Page MenuHomePhabricator
Create Task
Maniphest T42050

Allow password reset requests to be handled centrally for unified users
Closed, ResolvedPublic
Actions

Description

Author: akshay.leadindia

Description:
For unified users, password reset requests dont work on wikis where the user has not visited before. This is because a local account for that user has not been created in that wiki. So, after trying to reset password on that wiki, we get an error "The username '$username' is not registered on this wiki, but it does exist in the unified login system". Even if I wanted to create a new account on this current wiki, I wont be allowed to do so citing that my desired username is very similar to/ same as the existing one. As a user, now I need to remember which wiki I had created that account on or any other wiki which I have visited before (as a logged in user) and then try to reset the password there.

As Dantman suggested we cannot allow creating local accounts on wikis where the user has not visited before because you could abuse that to force MW to create local users on wikis that a user will never go. It could be used both as a form of user harassment and as a way to spam the RC even when blocked.

A better approach would be to improve CentralAuth to allow resetting all passwords centrally for unified users.

Should this approach be approved & if it requires significant efforts, I would be interested on making these changes after I am done with SignupAPI

Version: unspecified
Severity: normal

Details

Reference
bz40050

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 1:08 AM
bzimport added a project: MediaWiki-extensions-CentralAuth.
bzimport set Reference to bz40050.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Sep 6 2012, 11:24 AM
werdna unsubscribed.Dec 10 2014, 5:38 PM
Nemo_bis added a project: MediaWiki-Core-AuthManager.Jul 18 2015, 7:24 PM
Nemo_bis subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 18 2015, 7:24 PM
Tgr merged a task: T89459: Modernize MediaWiki authentication system (AuthManager).Aug 27 2015, 7:07 AM
Tgr added a subtask: T89459: Modernize MediaWiki authentication system (AuthManager).
Tgr added subscribers: Krenair, Tgr, Ricordisamoa and 5 others.
Tgr added a comment.Aug 27 2015, 7:12 AM

Not sure if this is still the case, but if it is, AuthManager will make it easy to handle this cleanly: all auth providers will be able handle, ignore or prevent a password change, and the local-password provider will simply ignore (but not prevent) when the local account does not exist. IIRC password resets will be implemented as a special kind of data change and the same principle will apply.

Anomie added a comment.Jun 16 2016, 4:11 PM

AuthManager doesn't really fix this, since TemporaryPasswordPrimaryAuthenticationProvider needs a local user so it can store the temporary password. We'd have to replace that with something CentralAuth-y (along with other changes) to make it be able to work, or change core to move the user_newpassword field out of the user table and into a table indexed by not-necessarily-existing usernames instead.

OTOH, for WMF wikis we have Meta in $wgCentralAuthAutoCreateWikis so https://meta.wikimedia.org/wiki/Special:PasswordReset should generally be usable.

Also, I note that the default error message for this situation has linked to [[Special:CentralAuth/username]] since August 2013 when T39219 was fixed (although it's currently broken, see https://gerrit.wikimedia.org/r/294732 for the fix), so it's just a matter of clicking the link to find a wiki where it will work.

Tgr edited subtasks, added: T151012: CentralAuth should have its own temporary password handling; removed: T89459: Modernize MediaWiki authentication system (AuthManager).Nov 22 2016, 4:06 AM
Aklapper removed subscribers: Anomie, wikibugs-l-list.Oct 16 2020, 5:02 PM
RhinosF1 subscribed.Oct 22 2020, 7:23 AM
Bugreporter added a parent task: T362715: Move credentials change to central login wiki.Jun 24 2024, 3:52 AM
Tgr added a project: SUL3.EditedJun 24 2024, 3:27 PM
Tgr added a subscriber: Bugreporter.

Thanks for the reminder @Bugreporter, I didn't think of this but it's definitely a blocker for SUL3 (although for the MVP we can leave it on the local wiki).

We have gu_password_reset_key and gu_password_reset_expiration in globaluser (added way back in rECAU7ab0b090d77d: fiddle a bunch of stuff around to be more robust to global user renames in…) but nothing uses them, so we'll need to reimplement TemporaryPasswordPrimaryAuthenticationProvider in CentralAuth. (They don't match the core column names, user_newpassword and user_newpass_time, which is annoying, but true for a number of globaluser columns, and in general the CA names make more sense.)

The nicer approach, but probably too big to attempt in the middle of another project, would be to do T183420: Authentication data should not be available through the normal DB abstraction layer so core and CentralAuth can use the same authentication provider and just a different password access service.

Tgr added a project: MediaWiki-Platform-Team.Jul 1 2024, 1:54 PM
larissagaulia assigned this task to matmarex.Jul 1 2024, 3:09 PM
larissagaulia moved this task from Inbox, needs triage to In progress on the MediaWiki-Platform-Team board.Jul 8 2024, 2:35 PM
Tgr moved this task from Backlog to In progress on the SUL3 board.Jul 23 2024, 7:21 PM
gerritbot added a comment.Jul 27 2024, 2:51 AM

Change #1057315 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/CentralAuth@master] Allow password reset requests to be handled centrally

https://gerrit.wikimedia.org/r/1057315

gerritbot added a project: Patch-For-Review.Jul 27 2024, 2:51 AM
matmarex mentioned this in T371340: It should be possible to look up global preference for central users without local accounts.Jul 30 2024, 2:15 AM
matmarex added a subtask: T371340: It should be possible to look up global preference for central users without local accounts.
matmarex added a subtask: T149003: TemporaryPasswordPrimaryAuthenticationProvider does not work with non-DB-based passwords.Jul 30 2024, 4:36 PM
Bugreporter mentioned this in T248034: Decrease issues created many years ago with no recent activity (aka stale tickets).Jul 31 2024, 9:42 AM
Tgr mentioned this in T369180: Ensure no AuthenticationRequests are added to the local login flow in SUL3 mode.Sep 1 2024, 12:43 PM
matmarex closed subtask T371340: It should be possible to look up global preference for central users without local accounts as Resolved.Sep 10 2024, 7:20 PM
matmarex closed subtask T149003: TemporaryPasswordPrimaryAuthenticationProvider does not work with non-DB-based passwords as Resolved.Sep 19 2024, 10:36 PM
matmarex mentioned this in T151012: CentralAuth should have its own temporary password handling.Sep 23 2024, 3:20 PM
matmarex closed subtask T151012: CentralAuth should have its own temporary password handling as Resolved.Sep 26 2024, 5:18 PM
matmarex closed this task as Resolved.Sep 26 2024, 5:27 PM
matmarex removed a project: Patch-For-Review.

This is fixed by the subtask. You can now request a password reset on any wiki (and if you don't have an account there, it will look up necessary account information in your global preferences or on your home wiki).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits