From: Gergő Tisza Date: Tue, 7 Jun 2016 16:15:12 +0000 (+0000) Subject: Reject authentication data change when there are warnings X-Git-Tag: 1.31.0-rc.0~6694^2 X-Git-Url: http://git.cyclocoop.org//%27http:/ie7-js.googlecode.com/svn/test/index.html/%27?a=commitdiff_plain;h=d850025e603fc6f2bec3a80cdd17c027d8813341;p=lhc%2Fweb%2Fwiklou.git Reject authentication data change when there are warnings AuthManager uses a status which is OK but not good for authentication data which is discouraged but still accepted for authentication. Users should not be allowed to change credentials into such invalid state. This change brings the web logic and the AuthPlugin fallback in sync with the API which already used the stricter check. Change-Id: I4ff54fcc901f6fe11f15ed60fc1a3d8753de9f6c --- diff --git a/includes/Preferences.php b/includes/Preferences.php index 9a55ae3487..3083a8d215 100644 --- a/includes/Preferences.php +++ b/includes/Preferences.php @@ -296,7 +296,7 @@ class Preferences { $allowPasswordChange = $wgDisableAuthManager ? $wgAuth->allowPasswordChange() : AuthManager::singleton()->allowsAuthenticationDataChange( - new PasswordAuthenticationRequest(), false ); + new PasswordAuthenticationRequest(), false )->isGood(); if ( $canEditPrivateInfo && $allowPasswordChange ) { $link = Linker::link( SpecialPage::getTitleFor( 'ChangePassword' ), $context->msg( 'prefs-resetpass' )->escaped(), [], diff --git a/includes/auth/AuthManagerAuthPlugin.php b/includes/auth/AuthManagerAuthPlugin.php index bf1e0215bc..8d85b4411d 100644 --- a/includes/auth/AuthManagerAuthPlugin.php +++ b/includes/auth/AuthManagerAuthPlugin.php @@ -131,7 +131,7 @@ class AuthManagerAuthPlugin extends \AuthPlugin { $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); foreach ( $reqs as $req ) { $status = AuthManager::singleton()->allowsAuthenticationDataChange( $req ); - if ( !$status->isOk() ) { + if ( !$status->isGood() ) { $this->logger->info( __METHOD__ . ': Password change rejected: {reason}', [ 'username' => $data['username'], 'reason' => $status->getWikiText( null, null, 'en' ), diff --git a/includes/specialpage/AuthManagerSpecialPage.php b/includes/specialpage/AuthManagerSpecialPage.php index 7866c12bae..41380f0b84 100644 --- a/includes/specialpage/AuthManagerSpecialPage.php +++ b/includes/specialpage/AuthManagerSpecialPage.php @@ -375,7 +375,7 @@ abstract class AuthManagerSpecialPage extends SpecialPage { $req = reset( $requests ); $status = $authManager->allowsAuthenticationDataChange( $req ); Hooks::run( 'ChangeAuthenticationDataAudit', [ $req, $status ] ); - if ( !$status->isOK() ) { + if ( !$status->isGood() ) { return AuthenticationResponse::newFail( $status->getMessage() ); } $authManager->changeAuthenticationData( $req ); diff --git a/includes/user/User.php b/includes/user/User.php index 9e50f36a23..8ecf468647 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -2569,7 +2569,7 @@ class User implements IDBAccessObject { $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); foreach ( $reqs as $req ) { $status = $manager->allowsAuthenticationDataChange( $req ); - if ( !$status->isOk() ) { + if ( !$status->isGood() ) { \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' ) ->info( __METHOD__ . ': Password change rejected: ' . $status->getWikiText() ); return false;