X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2Fauth%2FTemporaryPasswordPrimaryAuthenticationProvider.php;h=44c28241e20c1810848d941d223eb7f63a0bd0fa;hp=9962fa39025550edb5e77cd6504307ca4c1c6d4f;hb=ce079cf6ad79ca8d3360817f809b219d166f9153;hpb=320e4c56132681f811c2819e3e22e98715f46ae7

diff --git a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
index 9962fa3902..44c28241e2 100644
--- a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
@@ -154,6 +154,16 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 			return $this->failResponse( $req );
 		}
 
+		// Add an extra log entry since a temporary password is
+		// an unusual way to log in, so its important to keep track
+		// of in case of abuse.
+		$this->logger->info( "{user} successfully logged in using temp password",
+			[
+				'user' => $username,
+				'requestIP' => $this->manager->getRequest()->getIP()
+			]
+		);
+
 		$this->setPasswordResetFlag( $username, $status );
 
 		return AuthenticationResponse::newPass( $username );
@@ -236,7 +246,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 			$sv->merge( $this->checkPasswordValidity( $username, $req->password ) );
 
 			if ( $req->mailpassword ) {
-				if ( !$this->emailEnabled && !$req->hasBackchannel ) {
+				if ( !$this->emailEnabled ) {
 					return \StatusValue::newFatal( 'passwordreset-emaildisabled' );
 				}
 
@@ -326,7 +336,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider
 
 		$ret = \StatusValue::newGood();
 		if ( $req ) {
-			if ( $req->mailpassword && !$req->hasBackchannel ) {
+			if ( $req->mailpassword ) {
 				if ( !$this->emailEnabled ) {
 					$ret->merge( \StatusValue::newFatal( 'emaildisabled' ) );
 				} elseif ( !$user->getEmail() ) {