[MediaWiki-l] unable to change temporary password while creating new account/resetting password

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] unable to change temporary password while creating new account/resetting password

Marlon Kewaldar
Hi all,


We have a problem changing the temporarily password assigned by Extension:ConfirmAccount<https://www.mediawiki.org/wiki/Extension:ConfirmAccount>. Because I suspect it's a more general problem so I'll post it here.

The problem is that the password apparently isn't changed after submitting a new one.


Use case:


- After creation of the account (or resetting it via 'Forgot password')  and logging in with the given temporarily password I get the message "You logged in with a temporary emailed code. To finish logging in, you must set a new password here".


- I change the password (submitting 2 times a new value)


- I get no error message and I'm being redirected (so successful login) to the homepage.


- BUT: if I log off and try to login again I've to use the old/temporarily password, the new one is not accepted


- If I repeat this (login in with the old password, enter a new one) and go directly to the Speciaal:ChangeCredentials page and change the password, log off and log in again, it works fine.


In the meantime we have applied a (temporary) patch in the mediawiki-code to avoid the step for changing the temporary password.


in File: /home/hz01/mediawiki/core/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php

the following is changed:


        protected function getPasswordResetData( $username, $data ) {

                // Do not reset password (workaround!)

return [];

        /*      return (object)[

                        'msg' => wfMessage( 'resetpass-temp-emailed' ),

                        'hard' => false,//true,

                ];*/

        }

This means that the user is still obliged to change his/her password after they receive the email.

Of course this is not optimal, and we would like to know:


a. if there is another (official) way to step over the forced changing of the temporary password

b. (Better!) is there a way to store the newly entered password?


It's a black box to me. Where do I have to look for an error message?


Thanks in advance for your help.


Met vriendelijke groet,
Kind regards,

Marlon
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l