dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
AuthManager: Don't invalidate BotPasswords if a password reset email is sent
[lhc/web/wiklou.git] / includes / user / PasswordReset.php
diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php
index b5f7f6a..a1638ea 100644 (file)
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@@ -238,7 +238,9 @@ class PasswordReset implements LoggerAwareInterface {
                }
 
                foreach ( $reqs as $req ) {
-                       $this->authManager->changeAuthenticationData( $req );
+                       // This is adding a new temporary password, not intentionally changing anything
+                       // (even though it might technically invalidate an old temporary password).
+                       $this->authManager->changeAuthenticationData( $req, /* $isAddition */ true );
                }
 
                $this->logger->info(
Wiklou, le Wiki du Wiklou