X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fauth%2FTemporaryPasswordPrimaryAuthenticationProvider.php;h=9962fa39025550edb5e77cd6504307ca4c1c6d4f;hb=36395150104588f2afea866c330b683e4329fa48;hp=f5571c7309cd07b8f3a907ff1dfe05bdc108e17e;hpb=ba67060734ecfa835f54c83540c0c136db1690d7;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
index f5571c7309..4a2d0094eb 100644
--- a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
@@ -140,7 +140,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 		}
 
 		$status = $this->checkPasswordValidity( $username, $req->password );
-		if ( !$status->isOk() ) {
+		if ( !$status->isOK() ) {
 			// Fatal, can't log in
 			return AuthenticationResponse::newFail( $status->getMessage() );
 		}
@@ -154,6 +154,16 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 			return $this->failResponse( $req );
 		}
 
+		// Add an extra log entry since a temporary password is
+		// an unusual way to log in, so its important to keep track
+		// of in case of abuse.
+		$this->logger->info( "{user} successfully logged in using temp password",
+			[
+				'user' => $username,
+				'requestIP' => $this->manager->getRequest()->getIP()
+			]
+		);
+
 		$this->setPasswordResetFlag( $username, $status );
 
 		return AuthenticationResponse::newPass( $username );
@@ -236,7 +246,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 			$sv->merge( $this->checkPasswordValidity( $username, $req->password ) );
 
 			if ( $req->mailpassword ) {
-				if ( !$this->emailEnabled && !$req->hasBackchannel ) {
+				if ( !$this->emailEnabled ) {
 					return \StatusValue::newFatal( 'passwordreset-emaildisabled' );
 				}
 
@@ -304,10 +314,13 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 
 		if ( $sendMail ) {
 			// Send email after DB commit
-			$dbw->onTransactionIdle( function () use ( $req ) {
-				/** @var TemporaryPasswordAuthenticationRequest $req */
-				$this->sendPasswordResetEmail( $req );
-			} );
+			$dbw->onTransactionIdle(
+				function () use ( $req ) {
+					/** @var TemporaryPasswordAuthenticationRequest $req */
+					$this->sendPasswordResetEmail( $req );
+				},
+				__METHOD__
+			);
 		}
 	}
 
@@ -323,7 +336,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 
 		$ret = \StatusValue::newGood();
 		if ( $req ) {
-			if ( $req->mailpassword && !$req->hasBackchannel ) {
+			if ( $req->mailpassword ) {
 				if ( !$this->emailEnabled ) {
 					$ret->merge( \StatusValue::newFatal( 'emaildisabled' ) );
 				} elseif ( !$user->getEmail() ) {
@@ -347,7 +360,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 			if ( $req->username !== null && $req->password !== null ) {
 				// Nothing we can do yet, because the user isn't in the DB yet
 				if ( $req->username !== $user->getName() ) {
-					$req = clone( $req );
+					$req = clone $req;
 					$req->username = $user->getName();
 				}
 
@@ -375,9 +388,12 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 
 		if ( $mailpassword ) {
 			// Send email after DB commit
-			wfGetDB( DB_MASTER )->onTransactionIdle( function () use ( $user, $creator, $req ) {
-				$this->sendNewAccountEmail( $user, $creator, $req->password );
-			} );
+			wfGetDB( DB_MASTER )->onTransactionIdle(
+				function () use ( $user, $creator, $req ) {
+					$this->sendNewAccountEmail( $user, $creator, $req->password );
+				},
+				__METHOD__
+			);
 		}
 
 		return $mailpassword ? 'byemail' : null;