$passwords = [];
foreach ( $reqs as $req ) {
- $this->authManager->changeAuthenticationData( $req );
+ // This is adding a new temporary password, not intentionally changing anything
+ // (even though it might technically invalidate an old temporary password).
+ $this->authManager->changeAuthenticationData( $req, /* $isAddition */ true );
}
$this->logger->info(
// Normal block. Maybe it was meant for someone else and the user just needs to log in;
// or maybe it was issued specifically to prevent some IP from messing with password
// reset? Go out on a limb and use the registration allowed flag to decide.
- return $block->prevents( 'createaccount' );
+ return $block->isCreateAccountBlocked();
} elseif ( $type === 'proxy' ) {
// we disallow actions through proxy even if the user is logged in
// so it makes sense to disallow password resets as well