precise error message if password has become invalid after password change

[OpenGreenStreet]

What is the user problem or growth opportunity you want to see solved?

I would like there to be a pop-up message (or a clear error message: more than "Failed") if the password is no longer valid after a password change.

How do you know that this problem exists today? Why is this important?

Background: changed my password using the web frontend, but didn't think to change it in the Common app as well. It took me quite a while to recognize the connection...

Who will benefit from it?

all user

Anything else you would like to add?

https://commons.wikimedia.org/wiki/Commons:Mobile_app/Feedback#Feedback_from_Molgreen_for_version_4.2.1~14b6c455b_6

[shashankiitbhu]

I would like to work on this

[whym]

"after a password change" might be difficult to detect from the app. I could be wrong but I imagine MediaWiki doesn't let clients (like this app) know how old a user's password is on the server side, from a security standpoint. What I think we could do instead is:

• Always include something like "did you change your password recently?" into the message upon login failure. This could be a noise to a majority of the users, though.
  • A variation: do the above only if the app has been unused for X weeks.
  • Another variation: do the above only if there is non-app contributions in the last Y weeks.

[OpenGreenStreet]

I can understand that. How would it be if, instead of the meaningless error message "Failed" there would be a short keyword list of possible errors and also a link to a long version?
(On the other hand, I wonder if the app doesn't receive a message about why the upload failed: for example, a code about a failed authentication).

[OpenGreenStreet]

There are more people who have this problem:
https://commons.wikimedia.org/wiki/Commons_talk:Mobile_app#App_broken

[OpenGreenStreet]

Would there perhaps be a way to check whether the user is successfully logged in before each upload?

[ShashwatKedia]

@OpenGreenStreet We do check if the user is logged in before even allowing the user to add media details of the upload. Here's the code :

[OpenGreenStreet]

@ShashwatKedia Yes, thank you. I assume this source code refers to the initial login? I am interested in checking the current validity of the login before each individual upload process. From my point of view, this is the only way to recognize whether the password has been changed in the meantime. (Sorry: I have no idea how something like this could be implemented programmatically).

[shashankiitbhu]

@OpenGreenStreet No, the above is code is a check in Upload Activity (which is started when an Upload Is triggered) so this is checked every time you try to upload something

[OpenGreenStreet]

@shashankiitbhu Okay, but then I don't understand why the uploader only receives the unspecific message "Upload error" at the very end of the upload process?

[shashankiitbhu]

@OpenGreenStreet What the above piece of code does is it checks if the User is Logged in (If the user's current session is valid or not) and if it's not then it takes the user to the login page, but this happens immediately after you trigger an upload (as soon as Upload Activity is visible to user), so If you can go till the end of Upload Process then this logic isn't getting called at all.

[OpenGreenStreet]

@shashankiitbhu The problem is that the user assumes that the app does not work. I (and others: Link: https://commons.wikimedia.org/wiki/Commons_talk:Mobile_app#App_broken) only realized after weeks(!) that the upload error was related to my own (long forgotten) last password change. If you're not persistent, you probably think that the app just doesn't work . . . and you will stop using the app or remove it from your smartphone altogether

Is there nothing that can be read and checked that only logged-in users can do? (For example, I can only see which user is the administrator when logged in).

[shashankiitbhu]

@OpenGreenStreet Yes, If you are asking about what restrictions non-logged-in users have then you can see that by clicking "skip" at the Login Page and a restricted version will where you can not Upload Anything or Review Anything, as you can see below:

Comparing it to the logged-in Version we can see that there are many things only logged-in users can do.

I think the issue here is that the password is changed from the web frontend when you are already Logged-In on the app and you are then unable to upload anything after that. Is this correct?

[OpenGreenStreet]

@shashankiitbhu Yes, that's exactly the problem:

"I think the issue here is that the password is changed from the web frontend when you are already Logged-In on the app and you are then unable to upload anything after that. Is this correct?"

It won't happen to me again. I just want to prevent others from giving up in frustration and no longer using the Commons app (which I really like!).

(By the way: For me, the Commons app is a key application that significantly lowers the threshold for uploading images to Wikimedia Commons).