From: Chad Horohoe <chadh@wikimedia.org>
Date: Tue, 31 May 2016 19:20:05 +0000 (-0700)
Subject: Reset all tokens on login
X-Git-Tag: 1.31.0-rc.0~6751^2
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/modifier.php?a=commitdiff_plain;h=ca831d5f4535146dc1ddd19059d981f4deb01126;p=lhc%2Fweb%2Fwiklou.git

Reset all tokens on login

Bug: T122056
Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed
---

diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php
index 136ce262a7..69f51b899f 100644
--- a/includes/auth/AuthManager.php
+++ b/includes/auth/AuthManager.php
@@ -2288,6 +2288,7 @@ class AuthManager implements LoggerAwareInterface {
 		$delay = $session->delaySave();
 
 		$session->resetId();
+		$session->resetAllTokens();
 		if ( $session->canSetUser() ) {
 			$session->setUser( $user );
 		}
diff --git a/includes/specials/pre-authmanager/SpecialUserlogin.php b/includes/specials/pre-authmanager/SpecialUserlogin.php
index e745129427..8935a490bb 100644
--- a/includes/specials/pre-authmanager/SpecialUserlogin.php
+++ b/includes/specials/pre-authmanager/SpecialUserlogin.php
@@ -1718,6 +1718,7 @@ class LoginFormPreAuthManager extends SpecialPage {
 		}
 
 		SessionManager::getGlobalSession()->resetId();
+		SessionManager::getGlobalSession()->resetAllTokens();
 	}
 
 	/**
diff --git a/includes/user/User.php b/includes/user/User.php
index 70adc32d22..ff3171ef20 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -3904,6 +3904,7 @@ class User implements IDBAccessObject {
 			$session->setLoggedOutTimestamp( time() );
 			$session->setUser( new User );
 			$session->set( 'wsUserID', 0 ); // Other code expects this
+			$session->resetAllTokens();
 			ScopedCallback::consume( $delay );
 			$error = false;
 		}