jenkins-bot has submitted this change and it was merged.
Change subject: Cleanup handling of unattached users in session and authn
providers
......................................................................
Cleanup handling of unattached users in session and authn providers
The SessionProviders' invalidateSessionsForUser() were invalidating even
if the local user exists and is unattached. It should only invalidate if
the local user is attached or doesn't yet exist.
CentralAuthPrimaryAuthenticationProvider had the opposite problem when
changing passwords: it would only change the password if the local
account exists and is attached, while for maintenance script use it
should also change the password when no local account exists for the
named user.
Change-Id: I67f8a9219eda9d1ae11381901ca642cf08a0cd0a
(cherry picked from commit c370f4579678697d5f3c61f0b02347c44ba6aa59)
---
M includes/CentralAuthPrimaryAuthenticationProvider.php
M includes/session/CentralAuthSessionProvider.php
M includes/session/CentralAuthTokenSessionProvider.php
3 files changed, 8 insertions(+), 4 deletions(-)
Approvals:
Gergő Tisza: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/CentralAuthPrimaryAuthenticationProvider.php
b/includes/CentralAuthPrimaryAuthenticationProvider.php
index a79e522..fef5a62 100644
--- a/includes/CentralAuthPrimaryAuthenticationProvider.php
+++ b/includes/CentralAuthPrimaryAuthenticationProvider.php
@@ -305,7 +305,9 @@
$username = User::getCanonicalName( $req->username,
'usable' );
if ( $username !== false ) {
$centralUser =
CentralAuthUser::getInstanceByName( $username );
- if ( $centralUser && $centralUser->isAttached()
) {
+ if ( $centralUser->exists() &&
+ ( $centralUser->isAttached() ||
!User::idFromName( $username, User::READ_LATEST ) )
+ ) {
$sv = StatusValue::newGood();
if ( $req->password !== null ) {
if ( $req->password !==
$req->retype ) {
@@ -330,7 +332,9 @@
if ( get_class( $req ) === PasswordAuthenticationRequest::class
) {
$centralUser =
CentralAuthUser::getMasterInstanceByName( $username );
- if ( $centralUser && $centralUser->isAttached() ) {
+ if ( $centralUser->exists() &&
+ ( $centralUser->isAttached() ||
!User::idFromName( $username, User::READ_LATEST ) )
+ ) {
$centralUser->setPassword( $req->password );
}
}
diff --git a/includes/session/CentralAuthSessionProvider.php
b/includes/session/CentralAuthSessionProvider.php
index 922c98d..13edb07 100644
--- a/includes/session/CentralAuthSessionProvider.php
+++ b/includes/session/CentralAuthSessionProvider.php
@@ -373,7 +373,7 @@
public function invalidateSessionsForUser( User $user ) {
$centralUser = CentralAuthUser::getMasterInstance( $user );
- if ( $centralUser->exists() ) {
+ if ( $centralUser->exists() && ( $centralUser->isAttached() ||
$user->isAnon() ) ) {
$centralUser->resetAuthToken();
}
}
diff --git a/includes/session/CentralAuthTokenSessionProvider.php
b/includes/session/CentralAuthTokenSessionProvider.php
index c2219d7..d6d45a5 100644
--- a/includes/session/CentralAuthTokenSessionProvider.php
+++ b/includes/session/CentralAuthTokenSessionProvider.php
@@ -151,7 +151,7 @@
public function invalidateSessionsForUser( User $user ) {
$centralUser = CentralAuthUser::getMasterInstance( $user );
- if ( $centralUser->exists() ) {
+ if ( $centralUser->exists() && ( $centralUser->isAttached() ||
$user->isAnon() ) ) {
$centralUser->resetAuthToken();
}
}
--
To view, visit https://gerrit.wikimedia.org/r/299901
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I67f8a9219eda9d1ae11381901ca642cf08a0cd0a
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralAuth
Gerrit-Branch: REL1_27
Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
