jenkins-bot has submitted this change and it was merged. Change subject: Cleanup handling of unattached users in session and authn providers ......................................................................
Cleanup handling of unattached users in session and authn providers The SessionProviders' invalidateSessionsForUser() were invalidating even if the local user exists and is unattached. It should only invalidate if the local user is attached or doesn't yet exist. CentralAuthPrimaryAuthenticationProvider had the opposite problem when changing passwords: it would only change the password if the local account exists and is attached, while for maintenance script use it should also change the password when no local account exists for the named user. Change-Id: I67f8a9219eda9d1ae11381901ca642cf08a0cd0a (cherry picked from commit c370f4579678697d5f3c61f0b02347c44ba6aa59) --- M includes/CentralAuthPrimaryAuthenticationProvider.php M includes/session/CentralAuthSessionProvider.php M includes/session/CentralAuthTokenSessionProvider.php 3 files changed, 8 insertions(+), 4 deletions(-) Approvals: Gergő Tisza: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/CentralAuthPrimaryAuthenticationProvider.php b/includes/CentralAuthPrimaryAuthenticationProvider.php index a79e522..fef5a62 100644 --- a/includes/CentralAuthPrimaryAuthenticationProvider.php +++ b/includes/CentralAuthPrimaryAuthenticationProvider.php @@ -305,7 +305,9 @@ $username = User::getCanonicalName( $req->username, 'usable' ); if ( $username !== false ) { $centralUser = CentralAuthUser::getInstanceByName( $username ); - if ( $centralUser && $centralUser->isAttached() ) { + if ( $centralUser->exists() && + ( $centralUser->isAttached() || !User::idFromName( $username, User::READ_LATEST ) ) + ) { $sv = StatusValue::newGood(); if ( $req->password !== null ) { if ( $req->password !== $req->retype ) { @@ -330,7 +332,9 @@ if ( get_class( $req ) === PasswordAuthenticationRequest::class ) { $centralUser = CentralAuthUser::getMasterInstanceByName( $username ); - if ( $centralUser && $centralUser->isAttached() ) { + if ( $centralUser->exists() && + ( $centralUser->isAttached() || !User::idFromName( $username, User::READ_LATEST ) ) + ) { $centralUser->setPassword( $req->password ); } } diff --git a/includes/session/CentralAuthSessionProvider.php b/includes/session/CentralAuthSessionProvider.php index 922c98d..13edb07 100644 --- a/includes/session/CentralAuthSessionProvider.php +++ b/includes/session/CentralAuthSessionProvider.php @@ -373,7 +373,7 @@ public function invalidateSessionsForUser( User $user ) { $centralUser = CentralAuthUser::getMasterInstance( $user ); - if ( $centralUser->exists() ) { + if ( $centralUser->exists() && ( $centralUser->isAttached() || $user->isAnon() ) ) { $centralUser->resetAuthToken(); } } diff --git a/includes/session/CentralAuthTokenSessionProvider.php b/includes/session/CentralAuthTokenSessionProvider.php index c2219d7..d6d45a5 100644 --- a/includes/session/CentralAuthTokenSessionProvider.php +++ b/includes/session/CentralAuthTokenSessionProvider.php @@ -151,7 +151,7 @@ public function invalidateSessionsForUser( User $user ) { $centralUser = CentralAuthUser::getMasterInstance( $user ); - if ( $centralUser->exists() ) { + if ( $centralUser->exists() && ( $centralUser->isAttached() || $user->isAnon() ) ) { $centralUser->resetAuthToken(); } } -- To view, visit https://gerrit.wikimedia.org/r/299901 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I67f8a9219eda9d1ae11381901ca642cf08a0cd0a Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/CentralAuth Gerrit-Branch: REL1_27 Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: Anomie <bjor...@wikimedia.org> Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits