X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2Fuser%2FBotPassword.php;h=6db219deecdabb155b1d75c444c169ec89cf9847;hp=187c0a9d3958031cb02d1b8c378bd7a70b2df45a;hb=a38af7ba26579bb3004f673e44d39710887763aa;hpb=13314ea479410f83a48dd8e450a0f44d12c4f05c diff --git a/includes/user/BotPassword.php b/includes/user/BotPassword.php index 187c0a9d39..6db219deec 100644 --- a/includes/user/BotPassword.php +++ b/includes/user/BotPassword.php @@ -459,21 +459,20 @@ class BotPassword implements IDBAccessObject { // Split name into name+appId $sep = self::getSeparator(); if ( strpos( $username, $sep ) === false ) { - return self::loginHook( $username, Status::newFatal( 'botpasswords-invalid-name', $sep ) ); + return self::loginHook( $username, null, Status::newFatal( 'botpasswords-invalid-name', $sep ) ); } list( $name, $appId ) = explode( $sep, $username, 2 ); // Find the named user $user = User::newFromName( $name ); if ( !$user || $user->isAnon() ) { - return self::loginHook( $user ?: $name, Status::newFatal( 'nosuchuser', $name ) ); + return self::loginHook( $user ?: $name, null, Status::newFatal( 'nosuchuser', $name ) ); } if ( $user->isLocked() ) { return Status::newFatal( 'botpasswords-locked' ); } - // Throttle $throttle = null; if ( !empty( $wgPasswordAttemptThrottle ) ) { $throttle = new MediaWiki\Auth\Throttler( $wgPasswordAttemptThrottle, [ @@ -483,39 +482,39 @@ class BotPassword implements IDBAccessObject { $result = $throttle->increase( $user->getName(), $request->getIP(), __METHOD__ ); if ( $result ) { $msg = wfMessage( 'login-throttled' )->durationParams( $result['wait'] ); - return self::loginHook( $user, Status::newFatal( $msg ) ); + return self::loginHook( $user, null, Status::newFatal( $msg ) ); } } // Get the bot password $bp = self::newFromUser( $user, $appId ); if ( !$bp ) { - return self::loginHook( $user, Status::newFatal( 'botpasswords-not-exist', $name, $appId ) ); + return self::loginHook( $user, $bp, + Status::newFatal( 'botpasswords-not-exist', $name, $appId ) ); } // Check restrictions $status = $bp->getRestrictions()->check( $request ); if ( !$status->isOK() ) { - return self::loginHook( $user, Status::newFatal( 'botpasswords-restriction-failed' ) ); + return self::loginHook( $user, $bp, Status::newFatal( 'botpasswords-restriction-failed' ) ); } // Check the password $passwordObj = $bp->getPassword(); if ( $passwordObj instanceof InvalidPassword ) { - return self::loginHook( $user, Status::newFatal( 'botpasswords-needs-reset', $name, $appId ) ); + return self::loginHook( $user, $bp, + Status::newFatal( 'botpasswords-needs-reset', $name, $appId ) ); } - if ( !$passwordObj->equals( $password ) ) { - return self::loginHook( $user, Status::newFatal( 'wrongpassword' ) ); + if ( !$passwordObj->verify( $password ) ) { + return self::loginHook( $user, $bp, Status::newFatal( 'wrongpassword' ) ); } // Ok! Create the session. if ( $throttle ) { $throttle->clear( $user->getName(), $request->getIP() ); } - return self::loginHook( - $user, - Status::newGood( $provider->newSessionForRequest( $user, $bp, $request ) ) - ); + return self::loginHook( $user, $bp, + Status::newGood( $provider->newSessionForRequest( $user, $bp, $request ) ) ); } /** @@ -525,12 +524,17 @@ class BotPassword implements IDBAccessObject { * AuthManager, call the AuthManagerLoginAuthenticateAudit hook. * * @param User|string $user User being logged in + * @param BotPassword|null $bp Bot sub-account, if it can be identified * @param Status $status Login status * @return Status The passed-in status */ - private static function loginHook( $user, Status $status ) { + private static function loginHook( $user, $bp, Status $status ) { + $extraData = []; if ( $user instanceof User ) { $name = $user->getName(); + if ( $bp ) { + $extraData['appId'] = $name . self::getSeparator() . $bp->getAppId(); + } } else { $name = $user; $user = null; @@ -541,7 +545,7 @@ class BotPassword implements IDBAccessObject { } else { $response = AuthenticationResponse::newFail( $status->getMessage() ); } - Hooks::run( 'AuthManagerLoginAuthenticateAudit', [ $response, $user, $name ] ); + Hooks::run( 'AuthManagerLoginAuthenticateAudit', [ $response, $user, $name, $extraData ] ); return $status; }