From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Sun, 31 Jan 2016 20:48:23 +0000 (-0500)
Subject: SessionManager: Notify AuthPlugin before calling hooks
X-Git-Tag: 1.31.0-rc.0~8123
X-Git-Url: http://git.cyclocoop.org/%28?a=commitdiff_plain;h=6acd424e0dbc322e8b9a141bd2625453c1b9b6f1;p=lhc%2Fweb%2Fwiklou.git

SessionManager: Notify AuthPlugin before calling hooks

This avoids a race in CentralAuth:
* The user doesn't exist locally, so CA wants to create it
* Auto-creation adds the user to the database
* A hook function tries to access the session; now the user does exist
  locally but isn't yet attached, so CA rejects the session.

Bug: T125283
Change-Id: I6024885e3cf9c85c527fc160577f66ff97451c98
---

diff --git a/includes/session/SessionManager.php b/includes/session/SessionManager.php
index 6b221fd1be..4b38a5c318 100644
--- a/includes/session/SessionManager.php
+++ b/includes/session/SessionManager.php
@@ -501,11 +501,7 @@ final class SessionManager implements SessionManagerInterface {
 			// @codeCoverageIgnoreEnd
 		}
 
-		# Notify hooks (e.g. Newuserlog)
-		\Hooks::run( 'AuthPluginAutoCreate', array( $user ) );
-		\Hooks::run( 'LocalUserCreated', array( $user, true ) );
-
-		# Notify AuthPlugin too
+		# Notify AuthPlugin
 		$tmpUser = $user;
 		$wgAuth->initUser( $tmpUser, true );
 		if ( $tmpUser !== $user ) {
@@ -513,6 +509,10 @@ final class SessionManager implements SessionManagerInterface {
 				get_class( $wgAuth ) . '::initUser() replaced the user object' );
 		}
 
+		# Notify hooks (e.g. Newuserlog)
+		\Hooks::run( 'AuthPluginAutoCreate', array( $user ) );
+		\Hooks::run( 'LocalUserCreated', array( $user, true ) );
+
 		$user->saveSettings();
 
 		# Update user count