Introduce SpecialPageFatalTest

[lhc/web/wiklou.git] / includes / auth / AuthManager.php
diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php

index 2adc00e..d3fd5fc 100644 (file)
--- a/includes/auth/AuthManager.php
+++ b/includes/auth/AuthManager.php
@@ -240,7 +240,7 @@ class AuthManager implements LoggerAwareInterface {
                 global $wgAuth;
  
                 if ( $wgAuth && !$wgAuth instanceof AuthManagerAuthPlugin ) {
-                       return call_user_func_array( [ $wgAuth, $method ], $params );
+                       return $wgAuth->$method( ...$params );
                 } else {
                         return $return;
                 }
@@ -771,7 +771,12 @@ class AuthManager implements LoggerAwareInterface {
                         $status = self::SEC_FAIL;
                 }
  
-               $this->logger->info( __METHOD__ . ": $operation is $status" );
+               $this->logger->info( __METHOD__ . ": $operation is $status for '{user}'",
+                       [
+                               'user' => $session->getUser()->getName(),
+                               'clientip' => $this->getRequest()->getIP(),
+                       ]
+               );
  
                 return $status;
         }
@@ -881,8 +886,11 @@ class AuthManager implements LoggerAwareInterface {
          * returned success.
          *
          * @param AuthenticationRequest $req
+        * @param bool $isAddition Set true if this represents an addition of
+        *  credentials rather than a change. The main difference is that additions
+        *  should not invalidate BotPasswords. If you're not sure, leave it false.
          */
-       public function changeAuthenticationData( AuthenticationRequest $req ) {
+       public function changeAuthenticationData( AuthenticationRequest $req, $isAddition = false ) {
                 $this->logger->info( 'Changing authentication data for {user} class {what}', [
                         'user' => is_string( $req->username ) ? $req->username : '<no name>',
                         'what' => get_class( $req ),
@@ -892,7 +900,9 @@ class AuthManager implements LoggerAwareInterface {
  
                 // When the main account's authentication data is changed, invalidate
                 // all BotPasswords too.
-               \BotPassword::invalidateAllPasswordsForUser( $req->username );
+               if ( !$isAddition ) {
+                       \BotPassword::invalidateAllPasswordsForUser( $req->username );
+               }
         }
  
         /**@}*/
@@ -985,7 +995,7 @@ class AuthManager implements LoggerAwareInterface {
                 if ( $permErrors ) {
                         $status = Status::newGood();
                         foreach ( $permErrors as $args ) {
-                               call_user_func_array( [ $status, 'fatal' ], $args );
+                               $status->fatal( ...$args );
                         }
                         return $status;
                 }
@@ -2244,7 +2254,7 @@ class AuthManager implements LoggerAwareInterface {
          * Fetch authentication data from the current session
          * @protected For use by AuthenticationProviders
          * @param string $key
-        * @param mixed $default
+        * @param mixed|null $default
          * @return mixed
          */
         public function getAuthenticationSessionData( $key, $default = null ) {
@@ -2427,7 +2437,7 @@ class AuthManager implements LoggerAwareInterface {
                         $providers += $this->getSecondaryAuthenticationProviders();
                 }
                 foreach ( $providers as $provider ) {
-                       call_user_func_array( [ $provider, $method ], $args );
+                       $provider->$method( ...$args );
                 }
         }