Page MenuHomePhabricator
Create Task
Maniphest T311602

Wikibase.Cloud login failure after resetting password
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

Problem:
Log in to Wikibase.Cloud fails for account registered using task-specific email (e.g. helloworld12+task@gmail.com) after filling out password reset. Password is supposed to be reset but users can somehow use old password to log in.

Steps to reproduce

  1. Create a new account using a task-specific email (the one with + in it) either on wikibase.dev or wikibase.cloud
  2. Navigate to https://www.wikibase.cloud/forgotten-password
  3. Enter the email address associated with your account (i.e. the account that received this email) and select the “Reset” button
  4. You will receive an email with a link that will allow you to set a new password
  5. Follow this link and enter a secure new password for your account
  6. Log in to your Wikibase.cloud account using this new password

Notes
This issue was reported by 1 user.

A/C:

  • Option 1: This user agrees to change his email
  • Option 2: Fix api to work with task-specific emails
  • Write test
  • Change user's email to what he initially wants

Event Timeline

Mohammed_Sadat_WMDE created this task.Jun 29 2022, 9:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 29 2022, 9:25 AM
Evelien_WMDE moved this task from Backlog (incoming) to Ready to Pick Up on the Wikibase Cloud board.Jun 29 2022, 9:28 AM
Mohammed_Sadat_WMDE updated the task description. (Show Details)Jun 29 2022, 9:30 AM
Rosalie_WMDE moved this task from Ready to Pick Up to Launch Migration Kanban (2022) on the Wikibase Cloud board.Jun 30 2022, 8:44 AM
Rosalie_WMDE edited projects, added Wikibase Cloud (Launch Migration Kanban (2022)); removed Wikibase Cloud.
dang claimed this task.Jun 30 2022, 8:59 AM
dang moved this task from Backlog to Doing on the Wikibase Cloud (Launch Migration Kanban (2022)) board.
dang added a comment.Jul 1 2022, 10:42 AM

I couldn't replicate the failure... I've also tried it on local and wikibase.dev and so far they all worked.

dang added a comment.Jul 1 2022, 12:31 PM

So actually task-specific email addresses (one with + in it) caused the problem. Password resetting email was sent and new password was created but somehow I can still login with the old password and even create a new wiki.

dang updated the task description. (Show Details)Jul 1 2022, 1:45 PM
dang added a comment.Jul 4 2022, 8:27 PM
"POST /user/resetPassword HTTP/1.1" 422 517 "http://www.wbaas.localhost/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"

The POST request send to the api to reset the password was 422: The request was well-formed but was unable to be followed due to semantic errors. That's why the old password is still usable due to the fact that the HTTP request to reset password didn't work.

Mohammed_Sadat_WMDE updated the task description. (Show Details)Jul 5 2022, 7:03 AM

@dang The user has agreed to change their email by excluding the +task part. Everything else remains the same.

Jan_Dittrich subscribed.Jul 5 2022, 9:00 AM

Option 2: Fix api to work with task-specific emails

I would strongly prefer this option for anything other than a short-term fix. Many providers now allow "+" mail-addresses and we are going to have more of these in the future.

dang added a comment.Jul 5 2022, 9:05 AM

I'm trying to go with option 2.

conny-kawohl_WMDE edited projects, added Wikibase Cloud (WB Cloud Sprint 0); removed Wikibase Cloud (Launch Migration Kanban (2022)).Jul 7 2022, 9:07 AM
conny-kawohl_WMDE set the point value for this task to 5.
conny-kawohl_WMDE removed dang as the assignee of this task.Jul 7 2022, 9:23 AM
conny-kawohl_WMDE added a subscriber: dang.
dang moved this task from Sprint Backlog to Doing on the Wikibase Cloud (WB Cloud Sprint 0) board.Jul 7 2022, 3:01 PM

WIP PR. I'm still trying to write a test for this case

https://github.com/wbstack/api/pull/481

dang updated the task description. (Show Details)Jul 7 2022, 3:04 PM
dang claimed this task.Jul 11 2022, 8:48 AM
Michael subscribed.Jul 13 2022, 9:37 AM
dang updated the task description. (Show Details)Jul 15 2022, 2:28 PM
dang moved this task from Doing to In Review on the Wikibase Cloud (WB Cloud Sprint 0) board.
dang removed dang as the assignee of this task.Jul 15 2022, 2:57 PM
Tarrow moved this task from In Review to Waiting for Deploy to Staging on the Wikibase Cloud (WB Cloud Sprint 0) board.Jul 18 2022, 8:32 AM
dang moved this task from Waiting for Deploy to Staging to Waiting for Deploy to Production on the Wikibase Cloud (WB Cloud Sprint 0) board.Jul 18 2022, 3:50 PM
dang moved this task from Waiting for Deploy to Production to In Verification on the Wikibase Cloud (WB Cloud Sprint 0) board.
Evelien_WMDE added a comment.Jul 20 2022, 1:34 PM

Tested and verified, works perfectly @dang

Evelien_WMDE moved this task from In Verification to Done on the Wikibase Cloud (WB Cloud Sprint 0) board.Jul 20 2022, 1:37 PM
Aklapper added a comment.Jul 25 2022, 9:11 AM

@Evelien_WMDE: The project tag got archived and this open task has no other active project tags. Could you please either add an active project tag so this task can be found, or update the task status? Thanks a lot!

Evelien_WMDE closed this task as Resolved.Jul 25 2022, 9:16 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL