It would be good to keep better track of this in the logs
Change-Id: I7f33b45f83034bfa1c003c149e92917b2f045988
return $this->failResponse( $req );
}
+ // Add an extra log entry since a temporary password is
+ // an unusual way to log in, so its important to keep track
+ // of in case of abuse.
+ $this->logger->info( "{user} successfully logged in using temp password",
+ [
+ 'user' => $username,
+ 'requestIP' => $this->manager->getRequest()->getIP()
+ ]
+ );
+
$this->setPasswordResetFlag( $username, $status );
return AuthenticationResponse::newPass( $username );