Phabricator Link
|
Wiki Link
|
Status
|
Priority
|
Author
|
Assignee
|
Projects
|
Subtasks
|
Parent Tasks
|
T120484
|
T120484: Create password-authentication service for use by CentralAuth
|
open
|
Medium (orange)
|
|
|
|
|
|
T133452
|
T133452: RFC: Create temporary accounts for anonymous editors
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T134842
|
T134842: SpecialCentralAutoLogin calls User::saveSettings() on HTTP GET presend
|
open
|
Medium (orange)
|
|
|
|
|
|
T154552
|
T154552: ApiLogin should not open master connection to centralauth DB
|
stalled
|
Medium (orange)
|
|
|
|
|
|
T154946
|
T154946: Trying to log in using a BotPassword from the wrong IP gives incorrect password error
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T158365
|
T158365: Session "{session}": Metadata merge failed: {exception}
|
open
|
Medium (orange)
|
|
|
|
|
|
T179752
|
T179752: Clear site data on MediaWiki log out
|
open
|
Medium (orange)
|
|
|
|
|
|
T181687
|
T181687: Give RESTBase / MCS requests the apihighlimits right
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T181869
|
T181869: Error "Session {session}: Metadata has an anonymous user, but a non-anon user was provided"
|
open
|
Medium (orange)
|
|
|
|
|
|
T182379
|
T182379: Test failures from PHPSessionHandlerTest in PHP 7.2
|
duplicate
|
Needs Triage (violet)
|
|
|
|
|
|
T189362
|
T189362: ipblock-exempt does not allow account creation when blocked
|
open
|
Medium (orange)
|
|
|
|
|
|
T189641
|
T189641: Service for checking the Pwned Passwords database
|
open
|
Low (yellow)
|
|
|
|
|
|
T199393
|
T199393: Reproducible deadlock in User::addToDatabase() when api.php?action=createaccount is called simultaneously by several users
|
open
|
Medium (orange)
|
|
|
|
|
|
T204145
|
T204145: PHP Warning: session_id(): Cannot change session id when headers already sent
|
declined
|
Needs Triage (violet)
|
|
|
|
|
|
T204787
|
T204787: Session Warning: "User ID mismatch, {uid_a} !== {uid_b}"
|
open
|
Medium (orange)
|
|
|
|
|
|
T207112
|
T207112: session_id(): Cannot change session id when session is active test failures on PHP 7.3
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T208768
|
T208768: Create a PermissionManager service
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T214215
|
T214215: MinimumPasswordLengthToLogin error message is unhelpful
|
open
|
High (red)
|
|
|
|
|
|
T219689
|
T219689: Undeprecate User::setPassword()
|
declined
|
Low (yellow)
|
|
|
|
|
|
T223898
|
T223898: Remove the requirement to enter a password during the login flow
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T228253
|
T228253: PermissionManager should not cache anonymous rights under ID 0
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T228717
|
T228717: On Special:UnlinkAccounts, when no auth request is passed, show a proper error message instead of an InvalidArgumentException error
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T232789
|
T232789: List active MediaWiki sessions for your account
|
duplicate
|
Medium (orange)
|
|
|
|
|
|
T233119
|
T233119: Intended use of MinimumPasswordLengthToLogin not so clear
|
resolved
|
High (red)
|
|
|
|
|
|
T243845
|
T243845: Exception on "createaccount" on a API call at checkPasswordValidity
|
invalid
|
Needs Triage (violet)
|
|
|
|
|
|
T245149
|
T245149: API readapidenied with private wiki on v1.34
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T246471
|
T246471: Login authevents should include the username
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T246943
|
T246943: Login failed/disappeared during 2FA
|
open
|
Medium (orange)
|
|
|
|
|
|
T247710
|
T247710: Argument 3 passed to ApiAuthManagerHelper::formatMessage() must be an instance of Message, null given, called in ApiAuthManagerHelper.php on line 337
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T248339
|
T248339: Decide how to deal with WebAuthn login/registration flow on Wikimedia wikis in future
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T251661
|
T251661: TOTP throttle not enforced cross-wiki (CVE-2020-25827)
|
resolved
|
High (red)
|
|
|
|
|
|
T255179
|
T255179: Session failures ("invalid CSRF token") preventing edits, login, logout, etc due to kask outage
|
resolved
|
High (red)
|
|
|
|
|
|
T255369
|
T255369: apihelp-clientlogin-example-login2 is misleading in MW core
|
open
|
Lowest (sky)
|
|
|
|
|
|
T255370
|
T255370: Document best practices for user login if user is using 2FA
|
open
|
Low (yellow)
|
|
|
|
|
|
T256956
|
T256956: Clean up getCacheVaryCookies()/haveCacheVaryCookies()
|
open
|
Medium (orange)
|
|
|
|
|
|
T262958
|
T262958: PasswordError when attempting to create a new user with createAndPromote.php
|
open
|
Low (yellow)
|
|
|
|
|
|
T263911
|
T263911: Missing $wgServer in LocalSettings.php causes fatal error "Call to a member function getIP() on null"
|
resolved
|
Low (yellow)
|
|
|
|
|
|
T264793
|
T264793: Make sure SessionManager emitting Set-Cookie headers gets logged
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T264794
|
T264794: SessionManager should not emit Set-Cookies on session renewal
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T264799
|
T264799: Log when a request with the same user session comes from a different IP
|
resolved
|
Unbreak Now! (pink)
|
|
|
|
|
|
T265400
|
T265400: Research to create service for SessionManager::singleton()/getGlobalSession()
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T265551
|
T265551: Error fetching URL "http://localhost:600...": (curl error: 28) Timeout was reached
|
resolved
|
High (red)
|
|
|
|
|
|
T265769
|
T265769: Research to create service for BotPassword class
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T269680
|
T269680: MediaWiki logging indexing conflict on 'session' for 'session-ip' channel
|
resolved
|
Medium (orange)
|
|
|
|
|
|
T270225
|
T270225: Finish session storage to actually meet multi-DC requirements
|
open
|
High (red)
|
|
|
|
|
|
T284020
|
T284020: Support bot passwords in the REST API
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T284170
|
T284170: TypeError: Argument to UserNameUtils::getCanonical() must be string in AbstractPrimaryAuthenticationProvider.php (Unable to login)
|
resolved
|
High (red)
|
|
|
|
|
|
T291127
|
T291127: MediaWiki session management does not work on split PHP 7.4 and < PHP 7.4 cluster
|
resolved
|
Needs Triage (violet)
|
|
|
|
|
|
T292375
|
T292375: Figure out how to force-logout users cross-wiki
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T37220
|
T37220: Allow per-session log out
|
open
|
Low (yellow)
|
|
|
|
|
|
T58212
|
T58212: Add a feature to track and terminate specific login sessions
|
open
|
Needs Triage (violet)
|
|
|
|
|
|
T88811
|
T88811: Develop use-cases & user stories for authnz service
|
open
|
Medium (orange)
|
|
|
|
|
|