From f12a3edff708a1fb73a09d154693dba49b69d921 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Wed, 16 Nov 2016 04:04:06 +0000 Subject: [PATCH] Remove passwordreset capture feature If anyone wants such a thing, they can make their own extension. I asked stewards, and they said they don't use this. See also T32636 / 9de2bfd1fe Bug: T150930 Change-Id: I3ab5962dba668e5d628e55ad0c0feae471d82b5e --- RELEASE-NOTES-1.29 | 3 + includes/api/ApiResetPassword.php | 11 +--- includes/api/i18n/en.json | 1 - includes/api/i18n/qqq.json | 1 - ...TemporaryPasswordAuthenticationRequest.php | 6 -- ...yPasswordPrimaryAuthenticationProvider.php | 4 +- includes/specials/SpecialPasswordReset.php | 40 +------------ includes/user/PasswordReset.php | 60 ++++++------------- includes/user/User.php | 1 - languages/i18n/en.json | 5 -- languages/i18n/qqq.json | 5 -- ...swordPrimaryAuthenticationProviderTest.php | 12 ---- .../includes/user/PasswordResetTest.php | 11 +--- 13 files changed, 26 insertions(+), 134 deletions(-) diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29 index 3a7cde9a0a..23c34df6d7 100644 --- a/RELEASE-NOTES-1.29 +++ b/RELEASE-NOTES-1.29 @@ -12,6 +12,8 @@ production. determines whether to set a cookie when a user is autoblocked. Doing so means that a blocked user, even after logging out and moving to a new IP address, will still be blocked. +* The resetpassword right and associated password reset capture feature has + been removed. === New features in 1.29 === * (T5233) A cookie can now be set when a user is autoblocked, to track that user if @@ -32,6 +34,7 @@ production. action=createaccount, action=linkaccount, and action=changeauthenticationdata in the query string is now an error. They should be submitted in the POST body instead. +* The capture option for action=resetpassword has been removed === Action API internal changes in 1.29 === diff --git a/includes/api/ApiResetPassword.php b/includes/api/ApiResetPassword.php index 042ad69419..2d7f5dff23 100644 --- a/includes/api/ApiResetPassword.php +++ b/includes/api/ApiResetPassword.php @@ -65,13 +65,13 @@ class ApiResetPassword extends ApiBase { $passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() ); - $status = $passwordReset->isAllowed( $this->getUser(), $params['capture'] ); + $status = $passwordReset->isAllowed( $this->getUser() ); if ( !$status->isOK() ) { $this->dieStatus( Status::wrap( $status ) ); } $status = $passwordReset->execute( - $this->getUser(), $params['user'], $params['email'], $params['capture'] + $this->getUser(), $params['user'], $params['email'] ); if ( !$status->isOK() ) { $status->value = null; @@ -80,12 +80,6 @@ class ApiResetPassword extends ApiBase { $result = $this->getResult(); $result->addValue( [ 'resetpassword' ], 'status', 'success' ); - if ( $params['capture'] ) { - $passwords = $status->getValue() ?: []; - ApiResult::setArrayType( $passwords, 'kvp', 'user' ); - ApiResult::setIndexedTagName( $passwords, 'p' ); - $result->addValue( [ 'resetpassword' ], 'passwords', $passwords ); - } } public function isWriteMode() { @@ -111,7 +105,6 @@ class ApiResetPassword extends ApiBase { 'email' => [ ApiBase::PARAM_TYPE => 'string', ], - 'capture' => false, ]; $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' ); diff --git a/includes/api/i18n/en.json b/includes/api/i18n/en.json index 0f184d9f5d..05eb8cc041 100644 --- a/includes/api/i18n/en.json +++ b/includes/api/i18n/en.json @@ -1307,7 +1307,6 @@ "apihelp-resetpassword-description-noroutes": "No password reset routes are available.\n\nEnable routes in [[mw:Manual:$wgPasswordResetRoutes|$wgPasswordResetRoutes]] to use this module.", "apihelp-resetpassword-param-user": "User being reset.", "apihelp-resetpassword-param-email": "Email address of the user being reset.", - "apihelp-resetpassword-param-capture": "Return the temporary passwords that were sent. Requires the passwordreset user right.", "apihelp-resetpassword-example-user": "Send a password reset email to user Example.", "apihelp-resetpassword-example-email": "Send a password reset email for all users with email address user@example.com.", diff --git a/includes/api/i18n/qqq.json b/includes/api/i18n/qqq.json index f7c750e373..929487bd6a 100644 --- a/includes/api/i18n/qqq.json +++ b/includes/api/i18n/qqq.json @@ -1220,7 +1220,6 @@ "apihelp-resetpassword-description-noroutes": "{{doc-apihelp-description|resetpassword|info=This message is used when no known routes are enabled in [[mw:Manual:$wgPasswordResetRoutes|$wgPasswordResetRoutes]].|seealso={{msg-mw|apihelp-resetpassword-description}}}}", "apihelp-resetpassword-param-user": "{{doc-apihelp-param|resetpassword|user}}", "apihelp-resetpassword-param-email": "{{doc-apihelp-param|resetpassword|email}}", - "apihelp-resetpassword-param-capture": "{{doc-apihelp-param|resetpassword|capture}}", "apihelp-resetpassword-example-user": "{{doc-apihelp-example|resetpassword}}", "apihelp-resetpassword-example-email": "{{doc-apihelp-example|resetpassword}}", "apihelp-revisiondelete-description": "{{doc-apihelp-description|revisiondelete}}", diff --git a/includes/auth/TemporaryPasswordAuthenticationRequest.php b/includes/auth/TemporaryPasswordAuthenticationRequest.php index 42f0e70223..c8580520e3 100644 --- a/includes/auth/TemporaryPasswordAuthenticationRequest.php +++ b/includes/auth/TemporaryPasswordAuthenticationRequest.php @@ -33,12 +33,6 @@ class TemporaryPasswordAuthenticationRequest extends AuthenticationRequest { /** @var bool Email password to the user. */ public $mailpassword = false; - /** - * @var bool Do not fail certain operations if the password cannot be mailed, there is a - * backchannel present. - */ - public $hasBackchannel = false; - /** @var string Username or IP address of the caller */ public $caller; diff --git a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php index 2e6f93c8f7..44c28241e2 100644 --- a/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php +++ b/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php @@ -246,7 +246,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider $sv->merge( $this->checkPasswordValidity( $username, $req->password ) ); if ( $req->mailpassword ) { - if ( !$this->emailEnabled && !$req->hasBackchannel ) { + if ( !$this->emailEnabled ) { return \StatusValue::newFatal( 'passwordreset-emaildisabled' ); } @@ -336,7 +336,7 @@ class TemporaryPasswordPrimaryAuthenticationProvider $ret = \StatusValue::newGood(); if ( $req ) { - if ( $req->mailpassword && !$req->hasBackchannel ) { + if ( $req->mailpassword ) { if ( !$this->emailEnabled ) { $ret->merge( \StatusValue::newFatal( 'emaildisabled' ) ); } elseif ( !$user->getEmail() ) { diff --git a/includes/specials/SpecialPasswordReset.php b/includes/specials/SpecialPasswordReset.php index 5e5f2f18ff..a4f16bd7c9 100644 --- a/includes/specials/SpecialPasswordReset.php +++ b/includes/specials/SpecialPasswordReset.php @@ -100,14 +100,6 @@ class SpecialPasswordReset extends FormSpecialPage { ]; } - if ( $this->getUser()->isAllowed( 'passwordreset' ) ) { - $a['Capture'] = [ - 'type' => 'check', - 'label-message' => 'passwordreset-capture', - 'help-message' => 'passwordreset-capture-help', - ]; - } - return $a; } @@ -144,22 +136,12 @@ class SpecialPasswordReset extends FormSpecialPage { * @return Status */ public function onSubmit( array $data ) { - if ( isset( $data['Capture'] ) && !$this->getUser()->isAllowed( 'passwordreset' ) ) { - // The user knows they don't have the passwordreset permission, - // but they tried to spoof the form. That's naughty - throw new PermissionsError( 'passwordreset' ); - } - $username = isset( $data['Username'] ) ? $data['Username'] : null; $email = isset( $data['Email'] ) ? $data['Email'] : null; - $capture = !empty( $data['Capture'] ); $this->method = $username ? 