Page MenuHomePhabricator
Create Task
Maniphest T417766

Password reset broken on Android App
Closed, ResolvedPublic1 Estimated Story PointsBUG REPORT
Actions

Description

I just watched a friend trying and failing to reset their password via the Android App. I also reproduced this on my own Android App.

Steps to replicate the issue (include links if applicable):

  • On the app, go to the login screen
  • tap "Forgot your password"
  • browser opens, but nothing happens, no page is loading just a white page
  • reload the page which makes it actually load the form
  • enter the required information
  • get the email with the temp password
  • go back to the app
  • go to the log in screen
  • enter user name and temp password
  • required to enter email verification code
  • go to the email you got and copy the code and enter it in the form on the app
  • see the form to enter a new password and confirm it
  • go to your password manager and copy a newly generated password
  • paste into both fields and click the submit button

What happens?:
Error message: "Incorrect username or password entered. Please try again."

What should have happened instead?:
My password should have been changed, and I should be logged in.

Software version (on Special:Version page; skip for WMF-hosted wikis like Wikipedia):
Freshly installed Android App on a Pixel 8 Pro

Event Timeline

Michael created this task.Feb 18 2026, 11:54 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 18 2026, 11:54 AM
Michael renamed this task from Password reset broken to Password reset broken on Android App.Feb 18 2026, 11:55 AM
Dreamy_Jazz removed a project: Product Safety and Integrity.Feb 18 2026, 11:59 AM
Dreamy_Jazz subscribed.

Don't think password resets / the android app are within the scope of Product Safety and Integrity

Michael added a comment.Feb 18 2026, 12:21 PM
In T417766#11627313, @Dreamy_Jazz wrote:

Don't think password resets / the android app are within the scope of Product Safety and Integrity

My thinking is that I have not confirmed whether that is an issue _only_ on the apps. Also, while I noticed it on the App, the error message "Incorrect username or password entered. Please try again." makes it suspiciously sound like a logic-issue in our password reset code.

Do we have a dashboard somewhere about the number of attempted and successful password resets?

Dreamy_Jazz added a comment.Feb 18 2026, 12:27 PM
In T417766#11627402, @Michael wrote:
In T417766#11627313, @Dreamy_Jazz wrote:

Don't think password resets / the android app are within the scope of Product Safety and Integrity

My thinking is that I have not confirmed whether that is an issue _only_ on the apps. Also, while I noticed it on the App, the error message "Incorrect username or password entered. Please try again." makes it suspiciously sound like a logic-issue in our password reset code.

Do we have a dashboard somewhere about the number of attempted and successful password resets?

Not that I am aware of. MediaWiki-Platform-Team appear to own authorisation and authentication, so maybe password resets are in their scope and so they may know?

Dreamy_Jazz added a project: MediaWiki-Platform-Team.Feb 18 2026, 12:28 PM

Tagging MediaWiki-Platform-Team for visibility based on the above

Dbrant claimed this task.Feb 18 2026, 1:01 PM
Dbrant triaged this task as High priority.
Dbrant removed a project: MediaWiki-Platform-Team.Feb 18 2026, 1:08 PM
Dbrant set the point value for this task to 1.
Dbrant moved this task from Needs Triage to Android Release - FY2025-26 on the Wikipedia-Android-App-Backlog board.
Dbrant edited projects, added Wikipedia-Android-App-Backlog (Android Release - FY2025-26); removed Wikipedia-Android-App-Backlog.
Dbrant moved this task from Incoming tasks from backlog to Code Review on the Wikipedia-Android-App-Backlog (Android Release - FY2025-26) board.
GitHubPRBot added a comment.Feb 18 2026, 1:12 PM

dbrant opened https://github.com/wikimedia/apps-android-wikipedia/pull/6323

GitHubPRBot added a comment.Feb 18 2026, 3:18 PM

Williamrai closed https://github.com/wikimedia/apps-android-wikipedia/pull/6323

Dbrant moved this task from Code Review to Merged and Waiting on the Wikipedia-Android-App-Backlog (Android Release - FY2025-26) board.Feb 18 2026, 3:21 PM
Tgr subscribed.Feb 18 2026, 8:43 PM

Successful resets, failed resets. Seem stable.

Tgr added a comment.Feb 18 2026, 8:48 PM

(No way to filter for password resets in the Android app, unfortunately. gerrit 1240375 will fix that.)

Michael added a comment.Feb 19 2026, 2:46 PM
In T417766#11629679, @Tgr wrote:

Successful resets, failed resets. Seem stable.

As far as I can tell from the fix, this was introduced in June last year, and it has been broken since. Logstash does not go back that far. But we might see the impact of the fix 🤞

WRai-WMF moved this task from Merged and Waiting to QA signoff on the Wikipedia-Android-App-Backlog (Android Release - FY2025-26) board.Feb 24 2026, 10:18 PM
ABorbaWMF moved this task from QA signoff to Ready for PM signoff on the Wikipedia-Android-App-Backlog (Android Release - FY2025-26) board.Mar 2 2026, 7:57 PM
ABorbaWMF subscribed.

Appears to be fixed on 50568-r-2026-02-24, tested on OnePlus 8 on Android 13, and Pixel 6 on Android 16. Tested on 2 different accounts.

HNordeenWMF moved this task from Ready for PM signoff to Ready for release on the Wikipedia-Android-App-Backlog (Android Release - FY2025-26) board.Mar 5 2026, 12:33 AM
WRai-WMF closed this task as Resolved.Mar 5 2026, 9:46 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits