Last modified: 2013-11-18 16:23:39 UTC
From: cmcmahon@wikimedia.org Chris McMahon Date: Wed, 23 Oct 2013 21:34:52 +0200 Subject: test user passwords are public I just noticed: https://wmf.ci.cloudbees.com/view/r-tw/job/TwnMainPage-sandbox.translatewiki.net-linux-firefox/lastBuild/console shows the username and password clearly. -C
From: zfilipin@wikimedia.org Željko Filipin Date: Tue, 29 Oct 2013 20:45:04 +0100 Subject: Re: test user passwords are public Looks like this plugin can do it: Environment Injector Plugin https://wiki.jenkins-ci.org/display/JENKINS/EnvInject+Plugin Željko
From: zfilipin@wikimedia.org Željko Filipin Date: Tue, 29 Oct 2013 21:33:16 +0100 Subject: Re: test user passwords are public Unfortunately, looks like the plugin displays the password in plain text: https://wmf.ci.cloudbees.com/job/test/configure#section11 https://wmf.ci.cloudbees.com/job/test/2/console Back to the drawing board. Željko
From: zfilipin@wikimedia.org Željko Filipin Date: Wed, 30 Oct 2013 17:04:33 +0100 Subject: Re: test user passwords are public This should fix the problem: https://gerrit.wikimedia.org/r/#/c/92650/ As soon as this is merged into master I will change all passwords and update all repos to the latest version of mediawiki-selenium gem. Željko
From: tfinc@wikimedia.org Tomasz Finc Date: Fri, 1 Nov 2013 19:06:22 +0100 Subject: Re: Build failed in Jenkins: MobileFrontend-test2.m.wikipedia.org-linux-firefox #57 On Thu, Oct 31, 2013 at 11:23 PM, <jenkins-no-reply@cloudbees.com> wrote: > + export 'MEDIAWIKI_PASSWORD=CCEfuaM4^42z5aij5Hl8' > + MEDIAWIKI_PASSWORD='CCEfuaM4^42z5aij5Hl8' > This is just bad guys. We need to clean these up. What are our options? --tomasz
From: zfilipin@wikimedia.org Željko Filipin Date: Mon, 4 Nov 2013 17:23:24 +0100 Subject: Re: Build failed in Jenkins: MobileFrontend-test2.m.wikipedia.org-linux-firefox #57 Sorry about that, it is my fault. We were aware of the problem and this is what Niklas and I committed in our regular pairing session today: https://gerrit.wikimedia.org/r/#/c/93443 I think it fixes the problem. I will change all passwords tomorrow. If anybody needs the current password for a user that Selenium tests use, it is here: https://wmf.ci.cloudbees.com/configure Željko
I have changed passwords for all test accounts. If you need to log in as one of the test users, all passwords are listed at Jenkins configuration page[1]. (You will need Cloudbees account with access to our Jenkins instance to access the page.) If you see a test failing because of unsuccessful log in, please let me know. If you see a security problem somewhere else in our test infrastructure, please let me know off list. 1: https://wmf.ci.cloudbees.com/configure
