__METHOD__
);
if ( !$row ) {
- return AuthenticationResponse::newAbstain();
+ // Do not reveal whether its bad username or
+ // bad password to prevent username enumeration
+ // on private wikis. (T134100)
+ return $this->failResponse( $req );
}
$oldRow = clone $row;
// @codeCoverageIgnoreStart
if ( $this->getPasswordFactory()->needsUpdate( $pwhash ) ) {
$newHash = $this->getPasswordFactory()->newFromPlaintext( $req->password );
- \DeferredUpdates::addCallableUpdate( function () use ( $newHash, $oldRow ) {
+ $fname = __METHOD__;
+ \DeferredUpdates::addCallableUpdate( function () use ( $newHash, $oldRow, $fname ) {
$dbw = wfGetDB( DB_MASTER );
$dbw->update(
'user',
'user_id' => $oldRow->user_id,
'user_password' => $oldRow->user_password
],
- __METHOD__
+ $fname
);
} );
}