On login: Fatal exception of type PasswordError on 1.24wmf16
Closed, ResolvedPublic

Description

This doesn't seem to affect all accounts (I am able to login just fine), but some accounts seem to have issues logging in since today on mediawiki.org, and 1.24wmf16 was deployed yesterday. This can't be just a coincidence.

[b596cdd3] 2014-08-01 09:04:31: Fatal exception of type PasswordError
[979b6eb4] 2014-08-01 12:49:06: Fatal exception of type PasswordError

See URL for those reports.


Version: wmf-deployment
Severity: major
URL: https://www.mediawiki.org/wiki/Thread:Project:Current_issues/Can%27t_log_in

bzimport set Reference to bz69007.
Ciencia_Al_Poder created this task.Via LegacyAug 1 2014, 2:49 PM
Reedy added a comment.Via ConduitAug 1 2014, 4:42 PM

2014-08-01 12:49:06 mw1042 mediawikiwiki: [979b6eb4] /w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=MediaWiki Exception from line 108 of /usr/local/apache/common-local/php-1.24wmf16/includes/password/PasswordFactory.php: Invalid hash given
#0 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthUser.php(1532): PasswordFactory->newFromCiphertext('<REDACTED>...')
#1 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthUser.php(921): CentralAuthUser->matchHash('<REDACTED>', '433457', '<REDACTED>...')
#2 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthPlugin.php(60): CentralAuthUser->attemptPasswordMigration('<REDACTED>')
#3 /usr/local/apache/common-local/php-1.24wmf16/includes/User.php(3769): CentralAuthPlugin->authenticate('Reinheitsgebot', '<REDACTED>')
#4 /usr/local/apache/common-local/wmf-config/Bug54847.php(134): User->checkPassword('<REDACTED>')
#5 [internal function]: {closure}(Object(User), '<REDACTED>', 8, NULL)
#6 /usr/local/apache/common-local/php-1.24wmf16/includes/Hooks.php(206): call_user_func_array(Object(Closure), Array)
#7 /usr/local/apache/common-local/php-1.24wmf16/includes/GlobalFunctions.php(4031): Hooks::run('AbortLogin', Array, NULL)
#8 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(655): wfRunHooks('AbortLogin', Array)
#9 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(827): LoginForm->authenticateUserData()
#10 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(230): LoginForm->processLogin()
#11 /usr/local/apache/common-local/php-1.24wmf16/includes/specialpage/SpecialPage.php(382): LoginForm->execute(NULL)
#12 /usr/local/apache/common-local/php-1.24wmf16/includes/specialpage/SpecialPageFactory.php(516): SpecialPage->run(NULL)
#13 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(294): SpecialPageFactory::executePath(Object(Title), Object(RequestContext))
#14 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(609): MediaWiki->performRequest()
#15 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(458): MediaWiki->main()
#16 /usr/local/apache/common-local/php-1.24wmf16/index.php(46): MediaWiki->run()
#17 /usr/local/apache/common-local/w/index.php(3): require('/usr/local/apac...')
#18 {main}

csteipp added a comment.Via ConduitAug 1 2014, 5:00 PM

Found it. CentralAuth doesn't do the md5 handling that User::loadFromRow() does,

if ( preg_match( '/^[0-9a-f]{32}$/', $row->user_password ) ) {

$row->user_password = ":A:{$this->mId}:{$row->user_password}";

}

Patch in just a minute..

gerritbot added a comment.Via ConduitAug 1 2014, 5:31 PM

Change 151118 had a related patch set uploaded by CSteipp:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151118

gerritbot added a comment.Via ConduitAug 1 2014, 5:41 PM

Change 151118 merged by jenkins-bot:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151118

gerritbot added a comment.Via ConduitAug 1 2014, 5:43 PM

Change 151120 had a related patch set uploaded by CSteipp:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151120

gerritbot added a comment.Via ConduitAug 1 2014, 5:56 PM

Change 151120 merged by jenkins-bot:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151120

gerritbot added a comment.Via ConduitAug 1 2014, 6:03 PM

Change 151126 had a related patch set uploaded by CSteipp:
Update CentralAuth for bug 69007

https://gerrit.wikimedia.org/r/151126

gerritbot added a comment.Via ConduitAug 1 2014, 6:07 PM

Change 151126 merged by jenkins-bot:
Update CentralAuth for bug 69007

https://gerrit.wikimedia.org/r/151126

csteipp added a comment.Via ConduitAug 1 2014, 6:14 PM

Deployed into 1.24wmf16

Aklapper added a comment.Via ConduitAug 1 2014, 7:15 PM

Ciencia Al Poder: Thank you for quickly reporting this problem in Bugzilla!

Ciencia_Al_Poder added a comment.Via ConduitAug 1 2014, 8:17 PM

And thanks for the fix :)

Add Comment

Column Prototype
This is a very early prototype of a persistent column. It is not expected to work yet, and leaving it open will activate other new features which will break things. Press "\" (backslash) on your keyboard to close it now.