'username' : 'email'; $this->result = Status::wrap( - $this->getPasswordReset()->execute( $this->getUser(), $username, $email, $capture ) ); - if ( $capture && $this->result->isOK() ) { - $this->passwords = $this->result->getValue(); - } + $this->getPasswordReset()->execute( $this->getUser(), $username, $email ) ); if ( $this->result->hasMessage( 'actionthrottledtext' ) ) { throw new ThrottledError; @@ -169,26 +151,6 @@ class SpecialPasswordReset extends FormSpecialPage { } public function onSuccess() { - if ( $this->getUser()->isAllowed( 'passwordreset' ) && $this->passwords ) { - if ( $this->result->isGood() ) { - $this->getOutput()->addWikiMsg( 'passwordreset-emailsent-capture2', - count( $this->passwords ) ); - } else { - $this->getOutput()->addWikiMsg( 'passwordreset-emailerror-capture2', - $this->result->getMessage(), key( $this->passwords ), count( $this->passwords ) ); - } - - $this->getOutput()->addHTML( Html::openElement( 'ul' ) ); - foreach ( $this->passwords as $username => $pwd ) { - $this->getOutput()->addHTML( Html::rawElement( 'li', [], - htmlspecialchars( $username, ENT_QUOTES ) - . $this->msg( 'colon-separator' )->text() - . htmlspecialchars( $pwd, ENT_QUOTES ) - ) ); - } - $this->getOutput()->addHTML( Html::closeElement( 'ul' ) ); - } - if ( $this->method === 'email' ) { $this->getOutput()->addWikiMsg( 'passwordreset-emailsentemail' ); } else { diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php index 530580d469..c1aef22ba1 100644 --- a/includes/user/PasswordReset.php +++ b/includes/user/PasswordReset.php @@ -44,8 +44,8 @@ class PasswordReset implements LoggerAwareInterface { protected $logger; /** - * In-process cache for isAllowed lookups, by username. Contains pairs of StatusValue objects - * (for false and true value of $displayPassword, respectively). + * In-process cache for isAllowed lookups, by username. + * Contains a StatusValue object * @var HashBagOStuff */ private $permissionCache; @@ -72,13 +72,12 @@ class PasswordReset implements LoggerAwareInterface { * @param User $user * @param bool $displayPassword If set, also check whether the user is allowed to reset the * password of another user and see the temporary password. + * @since 1.29 Second argument for displayPassword removed. * @return StatusValue */ - public function isAllowed( User $user, $displayPassword = false ) { - $statuses = $this->permissionCache->get( $user->getName() ); - if ( $statuses ) { - list ( $status, $status2 ) = $statuses; - } else { + public function isAllowed( User $user ) { + $status = $this->permissionCache->get( $user->getName() ); + if ( !$status ) { $resetRoutes = $this->config->get( 'PasswordResetRoutes' ); $status = StatusValue::newGood(); @@ -107,19 +106,10 @@ class PasswordReset implements LoggerAwareInterface { $status = StatusValue::newFatal( 'blocked-mailpassword' ); } - $status2 = StatusValue::newGood(); - if ( !$user->isAllowed( 'passwordreset' ) ) { - $status2 = StatusValue::newFatal( 'badaccess' ); - } - - $this->permissionCache->set( $user->getName(), [ $status, $status2 ] ); + $this->permissionCache->set( $user->getName(), $status ); } - if ( !$displayPassword || !$status->isGood() ) { - return $status; - } else { - return $status2; - } + return $status; } /** @@ -128,22 +118,22 @@ class PasswordReset implements LoggerAwareInterface { * Process the form. At this point we know that the user passes all the criteria in * userCanExecute(), and if the data array contains 'Username', etc, then Username * resets are allowed. + * + * @since 1.29 Fourth argument for displayPassword removed. * @param User $performingUser The user that does the password reset * @param string $username The user whose password is reset * @param string $email Alternative way to specify the user - * @param bool $displayPassword Whether to display the password * @return StatusValue Will contain the passwords as a username => password array if the * $displayPassword flag was set * @throws LogicException When the user is not allowed to perform the action * @throws MWException On unexpected DB errors */ public function execute( - User $performingUser, $username = null, $email = null, $displayPassword = false + User $performingUser, $username = null, $email = null ) { - if ( !