[MediaWiki-l] unable to change temporary password while creating new account/resetting password

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[MediaWiki-l] unable to change temporary password while creating new account/resetting password

Marlon Kewaldar
Hi all,

We have a problem changing the temporarily password assigned by Extension:ConfirmAccount<https://www.mediawiki.org/wiki/Extension:ConfirmAccount>. Because I suspect it's a more general problem so I'll post it here.

The problem is that the password apparently isn't changed after submitting a new one.

Use case:

- After creation of the account (or resetting it via 'Forgot password')  and logging in with the given temporarily password I get the message "You logged in with a temporary emailed code. To finish logging in, you must set a new password here".

- I change the password (submitting 2 times a new value)

- I get no error message and I'm being redirected (so successful login) to the homepage.

- BUT: if I log off and try to login again I've to use the old/temporarily password, the new one is not accepted

- If I repeat this (login in with the old password, enter a new one) and go directly to the Speciaal:ChangeCredentials page and change the password, log off and log in again, it works fine.

In the meantime we have applied a (temporary) patch in the mediawiki-code to avoid the step for changing the temporary password.

in File: /home/hz01/mediawiki/core/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php

the following is changed:

        protected function getPasswordResetData( $username, $data ) {

                // Do not reset password (workaround!)

return [];

        /*      return (object)[

                        'msg' => wfMessage( 'resetpass-temp-emailed' ),

                        'hard' => false,//true,



This means that the user is still obliged to change his/her password after they receive the email.

Of course this is not optimal, and we would like to know:

a. if there is another (official) way to step over the forced changing of the temporary password

b. (Better!) is there a way to store the newly entered password?

It's a black box to me. Where do I have to look for an error message?

Thanks in advance for your help.

Met vriendelijke groet,
Kind regards,

MediaWiki-l mailing list
To unsubscribe, go to: