X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fauth%2FTemporaryPasswordPrimaryAuthenticationProvider.php;h=e129538bbca87aa76dcf27e89676d24e62049e0c;hb=08e27d6d40ed2f6eea8abc509254e11c92212a8d;hp=0ef13b34ecbe9fc2f514c1d45fc9ef9fa93fdca8;hpb=da0c275136ee45d071226863ff580ca49968a1ba;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
index 0ef13b34ec..e129538bbc 100644
--- a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
@@ -146,7 +146,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 		}
 
 		$pwhash = $this->getPassword( $row->user_newpassword );
-		if ( !$pwhash->equals( $req->password ) ) {
+		if ( !$pwhash->verify( $req->password ) ) {
 			return $this->failResponse( $req );
 		}
 
@@ -356,23 +356,21 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 		$req = AuthenticationRequest::getRequestByClass(
 			$reqs, TemporaryPasswordAuthenticationRequest::class
 		);
-		if ( $req ) {
-			if ( $req->username !== null && $req->password !== null ) {
-				// Nothing we can do yet, because the user isn't in the DB yet
-				if ( $req->username !== $user->getName() ) {
-					$req = clone $req;
-					$req->username = $user->getName();
-				}
-
-				if ( $req->mailpassword ) {
-					// prevent EmailNotificationSecondaryAuthenticationProvider from sending another mail
-					$this->manager->setAuthenticationSessionData( 'no-email', true );
-				}
+		if ( $req && $req->username !== null && $req->password !== null ) {
+			// Nothing we can do yet, because the user isn't in the DB yet
+			if ( $req->username !== $user->getName() ) {
+				$req = clone $req;
+				$req->username = $user->getName();
+			}
 
-				$ret = AuthenticationResponse::newPass( $req->username );
-				$ret->createRequest = $req;
-				return $ret;
+			if ( $req->mailpassword ) {
+				// prevent EmailNotificationSecondaryAuthenticationProvider from sending another mail
+				$this->manager->setAuthenticationSessionData( 'no-email', true );
 			}
+
+			$ret = AuthenticationResponse::newPass( $req->username );
+			$ret->createRequest = $req;
+			return $ret;
 		}
 		return AuthenticationResponse::newAbstain();
 	}