Merge "Prevent login-only local password provider from removing passwords"

author jenkins-bot <jenkins-bot@gerrit.wikimedia.org>

Wed, 30 Nov 2016 16:39:12 +0000 (16:39 +0000)

committer Gerrit Code Review <gerrit@wikimedia.org>

Wed, 30 Nov 2016 16:39:12 +0000 (16:39 +0000)
author jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
Wed, 30 Nov 2016 16:39:12 +0000 (16:39 +0000)
committer Gerrit Code Review <gerrit@wikimedia.org>
Wed, 30 Nov 2016 16:39:12 +0000 (16:39 +0000)
diff --git a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php

index 859fd0c..fd36887 100644 (file)
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@@ -242,14 +242,14 @@ class LocalPasswordPrimaryAuthenticationProvider
  
                 $pwhash = null;
  
-               if ( $this->loginOnly ) {
-                       $pwhash = $this->getPasswordFactory()->newFromCiphertext( null );
-                       $expiry = null;
-                       // @codeCoverageIgnoreStart
-               } elseif ( get_class( $req ) === PasswordAuthenticationRequest::class ) {
-                       // @codeCoverageIgnoreEnd
-                       $pwhash = $this->getPasswordFactory()->newFromPlaintext( $req->password );
-                       $expiry = $this->getNewPasswordExpiry( $username );
+               if ( get_class( $req ) === PasswordAuthenticationRequest::class ) {
+                       if ( $this->loginOnly ) {
+                               $pwhash = $this->getPasswordFactory()->newFromCiphertext( null );
+                               $expiry = null;
+                       } else {
+                               $pwhash = $this->getPasswordFactory()->newFromPlaintext( $req->password );
+                               $expiry = $this->getNewPasswordExpiry( $username );
+                       }
                 }
  
                 if ( $pwhash ) {
diff --git a/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php b/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php

index cb34be2..72a03c3 100644 (file)
--- a/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
+++ b/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
@@ -451,7 +451,7 @@ class LocalPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestCase
                 $changeReq->password = $newpass;
                 $provider->providerChangeAuthenticationData( $changeReq );
  
-               if ( $loginOnly ) {
+               if ( $loginOnly && $changed ) {
                         $old = 'fail';
                         $new = 'fail';
                         $expectExpiry = null;
author	jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
	Wed, 30 Nov 2016 16:39:12 +0000 (16:39 +0000)
committer	Gerrit Code Review <gerrit@wikimedia.org>
	Wed, 30 Nov 2016 16:39:12 +0000 (16:39 +0000)
includes/auth/LocalPasswordPrimaryAuthenticationProvider.php		patch \| blob \| history
tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php		patch \| blob \| history