$this->isAllowed( $performingUser, $displayPassword )->isGood() ) { - $action = $this->isAllowed( $performingUser )->isGood() ? 'display' : 'reset'; + if ( !$this->isAllowed( $performingUser )->isGood() ) { throw new LogicException( 'User ' . $performingUser->getName() - . ' is not allowed to ' . $action . ' passwords' ); + . ' is not allowed to reset passwords' ); } $resetRoutes = $this->config->get( 'PasswordResetRoutes' ) @@ -169,7 +159,6 @@ class PasswordReset implements LoggerAwareInterface { $data = [ 'Username' => $username, 'Email' => $email, - 'Capture' => $displayPassword ? '1' : null, ]; if ( !Hooks::run( 'SpecialPasswordResetOnSubmit', [ &$users, $data, &$error ] ) ) { return StatusValue::newFatal( Message::newFromSpecifier( $error ) ); @@ -218,7 +207,6 @@ class PasswordReset implements LoggerAwareInterface { $req = TemporaryPasswordAuthenticationRequest::newRandom(); $req->username = $user->getName(); $req->mailpassword = true; - $req->hasBackchannel = $displayPassword; $req->caller = $performingUser->getName(); $status = $this->authManager->allowsAuthenticationDataChange( $req, true ); if ( $status->isGood() && $status->getValue() !== 'ignored' ) { @@ -239,7 +227,6 @@ class PasswordReset implements LoggerAwareInterface { 'targetUsername' => $username, 'targetEmail' => $email, 'actualUser' => $firstUser->getName(), - 'capture' => $displayPassword, ]; if ( !$result->isGood() ) { @@ -253,25 +240,12 @@ class PasswordReset implements LoggerAwareInterface { $passwords = []; foreach ( $reqs as $req ) { $this->authManager->changeAuthenticationData( $req ); - // TODO record mail sending errors - if ( $displayPassword ) { - $passwords[$req->username] = $req->password; - } } - if ( $displayPassword ) { - // The password capture thing is scary, so log - // at a higher warning level. - $this->logger->warning( - "{requestingUser} did password reset of {actualUser} with password capturing!", - $logContext - ); - } else { - $this->logger->info( - "{requestingUser} did password reset of {actualUser}", - $logContext - ); - } + $this->logger->info( + "{requestingUser} did password reset of {actualUser}", + $logContext + ); return StatusValue::newGood( $passwords ); } diff --git a/includes/user/User.php b/includes/user/User.php index b69b5bc44b..789c55c00e 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -166,7 +166,6 @@ class User implements IDBAccessObject { 'noratelimit', 'override-export-depth', 'pagelang', - 'passwordreset', 'patrol', 'patrolmarks', 'protect', diff --git a/languages/i18n/en.json b/languages/i18n/en.json index 28ccbf3d81..dc82677d25 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -600,8 +600,6 @@ "passwordreset-emaildisabled": "Email features have been disabled on this wiki.", "passwordreset-username": "Username:", "passwordreset-domain": "Domain:", - "passwordreset-capture": "View the resulting email?", - "passwordreset-capture-help": "If you check this box, the email (with the temporary password) will be shown to you as well as being sent to the user.", "passwordreset-email": "Email address:", "passwordreset-emailtitle": "Account details on {{SITENAME}}", "passwordreset-emailtext-ip": "Someone (probably you, from IP address $1) requested a reset of your\npassword for {{SITENAME}} ($4). The following user {{PLURAL:$3|account is|accounts are}}\nassociated with this email address:\n\n$2\n\n{{PLURAL:$3|This temporary password|These temporary passwords}} will expire in {{PLURAL:$5|one day|$5 days}}.