Page MenuHomePhabricator

Account recovery help needed for Developer account Iniquity
Open, Needs TriagePublic

Description

Hello! I forgot my password for logging into my Developer account on Wikitech. Is it possible to reset my password so that I can continue using my Developer account? There is one problem, the email is not specified :(

Event Timeline

I try, but the bastion won't let me in.

The general Cloud VPS bastions that document mentions only lets members of a Cloud VPS project other than toolforge to log in. Since you only have Toolforge access can you use the Toolforge bastions instead (login.toolforge.org).

Thanks for help, again:)
tools-sgebastion-07.tools.eqiad.wmflabs:/home/iniquity/2fa-reset-request.txt

Thanks for help, again:)
tools-sgebastion-07.tools.eqiad.wmflabs:/home/iniquity/2fa-reset-request.txt

Confirmed:

taavi@tools-sgebastion-07:~ $ sudo ls -la /home/iniquity/2fa-reset-request.txt
-rw------- 1 iniquity wikidev 42 Jan  6 12:19 /home/iniquity/2fa-reset-request.txt
taavi@tools-sgebastion-07:~ $ sudo cat /home/iniquity/2fa-reset-request.txt
https://phabricator.wikimedia.org/T298683

I'm guessing the main question here is how to actually do the recovery? Set the email address to something and let @Iniquity then reset their password via Special:PasswordReset?

@Iniquity is it ok if we copy the email from your SUL account to the wikitech account? Note that email will be available publicly.

@Iniquity is it ok if we copy the email from your SUL account to the wikitech account? Note that email will be available publicly.

Yes, I think it will be ok. Thanks.

Mentioned in SAL (#wikimedia-operations) [2022-01-06T16:33:43Z] <taavi> reset wikitech email for User:Iniquity per T298683

Hmm, I set the email on mediawiki side using resetUserEmail.php. It was updated to the MediaWiki DB correctly, but doesn't appear to have been synced to LDAP :/

Hmm, I set the email on mediawiki side using resetUserEmail.php. It was updated to the MediaWiki DB correctly, but doesn't appear to have been synced to LDAP :/

This is a known issue with wikitech's LDAP integration via https://www.mediawiki.org/wiki/Extension:LDAP_Authentication (which has a very colorful looking page on mw.o these days apparently).

Hmm, I set the email on mediawiki side using resetUserEmail.php. It was updated to the MediaWiki DB correctly, but doesn't appear to have been synced to LDAP :/

This is a known issue with wikitech's LDAP integration via https://www.mediawiki.org/wiki/Extension:LDAP_Authentication (which has a very colorful looking page on mw.o these days apparently).

This fixed the issue:

[urbanecm@labweb1002 ~]$ mwscript shell.php labswiki
>>> $ldap = LdapAuthenticationPlugin::getInstance();
>>> $user = User::newFromName('Iniquity')
[...]
>>> $ldap->updateExternalDB($user)
=> true
>>>

In theory this would happen automatically on first settings save, if I'm reading https://github.com/wikimedia/mediawiki-extensions-LdapAuthentication/blob/master/includes/LdapPrimaryAuthenticationProvider.php#L119 right.

It works! :) Thanks everyone.

Majavah claimed this task.

@Majavah, @bd808 can you help plz? I cant sing in into gerrit.

Authentication failed.

Need I create a new request?

I cant sing in into gerrit.

Please explain how and where and what that means after performing which steps.

@Majavah, @bd808 can you help plz? I cant sing in into gerrit.

Please try again. I just ran this from a maintenance server to make sure your Gerrit account is unlocked on the Gerrit side:

$ mwscript eval.php --wiki=labswiki
> wmfGerritSetActive($wmfGerritApiUser, $wmfGerritApiPassword, 'iniquity', 'PUT');

@Majavah, @bd808 can you help plz? I cant sing in into gerrit.

Please try again. I just ran this from a maintenance server to make sure your Gerrit account is unlocked on the Gerrit side:

$ mwscript eval.php --wiki=labswiki
> wmfGerritSetActive($wmfGerritApiUser, $wmfGerritApiPassword, 'iniquity', 'PUT');

No, the same problem :(

bd808 removed Majavah as the assignee of this task.
bd808 added a subscriber: thcipriani.

@bd808 any ideas how to fix it? :(

I did the thing I knew about to unlock a Gerrit account. We need someone with more Gerrit super powers and knowledge to debug further. Maybe @thcipriani could advise us on who ask for that help?

@Iniquity Hi. Your account was marked inactive in Gerrit. I just reactivated it. Let me know how it goes.

What I did:

Collect user id
ssh gerrit.wikimedia.org gerrit set-account --active <email address>
Reactivate account
ssh gerrit.wikimedia.org gerrit set-account --active <id retrieved from prior command>

xref https://wikitech.wikimedia.org/wiki/Gerrit/Administration#Disable_User