
- CentralAuthHooks::onSpecialPasswordResetOnSubmit is one of the hooks that gets called, but it assumes that $users is either empty or has its first item defined (here)
So the solutions could be:
- Change the PasswordReset code to remove undefined items from the $users array
- Change the CentralAuthHooks code to not assume all items in the $users array are defined
Stack trace:
[error] [0913efa8abf52f9f07bcaaeb] /wiki/Special:PasswordReset ErrorException from line 388 of /vagrant/mediawiki/extensions/CentralAuth/includes/CentralAuthHooks.php: PHP Notice: Undefined offset: 0 #0 /vagrant/mediawiki/extensions/CentralAuth/includes/CentralAuthHooks.php(388): MWExceptionHandler::handleError(integer, string, string, integer, array) #1 /vagrant/mediawiki/includes/Hooks.php(174): CentralAuthHooks::onSpecialPasswordResetOnSubmit(array, array, array) #2 /vagrant/mediawiki/includes/Hooks.php(202): Hooks::callHook(string, array, array, NULL) #3 /vagrant/mediawiki/includes/user/PasswordReset.php(206): Hooks::run(string, array) #4 /vagrant/mediawiki/includes/specials/SpecialPasswordReset.php(151): PasswordReset->execute(User, NULL, string) #5 /vagrant/mediawiki/includes/htmlform/HTMLForm.php(694): SpecialPasswordReset->onSubmit(array, OOUIHTMLForm) #6 /vagrant/mediawiki/includes/htmlform/HTMLForm.php(586): HTMLForm->trySubmit() #7 /vagrant/mediawiki/includes/htmlform/HTMLForm.php(601): HTMLForm->tryAuthorizedSubmit() #8 /vagrant/mediawiki/includes/specialpage/FormSpecialPage.php(187): HTMLForm->show() #9 /vagrant/mediawiki/includes/specials/SpecialPasswordReset.php(83): FormSpecialPage->execute(NULL) #10 /vagrant/mediawiki/includes/specialpage/SpecialPage.php(575): SpecialPasswordReset->execute(NULL) #11 /vagrant/mediawiki/includes/specialpage/SpecialPageFactory.php(622): SpecialPage->run(NULL) #12 /vagrant/mediawiki/includes/MediaWiki.php(299): MediaWiki\SpecialPage\SpecialPageFactory->executePath(Title, RequestContext) #13 /vagrant/mediawiki/includes/MediaWiki.php(973): MediaWiki->performRequest() #14 /vagrant/mediawiki/includes/MediaWiki.php(535): MediaWiki->main() #15 /vagrant/mediawiki/index.php(47): MediaWiki->run() #16 /var/www/w/index.php(5): require(string) #17 {main}
Steps to reproduce problem
With $wgAllowRequiringEmailForResets = true;:
- Find (or create) two users who have the same email (e.g. email@email.com)
- For the user who was created earliest, enable enhanced password reset (Special:Preferences > "Send password reset emails only when both email address and username are provided.")
- For the user who was created latest, disable enhanced password reset (should be disabled by default)
- Go to Special:PasswordReset and submit just with email from step 1 (i.e. email@email.com)
Expected behavior: The user who was created latest gets their password reset, the other does not.
Observed behavior: Exception as noted.
Environment
Wiki(s): MediaWiki 1.35.0-alpha (9b125a0)