Page MenuHomePhabricator

Investigate password reset email send failure to HW email address
Closed, ResolvedPublic

Assigned To
Authored By
mhamiltonj
Nov 30 2016, 8:55 PM
Referenced Files
None
Subscribers
None

Description

A user tried a password reset, but at no point was the password reset shown in the outbound email logs, yet other password resets to other users on the same email domain were.

More investigation and root cause analysis is needed here to make sure we don't have a more serious issue.

Created: Tue, 24 Nov 2015 21:58:33 GMT
Last Updated: Thu, 26 Nov 2015 23:15:36 GMT

Details

External Reference
HWUMC-101

Event Timeline

mhamiltonj created this object with visibility "Public (No Login Required)".
mhamiltonj created this object with edit policy "HWUMC (Project)".

stwalkerster wrote at Tue, 24 Nov 2015 22:07:00 GMT:

Error logs indicate unrelated issues with the Sudo page:
{code}
[Tue Nov 24 20:11:17.762796 2015] [:error] [pid 14278] [client 146.90.32.165:50398] PHP Notice: Undefined index: session_rights in /var/www/hwumc.co.uk/include/Session.php on line 64, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 20:11:17.762834 2015] [:error] [pid 14278] [client 146.90.32.165:50398] PHP Stack trace:, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 20:11:17.762846 2015] [:error] [pid 14278] [client 146.90.32.165:50398] PHP 1. {main}() /var/www/hwumc.co.uk/index.php:0, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 20:11:17.762856 2015] [:error] [pid 14278] [client 146.90.32.165:50398] PHP 2. WebStart->run() /var/www/hwumc.co.uk/index.php:13, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 20:11:17.762865 2015] [:error] [pid 14278] [client 146.90.32.165:50398] PHP 3. WebStart->main() /var/www/hwumc.co.uk/include/WebStart.php:10, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 20:11:17.762874 2015] [:error] [pid 14278] [client 146.90.32.165:50398] PHP 4. PageBase->execute() /var/www/hwumc.co.uk/include/WebStart.php:261, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 20:11:17.762883 2015] [:error] [pid 14278] [client 146.90.32.165:50398] PHP 5. PageDbgSudo->runPage() /var/www/hwumc.co.uk/include/PageBase.php:264, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 20:11:17.762892 2015] [:error] [pid 14278] [client 146.90.32.165:50398] PHP 6. Session::addSessionRight() /var/www/hwumc.co.uk/extensions/debug/Page/PageDbgSudo.php:20, referer: https://hwumc.co.uk/index.php/DbgSudo
{code}

and...

{code}
[Tue Nov 24 21:10:23.621805 2015] [:error] [pid 20081] [client 92.236.110.233:51765] PHP Notice: Undefined index: session_rights in /var/www/hwumc.co.uk/include/Session.php on line 64, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 21:10:23.621844 2015] [:error] [pid 20081] [client 92.236.110.233:51765] PHP Stack trace:, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 21:10:23.621855 2015] [:error] [pid 20081] [client 92.236.110.233:51765] PHP 1. {main}() /var/www/hwumc.co.uk/index.php:0, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 21:10:23.621865 2015] [:error] [pid 20081] [client 92.236.110.233:51765] PHP 2. WebStart->run() /var/www/hwumc.co.uk/index.php:13, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 21:10:23.621874 2015] [:error] [pid 20081] [client 92.236.110.233:51765] PHP 3. WebStart->main() /var/www/hwumc.co.uk/include/WebStart.php:10, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 21:10:23.621897 2015] [:error] [pid 20081] [client 92.236.110.233:51765] PHP 4. PageBase->execute() /var/www/hwumc.co.uk/include/WebStart.php:261, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 21:10:23.621907 2015] [:error] [pid 20081] [client 92.236.110.233:51765] PHP 5. PageDbgSudo->runPage() /var/www/hwumc.co.uk/include/PageBase.php:264, referer: https://hwumc.co.uk/index.php/DbgSudo
[Tue Nov 24 21:10:23.621916 2015] [:error] [pid 20081] [client 92.236.110.233:51765] PHP 6. Session::addSessionRight() /var/www/hwumc.co.uk/extensions/debug/Page/PageDbgSudo.php:20, referer: https://hwumc.co.uk/index.php/DbgSudo
{code}

Nothing else in the apache error logs apart from the normal SNI startup warning.

mhamiltonj wrote at Wed, 25 Nov 2015 00:05:03 GMT:

Possibly due to user entering username incorrectly

jenkins wrote at Wed, 25 Nov 2015 20:28:11 GMT:

SUCCESS: Integrated in !https://jenkins.stwalkerster.co.uk/images/16x16/blue.png! [hwumc-beta-deploy #155|https://jenkins.stwalkerster.co.uk/job/hwumc-beta-deploy/155/]
HWUMC-101 Add a password reset page (stwalkerster: rev 7df5b6f5716cd949f0bddd7c6324c616a82028b6)

  • Templates/webmaster/resetpw.tpl
  • Page/PageDbgResetPassword.php
  • DebugExtensionHooks.php

HWUMC-101 Fix undefined index notice (stwalkerster: rev 18c8826ace913fcd8111a26a8cbc4479b24c9ddd)

  • include/Session.php

stwalkerster wrote at Wed, 25 Nov 2015 20:36:25 GMT:

Fixed the unrelated warning discovered in the logs, and also added a way to reset random user's passwords from the web interface, IFF you have the specific user-right to do it (and yes, it's part of the debug toolkit)

jenkins wrote at Wed, 25 Nov 2015 21:43:42 GMT:

SUCCESS: Integrated in !https://jenkins.stwalkerster.co.uk/images/16x16/blue.png! [hwumc-beta-deploy #156|https://jenkins.stwalkerster.co.uk/job/hwumc-beta-deploy/156/]
HWUMC-101 forgot password by email or username, and unique restrictions (stwalkerster: rev 00bdb264954c0c3a0fdd6652b56dbacfda19f4db)

  • templates/forgotpassword/main.tpl
  • include/Page/PageRegister.php
  • include/Page/PageForgotPassword.php
  • include/DataObjects/User.php

stwalkerster wrote at Wed, 25 Nov 2015 23:11:10 GMT:

Magz has just told me he gets a cannot remove group from self error when changing his own username through user management. This is not reproducible on the beta site currently.

I dunno what caused the lockout, but this is the root cause of the issue

stwalkerster wrote at Wed, 25 Nov 2015 23:13:15 GMT:

Actually, this could be caused by the parent group thing blocking access to edit members of the group, meaning that overall the user is not allowed to remove themselves from a group while they're not a member of the parent group too.

stwalkerster wrote at Wed, 25 Nov 2015 23:19:38 GMT:

[~Magz] I'll take a look at this tomorrow evening and add it to the list of stuff I'm gonna push to the main site, along with email address password reset, and password reset for other users.

[~mhamiltonj] if you could help test on the beta site it'd be appreciated.

jenkins wrote at Thu, 26 Nov 2015 19:59:53 GMT:

SUCCESS: Integrated in !https://jenkins.stwalkerster.co.uk/images/16x16/blue.png! [hwumc-beta-deploy #157|https://jenkins.stwalkerster.co.uk/job/hwumc-beta-deploy/157/]
HWUMC-101 Fix errant group-leave-not-allowed error (stwalkerster: rev e06d3e3eec13bf0660f9bfd01032ace600d811cd)

  • templates/users/useredit.tpl

stwalkerster wrote at Thu, 26 Nov 2015 23:15:36 GMT:

Deployed to production