X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2Fuser%2FPasswordReset.php;h=c1aef22ba19f910a06372af51f658ad4744594ac;hb=f12a3edff708a1fb73a09d154693dba49b69d921;hp=530580d469f4d360d1fea0b34b269ce74e7c7117;hpb=a9c0f0e93c9940f3a756f0ea1bb28237f266a20f;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php
index 530580d469..c1aef22ba1 100644
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@@ -44,8 +44,8 @@ class PasswordReset implements LoggerAwareInterface {
 	protected $logger;
 
 	/**
-	 * In-process cache for isAllowed lookups, by username. Contains pairs of StatusValue objects
-	 * (for false and true value of $displayPassword, respectively).
+	 * In-process cache for isAllowed lookups, by username.
+	 * Contains a StatusValue object
 	 * @var HashBagOStuff
 	 */
 	private $permissionCache;
@@ -72,13 +72,12 @@ class PasswordReset implements LoggerAwareInterface {
 	 * @param User $user
 	 * @param bool $displayPassword If set, also check whether the user is allowed to reset the
 	 *   password of another user and see the temporary password.
+	 * @since 1.29 Second argument for displayPassword removed.
 	 * @return StatusValue
 	 */
-	public function isAllowed( User $user, $displayPassword = false ) {
-		$statuses = $this->permissionCache->get( $user->getName() );
-		if ( $statuses ) {
-			list ( $status, $status2 ) = $statuses;
-		} else {
+	public function isAllowed( User $user ) {
+		$status = $this->permissionCache->get( $user->getName() );
+		if ( !$status ) {
 			$resetRoutes = $this->config->get( 'PasswordResetRoutes' );
 			$status = StatusValue::newGood();
 
@@ -107,19 +106,10 @@ class PasswordReset implements LoggerAwareInterface {
 				$status = StatusValue::newFatal( 'blocked-mailpassword' );
 			}
 
-			$status2 = StatusValue::newGood();
-			if ( !$user->isAllowed( 'passwordreset' ) ) {
-				$status2 = StatusValue::newFatal( 'badaccess' );
-			}
-
-			$this->permissionCache->set( $user->getName(), [ $status, $status2 ] );
+			$this->permissionCache->set( $user->getName(), $status );
 		}
 
-		if ( !$displayPassword || !$status->isGood() ) {
-			return $status;
-		} else {
-			return $status2;
-		}
+		return $status;
 	}
 
 	/**
@@ -128,22 +118,22 @@ class PasswordReset implements LoggerAwareInterface {
 	 * Process the form.  At this point we know that the user passes all the criteria in
 	 * userCanExecute(), and if the data array contains 'Username', etc, then Username
 	 * resets are allowed.
+	 *
+	 * @since 1.29 Fourth argument for displayPassword removed.
 	 * @param User $performingUser The user that does the password reset
 	 * @param string $username The user whose password is reset
 	 * @param string $email Alternative way to specify the user
-	 * @param bool $displayPassword Whether to display the password
 	 * @return StatusValue Will contain the passwords as a username => password array if the
 	 *   $displayPassword flag was set
 	 * @throws LogicException When the user is not allowed to perform the action
 	 * @throws MWException On unexpected DB errors
 	 */
 	public function execute(
-		User $performingUser, $username = null, $email = null, $displayPassword = false
+		User $performingUser, $username = null, $email = null
 	) {
-		if ( !$this->isAllowed( $performingUser, $displayPassword )->isGood() ) {
-			$action = $this->isAllowed( $performingUser )->isGood() ? 'display' : 'reset';
+		if ( !$this->isAllowed( $performingUser )->isGood() ) {
 			throw new LogicException( 'User ' . $performingUser->getName()
-				. ' is not allowed to ' . $action . ' passwords' );
+				. ' is not allowed to reset passwords' );
 		}
 
 		$resetRoutes = $this->config->get( 'PasswordResetRoutes' )
@@ -169,7 +159,6 @@ class PasswordReset implements LoggerAwareInterface {
 		$data = [
 			'Username' => $username,
 			'Email' => $email,
-			'Capture' => $displayPassword ? '1' : null,
 		];
 		if ( !Hooks::run( 'SpecialPasswordResetOnSubmit', [ &$users, $data, &$error ] ) ) {
 			return StatusValue::newFatal( Message::newFromSpecifier( $error ) );
@@ -218,7 +207,6 @@ class PasswordReset implements LoggerAwareInterface {
 			$req = TemporaryPasswordAuthenticationRequest::newRandom();
 			$req->username = $user->getName();
 			$req->mailpassword = true;
-			$req->hasBackchannel = $displayPassword;
 			$req->caller = $performingUser->getName();
 			$status = $this->authManager->allowsAuthenticationDataChange( $req, true );
 			if ( $status->isGood() && $status->getValue() !== 'ignored' ) {
@@ -239,7 +227,6 @@ class PasswordReset implements LoggerAwareInterface {
 			'targetUsername' => $username,
 			'targetEmail' => $email,
 			'actualUser' => $firstUser->getName(),
-			'capture' => $displayPassword,
 		];
 
 		if ( !$result->isGood() ) {
@@ -253,25 +240,12 @@ class PasswordReset implements LoggerAwareInterface {
 		$passwords = [];
 		foreach ( $reqs as $req ) {
 			$this->authManager->changeAuthenticationData( $req );
-			// TODO record mail sending errors
-			if ( $displayPassword ) {
-				$passwords[$req->username] = $req->password;
-			}
 		}
 
-		if ( $displayPassword ) {
-			// The password capture thing is scary, so log
-			// at a higher warning level.
-			$this->logger->warning(
-				"{requestingUser} did password reset of {actualUser} with password capturing!",
-				$logContext
-			);
-		} else {
-			$this->logger->info(
-				"{requestingUser} did password reset of {actualUser}",
-				$logContext
-			);
-		}
+		$this->logger->info(
+			"{requestingUser} did password reset of {actualUser}",
+			$logContext
+		);
 
 		return StatusValue::newGood( $passwords );
 	}