jenkins-bot has submitted this change and it was merged. Change subject: Reset all tokens on login ......................................................................
Reset all tokens on login Bug: T122056 Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed --- M includes/auth/AuthManager.php M includes/specials/pre-authmanager/SpecialUserlogin.php M includes/user/User.php 3 files changed, 3 insertions(+), 0 deletions(-) Approvals: Gergő Tisza: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php index 136ce26..69f51b8 100644 --- a/includes/auth/AuthManager.php +++ b/includes/auth/AuthManager.php @@ -2288,6 +2288,7 @@ $delay = $session->delaySave(); $session->resetId(); + $session->resetAllTokens(); if ( $session->canSetUser() ) { $session->setUser( $user ); } diff --git a/includes/specials/pre-authmanager/SpecialUserlogin.php b/includes/specials/pre-authmanager/SpecialUserlogin.php index e745129..8935a49 100644 --- a/includes/specials/pre-authmanager/SpecialUserlogin.php +++ b/includes/specials/pre-authmanager/SpecialUserlogin.php @@ -1718,6 +1718,7 @@ } SessionManager::getGlobalSession()->resetId(); + SessionManager::getGlobalSession()->resetAllTokens(); } /** diff --git a/includes/user/User.php b/includes/user/User.php index 70adc32..ff3171e 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -3904,6 +3904,7 @@ $session->setLoggedOutTimestamp( time() ); $session->setUser( new User ); $session->set( 'wsUserID', 0 ); // Other code expects this + $session->resetAllTokens(); ScopedCallback::consume( $delay ); $error = false; } -- To view, visit https://gerrit.wikimedia.org/r/289889 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Chad <ch...@wikimedia.org> Gerrit-Reviewer: Anomie <bjor...@wikimedia.org> Gerrit-Reviewer: Brian Wolff <bawolff...@gmail.com> Gerrit-Reviewer: Chad <ch...@wikimedia.org> Gerrit-Reviewer: Florianschmidtwelzow <florian.schmidt.stargatewis...@gmail.com> Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits