From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Tue, 15 Dec 2015 16:11:27 +0000 (-0500)
Subject: ApiLogin: Deprecate certain response values
X-Git-Tag: 1.31.0-rc.0~8665^2
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/journal.php?a=commitdiff_plain;h=913f6f2bfb38ca0d51fe1c88aec54b45ce818970;p=lhc%2Fweb%2Fwiklou.git

ApiLogin: Deprecate certain response values

It's been a while since clients could reliably construct the cookie
values from these parameters, and it's only going to get worse. So let's
just kill them; the first step is to mark them as deprecated.

Bug: T121527
Change-Id: I6a1a0c7e253e4c651bc0149e956f8767ee6e8b80
---

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 1d6d4047fa..ef14ada1e8 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -130,6 +130,9 @@ production.
   the text before diffing it.
 * Deprecated formats dbg, txt, and yaml have been removed.
 * (T47988) The protect log event details now use new-style formatting.
+* The following response properties from action=login are deprecated, and may
+  be removed in the future: lgtoken, cookieprefix, sessionid. Clients should
+  handle cookies to properly manage session state.
 
 === Action API internal changes in 1.27 ===
 * ApiQueryORM removed.
diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index c66e215634..eb376d3f80 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -99,6 +99,12 @@ class ApiLogin extends ApiBase {
 				$result['result'] = 'Success';
 				$result['lguserid'] = intval( $user->getId() );
 				$result['lgusername'] = $user->getName();
+
+				// @todo: These are deprecated, and should be removed at some
+				// point (1.28 at the earliest, and see T121527). They were ok
+				// when the core cookie-based login was the only thing, but
+				// CentralAuth broke that a while back and
+				// SessionManager/AuthManager are *really* going to break it.
 				$result['lgtoken'] = $user->getToken();
 				$result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
 				$result['sessionid'] = session_id();
@@ -107,6 +113,8 @@ class ApiLogin extends ApiBase {
 			case LoginForm::NEED_TOKEN:
 				$result['result'] = 'NeedToken';
 				$result['token'] = $loginForm->getLoginToken();
+
+				// @todo: See above about deprecation
 				$result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
 				$result['sessionid'] = session_id();
 				break;