AuthManager::setDefaultUserOptions and LoginForm::initUser shouldn't invalidate CA...

We only want to set the local user_token when we create the local
account. We don't want to invalidate all existing CentralAuth sessions
for the user just because they happened to visit a new wiki and get
an account auto-created.

This might also fix T136853. It looks like what's going on there is that
two jobs are both in this code path calling CentralAuth::resetAuthToken()
at the same time, leading to a race and one fails the CAS check.

Bug: T136834
Change-Id: I61b8253584a11a5b02f7ccb9efa0679cd2a822c6

diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php
index 9618761..402ea96 100644 (file)
--- a/includes/auth/AuthManager.php
+++ b/includes/auth/AuthManager.php
@@ -2333,7 +2333,7 @@ class AuthManager implements LoggerAwareInterface {
        private function setDefaultUserOptions( User $user, $useContextLang ) {
                global $wgContLang;
 
-               \MediaWiki\Session\SessionManager::singleton()->invalidateSessionsForUser( $user );
+               $user->setToken();
 
                $lang = $useContextLang ? \RequestContext::getMain()->getLanguage() : $wgContLang;
                $user->setOption( 'language', $lang->getPreferredVariant() );

diff --git a/includes/specials/pre-authmanager/SpecialUserlogin.php b/includes/specials/pre-authmanager/SpecialUserlogin.php
index 8935a49..951cb52 100644 (file)
--- a/includes/specials/pre-authmanager/SpecialUserlogin.php
+++ b/includes/specials/pre-authmanager/SpecialUserlogin.php
@@ -699,7 +699,7 @@ class LoginFormPreAuthManager extends SpecialPage {
 
                $u->setEmail( $this->mEmail );
                $u->setRealName( $this->mRealName );
-               SessionManager::singleton()->invalidateSessionsForUser( $u );
+               $u->setToken();
 
                Hooks::run( 'LocalUserCreated', [ $u, $autocreate ] );
                $oldUser = $u;