X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fauth%2FAuthManager.php;h=f54224b8b74cec841a94f4498a52793b0579cd0a;hb=3d74af3e963bdcbbdbd58e65a5efdd7819db5236;hp=611a8cdc3a7b93da122e39dd3e9eeaced1190852;hpb=9dfda465706d70a1ddd9beeec62c96b4d06c36b3;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php
index 611a8cdc3a..f54224b8b7 100644
--- a/includes/auth/AuthManager.php
+++ b/includes/auth/AuthManager.php
@@ -882,8 +882,11 @@ class AuthManager implements LoggerAwareInterface {
 	 * returned success.
 	 *
 	 * @param AuthenticationRequest $req
+	 * @param bool $isAddition Set true if this represents an addition of
+	 *  credentials rather than a change. The main difference is that additions
+	 *  should not invalidate BotPasswords. If you're not sure, leave it false.
 	 */
-	public function changeAuthenticationData( AuthenticationRequest $req ) {
+	public function changeAuthenticationData( AuthenticationRequest $req, $isAddition = false ) {
 		$this->logger->info( 'Changing authentication data for {user} class {what}', [
 			'user' => is_string( $req->username ) ? $req->username : '<no name>',
 			'what' => get_class( $req ),
@@ -893,7 +896,9 @@ class AuthManager implements LoggerAwareInterface {
 
 		// When the main account's authentication data is changed, invalidate
 		// all BotPasswords too.
-		\BotPassword::invalidateAllPasswordsForUser( $req->username );
+		if ( !$isAddition ) {
+			\BotPassword::invalidateAllPasswordsForUser( $req->username );
+		}
 	}
 
 	/**@}*/