Anomie has uploaded a new change for review. https://gerrit.wikimedia.org/r/98568
Change subject: Correct failure message when account is locked ...................................................................... Correct failure message when account is locked When the account is globally locked, CentralAuth will currently fail the password check leading to a message "Incorrect password entered." This is misleading and causes unnecessary bug reports such as bug 53755 and bug 57791. CentralAuth should instead produce a message informing the user that their account is globally locked, along the lines of 'login-userblocked' used when $wgBlockDisablesLogin is set and the user is locally blocked. Bug: 57866 Change-Id: I5674ed88a002cb9a0e0b09e040450f75906e058a --- M CentralAuth.i18n.php M CentralAuth.php M CentralAuthHooks.php 3 files changed, 30 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralAuth refs/changes/68/98568/1 diff --git a/CentralAuth.i18n.php b/CentralAuth.i18n.php index 9df3369..cdc06e5 100644 --- a/CentralAuth.i18n.php +++ b/CentralAuth.i18n.php @@ -268,6 +268,7 @@ 'centralauth-logout-no-others' => 'You have been automatically logged out of other projects of {{int:Centralauth-groupname}}.', 'centralauth-hidden-blockreason' => 'globally hidden by $1 at $2 with following reason: $3', 'centralauth-welcomecreation-msg' => '', # do not translate or duplicate this message to other languages + 'centralauth-login-error-locked' => 'You cannot log in because your account is globally locked.', // Logging 'centralauth-log-name' => 'Global account log', @@ -877,6 +878,8 @@ * $1 - username * $2 - ... * $3 - reason', + 'centralauth-login-error-locked' => "Message displayed while login is not possible because the acting user's account is locked. Parameters: +* $1 - username", 'centralauth-log-name' => '{{doc-logpage}}', 'centralauth-log-entry-delete' => 'Parameters: * $1 - username diff --git a/CentralAuth.php b/CentralAuth.php index 0026379..2b265c7 100644 --- a/CentralAuth.php +++ b/CentralAuth.php @@ -252,6 +252,7 @@ $wgHooks['AddNewAccount'][] = 'CentralAuthHooks::onAddNewAccount'; $wgHooks['GetPreferences'][] = 'CentralAuthHooks::onGetPreferences'; $wgHooks['AbortNewAccount'][] = 'CentralAuthHooks::onAbortNewAccount'; +$wgHooks['AbortLogin'][] = 'CentralAuthHooks::onAbortLogin'; $wgHooks['UserLoginComplete'][] = 'CentralAuthHooks::onUserLoginComplete'; $wgHooks['UserLoadFromSession'][] = 'CentralAuthHooks::onUserLoadFromSession'; $wgHooks['UserLogout'][] = 'CentralAuthHooks::onUserLogout'; diff --git a/CentralAuthHooks.php b/CentralAuthHooks.php index dc7bd1e..5740d2b 100644 --- a/CentralAuthHooks.php +++ b/CentralAuthHooks.php @@ -255,6 +255,32 @@ } /** + * @param User $user + * @param string $pass + * @param integer &$retval + * @param string &$msg + * @return bool + */ + static function onAbortLogin( $user, $pass, &$retval, &$msg ) { + $centralUser = CentralAuthUser::getInstance( $user ); + switch ( (string)$centralUser->canAuthenticate() ) { + case '1': // boolean true + return true; + + case 'no user': + // If they're local, we still want to let them log in. And if they + // don't exist, this hook wouldn't have even been called. + return true; + + case 'locked': + $msg = 'centralauth-login-error-locked'; + $retval = LoginForm::USER_BLOCKED; + return false; + } + return true; + } + + /** * Show a nicer error when the user account does not exist on the local wiki, but * does exist globally * @param $users Array -- To view, visit https://gerrit.wikimedia.org/r/98568 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5674ed88a002cb9a0e0b09e040450f75906e058a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/CentralAuth Gerrit-Branch: master Gerrit-Owner: Anomie <bjor...@wikimedia.org> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits