Causes "Incorrect password entered" error when the account is globally locked
Closed, ResolvedPublic

Description

When the account is globally locked, CentralAuth will currently fail the
password check leading to a message "Incorrect password entered." This
is misleading and causes unnecessary bug reports such as bug 53755 and
bug 57791.


Version: master
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=45469

bzimport set Reference to bz57866.
Anomie created this task.Via LegacyDec 2 2013, 6:43 PM
gerritbot added a comment.Via ConduitDec 2 2013, 6:43 PM

Change 98568 had a related patch set uploaded by Anomie:
Correct failure message when account is locked

https://gerrit.wikimedia.org/r/98568

Anomie added a comment.Via ConduitDec 2 2013, 6:46 PM
  • Bug 53755 has been marked as a duplicate of this bug. ***
Anomie added a comment.Via ConduitDec 2 2013, 6:47 PM
  • Bug 57791 has been marked as a duplicate of this bug. ***
PiRSquared17 added a comment.Via ConduitDec 2 2013, 7:06 PM

Would it be possible to display a link to the log and how to appeal a lock?

Anomie added a comment.Via ConduitDec 2 2013, 7:31 PM

That's likely out of place here. You could probably do it through customizing the new message on the local wiki.

PiRSquared17 added a comment.Via ConduitDec 2 2013, 7:32 PM

(In reply to comment #5)

That's likely out of place here. You could probably do it through customizing
the new message on the local wiki.

Can this be done for all 700+ Wikimedia wikis?

Billinghurst added a comment.Via ConduitDec 2 2013, 10:04 PM

I would hope that there is a capacity for this to be a single global message, and one that would be stored on translatewiki as a Wikimedia message, ie. a master message that is translated. Locks are only performed by stewards at the WMF, and having a series of localised messages that local admins can amend is just going to be confusing compared with having a consistent message (that stewards wish to have in place for stewards needs) and have that translated to each language. To my understanding, the scripting for messaging for global block has been suitably amended.

PiRSquared17 added a comment.Via ConduitDec 3 2013, 4:32 PM

If a link to the log and to [[m:SRG]] is not possible, how about just displaying the log entry and reason for the lock?

gerritbot added a comment.Via ConduitJan 5 2014, 2:15 PM

Change 98568 merged by jenkins-bot:
Correct failure message when account is locked

https://gerrit.wikimedia.org/r/98568

hoo added a comment.Via ConduitJan 5 2014, 2:16 PM

Approved the patch

Bsadowski1 added a comment.Via ConduitJan 7 2014, 2:10 AM

The CentralAuth system was working as intended. The two bug reports you mentioned were because of actions of user (in this case, steward) error. Will this cause unintentional bugs?

Anomie added a comment.Via ConduitJan 7 2014, 4:10 AM

(In reply to comment #11)

The CentralAuth system was working as intended.

Only if by "working as intended" you mean "giving a misleading error message that sent people in the wrong direction trying to figure out why the user couldn't log in".

The only thing changed here was the error message displayed to the user when their account is globally locked.

Bsadowski1 added a comment.Via ConduitJan 7 2014, 4:50 AM

No, I meant that *technically* it was working as it should have been. Locking has been primarily been used to keep out spambots and long-term abusers/vandals. What does new one look like, by the way?

Aklapper added a comment.Via ConduitJan 7 2014, 8:33 AM

(In reply to comment #13)

What does new one look like, by the way?

https://gerrit.wikimedia.org/r/98568 or wait a few days.

MarcoAurelio moved this task to Done on the MediaWiki-extensions-CentralAuth workboard.Via WebMay 5 2015, 5:57 PM

Add Comment