From: Mark A. Hershberger <mah@users.mediawiki.org>
Date: Thu, 17 Nov 2011 15:16:03 +0000 (+0000)
Subject: Adapt and re-apply Michael Newton's patch from Bug 24464 - Execute
X-Git-Tag: 1.31.0-rc.0~26444
X-Git-Url: https://git.cyclocoop.org/%27.%24link.%27?a=commitdiff_plain;h=8eb1dd2944f7b4d5217025b54fd50e72c1e4a25f;p=lhc%2Fweb%2Fwiklou.git

Adapt and re-apply Michael Newton's patch from Bug 24464 - Execute
LoginAuthenticateAudit hook more often.

Also updated release notes.
---

diff --git a/RELEASE-NOTES-1.19 b/RELEASE-NOTES-1.19
index bcec1a4407..21b86aa8f5 100644
--- a/RELEASE-NOTES-1.19
+++ b/RELEASE-NOTES-1.19
@@ -11,6 +11,9 @@ MediaWiki 1.19 is an alpha-quality branch and is not recommended for use in
 production.
 
 === Configuration changes in 1.19 ===
+* Changed LoginAuthenticateAudit hook so that it may be called before a
+  valid user is available.  In those cases, an anonymouse user object
+  will be supplied
 * Removed SkinTemplateSetupPageCss hook; use BeforePageDisplay instead.
 * (bug 27132) movefile right granted by default to registered users.
 * Default cookie lifetime ($wgCookieExpiration) is increased to 180 days.
diff --git a/docs/hooks.txt b/docs/hooks.txt
index 3536c35029..3652c3a050 100644
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -1212,8 +1212,10 @@ $param: Associative Array with the following additional options:
  - wrap String Wrap the message in html (usually something like "&lt;div ...>$1&lt;/div>").
  - flags Integer display flags (NO_ACTION_LINK,NO_EXTRA_USER_LINKS)
 
-'LoginAuthenticateAudit': a login attempt for a valid user account either
-succeeded or failed. No return data is accepted; this hook is for auditing only.
+'LoginAuthenticateAudit': a login attempt either succeeded or
+failed. This may be called before the User object is populated, so a
+user object equivalent to an anonymous user. No return data is
+accepted; this hook is for auditing only.
 $user: the User object being authenticated against
 $password: the password being submitted and found wanting
 $retval: a LoginForm class constant with authenticateUserData() return
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 8892d9778a..2255fc1def 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -475,6 +475,7 @@ class LoginForm extends SpecialPage {
 		$this->load();
 
 		if ( $this->mUsername == '' ) {
+			wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NO_NAME ) );
 			return self::NO_NAME;
 		}
 
@@ -486,20 +487,24 @@ class LoginForm extends SpecialPage {
 		// If the user doesn't have a login token yet, set one.
 		if ( !self::getLoginToken() ) {
 			self::setLoginToken();
+			wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NEED_TOKEN ) );
 			return self::NEED_TOKEN;
 		}
 		// If the user didn't pass a login token, tell them we need one
 		if ( !$this->mToken ) {
+			wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::NEED_TOKEN ) );
 			return self::NEED_TOKEN;
 		}
 
 		$throttleCount = self::incLoginThrottle( $this->mUsername );
 		if ( $throttleCount === true ) {
+			wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::THROTTLED ) );
 			return self::THROTTLED;
 		}
 
 		// Validate the login token
 		if ( $this->mToken !== self::getLoginToken() ) {
+			wfRunHooks( 'LoginAuthenticateAudit', array( new User, $this->mPassword, self::WRONG_TOKEN ) );
 			return self::WRONG_TOKEN;
 		}
 
@@ -520,6 +525,7 @@ class LoginForm extends SpecialPage {
 		# user choose a different wiki name.
 		$u = User::newFromName( $this->mUsername );
 		if( !( $u instanceof User ) || !User::isUsableName( $u->getName() ) ) {
+			wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, self::ILLEGAL ) );
 			return self::ILLEGAL;
 		}
 
@@ -527,6 +533,7 @@ class LoginForm extends SpecialPage {
 		if ( 0 == $u->getID() ) {
 			$status = $this->attemptAutoCreate( $u );
 			if ( $status !== self::SUCCESS ) {
+				wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, $status ) );
 				return $status;
 			} else {
 				$isAutoCreated = true;
@@ -547,6 +554,7 @@ class LoginForm extends SpecialPage {
 		// Give general extensions, such as a captcha, a chance to abort logins
 		$abort = self::ABORTED;
 		if( !wfRunHooks( 'AbortLogin', array( $u, $this->mPassword, &$abort, &$this->mAbortLoginErrorMsg ) ) ) {
+			wfRunHooks( 'LoginAuthenticateAudit', array( $u, $this->mPassword, $abort ) );
 			return $abort;
 		}