Account recovery help needed for Developer account Iniquity
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Iniquity
	Jan 6 2022, 11:21 AM

Description

Hello! I forgot my password for logging into my Developer account on Wikitech. Is it possible to reset my password so that I can continue using my Developer account? There is one problem, the email is not specified :(

Event Timeline

Iniquity created this task.Jan 6 2022, 11:21 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 6 2022, 11:21 AM

Is creating a text file an option? See https://wikitech.wikimedia.org/wiki/Password_and_2FA_reset#For_users

Aklapper removed a project: wikitech.wikimedia.org.Jan 6 2022, 11:25 AM

I try, but the bastion won't let me in.

The general Cloud VPS bastions that document mentions only lets members of a Cloud VPS project other than toolforge to log in. Since you only have Toolforge access can you use the Toolforge bastions instead (login.toolforge.org).

Thanks for help, again:)
tools-sgebastion-07.tools.eqiad.wmflabs:/home/iniquity/2fa-reset-request.txt

In T298683#7601445, @Iniquity wrote:

Thanks for help, again:)
tools-sgebastion-07.tools.eqiad.wmflabs:/home/iniquity/2fa-reset-request.txt

Confirmed:

taavi@tools-sgebastion-07:~ $ sudo ls -la /home/iniquity/2fa-reset-request.txt
-rw------- 1 iniquity wikidev 42 Jan  6 12:19 /home/iniquity/2fa-reset-request.txt
taavi@tools-sgebastion-07:~ $ sudo cat /home/iniquity/2fa-reset-request.txt
https://phabricator.wikimedia.org/T298683

I'm guessing the main question here is how to actually do the recovery? Set the email address to something and let @Iniquity then reset their password via Special:PasswordReset?

@Iniquity is it ok if we copy the email from your SUL account to the wikitech account? Note that email will be available publicly.

In T298683#7601964, @Majavah wrote:

@Iniquity is it ok if we copy the email from your SUL account to the wikitech account? Note that email will be available publicly.

Yes, I think it will be ok. Thanks.

Mentioned in SAL (#wikimedia-operations) [2022-01-06T16:33:43Z] <taavi> reset wikitech email for User:Iniquity per T298683

Hmm, I set the email on mediawiki side using resetUserEmail.php. It was updated to the MediaWiki DB correctly, but doesn't appear to have been synced to LDAP :/

In T298683#7601986, @Majavah wrote:

Hmm, I set the email on mediawiki side using resetUserEmail.php. It was updated to the MediaWiki DB correctly, but doesn't appear to have been synced to LDAP :/

This is a known issue with wikitech's LDAP integration via https://www.mediawiki.org/wiki/Extension:LDAP_Authentication (which has a very colorful looking page on mw.o these days apparently).

In T298683#7601998, @bd808 wrote:

In T298683#7601986, @Majavah wrote:

Hmm, I set the email on mediawiki side using resetUserEmail.php. It was updated to the MediaWiki DB correctly, but doesn't appear to have been synced to LDAP :/

This is a known issue with wikitech's LDAP integration via https://www.mediawiki.org/wiki/Extension:LDAP_Authentication (which has a very colorful looking page on mw.o these days apparently).

This fixed the issue:

[urbanecm@labweb1002 ~]$ mwscript shell.php labswiki
>>> $ldap = LdapAuthenticationPlugin::getInstance();
>>> $user = User::newFromName('Iniquity')
[...]
>>> $ldap->updateExternalDB($user)
=> true
>>>

In theory this would happen automatically on first settings save, if I'm reading https://github.com/wikimedia/mediawiki-extensions-LdapAuthentication/blob/master/includes/LdapPrimaryAuthenticationProvider.php#L119 right.

It works! :) Thanks everyone.

taavi closed this task as Resolved.Jan 6 2022, 5:27 PM

taavi claimed this task.

@Majavah, @bd808 can you help plz? I cant sing in into gerrit.

Authentication failed.

Need I create a new request?

I cant sing in into gerrit.

Please explain how and where and what that means after performing which steps.

Open https://gerrit.wikimedia.org/r/login/
Use log/pass from wikithech.

In T298683#7607368, @Iniquity wrote:

@Majavah, @bd808 can you help plz? I cant sing in into gerrit.

Please try again. I just ran this from a maintenance server to make sure your Gerrit account is unlocked on the Gerrit side:

$ mwscript eval.php --wiki=labswiki
> wmfGerritSetActive($wmfGerritApiUser, $wmfGerritApiPassword, 'iniquity', 'PUT');

In T298683#7609538, @bd808 wrote:
In T298683#7607368, @Iniquity wrote:

@Majavah, @bd808 can you help plz? I cant sing in into gerrit.

Please try again. I just ran this from a maintenance server to make sure your Gerrit account is unlocked on the Gerrit side:
$ mwscript eval.php --wiki=labswiki
> wmfGerritSetActive($wmfGerritApiUser, $wmfGerritApiPassword, 'iniquity', 'PUT');

No, the same problem :(

@bd808 any ideas how to fix it? :(

In T298683#7617377, @Iniquity wrote:

@bd808 any ideas how to fix it? :(

I did the thing I knew about to unlock a Gerrit account. We need someone with more Gerrit super powers and knowledge to debug further. Maybe @thcipriani could advise us on who ask for that help?

@thcipriani can you help please? :)

@Iniquity Hi. Your account was marked inactive in Gerrit. I just reactivated it. Let me know how it goes.

What I did:

Collect user id

ssh gerrit.wikimedia.org gerrit set-account --active <email address>

Reactivate account

ssh gerrit.wikimedia.org gerrit set-account --active <id retrieved from prior command>

xref https://wikitech.wikimedia.org/wiki/Gerrit/Administration#Disable_User

In T298683#7628987, @dancy wrote:

@Iniquity Hi. Your account was marked inactive in Gerrit. I just reactivated it. Let me know how it goes.

It works! Thanks a lot :)

Iniquity closed this task as Resolved.Jan 19 2022, 8:50 AM

Iniquity claimed this task.

Iniquity reassigned this task from Iniquity to dancy.

	F34912494: image.png
	Jan 10 2022, 1:23 AM

Account recovery help needed for Developer account IniquityClosed, ResolvedPublicActions

Description

Event Timeline

Account recovery help needed for Developer account Iniquity
Closed, ResolvedPublic
Actions