Add extra logging for when user logs in with a temp password

[lhc/web/wiklou.git] / includes / auth / TemporaryPasswordPrimaryAuthenticationProvider.php

diff --git a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
index f16423d..2e6f93c 100644 (file)
--- a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
@@ -140,7 +140,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
                }
 
                $status = $this->checkPasswordValidity( $username, $req->password );
-               if ( !$status->isOk() ) {
+               if ( !$status->isOK() ) {
                        // Fatal, can't log in
                        return AuthenticationResponse::newFail( $status->getMessage() );
                }
@@ -154,6 +154,16 @@ class TemporaryPasswordPrimaryAuthenticationProvider
                        return $this->failResponse( $req );
                }
 
+               // Add an extra log entry since a temporary password is
+               // an unusual way to log in, so its important to keep track
+               // of in case of abuse.
+               $this->logger->info( "{user} successfully logged in using temp password",
+                       [
+                               'user' => $username,
+                               'requestIP' => $this->manager->getRequest()->getIP()
+                       ]
+               );
+
                $this->setPasswordResetFlag( $username, $status );
 
                return AuthenticationResponse::newPass( $username );