AuthManager: Don't invalidate BotPasswords if a password reset email is sent

[lhc/web/wiklou.git] / includes / auth / ConfirmLinkSecondaryAuthenticationProvider.php

diff --git a/includes/auth/ConfirmLinkSecondaryAuthenticationProvider.php b/includes/auth/ConfirmLinkSecondaryAuthenticationProvider.php
index 7f121cd..c2d730c 100644 (file)
--- a/includes/auth/ConfirmLinkSecondaryAuthenticationProvider.php
+++ b/includes/auth/ConfirmLinkSecondaryAuthenticationProvider.php
@@ -119,7 +119,9 @@ class ConfirmLinkSecondaryAuthenticationProvider extends AbstractSecondaryAuthen
                                $status = $this->manager->allowsAuthenticationDataChange( $req );
                                $statuses[] = [ $req, $status ];
                                if ( $status->isGood() ) {
-                                       $this->manager->changeAuthenticationData( $req );
+                                       // We're not changing credentials, just adding a new link
+                                       // to an already-known user.
+                                       $this->manager->changeAuthenticationData( $req, /* $isAddition */ true );
                                } else {
                                        $anyFailed = true;
                                }