jenkins-bot has submitted this change and it was merged.
Change subject: Move password update logic out of CentralAuthUser::matchHash()
......................................................................
Move password update logic out of CentralAuthUser::matchHash()
Bug: 71323
Change-Id: I12b7bc650798462f6b8549e5d3c3319dfc16b6ce
---
M includes/CentralAuthUser.php
1 file changed, 14 insertions(+), 11 deletions(-)
Approvals:
Aaron Schulz: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/CentralAuthUser.php b/includes/CentralAuthUser.php
index 15fa7a9..4f13876 100644
--- a/includes/CentralAuthUser.php
+++ b/includes/CentralAuthUser.php
@@ -996,7 +996,7 @@
// Look for accounts we can match by password
foreach ( $rows as $row ) {
$wiki = $row['wiki'];
- if ( $this->matchHash( $password, $row['id'],
$row['password'] ) ) {
+ if ( $this->matchHash( $password, $row['id'],
$row['password'] )->isGood() ) {
wfDebugLog( 'CentralAuth',
"Attaching '$this->mName' on $wiki by
password" );
$this->attach( $wiki, 'password' );
@@ -1580,9 +1580,14 @@
}
list( $salt, $crypt ) = $this->getPasswordHash();
- if ( $this->matchHash( $password, $salt, $crypt, /* $update =
*/ true ) ) {
+ $status = $this->matchHash( $password, $salt, $crypt );
+ if ( $status->isGood() ) {
wfDebugLog( 'CentralAuth',
"authentication for '$this->mName' succeeded" );
+ if ( User::getPasswordFactory()->needsUpdate(
$status->getValue() ) ) {
+ $this->setPassword( $password );
+ $this->saveSettings();
+ }
return "ok";
} else {
wfDebugLog( 'CentralAuth',
@@ -1612,10 +1617,9 @@
* @param $plaintext String User-provided password plaintext.
* @param $salt String The hash "salt", eg a local id for
migrated passwords.
* @param $encrypted String Fully salted and hashed database crypto
text from db.
- * @param $update Boolean Whether to update the password if
necessary
- * @return Bool true on match.
+ * @return Status
*/
- protected function matchHash( $plaintext, $salt, $encrypted, $update =
false ) {
+ protected function matchHash( $plaintext, $salt, $encrypted ) {
global $wgPasswordSalt;
$matched = false;
$passwordFactory = User::getPasswordFactory();
@@ -1640,12 +1644,11 @@
}
}
- if ( $update && $matched && $passwordFactory->needsUpdate(
$hash ) ) {
- $this->setPassword( $plaintext, false );
- $this->saveSettings();
+ if ( $matched ) {
+ return Status::newGood( $hash );
+ } else {
+ return Status::newFatal( 'bad' );
}
-
- return $matched;
}
/**
@@ -1656,7 +1659,7 @@
*/
protected function matchHashes( $passwords, $salt, $encrypted ) {
foreach ( $passwords as $plaintext ) {
- if ( $this->matchHash( $plaintext, $salt, $encrypted )
) {
+ if ( $this->matchHash( $plaintext, $salt, $encrypted
)->isGood() ) {
return true;
}
}
--
To view, visit https://gerrit.wikimedia.org/r/167859
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I12b7bc650798462f6b8549e5d3c3319dfc16b6ce
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: master
Gerrit-Owner: Legoktm <[email protected]>
Gerrit-Reviewer: Aaron Schulz <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
