Add hook AbortChangePassword to Special:ChangePassword

Adds a consistent method for authentication extensions to block
password changing operations.

Bug: 46590
Change-Id: I3469e90a958c4fb0f24cafd67de5590d3cc2f075

diff --git a/docs/hooks.txt b/docs/hooks.txt
index de51024..0b835c2 100644 (file)
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -270,6 +270,12 @@ $reason: the reason for the move (added in 1.13)
 $user: the User object about to be created (read-only, incomplete)
 &$msg: out parameter: HTML to display on abort
 
 $user: the User object about to be created (read-only, incomplete)
 &$msg: out parameter: HTML to display on abort
 

+'AbortChangePassword': Return false to cancel password change.
+$user: the User object to which the password change is occuring
+$mOldpass: the old password provided by the user
+$newpass: the new password provided by the user
+&$abortMsg: the message identifier for abort reason
+

 'ActionBeforeFormDisplay': Before executing the HTMLForm object.
 $name: name of the action
 &$form: HTMLForm object
 'ActionBeforeFormDisplay': Before executing the HTMLForm object.
 $name: name of the action
 &$form: HTMLForm object

diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 3f65520..b53a46a 100644 (file)
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -251,6 +251,12 @@ class SpecialChangePassword extends UnlistedSpecialPage {
                        throw new PasswordError( $this->msg( 'login-throttled' )->text() );
                }
 
                        throw new PasswordError( $this->msg( 'login-throttled' )->text() );
                }
 

+               $abortMsg = 'resetpass-abort-generic';
+               if ( !wfRunHooks( 'AbortChangePassword', array( $user, $this->mOldpass, $newpass, &$abortMsg ) ) ) {
+                       wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'abortreset' ) );
+                       throw new PasswordError( $this->msg( $abortMsg )->text() );
+               }
+

                if ( !$user->checkTemporaryPassword( $this->mOldpass ) && !$user->checkPassword( $this->mOldpass ) ) {
                        wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
                        throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() );
                if ( !$user->checkTemporaryPassword( $this->mOldpass ) && !$user->checkPassword( $this->mOldpass ) ) {
                        wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
                        throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() );

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 3a5d112..61f3f24 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1247,6 +1247,7 @@ To finish logging in, you must set a new password here:',
 'oldpassword'               => 'Old password:',
 'newpassword'               => 'New password:',
 'retypenew'                 => 'Retype new password:',
 'oldpassword'               => 'Old password:',
 'newpassword'               => 'New password:',
 'retypenew'                 => 'Retype new password:',

+'resetpass-abort-generic'   => 'Password change has been aborted by an extension.',

 'resetpass_submit'          => 'Set password and log in',
 'resetpass_success'         => 'Your password has been changed successfully!
 Now logging you in...',
 'resetpass_submit'          => 'Set password and log in',
 'resetpass_success'         => 'Your password has been changed successfully!
 Now logging you in...',

diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php
index 1cf6e1e..b13d759 100644 (file)
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -1303,6 +1303,7 @@ See also:
 'oldpassword' => "Used on the 'User profile' tab of 'my preferences'. This is the text next to an entry box for the old password in the 'change password' section.",
 'newpassword' => '{{Identical|New password}}',
 'retypenew' => "Appears on the 'User profile' tab of the 'Preferences' special page in the 'Change password' section. It appears next to the text box for entering the new password a second time.",
 'oldpassword' => "Used on the 'User profile' tab of 'my preferences'. This is the text next to an entry box for the old password in the 'change password' section.",
 'newpassword' => '{{Identical|New password}}',
 'retypenew' => "Appears on the 'User profile' tab of the 'Preferences' special page in the 'Change password' section. It appears next to the text box for entering the new password a second time.",

+'resetpass-abort-generic' => 'Generic error message shown on [[Special:ChangePassword]] when an extension aborts a password change from a hook.',

 'resetpass_submit' => 'Submit button on [[Special:ChangePassword]]',
 'resetpass_success' => 'Used in [[Special:ChangePassword]].',
 'resetpass_forbidden' => "Used as error message in changing password. Maybe the external auth plugin won't allow local password changes.",
 'resetpass_submit' => 'Submit button on [[Special:ChangePassword]]',
 'resetpass_success' => 'Used in [[Special:ChangePassword]].',
 'resetpass_forbidden' => "Used as error message in changing password. Maybe the external auth plugin won't allow local password changes.",

diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc
index 60f2e7a..fc0080c 100644 (file)
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@@ -567,6 +567,7 @@ $wgMessageStructure = array(
                'resetpass-submit-cancel',
                'resetpass-wrong-oldpass',
                'resetpass-temp-password',
                'resetpass-submit-cancel',
                'resetpass-wrong-oldpass',
                'resetpass-temp-password',

+               'resetpass-abort-generic',

        ),
        'passwordreset' => array(
                'passwordreset',
        ),
        'passwordreset' => array(
                'passwordreset',