From 094c998ed752fcbd9b0f4802add0a1508856725c Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Wed, 15 Feb 2017 09:05:44 -0500
Subject: [PATCH] ApiLogin: Turn "login-params-in-query-string" warning into an
 error

This change was announced October 31, 2016,[1] with the deadline set for
today.

[1]: https://lists.wikimedia.org/pipermail/mediawiki-api-announce/2016-October/000119.html

Change-Id: Ic7f0cea1510381e3fef5d4850677a66ea257c16b
---
 RELEASE-NOTES-1.29        | 8 ++++----
 includes/api/ApiLogin.php | 9 +--------
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 3ba6577e9d..58cc84b716 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -72,10 +72,10 @@ production.
 * (T157035) "new mw.Uri()" was ignoring options when using default URI.
 
 === Action API changes in 1.29 ===
-* Submitting sensitive authentication request parameters to action=clientlogin,
-  action=createaccount, action=linkaccount, and action=changeauthenticationdata
-  in the query string is now an error. They should be submitted in the POST
-  body instead.
+* Submitting sensitive authentication request parameters to action=login,
+  action=clientlogin, action=createaccount, action=linkaccount, and
+  action=changeauthenticationdata in the query string is now an error. They
+  should be submitted in the POST body instead.
 * The capture option for action=resetpassword has been removed
 * action=clearhasmsg now requires a POST.
 * (T47843) API errors and warnings may be requested in non-English languages
diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index 6cf1fad30c..e017edada4 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -70,14 +70,7 @@ class ApiLogin extends ApiBase {
 			return;
 		}
 
-		try {
-			$this->requirePostedParameters( [ 'password', 'token' ] );
-		} catch ( ApiUsageException $ex ) {
-			// Make this a warning for now, upgrade to an error in 1.29.
-			foreach ( $ex->getStatusValue()->getErrors() as $error ) {
-				$this->addDeprecation( $error, 'login-params-in-query-string' );
-			}
-		}
+		$this->requirePostedParameters( [ 'password', 'token' ] );
 
 		$params = $this->extractRequestParams();
 
-- 
2.20.1