X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=blobdiff_plain;f=includes%2Fapi%2FApiLogin.php;h=6ac261dd3a00ed5067d30521d5a16483cbbcec98;hb=861739f340cace483812af9398f3576eb653fef1;hp=9bc0b3a4339549cb06b91582129f2e20814eab7d;hpb=bb8608c98a3d677d8557dd7056a7434c7c38c055;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index 9bc0b3a433..6ac261dd3a 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -110,17 +110,18 @@ class ApiLogin extends ApiBase {
 		}
 
 		// Try bot passwords
-		if ( $authRes === false && $this->getConfig()->get( 'EnableBotPasswords' ) &&
-			strpos( $params['name'], BotPassword::getSeparator() ) !== false
+		if (
+			$authRes === false && $this->getConfig()->get( 'EnableBotPasswords' ) &&
+			( $botLoginData = BotPassword::canonicalizeLoginData( $params['name'], $params['password'] ) )
 		) {
 			$status = BotPassword::login(
-				$params['name'], $params['password'], $this->getRequest()
+				$botLoginData[0], $botLoginData[1], $this->getRequest()
 			);
 			if ( $status->isOK() ) {
 				$session = $status->getValue();
 				$authRes = 'Success';
 				$loginType = 'BotPassword';
-			} else {
+			} elseif ( !$botLoginData[2] ) {
 				$authRes = 'Failed';
 				$message = $status->getMessage();
 				LoggerFactory::getInstance( 'authentication' )->info(
@@ -189,15 +190,6 @@ class ApiLogin extends ApiBase {
 
 				$result['lguserid'] = intval( $user->getId() );
 				$result['lgusername'] = $user->getName();
-
-				// @todo: These are deprecated, and should be removed at some
-				// point (1.28 at the earliest, and see T121527). They were ok
-				// when the core cookie-based login was the only thing, but
-				// CentralAuth broke that a while back and
-				// SessionManager/AuthManager *really* break it.
-				$result['lgtoken'] = $user->getToken();
-				$result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
-				$result['sessionid'] = $session->getId();
 				break;
 
 			case 'NeedToken':
@@ -205,10 +197,6 @@ class ApiLogin extends ApiBase {
 				$this->setWarning( 'Fetching a token via action=login is deprecated. ' .
 				   'Use action=query&meta=tokens&type=login instead.' );
 				$this->logFeatureUsage( 'action=login&!lgtoken' );
-
-				// @todo: See above about deprecation
-				$result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
-				$result['sessionid'] = $session->getId();
 				break;
 
 			case 'WrongToken':