From 89995281960123f54b915a10252b509cbbc022d2 Mon Sep 17 00:00:00 2001
From: Alexandre Emsenhuber <ialex.wiki@gmail.com>
Date: Mon, 12 Nov 2012 21:07:13 +0100
Subject: [PATCH] Fixes to the "reset password" mode of Special:ChangeEmail

- Use the current User object when the user modifies its own password instead of different object (so that the fields are correctly updated on that object)
- Only set the cookies when changing the password of the current user and not when resetting the user's password. This was hiding the problem below.
- Make the internal call to Special:UserLogin call from Special:ChangeEmail actually work.
  The problem is that the $this->mNewPass field is cleared by attemptReset(). This was hidden because of the above and because the user is always redirected.
- Do not show the form and the message after successful submission (this was hidden for the same reason as above).
- Let Special:UserLogin handle the redirect itself when calling (because it might want to show something, such as what is injected by the UserLoginComplete hook)

Change-Id: I6cf15e23c905dad9612bab76a2dae5eb613fea9b
---
 includes/specials/SpecialChangePassword.php | 25 ++++++++++++++++-----
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 6280eb465c..fba2bf084b 100644
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -73,8 +73,10 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 				}
 
 				$this->attemptReset( $this->mNewpass, $this->mRetype );
-				$this->getOutput()->addWikiMsg( 'resetpass_success' );
-				if( !$user->isLoggedIn() ) {
+
+				if( $user->isLoggedIn() ) {
+					$this->doReturnTo();
+				} else {
 					LoginForm::setLoginToken();
 					$token = LoginForm::getLoginToken();
 					$data = array(
@@ -82,7 +84,7 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 						'wpName'       => $this->mUserName,
 						'wpDomain'     => $this->mDomain,
 						'wpLoginToken' => $token,
-						'wpPassword'   => $this->mNewpass,
+						'wpPassword'   => $request->getVal( 'wpNewPassword' ),
 						'returnto'     => $request->getVal( 'returnto' ),
 					);
 					if( $request->getCheck( 'wpRemember' ) ) {
@@ -92,7 +94,7 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 					$login->setContext( $this->getContext() );
 					$login->execute( null );
 				}
-				$this->doReturnTo();
+				return;
 			} catch( PasswordError $e ) {
 				$this->error( $e->getMessage() );
 			}
@@ -216,7 +218,13 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 	 * @throws PasswordError when cannot set the new password because requirements not met.
 	 */
 	protected function attemptReset( $newpass, $retype ) {
-		$user = User::newFromName( $this->mUserName );
+		$isSelf = ( $this->mUserName === $this->getUser()->getName() );
+		if ( $isSelf ) {
+			$user = $this->getUser();
+		} else {
+			$user = User::newFromName( $this->mUserName );
+		}
+
 		if( !$user || $user->isAnon() ) {
 			throw new PasswordError( $this->msg( 'nosuchusershort', $this->mUserName )->text() );
 		}
@@ -250,7 +258,12 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 			throw new PasswordError( $e->getMessage() );
 		}
 
-		$user->setCookies();
+		if ( $isSelf ) {
+			// This is needed to keep the user connected since
+			// changing the password also modifies the user's token.
+			$user->setCookies();
+		}
+
 		$user->saveSettings();
 	}
 }
-- 
2.20.1