Page MenuHomePhabricator

Cannot change password for role account that is not an attached global account - Assistance required from someone with shell access
Closed, ResolvedPublic

Description

In preparation for the OTRS downtime scheduled for 48 hours starting 14 Sep 2020, English Wikipedia oversighters were preparing to make modifications to the "send to" email. A primary source of OTRS oversight requests on English Wikipedia is via the User:Oversight "Email this user" function, which has been in place for many years. The password for this account has previously been held by the Arbitration Committee, but could not be located today. It was decided to attempt a password reset.

*Password reset was attempted. (verified in log)
*Emailed temporary password was received in the OTRS queue (Ticket#2020091210000913 in the restricted oversight-en-wp queue)
*Went to log in using the temporary password, which was accepted.
*On next screen, where one would enter a new password, the new password was rejected, and a message saying "The supplied credentials cannot be changed, as nothing would use them."
*Several attempts were made, using different browsers, and double-checking the temporary password, with the same results.

With assistance from bawolff and AntiComposite on IRC, it was determined that:
*User:Oversight is not a global account. There are four non-attached accounts with this username, on ENWP, NLWP, DEWP and Simple WIkipedia. From that, it was deduced that the Enwp "User:Oversight" is an unattached local account.
*AntiComposite identifed the applicable code as: https://gerrit.wikimedia.org/g/mediawiki/core/+/d07cccadb45a3c2a4e9fb3fa1c37846c095a7044/includes/auth/AuthManager.php#867
*It was determined that only someone with shell access can assist in this situation.

From the IRC chat:

<bawolff> and we have: $wgAuthManagerAutoConfig['primaryauth'][\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class]['args'][0]['loginOnly'] = true;
<bawolff> in CommonSettings.php, which means that LocalPasswordPrimaryAuthenticationProvider will ignore password change requests
<bawolff> and if the account isn't global, central auth won't do anything

Event Timeline

Risker created this task.Sat, Sep 12, 6:16 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSat, Sep 12, 6:16 AM

User:Oversight is in this weird case because each wiki wanted the email to point to their address but if the account was globalized/unified it could only have one email address, so we punted on unifying it during SULF. We don't allow logins to non-global accounts because all of them are bugs and in theory, shouldn't exist.

If the goal is to just change the email address temporarily, I (or another shell user) can do that. I don't have a good solution on how to actually get control back of the account short of picking a different name...but it doesn't sound like that's actually necessary?

Risker added a comment.EditedSat, Sep 12, 7:59 AM

User:Oversight is in this weird case because each wiki wanted the email to point to their address but if the account was globalized/unified it could only have one email address, so we punted on unifying it during SULF.

On review, it appears that only ENWP and Simple have email enabled on the account, and the Simple account is "owned" by someone who's been gone for 7 years. Our plan is to work with the other projects to see if we can now "unify" the account to enwiki, disable email on everything except enwiki, and help them to build a suitable "user page" that links to their own Oversight email. That will take time, however.

If the goal is to just change the email address temporarily, I (or another shell user) can do that. I don't have a good solution on how to actually get control back of the account short of picking a different name...but it doesn't sound like that's actually necessary?

The goal is to change the email for the duration of the downtime, and to reinstate it afterward (so, changing the email twice over about 55 hours, depending on how long the downtime works out). If this is felt to be a reasonable solution, that would be fine. You can see details of the plan (including the alternate email here (changing the email address for User:Oversight is Step One). It is our plan to initiate the changes at approximately 0400 UTC on 14 Sep 2020 (i.e., midnight ET), and we'll back it down after the downtime is cleared.

We can work out the rest of the details on regaining control of the account later on. We know that there was a login to the account a couple of years ago (well after SULF), so hypothetically control can be regained, and we're still hoping to find that password, which is probably in "a safe place".

Peachey88 updated the task description. (Show Details)Sat, Sep 12, 9:05 AM
Urbanecm added a subscriber: Urbanecm.EditedSat, Sep 12, 11:15 AM

As such a long downtime is extraordinary, it's fine to make the change from the server side (just ping me or someone else with shell access to do so). For a long term solution, an unique name (ie. English Wikipedia oversight) would be the best, IMO.

Urbanecm triaged this task as High priority.Sat, Sep 12, 11:15 AM
Restricted Application added a subscriber: Dereckson. · View Herald TranscriptSat, Sep 12, 11:15 AM

Ideally https://meta.wikimedia.org/wiki/Special:CentralAuth?target=Oversight could had its dewiki account locally renamed to something else, SUL-i-fy it and have enwiki oversighters "take" or "own" the global account; and ask simplewiki folks to create a User:Simple Wikipedia Oversighters or something along the lines.

That could work technically speaking, but it would need simplewiki agreement :-).

Mentioned in SAL (#wikimedia-operations) [2020-09-13T23:47:24Z] <Urbanecm> Change email address of User:Oversight@enwiki to oversight-l@lists.wikimedia.org as part of OTRS downtime preparation (T262733)

Email was changed via resetUserEmail.php, and Risker confirmed a test email was delivered. This is to be reverted once OTRS is back up.

Restricted Application added a project: User-Urbanecm. · View Herald TranscriptSun, Sep 13, 11:57 PM

Our thanks to Urbanecm, who made the change to the email address for us. We will arrange for its reversion at the end of the OTRS downtime. We will further follow up with other wikis to resolve the "non-attached" issue.

Mentioned in SAL (#wikimedia-operations) [2020-09-16T14:02:08Z] <Urbanecm> Change email address of User:Oversight@enwiki to oversight-en-wp@wikipedia.org as OTRS is back up (T262733)

Urbanecm closed this task as Resolved.Wed, Sep 16, 2:03 PM

I think we can call this resolved. Please ping me if you need any help with the unification, so you can self-service in the future when needed :).