Anomie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/98568
Change subject: Correct failure message when account is locked
......................................................................
Correct failure message when account is locked
When the account is globally locked, CentralAuth will currently fail the
password check leading to a message "Incorrect password entered." This
is misleading and causes unnecessary bug reports such as bug 53755 and
bug 57791.
CentralAuth should instead produce a message informing the user that
their account is globally locked, along the lines of 'login-userblocked'
used when $wgBlockDisablesLogin is set and the user is locally blocked.
Bug: 57866
Change-Id: I5674ed88a002cb9a0e0b09e040450f75906e058a
---
M CentralAuth.i18n.php
M CentralAuth.php
M CentralAuthHooks.php
3 files changed, 30 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth
refs/changes/68/98568/1
diff --git a/CentralAuth.i18n.php b/CentralAuth.i18n.php
index 9df3369..cdc06e5 100644
--- a/CentralAuth.i18n.php
+++ b/CentralAuth.i18n.php
@@ -268,6 +268,7 @@
'centralauth-logout-no-others' => 'You have been automatically logged
out of other projects of {{int:Centralauth-groupname}}.',
'centralauth-hidden-blockreason' => 'globally hidden by $1 at $2 with
following reason: $3',
'centralauth-welcomecreation-msg' => '', # do not translate or
duplicate this message to other languages
+ 'centralauth-login-error-locked' => 'You cannot log in because your
account is globally locked.',
// Logging
'centralauth-log-name' => 'Global account log',
@@ -877,6 +878,8 @@
* $1 - username
* $2 - ...
* $3 - reason',
+ 'centralauth-login-error-locked' => "Message displayed while login is
not possible because the acting user's account is locked. Parameters:
+* $1 - username",
'centralauth-log-name' => '{{doc-logpage}}',
'centralauth-log-entry-delete' => 'Parameters:
* $1 - username
diff --git a/CentralAuth.php b/CentralAuth.php
index 0026379..2b265c7 100644
--- a/CentralAuth.php
+++ b/CentralAuth.php
@@ -252,6 +252,7 @@
$wgHooks['AddNewAccount'][] = 'CentralAuthHooks::onAddNewAccount';
$wgHooks['GetPreferences'][] = 'CentralAuthHooks::onGetPreferences';
$wgHooks['AbortNewAccount'][] = 'CentralAuthHooks::onAbortNewAccount';
+$wgHooks['AbortLogin'][] = 'CentralAuthHooks::onAbortLogin';
$wgHooks['UserLoginComplete'][] = 'CentralAuthHooks::onUserLoginComplete';
$wgHooks['UserLoadFromSession'][] = 'CentralAuthHooks::onUserLoadFromSession';
$wgHooks['UserLogout'][] = 'CentralAuthHooks::onUserLogout';
diff --git a/CentralAuthHooks.php b/CentralAuthHooks.php
index dc7bd1e..5740d2b 100644
--- a/CentralAuthHooks.php
+++ b/CentralAuthHooks.php
@@ -255,6 +255,32 @@
}
/**
+ * @param User $user
+ * @param string $pass
+ * @param integer &$retval
+ * @param string &$msg
+ * @return bool
+ */
+ static function onAbortLogin( $user, $pass, &$retval, &$msg ) {
+ $centralUser = CentralAuthUser::getInstance( $user );
+ switch ( (string)$centralUser->canAuthenticate() ) {
+ case '1': // boolean true
+ return true;
+
+ case 'no user':
+ // If they're local, we still want to let them log in.
And if they
+ // don't exist, this hook wouldn't have even been
called.
+ return true;
+
+ case 'locked':
+ $msg = 'centralauth-login-error-locked';
+ $retval = LoginForm::USER_BLOCKED;
+ return false;
+ }
+ return true;
+ }
+
+ /**
* Show a nicer error when the user account does not exist on the local
wiki, but
* does exist globally
* @param $users Array
--
To view, visit https://gerrit.wikimedia.org/r/98568
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5674ed88a002cb9a0e0b09e040450f75906e058a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
