Page MenuHomePhabricator
Create Task
Maniphest T29310

Password reset form does not include domain information
Closed, ResolvedPublic
Actions

Description

The password reset form does not include domain information, or set the domain when resetting the password. This causes problems with the LDAP authentication plugin when passwords are reset.

After the user's password is reset they are logged in, but their session does not have wsDomain set, leading to strange behavior.

Version: unspecified
Severity: enhancement

Details

Reference
bz27310

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:23 PM
bzimport added a project: MediaWiki-Core-Preferences.
bzimport set Reference to bz27310.
bzimport added a subscriber: Unknown Object (MLST).
RyanLane created this task.Feb 11 2011, 1:03 AM
RyanLane added a comment.Feb 11 2011, 1:33 AM

Actually, this is worse in trunk than I thought. Password changing no longer works with LDAP at all. Since the domain isn't set when the form is loaded, wgAuth->allowPasswordChange() returns false.

RyanLane added a comment.Feb 11 2011, 5:40 PM

I've gotten to a point where password canges work by including the domain information in SpecialResetpass (r81978), but the session issue persists.

After the user changes the password, and is logged in, wsDomain disappears from the session. Somehow the user must be getting a new session without the domain properly added.

RyanLane added a comment.Feb 11 2011, 6:50 PM

Actually, on further testing r81978 fixes this (thanks to Reedy for his midas touch).

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL