Merge "Add CollationFa"

[lhc/web/wiklou.git] / includes / auth / TemporaryPasswordPrimaryAuthenticationProvider.php

diff --git a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
index 9962fa3..44c2824 100644 (file)
--- a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
@@ -154,6 +154,16 @@ class TemporaryPasswordPrimaryAuthenticationProvider
                        return $this->failResponse( $req );
                }
 
+               // Add an extra log entry since a temporary password is
+               // an unusual way to log in, so its important to keep track
+               // of in case of abuse.
+               $this->logger->info( "{user} successfully logged in using temp password",
+                       [
+                               'user' => $username,
+                               'requestIP' => $this->manager->getRequest()->getIP()
+                       ]
+               );
+
                $this->setPasswordResetFlag( $username, $status );
 
                return AuthenticationResponse::newPass( $username );
@@ -236,7 +246,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
                        $sv->merge( $this->checkPasswordValidity( $username, $req->password ) );
 
                        if ( $req->mailpassword ) {
-                               if ( !$this->emailEnabled && !$req->hasBackchannel ) {
+                               if ( !$this->emailEnabled ) {
                                        return \StatusValue::newFatal( 'passwordreset-emaildisabled' );
                                }
 
@@ -326,7 +336,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 
                $ret = \StatusValue::newGood();
                if ( $req ) {
-                       if ( $req->mailpassword && !$req->hasBackchannel ) {
+                       if ( $req->mailpassword ) {
                                if ( !$this->emailEnabled ) {
                                        $ret->merge( \StatusValue::newFatal( 'emaildisabled' ) );
                                } elseif ( !$user->getEmail() ) {