From e39124462934a1fd0ce432f802e8f44e6126a05c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
Date: Thu, 14 Jan 2016 15:53:56 -0800
Subject: [PATCH] Hard-deprecate password handling in User

Add wfDeprecated for User::checkPassword(), User::setPassword(),
User::setInternalPassword() and User::checkTemporaryPassword().
With AuthManager mediating between the caller and a set of
authentication providers in a potentially multi-step process,
a password check or change now cannot always be expressed
with a single-step succed-or-fail process. Callers should use
AuthManager::beginAuthentication() with a PasswordAuthenticationRequest
for password checks, and AuthManager::changeAuthenticationData()
for a password change.

Bug: T91699
Change-Id: Ib0ae8f1ff10ae6c2655d529db8b3a32e0cb489b0
---
 includes/user/User.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/includes/user/User.php b/includes/user/User.php
index a29fbf83e9..12623e89fa 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -2876,6 +2876,7 @@ class User implements IDBAccessObject, UserIdentity {
 	 * @return bool
 	 */
 	public function setPassword( $str ) {
+		wfDeprecated( __METHOD__, '1.27' );
 		return $this->setPasswordInternal( $str );
 	}
 
@@ -2888,6 +2889,7 @@ class User implements IDBAccessObject, UserIdentity {
 	 *  through the web interface.
 	 */
 	public function setInternalPassword( $str ) {
+		wfDeprecated( __METHOD__, '1.27' );
 		$this->setPasswordInternal( $str );
 	}
 
@@ -4546,6 +4548,8 @@ class User implements IDBAccessObject, UserIdentity {
 	 * @return bool True if the given password is correct, otherwise False
 	 */
 	public function checkPassword( $password ) {
+		wfDeprecated( __METHOD__, '1.27' );
+
 		$manager = AuthManager::singleton();
 		$reqs = AuthenticationRequest::loadRequestsFromSubmission(
 			$manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN ),
@@ -4579,6 +4583,7 @@ class User implements IDBAccessObject, UserIdentity {
 	 * @return bool True if matches, false otherwise
 	 */
 	public function checkTemporaryPassword( $plaintext ) {
+		wfDeprecated( __METHOD__, '1.27' );
 		// Can't check the temporary password individually.
 		return $this->checkPassword( $plaintext );
 	}
-- 
2.20.1