Merge "objectcache: make BagOStuff::add() abstract to discourage non-atomic versions"

[lhc/web/wiklou.git] / includes / user / PasswordReset.php

diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php
index 39c0c1b..ef104cc 100644 (file)
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@@ -240,7 +240,9 @@ class PasswordReset implements LoggerAwareInterface {
 
                $passwords = [];
                foreach ( $reqs as $req ) {
-                       $this->authManager->changeAuthenticationData( $req );
+                       // This is adding a new temporary password, not intentionally changing anything
+                       // (even though it might technically invalidate an old temporary password).
+                       $this->authManager->changeAuthenticationData( $req, /* $isAddition */ true );
                }
 
                $this->logger->info(
@@ -268,7 +270,7 @@ class PasswordReset implements LoggerAwareInterface {
                        // Normal block. Maybe it was meant for someone else and the user just needs to log in;
                        // or maybe it was issued specifically to prevent some IP from messing with password
                        // reset? Go out on a limb and use the registration allowed flag to decide.
-                       return $block->prevents( 'createaccount' );
+                       return $block->isCreateAccountBlocked();
                } elseif ( $type === 'proxy' ) {
                        // we disallow actions through proxy even if the user is logged in
                        // so it makes sense to disallow password resets as well