Page MenuHomePhabricator

Create account "by e-mail" requires password
Closed, ResolvedPublic

Description

By call of
http://commons.wikimedia.org/w/index.php?title=Special:Userlogin&action=submitlogin&type=signup
there appears an extra button "by e-mail" (only as an already logged in user).
As I understand the function, an account will created with the entered username
and a system-generated password is send to the entered e-mail-adress.

But the fields "Password" and "Retype password" are mandatory fields. That seems
to be not logical if a password will be generated by the system. By testing
today I generated an account on de.WP "Raymond1", see
http://de.wikipedia.org/w/index.php?title=Spezial:Log&user=Raymond (15:31, 21.
Jun 2006)


Version: unspecified
Severity: normal
URL: http://commons.wikimedia.org/w/index.php?title=Special:Userlogin&action=submitlogin&type=signup

Details

Reference
bz6394

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:21 PM
bzimport set Reference to bz6394.
bzimport added a subscriber: Unknown Object (MLST).

leon wrote:

I'd like to now what that feature should do; the function names sound like what
raymond described, but the way it workes doesn't giv e me any clue. Does
somebody know that? Who added that feature?

jimmy.collins wrote:

For me it seems to be a feature/bug of the Confirm Edit extension.

  • Bug 8219 has been marked as a duplicate of this bug. ***

bitlogic wrote:

I'm the user on IRC that Ral315 mentions on #8219.

The idea is that sysop can create an account without password (that's why
password is blank on form) and it'll be e-mailed to user without the knowledge
of sysop.

I'll try to dig into the code to discover what could be the problem. If someone
has some idea please post it here.

bitlogic wrote:

Proposed patch to test correctly empty password

Using this patch started to work as described on bug 8219

Attached:

bitlogic wrote:

(In reply to comment #5)

Created an attachment (id=2850) [edit]
Proposed patch to test correctly empty password

Using this patch started to work as described on bug 8219

For version 1.6.8

robchur wrote:

Please provide patches against SVN trunk, HEAD revision.

Patch is clearly wrong; it simply rejects passwords at the specified
minimum length instead of shorter than the minimum length at account
creation time.

For instance, if the minimum is 8-character passwords, with this patch
you could not set an 8-character password, but would need at least 9
characters.

Fixed in r18307

Now nullifies the initial password so account can't be logged in with the
initial (eg blank) pass,
so can't log in until the mailed temp pass is used.

  • Bug 9727 has been marked as a duplicate of this bug. ***