Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CAS users unable to change email address #6

Open
leaf-node opened this issue Jun 19, 2017 · 4 comments
Open

CAS users unable to change email address #6

leaf-node opened this issue Jun 19, 2017 · 4 comments

Comments

@leaf-node
Copy link

Hello,

Thanks for maintaining this extension. I appreciate the work you've put into this.

I have noticed an issue when using this extension with MW 1.27 on both of our wikis that make use of CASAuth. Users are unable to change their email address, due to a redirect loop. On other sites that we manage this is sometimes due to a failure to authenticate or lack of user permissions on the client side. The infinite redirect loop is such:

/wiki?title=Special:ChangeEmail&returnto=Special%3APreferences
/wiki?title=Special:UserLogin&returnto=Special%3AChangeEmail&returntoquery=returnto%3DSpecial%253APreferences&force=ChangeEmail
/wiki?title=Special:ChangeEmail&action=purge
/wiki?title=Special:UserLogin&returnto=Special%3AChangeEmail&returntoquery=action%3Dpurge&force=ChangeEmail
/wiki?title=Special:ChangeEmail&action=purge

Do you see this on your own wiki?

This isn't a super important issue for us, so no pressure. Thanks again for your work on this extension.

Thanks,
Andrew
@leaf-node
Copy link
Author

Someone on our team pointed out that this is actually a fairly important issue for us because setting one's email address allows for communication via user talk pages and watched pages. If you don't have the time to fix this issue, then any clues for this issue would be very much appreciated. : ) Thanks.

@jpgill86
Copy link
Member

Hi @sudoman,

Yes, I see this on our wiki. This is a feature I've never attempted to use before, but when I try it now I encountered an error: "The page isn’t redirecting properly".

I'm afraid that I neither have time to work on this now nor any suggestions for where to start. Please let us know if you find something.

Jeff

@ian-kelling
Copy link

This patch to mediawiki is a workaround that essentially acts like $wgRequirePasswordforEmailChange = false;, which is an option that was removed in 1.27.

*** includes/auth/AuthManager.php
--- includes/auth/AuthManager.php
***************
*** 729,734 ****
--- 729,738 ----
  			$status = self::SEC_FAIL;
  		}
  
+ 		if ( $status === self::SEC_REAUTH ) {
+ 			$status = self::SEC_OK;
+ 		}
+ 
  		$this->logger->info( __METHOD__ . ": $operation is $status" );
  
  		return $status;

@ian-kelling
Copy link

I hope someone can make a proper fix. I might try someday. The area of code that patch is on seems like a good area to look at. Here's a dump of my notes when investigating this issue


Example of bad redirect:
302 /wiki?title=Special:ChangeEmail&returnto=Special%3APreferences
302 /wiki?title=Special:UserLogin&returnto=Special%3AChangeEmail&returntoquery=returnto%3DSpecial%253APreferences&force=ChangeEmail
303 cas.fsf.org/login?service=https%3A%2F%2Fdirectory.fsf.org%2Fwiki%3Ftitle%3DSpecial%3AUserLogin%26returnto%3DSpecial%253AChangeEmail%26returntoquery%3Dreturnto%253DSpecial%25253APreferences%26force%3DChangeEmail
302 /wiki?title=Special:UserLogin&returnto=Special%3AChangeEmail&returntoquery=returnto%3DSpecial%253APreferences&force=ChangeEmail&ticket=ST-REDACTED
302 /wiki?title=Special:UserLogin&returnto=Special%3AChangeEmail&returntoquery=returnto%3DSpecial%253APreferences&force=ChangeEmail
302 /wiki?title=Special:ChangeEmail&action=purge
302 /wiki?title=Special:UserLogin&returnto=Special%3AChangeEmail&returntoquery=action%3Dpurge&force=ChangeEmail
302 /wiki?title=Special:ChangeEmail&action=purge
302 /wiki?title=Special:UserLogin&returnto=Special%3AChangeEmail&returntoquery=action%3Dpurge&force=ChangeEmail



example of normal login:

/wiki?title=Special:UserLogin&returnto=Main+Page
https://cas.fsf.org/login?service=https%3A%2F%2Fdirectory.fsf.org%2Fwiki%3Ftitle%3DSpecial%3AUserLogin%26returnto%3DMain%2BPage
# login
/wiki?title=Special:UserLogin&returnto=Main+Page&ticket=ST-1497630323r-eDwxgOWrfMM8jhGqG
/wiki?title=Special:UserLogin&returnto=Main+Page
/wiki?title=Main_Page&action=purge
/wiki/Main_Page


example of normal email set:

http://directory-dev.fsf.org/w/index.php?title=Special:ChangeEmail
# if you've logged in in the last 15 mins or something, you just do
200 /w/index.php?title=Special:ChangeEmail&returnto=Special%3APreferences

# else
302 /w/index.php?title=Special:ChangeEmail&returnto=Special%3APreferences
200 /w/index.php?title=Special:UserLogin&returnto=Special%3AChangeEmail&returntoquery=returnto%3DSpecial%253APreferences&force=ChangeEmail
# press ok, post to
302 /w/index.php?title=Special:UserLogin&returnto=Special:ChangeEmail&returntoquery=returnto%3DSpecial%253APreferences
200 /w/index.php?title=Special:ChangeEmail&returnto=Special%3APreferences



This is related, but didn't help me figure it out.
includes/specialpage/LoginSignupSpecialPage.php
700:			$reauthMessage = $this->securityLevel ? 'userlogin-reauth' : 'userlogin-loggedin';


This file is not helpful, even though it seemed like it might be:
includes/specials/SpecialChangeEmail.php
in checkExecutePermissions,
this get's called when we are not logged in at all.
$this->requireLogin( 'changeemail-no-info' );
after login, it goes through that entire func on each redirect loop.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ian-kelling @jpgill86 @leaf-node