Page MenuHomePhabricator
Create Task
Maniphest T21157

createAndPromote error on bad password
Closed, ResolvedPublic
Actions

Description

If createAndPromote is fed a bad password, the account is created anyway. Should roll back the creation if we can't make a valid PW.

Version: 1.16.x
Severity: normal

Details

Reference
bz19157

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved demonT21133 Maintenance script cleanup
 ResolvedNoneT21157 createAndPromote error on bad password

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:40 PM
bzimport added a project: MediaWiki-Maintenance-system.
bzimport set Reference to bz19157.
bzimport added a subscriber: Unknown Object (MLST).
demon created this task.Jun 11 2009, 2:02 PM
Emufarmers added a comment.Jun 11 2009, 6:07 PM

Adds password checking; also makes the other messages a little more informative

Attached:

createAndPromote.patch1 KBDownload

demon added a comment.Jun 24 2009, 2:03 AM

Fixed in r52336.

Emufarmers added a comment.Jun 24 2009, 2:30 PM

As it is, the script is going to report back with "password too short" even if the password was rejected for another reason. (Fixing this will probably require reworking User::setPassword() and User::isValidPassword).

bzimport added a comment.Jun 24 2009, 6:17 PM

overlordq wrote:

patch to isValidPassword and setPassword

Horrible patch to separate too short passwords from invalid passwords. Unfortunately requires a message change.

Attached:

User.php.diff2 KBDownload

demon added a comment.Jun 27 2009, 4:54 PM

Fixed in r52494 in trunk. Will merge to branch later.

brion added a comment.Aug 24 2009, 12:11 AM

Copying my notes from Code Review on r52494:

Eww... this is a really ugly calling convention.

If the function is named 'isSomething', it needs to return a boolean otherwise you're just asking for trouble. An optional outparam for returning a message key would be much less annoying in this context.

demon added a comment.Nov 28 2009, 4:55 AM

This has been fixed for awhile now. User.php was cleaned up, and my original complaint about creating users with bad passwords has also been fixed for quite some time.

Mainframe98 mentioned this in T335702: createAndPromote.php throws an error when the provided password for a newly created user is not valid according to the password policy.May 1 2023, 4:47 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL