* returned success.
*
* @param AuthenticationRequest $req
+ * @param bool $isAddition Set true if this represents an addition of
+ * credentials rather than a change. The main difference is that additions
+ * should not invalidate BotPasswords. If you're not sure, leave it false.
*/
- public function changeAuthenticationData( AuthenticationRequest $req ) {
+ public function changeAuthenticationData( AuthenticationRequest $req, $isAddition = false ) {
$this->logger->info( 'Changing authentication data for {user} class {what}', [
'user' => is_string( $req->username ) ? $req->username : '<no name>',
'what' => get_class( $req ),
// When the main account's authentication data is changed, invalidate
// all BotPasswords too.
- \BotPassword::invalidateAllPasswordsForUser( $req->username );
+ if ( !$isAddition ) {
+ \BotPassword::invalidateAllPasswordsForUser( $req->username );
+ }
}
/**@}*/
$status = $this->manager->allowsAuthenticationDataChange( $req );
$statuses[] = [ $req, $status ];
if ( $status->isGood() ) {
- $this->manager->changeAuthenticationData( $req );
+ // We're not changing credentials, just adding a new link
+ // to an already-known user.
+ $this->manager->changeAuthenticationData( $req, /* $isAddition */ true );
} else {
$anyFailed = true;
}
}
foreach ( $reqs as $req ) {
- $this->authManager->changeAuthenticationData( $req );
+ // This is adding a new temporary password, not intentionally changing anything
+ // (even though it might technically invalidate an old temporary password).
+ $this->authManager->changeAuthenticationData( $req, /* $isAddition */ true );
}
$this->logger->info(