jenkins-bot has submitted this change and it was merged.
Change subject: Reject authentication data change when there are warnings
......................................................................
Reject authentication data change when there are warnings
AuthManager uses a status which is OK but not good for authentication
data which is discouraged but still accepted for authentication.
Users should not be allowed to change credentials into such invalid state.
This change brings the web logic and the AuthPlugin fallback in sync with
the API which already used the stricter check.
Change-Id: I4ff54fcc901f6fe11f15ed60fc1a3d8753de9f6c
(cherry picked from commit d850025e603fc6f2bec3a80cdd17c027d8813341)
---
M includes/Preferences.php
M includes/auth/AuthManagerAuthPlugin.php
M includes/specialpage/AuthManagerSpecialPage.php
M includes/user/User.php
4 files changed, 4 insertions(+), 4 deletions(-)
Approvals:
Gergő Tisza: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/Preferences.php b/includes/Preferences.php
index 9a55ae3..3083a8d 100644
--- a/includes/Preferences.php
+++ b/includes/Preferences.php
@@ -296,7 +296,7 @@
$allowPasswordChange = $wgDisableAuthManager ?
$wgAuth->allowPasswordChange()
:
AuthManager::singleton()->allowsAuthenticationDataChange(
- new PasswordAuthenticationRequest(), false );
+ new PasswordAuthenticationRequest(), false
)->isGood();
if ( $canEditPrivateInfo && $allowPasswordChange ) {
$link = Linker::link( SpecialPage::getTitleFor(
'ChangePassword' ),
$context->msg( 'prefs-resetpass' )->escaped(),
[],
diff --git a/includes/auth/AuthManagerAuthPlugin.php
b/includes/auth/AuthManagerAuthPlugin.php
index bf1e021..8d85b44 100644
--- a/includes/auth/AuthManagerAuthPlugin.php
+++ b/includes/auth/AuthManagerAuthPlugin.php
@@ -131,7 +131,7 @@
$reqs = AuthenticationRequest::loadRequestsFromSubmission(
$reqs, $data );
foreach ( $reqs as $req ) {
$status =
AuthManager::singleton()->allowsAuthenticationDataChange( $req );
- if ( !$status->isOk() ) {
+ if ( !$status->isGood() ) {
$this->logger->info( __METHOD__ . ': Password
change rejected: {reason}', [
'username' => $data['username'],
'reason' => $status->getWikiText( null,
null, 'en' ),
diff --git a/includes/specialpage/AuthManagerSpecialPage.php
b/includes/specialpage/AuthManagerSpecialPage.php
index 7866c12..41380f0 100644
--- a/includes/specialpage/AuthManagerSpecialPage.php
+++ b/includes/specialpage/AuthManagerSpecialPage.php
@@ -375,7 +375,7 @@
$req = reset( $requests );
$status =
$authManager->allowsAuthenticationDataChange( $req );
Hooks::run( 'ChangeAuthenticationDataAudit', [
$req, $status ] );
- if ( !$status->isOK() ) {
+ if ( !$status->isGood() ) {
return AuthenticationResponse::newFail(
$status->getMessage() );
}
$authManager->changeAuthenticationData( $req );
diff --git a/includes/user/User.php b/includes/user/User.php
index 9e50f36..8ecf468 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -2569,7 +2569,7 @@
$reqs =
AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
foreach ( $reqs as $req ) {
$status =
$manager->allowsAuthenticationDataChange( $req );
- if ( !$status->isOk() ) {
+ if ( !$status->isGood() ) {
\MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' )
->info( __METHOD__ . ':
Password change rejected: ' . $status->getWikiText() );
return false;
--
To view, visit https://gerrit.wikimedia.org/r/293230
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I4ff54fcc901f6fe11f15ed60fc1a3d8753de9f6c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.28.0-wmf.5
Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
