Fixes to the "reset password" mode of Special:ChangeEmail

- Use the current User object when the user modifies its own password instead of different object (so that the fields are correctly updated on that object)
- Only set the cookies when changing the password of the current user and not when resetting the user's password. This was hiding the problem below.
- Make the internal call to Special:UserLogin call from Special:ChangeEmail actually work.
  The problem is that the $this->mNewPass field is cleared by attemptReset(). This was hidden because of the above and because the user is always redirected.
- Do not show the form and the message after successful submission (this was hidden for the same reason as above).
- Let Special:UserLogin handle the redirect itself when calling (because it might want to show something, such as what is injected by the UserLoginComplete hook)

Change-Id: I6cf15e23c905dad9612bab76a2dae5eb613fea9b

diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 6280eb4..fba2bf0 100644 (file)
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -73,8 +73,10 @@ class SpecialChangePassword extends UnlistedSpecialPage {
                                }
 
                                $this->attemptReset( $this->mNewpass, $this->mRetype );
-                               $this->getOutput()->addWikiMsg( 'resetpass_success' );
-                               if( !$user->isLoggedIn() ) {
+
+                               if( $user->isLoggedIn() ) {
+                                       $this->doReturnTo();
+                               } else {
                                        LoginForm::setLoginToken();
                                        $token = LoginForm::getLoginToken();
                                        $data = array(
@@ -82,7 +84,7 @@ class SpecialChangePassword extends UnlistedSpecialPage {
                                                'wpName'       => $this->mUserName,
                                                'wpDomain'     => $this->mDomain,
                                                'wpLoginToken' => $token,
-                                               'wpPassword'   => $this->mNewpass,
+                                               'wpPassword'   => $request->getVal( 'wpNewPassword' ),
                                                'returnto'     => $request->getVal( 'returnto' ),
                                        );
                                        if( $request->getCheck( 'wpRemember' ) ) {
@@ -92,7 +94,7 @@ class SpecialChangePassword extends UnlistedSpecialPage {
                                        $login->setContext( $this->getContext() );
                                        $login->execute( null );
                                }
-                               $this->doReturnTo();
+                               return;
                        } catch( PasswordError $e ) {
                                $this->error( $e->getMessage() );
                        }
@@ -216,7 +218,13 @@ class SpecialChangePassword extends UnlistedSpecialPage {
         * @throws PasswordError when cannot set the new password because requirements not met.
         */
        protected function attemptReset( $newpass, $retype ) {
-               $user = User::newFromName( $this->mUserName );
+               $isSelf = ( $this->mUserName === $this->getUser()->getName() );
+               if ( $isSelf ) {
+                       $user = $this->getUser();
+               } else {
+                       $user = User::newFromName( $this->mUserName );
+               }
+
                if( !$user || $user->isAnon() ) {
                        throw new PasswordError( $this->msg( 'nosuchusershort', $this->mUserName )->text() );
                }
@@ -250,7 +258,12 @@ class SpecialChangePassword extends UnlistedSpecialPage {
                        throw new PasswordError( $e->getMessage() );
                }
 
-               $user->setCookies();
+               if ( $isSelf ) {
+                       // This is needed to keep the user connected since
+                       // changing the password also modifies the user's token.
+                       $user->setCookies();
+               }
+
                $user->saveSettings();
        }
 }