[go: up one dir, main page]
Page MenuHomePhabricator
Create Task
Maniphest T154946

Trying to log in using a BotPassword from the wrong IP gives incorrect password error
Open, LowPublicBUG REPORT
Actions

Description

"<?xml version="1.0"?><api><login result="Failed" reason="Incorrect password entered.&#10;Please try again." /></api>"

This is on action=login using format=xml (sorry, I found this via Huggle :()

Event Timeline

Krenair created this task.Jan 9 2017, 10:15 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 9 2017, 10:15 PM
Krenair added a comment.Jan 9 2017, 10:16 PM

The result for such a reason should always be WrongPass anyway

Anomie subscribed.Jan 9 2017, 10:21 PM

This comes from the backwards compatibility to allow people to try to still log in with the main account via action=login: if the BotPassword login fails, it tries it as a main-account login instead and returns the error from that.

In T154946#2929208, @Krenair wrote:

The result for such a reason should always be WrongPass anyway

ApiLogin doesn't return WrongPass since 1.27. Only NeedToken, WrongToken, Success, Failed, or Aborted.

Anomie moved this task from Unsorted to Needs details or plan on the MediaWiki-Action-API board.Jan 9 2017, 10:21 PM
Tgr subscribed.Jan 10 2017, 6:06 AM

The bot login error could just be displayed as a warning. That's unlikely to break any legacy bots (and if the bot login failed, there is not much left to break anyway).

Anomie added a comment.Jan 10 2017, 4:58 PM

Just as a historical note, when we added deprecation warnings to ApiLogin for the deprecation of NeedToken it broke several bots. ;)

Another thing we could potentially do is to use the BotPassword response if the AuthManager login failed and the username specified doesn't exist. There's potential for false positives there too (e.g. a central account with no local account), but I'm not inclined to spend a whole lot of effort on this.

Raymond subscribed.Jan 21 2017, 5:23 PM
Liuxinyu970226 added a project: MediaWiki-Core-AuthManager.Oct 13 2018, 3:06 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:01 PM
Restricted Application added a project: Platform Engineering. · View Herald TranscriptOct 16 2020, 5:01 PM
AMooney removed a project: Platform Engineering.Oct 20 2020, 7:26 PM
Aklapper triaged this task as Low priority.Oct 9 2023, 12:46 AM
Aklapper changed the subtype of this task from "Task" to "Bug Report".
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits