Causes "Incorrect password entered" error when the account is globally locked
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Anomie
	Dec 2 2013, 6:43 PM

Description

When the account is globally locked, CentralAuth will currently fail the
password check leading to a message "Incorrect password entered." This
is misleading and causes unnecessary bug reports such as bug 53755 and
bug 57791.

Version: master
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=45469

Details

Reference: bz57866

Related Objects

Mentioned In: T47469: The <Centralauth-error-locked> message sucks and needs improvement

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:38 AM

• bzimport added a project: MediaWiki-extensions-CentralAuth.

• bzimport set Reference to bz57866.

Anomie created this task.Dec 2 2013, 6:43 PM

Change 98568 had a related patch set uploaded by Anomie:
Correct failure message when account is locked

https://gerrit.wikimedia.org/r/98568

Bug 53755 has been marked as a duplicate of this bug. ***

Bug 57791 has been marked as a duplicate of this bug. ***

Would it be possible to display a link to the log and how to appeal a lock?

That's likely out of place here. You could probably do it through customizing the new message on the local wiki.

(In reply to comment #5)

That's likely out of place here. You could probably do it through customizing
the new message on the local wiki.

Can this be done for all 700+ Wikimedia wikis?

I would hope that there is a capacity for this to be a single global message, and one that would be stored on translatewiki as a Wikimedia message, ie. a master message that is translated. Locks are only performed by stewards at the WMF, and having a series of localised messages that local admins can amend is just going to be confusing compared with having a consistent message (that stewards wish to have in place for stewards needs) and have that translated to each language. To my understanding, the scripting for messaging for global block has been suitably amended.

If a link to the log and to [[m:SRG]] is not possible, how about just displaying the log entry and reason for the lock?

Change 98568 merged by jenkins-bot:
Correct failure message when account is locked

https://gerrit.wikimedia.org/r/98568

Approved the patch

The CentralAuth system was working as intended. The two bug reports you mentioned were because of actions of user (in this case, steward) error. Will this cause unintentional bugs?

(In reply to comment #11)

The CentralAuth system was working as intended.

Only if by "working as intended" you mean "giving a misleading error message that sent people in the wrong direction trying to figure out why the user couldn't log in".

The only thing changed here was the error message displayed to the user when their account is globally locked.

No, I meant that *technically* it was working as it should have been. Locking has been primarily been used to keep out spambots and long-term abusers/vandals. What does new one look like, by the way?

(In reply to comment #13)