dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d3ed3b8)
Hard-deprecate password handling in User
authorGergő Tisza <tgr.huwiki@gmail.com>
Thu, 14 Jan 2016 23:53:56 +0000 (15:53 -0800)
committerGergő Tisza <gtisza@wikimedia.org>
Mon, 1 Oct 2018 23:13:03 +0000 (23:13 +0000)
Add wfDeprecated for User::checkPassword(), User::setPassword(),
User::setInternalPassword() and User::checkTemporaryPassword().
With AuthManager mediating between the caller and a set of
authentication providers in a potentially multi-step process,
a password check or change now cannot always be expressed
with a single-step succed-or-fail process. Callers should use
AuthManager::beginAuthentication() with a PasswordAuthenticationRequest
for password checks, and AuthManager::changeAuthenticationData()
for a password change.

Bug: T91699
Change-Id: Ib0ae8f1ff10ae6c2655d529db8b3a32e0cb489b0

includes/user/User.php patch | blob | history

diff --git a/includes/user/User.php b/includes/user/User.php
index a29fbf8..12623e8 100644 (file)
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -2876,6 +2876,7 @@ class User implements IDBAccessObject, UserIdentity {
         * @return bool
         */
        public function setPassword( $str ) {
+               wfDeprecated( __METHOD__, '1.27' );
                return $this->setPasswordInternal( $str );
        }
 
@@ -2888,6 +2889,7 @@ class User implements IDBAccessObject, UserIdentity {
         *  through the web interface.
         */
        public function setInternalPassword( $str ) {
+               wfDeprecated( __METHOD__, '1.27' );
                $this->setPasswordInternal( $str );
        }
 
@@ -4546,6 +4548,8 @@ class User implements IDBAccessObject, UserIdentity {
         * @return bool True if the given password is correct, otherwise False
         */
        public function checkPassword( $password ) {
+               wfDeprecated( __METHOD__, '1.27' );
+
                $manager = AuthManager::singleton();
                $reqs = AuthenticationRequest::loadRequestsFromSubmission(
                        $manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN ),
@@ -4579,6 +4583,7 @@ class User implements IDBAccessObject, UserIdentity {
         * @return bool True if matches, false otherwise
         */
        public function checkTemporaryPassword( $plaintext ) {
+               wfDeprecated( __METHOD__, '1.27' );
                // Can't check the temporary password individually.
                return $this->checkPassword( $plaintext );
        }
Wiklou, le Wiki du Wiklou