Page MenuHomePhabricator
Create Task
Maniphest T422320

Android & iOS app login broken: "Could not extract login status"
Closed, ResolvedPublicBUG REPORT
Actions

Description

Steps to replicate the issue:

  • Install the Wikipedia iOS app
  • Navigate to the login page
  • Enter your user name & password and try logging in

What happens?:

  • Login fails with error message "Could not extract login status"

IMG_2762.PNG (1×750 px, 59 KB)

What should have happened instead?:

  • Log in

Other information:

  • Originally reported by @Mpns on Discord, I encountered the same bug
  • Both of us use 2FA, the issue occurs before we're prompted to use our 2FA method

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Check if $res->message is null within ApiAuthManagerHelpermediawiki/coremaster+1 -0
Check if $res->message is null within ApiAuthManagerHelpermediawiki/corewmf/1.46.0-wmf.22+1 -0
Customize query in gerrit

Related Objects

Event Timeline

Johannnes89 created this task.Apr 5 2026, 12:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 5 2026, 12:37 PM
Mpns added a comment.Apr 5 2026, 12:46 PM

Nearly same Problem at Android-App: Login using username and password results in "Caught exception of type TypeError" before asking for 2FA.
Android-App 50574-r-2026-03-20; Android 15 (05.01.2026).

HakanIST subscribed.Apr 5 2026, 1:03 PM
HakanIST added a comment.Apr 5 2026, 1:47 PM

I'm hitting the same issue. I think this might be related to ApiAuthManagerHelper::formatAuthenticationResponse() not handling a null $res->message. OATHAuth's recent commit (5dc1b42) started calling newUI() without a message, but the API helper still passes it to formatMessage(Message $message) on line 221, causing the TypeError. A null check there could fix it.

Aklapper renamed this task from iOS app login broken to iOS app login broken: "Could not extract login status".Apr 5 2026, 2:43 PM
Count_Count subscribed.Apr 6 2026, 3:51 PM
Tsevener subscribed.Apr 6 2026, 4:00 PM

I'm seeing this API response from the action=clientlogin POST call:

{
  "error": {
    "code": "internal_api_error_TypeError",
    "info": "[96a98f64-eb54-47e4-bc6f-b7df26447f75] Caught exception of type TypeError",
    "errorclass": "TypeError"
  },
  "servedby": "mw-api-ext.eqiad.main-55487b8484-dt77f"
}
HNordeenWMF triaged this task as High priority.Apr 6 2026, 4:05 PM
HNordeenWMF added a project: Wikipedia-Android-App-Backlog.
HNordeenWMF moved this task from Needs Triage to Tracking on the Wikipedia-Android-App-Backlog board.
HNordeenWMF renamed this task from iOS app login broken: "Could not extract login status" to Android & iOS app login broken: "Could not extract login status".Apr 6 2026, 5:02 PM
HNordeenWMF moved this task from Needs Triage to Tracking on the Wikipedia-iOS-App-Backlog board.Apr 6 2026, 5:06 PM
matmarex raised the priority of this task from High to Unbreak Now!.Apr 6 2026, 5:20 PM
matmarex added projects: MediaWiki-extensions-OATHAuth, Product Safety and Integrity.
matmarex subscribed.
In T422320#11790203, @Tsevener wrote:

[96a98f64-eb54-47e4-bc6f-b7df26447f75] Caught exception of type TypeError

https://logstash.wikimedia.org/app/discover#/doc/logstash-*/logstash-deploy-1-7.0.0-1-2026.04.06?id=uWuFY50BIM7hdzulTdUN

MediaWiki\Api\ApiAuthManagerHelper::formatMessage(): Argument #3 ($message) must be of type MediaWiki\Message\Message, null given, called in /srv/mediawiki/php-1.46.0-wmf.22/includes/Api/ApiAuthManagerHelper.php on line 221
from /srv/mediawiki/php-1.46.0-wmf.22/includes/Api/ApiAuthManagerHelper.php(74)
#0 /srv/mediawiki/php-1.46.0-wmf.22/includes/Api/ApiAuthManagerHelper.php(221): MediaWiki\Api\ApiAuthManagerHelper->formatMessage(array, string, null)
#1 /srv/mediawiki/php-1.46.0-wmf.22/includes/Api/ApiClientLogin.php(97): MediaWiki\Api\ApiAuthManagerHelper->formatAuthenticationResponse(MediaWiki\Auth\AuthenticationResponse)
#2 /srv/mediawiki/php-1.46.0-wmf.22/includes/Api/ApiMain.php(2059): MediaWiki\Api\ApiClientLogin->execute()
#3 /srv/mediawiki/php-1.46.0-wmf.22/includes/Api/ApiMain.php(964): MediaWiki\Api\ApiMain->executeAction()
#4 /srv/mediawiki/php-1.46.0-wmf.22/includes/Api/ApiMain.php(935): MediaWiki\Api\ApiMain->executeActionWithErrorHandling()
#5 /srv/mediawiki/php-1.46.0-wmf.22/includes/Api/ApiEntryPoint.php(138): MediaWiki\Api\ApiMain->execute()
#6 /srv/mediawiki/php-1.46.0-wmf.22/includes/MediaWikiEntryPoint.php(180): MediaWiki\Api\ApiEntryPoint->execute()
#7 /srv/mediawiki/php-1.46.0-wmf.22/api.php(30): MediaWiki\MediaWikiEntryPoint->run()
#8 /srv/mediawiki/w/api.php(3): require(string)
#9 {main}

This is the same error message as T422027, but in a different function.

Likely also caused by recent changes in OATHAuth.

HakanIST added a comment.Apr 6 2026, 8:38 PM

Fix from T422027 covered formatFields but this is the same issue in formatAuthenticationResponse, I can submit a similar patch if it would be helpful.

sbassett subscribed.Apr 6 2026, 8:39 PM

Testing locally in mw-docker, I was able to reproduce this issue using some python that I wrote which mimics the action=clientlogin walkthrough, and this step T422027#11779730, from the related bug. Based upon the solution in the related bug, this seems like a low-risk fix which got things working for me locally (I was able to use a test 2fa TOTP app to log in via action=clientlogin):

--- a/includes/Api/ApiAuthManagerHelper.php
+++ b/includes/Api/ApiAuthManagerHelper.php
@@ -218,6 +218,9 @@ class ApiAuthManagerHelper {
                        $res->status === AuthenticationResponse::UI ||
                        $res->status === AuthenticationResponse::RESTART
                ) {
+                       if ( !$res->message ) {
+                               $res->message = new RawMessage( '' );
+                       }
                        $this->formatMessage( $ret, 'message', $res->message );
                        $ret['messagecode'] = ApiMessage::create( $res->message )->getApiCode();
                }

If this seems reasonable, at least for now, we could push this through gerrit and get it deployed soon.

gerritbot added a comment.Apr 6 2026, 8:51 PM

Change #1268273 had a related patch set uploaded (by SBassett; author: SBassett):

[mediawiki/core@master] Check for null value within $res->message

https://gerrit.wikimedia.org/r/1268273

gerritbot added a project: Patch-For-Review.Apr 6 2026, 8:51 PM
gerritbot added a comment.Apr 6 2026, 9:57 PM

Change #1268273 merged by jenkins-bot:

[mediawiki/core@master] Check if $res->message is null within ApiAuthManagerHelper

https://gerrit.wikimedia.org/r/1268273

gerritbot added a comment.Apr 6 2026, 9:59 PM

Change #1268281 had a related patch set uploaded (by SBassett; author: SBassett):

[mediawiki/core@wmf/1.46.0-wmf.22] Check if $res->message is null within ApiAuthManagerHelper

https://gerrit.wikimedia.org/r/1268281

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.23; 2026-04-07).Apr 6 2026, 10:00 PM
gerritbot added a comment.Apr 6 2026, 10:10 PM

Change #1268281 merged by jenkins-bot:

[mediawiki/core@wmf/1.46.0-wmf.22] Check if $res->message is null within ApiAuthManagerHelper

https://gerrit.wikimedia.org/r/1268281

Stashbot added a comment.Apr 6 2026, 10:12 PM

Mentioned in SAL (#wikimedia-operations) [2026-04-06T22:12:16Z] <sbassett@deploy1003> Started scap sync-world: Backport for [[gerrit:1268281|Check if $res->message is null within ApiAuthManagerHelper (T422320)]]

Stashbot added a comment.Apr 6 2026, 10:13 PM

Mentioned in SAL (#wikimedia-operations) [2026-04-06T22:13:55Z] <sbassett@deploy1003> sbassett: Backport for [[gerrit:1268281|Check if $res->message is null within ApiAuthManagerHelper (T422320)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.

Stashbot added a comment.Apr 6 2026, 10:18 PM

Mentioned in SAL (#wikimedia-operations) [2026-04-06T22:18:34Z] <sbassett@deploy1003> Finished scap sync-world: Backport for [[gerrit:1268281|Check if $res->message is null within ApiAuthManagerHelper (T422320)]] (duration: 06m 18s)

Maintenance_bot removed a project: Patch-For-Review.Apr 6 2026, 10:30 PM
sbassett added a comment.Apr 6 2026, 10:31 PM

Can any Mobile folks confirm this is working now? Testing against metawiki's action API, the action=clientlogin walkthrough works for me now.

sbassett changed the task status from Open to In Progress.Apr 6 2026, 10:32 PM
sbassett lowered the priority of this task from Unbreak Now! to High.
HakanIST added a comment.Apr 6 2026, 10:37 PM

Tested in iOS app. 2FA login flow works as expected.

ReleaseTaggerBot edited projects, added MW-1.46-notes (1.46.0-wmf.22; 2026-03-31); removed MW-1.46-notes (1.46.0-wmf.23; 2026-04-07).Apr 6 2026, 11:00 PM
Mpns added a comment.Apr 7 2026, 5:26 AM

Also tested in Android app. Works like expected using 2FA.

jnuche mentioned this in T422455: Massive increase in "EtcdConfig failed to fetch data: Timeout was reached" warnings and errors since March 17th.Apr 7 2026, 8:25 AM
sbassett closed this task as Resolved.Apr 7 2026, 3:03 PM
sbassett claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits