Prevent login-only local password provider from removing passwords

When the local password provider is in login-only mode, it should
disable itself as soon as some other primary provider is enabled.
It's impossible to tell whether that is the case though, so err in
the safer direction.

Change-Id: Ie77a9cc6d8f06aa52a893e753d9971e30b0f55e5

diff --git a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
index 88df68d..1013990 100644 (file)
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@@ -242,14 +242,14 @@ class LocalPasswordPrimaryAuthenticationProvider
 
                $pwhash = null;
 
-               if ( $this->loginOnly ) {
-                       $pwhash = $this->getPasswordFactory()->newFromCiphertext( null );
-                       $expiry = null;
-                       // @codeCoverageIgnoreStart
-               } elseif ( get_class( $req ) === PasswordAuthenticationRequest::class ) {
-                       // @codeCoverageIgnoreEnd
-                       $pwhash = $this->getPasswordFactory()->newFromPlaintext( $req->password );
-                       $expiry = $this->getNewPasswordExpiry( $username );
+               if ( get_class( $req ) === PasswordAuthenticationRequest::class ) {
+                       if ( $this->loginOnly ) {
+                               $pwhash = $this->getPasswordFactory()->newFromCiphertext( null );
+                               $expiry = null;
+                       } else {
+                               $pwhash = $this->getPasswordFactory()->newFromPlaintext( $req->password );
+                               $expiry = $this->getNewPasswordExpiry( $username );
+                       }
                }
 
                if ( $pwhash ) {

diff --git a/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php b/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
index 088dd00..cab10b4 100644 (file)
--- a/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
+++ b/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
@@ -450,7 +450,7 @@ class LocalPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestCase
                $changeReq->password = $newpass;
                $provider->providerChangeAuthenticationData( $changeReq );
 
-               if ( $loginOnly ) {
+               if ( $loginOnly && $changed ) {
                        $old = 'fail';
                        $new = 'fail';
                        $expectExpiry = null;