Page MenuHomePhabricator

On login: Fatal exception of type PasswordError on 1.24wmf16
Closed, ResolvedPublic

Description

This doesn't seem to affect all accounts (I am able to login just fine), but some accounts seem to have issues logging in since today on mediawiki.org, and 1.24wmf16 was deployed yesterday. This can't be just a coincidence.

[b596cdd3] 2014-08-01 09:04:31: Fatal exception of type PasswordError
[979b6eb4] 2014-08-01 12:49:06: Fatal exception of type PasswordError

See URL for those reports.


Version: wmf-deployment
Severity: major
URL: https://www.mediawiki.org/wiki/Thread:Project:Current_issues/Can%27t_log_in

Details

Reference
bz69007

Event Timeline

bzimport raised the priority of this task from to Unbreak Now!.Nov 22 2014, 3:28 AM
bzimport set Reference to bz69007.

2014-08-01 12:49:06 mw1042 mediawikiwiki: [979b6eb4] /w/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=MediaWiki Exception from line 108 of /usr/local/apache/common-local/php-1.24wmf16/includes/password/PasswordFactory.php: Invalid hash given
#0 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthUser.php(1532): PasswordFactory->newFromCiphertext('<REDACTED>...')
#1 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthUser.php(921): CentralAuthUser->matchHash('<REDACTED>', '433457', '<REDACTED>...')
#2 /usr/local/apache/common-local/php-1.24wmf16/extensions/CentralAuth/CentralAuthPlugin.php(60): CentralAuthUser->attemptPasswordMigration('<REDACTED>')
#3 /usr/local/apache/common-local/php-1.24wmf16/includes/User.php(3769): CentralAuthPlugin->authenticate('Reinheitsgebot', '<REDACTED>')
#4 /usr/local/apache/common-local/wmf-config/Bug54847.php(134): User->checkPassword('<REDACTED>')
#5 [internal function]: {closure}(Object(User), '<REDACTED>', 8, NULL)
#6 /usr/local/apache/common-local/php-1.24wmf16/includes/Hooks.php(206): call_user_func_array(Object(Closure), Array)
#7 /usr/local/apache/common-local/php-1.24wmf16/includes/GlobalFunctions.php(4031): Hooks::run('AbortLogin', Array, NULL)
#8 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(655): wfRunHooks('AbortLogin', Array)
#9 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(827): LoginForm->authenticateUserData()
#10 /usr/local/apache/common-local/php-1.24wmf16/includes/specials/SpecialUserlogin.php(230): LoginForm->processLogin()
#11 /usr/local/apache/common-local/php-1.24wmf16/includes/specialpage/SpecialPage.php(382): LoginForm->execute(NULL)
#12 /usr/local/apache/common-local/php-1.24wmf16/includes/specialpage/SpecialPageFactory.php(516): SpecialPage->run(NULL)
#13 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(294): SpecialPageFactory::executePath(Object(Title), Object(RequestContext))
#14 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(609): MediaWiki->performRequest()
#15 /usr/local/apache/common-local/php-1.24wmf16/includes/MediaWiki.php(458): MediaWiki->main()
#16 /usr/local/apache/common-local/php-1.24wmf16/index.php(46): MediaWiki->run()
#17 /usr/local/apache/common-local/w/index.php(3): require('/usr/local/apac...')
#18 {main}

Found it. CentralAuth doesn't do the md5 handling that User::loadFromRow() does,

if ( preg_match( '/^[0-9a-f]{32}$/', $row->user_password ) ) {

$row->user_password = ":A:{$this->mId}:{$row->user_password}";

}

Patch in just a minute..

Change 151118 had a related patch set uploaded by CSteipp:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151118

Change 151118 merged by jenkins-bot:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151118

Change 151120 had a related patch set uploaded by CSteipp:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151120

Change 151120 merged by jenkins-bot:
Add prefix for old style hashes

https://gerrit.wikimedia.org/r/151120

Change 151126 had a related patch set uploaded by CSteipp:
Update CentralAuth for bug 69007

https://gerrit.wikimedia.org/r/151126

Change 151126 merged by jenkins-bot:
Update CentralAuth for bug 69007

https://gerrit.wikimedia.org/r/151126

Ciencia Al Poder: Thank you for quickly reporting this problem in Bugzilla!