/**
* In-process cache for isAllowed lookups, by username.
* Contains a StatusValue object
- * @var HashBagOStuff
+ * @var MapCacheLRU
*/
private $permissionCache;
public function __construct( Config $config, AuthManager $authManager ) {
$this->config = $config;
$this->authManager = $authManager;
- $this->permissionCache = new HashBagOStuff( [ 'maxKeys' => 1 ] );
+ $this->permissionCache = new MapCacheLRU( 1 );
$this->logger = LoggerFactory::getInstance( 'authentication' );
}
$passwords = [];
foreach ( $reqs as $req ) {
- $this->authManager->changeAuthenticationData( $req );
+ // This is adding a new temporary password, not intentionally changing anything
+ // (even though it might technically invalidate an old temporary password).
+ $this->authManager->changeAuthenticationData( $req, /* $isAddition */ true );
}
$this->logger->info(
// Normal block. Maybe it was meant for someone else and the user just needs to log in;
// or maybe it was issued specifically to prevent some IP from messing with password
// reset? Go out on a limb and use the registration allowed flag to decide.
- return $block->prevents( 'createaccount' );
+ return $block->isCreateAccountBlocked();
} elseif ( $type === 'proxy' ) {
// we disallow actions through proxy even if the user is logged in
// so it makes sense to disallow password resets as well