\nYou should log in and choose a new password now. If someone else made this\nrequest, or if you have remembered your original password, and you no longer\nwish to change it, you may ignore this message and continue using your old\npassword.", @@ -609,8 +607,6 @@ "passwordreset-emailelement": "Username:\n$1\n\nTemporary password:\n$2", "passwordreset-emailsentemail": "If this email address is associated with your account, then a password reset email will be sent.", "passwordreset-emailsentusername": "If there is an email address associated with this username, then a password reset email will be sent.", - "passwordreset-emailsent-capture2": "The password reset {{PLURAL:$1|email has|emails have}} been sent. The {{PLURAL:$1|username and password|list of usernames and passwords}} is shown here.", - "passwordreset-emailerror-capture2": "Emailing the {{GENDER:$2|user}} failed: $1 The {{PLURAL:$3|username and password|list of usernames and passwords}} is shown here.", "passwordreset-nocaller": "A caller must be provided", "passwordreset-nosuchcaller": "Caller does not exist: $1", "passwordreset-ignored": "The password reset was not handled. Maybe no provider was configured?", @@ -1248,7 +1244,6 @@ "right-siteadmin": "Lock and unlock the database", "right-override-export-depth": "Export pages including linked pages up to a depth of 5", "right-sendemail": "Send email to other users", - "right-passwordreset": "View password reset emails", "right-managechangetags": "Create and (de)activate [[Special:Tags|tags]]", "right-applychangetags": "Apply [[Special:Tags|tags]] along with one's changes", "right-changetags": "Add and remove arbitrary [[Special:Tags|tags]] on individual revisions and log entries", diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index 1ed4a48fec..cfdb51084f 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -784,8 +784,6 @@ "passwordreset-emaildisabled": "Used as error message in changing password when site's email feature is disabled.", "passwordreset-username": "{{Identical|Username}}", "passwordreset-domain": "A domain like used in Domain Name System (DNS) or more specifically like a domain component in the Lightweight Directory Access Protocol (LDAP).\n{{Identical|Domain}}", - "passwordreset-capture": "Label for checkbox asking the user whether they want to see the contents of the password reset email (only shown if they have the passwordreset permission).", - "passwordreset-capture-help": "Longer explanatory message for the capture checkbox label.", "passwordreset-email": "{{Identical|E-mail address}}", "passwordreset-emailtitle": "Used as subject (title) of email.", "passwordreset-emailtext-ip": "Be consistent with {{msg-mw|Passwordreset-emailtext-user}}.\n\nParameters:\n* $1 - an IP address\n* $2 - message {{msg-mw|Passwordreset-emailelement}} repeated $3 times\n* $3 - the number of repetitions in $2\n* $4 - base URL of the wiki\n* $5 - number of days", @@ -793,8 +791,6 @@ "passwordreset-emailelement": "This is a body of a password reset email to allow them into the system with a new password. Parameters:\n* $1 - the user's login name. This parameter can be used for GENDER.\n* $2 - the temporary password given by the system", "passwordreset-emailsentemail": "Used in [[Special:PasswordReset]].\n\nSee also:\n* {{msg-mw|Passwordreset-emailsent-capture}}\n* {{msg-mw|Passwordreset-emailerror-capture}}", "passwordreset-emailsentusername": "Used in [[Special:PasswordReset]].\n\nSee also:\n* {{msg-mw|Passwordreset-emailsent-capture}}\n* {{msg-mw|Passwordreset-emailerror-capture}}", - "passwordreset-emailsent-capture2": "Used in [[Special:PasswordReset]].\n\nParameters:\n* $1 - number of accounts notified\n\nSee also:\n* {{msg-mw|Passwordreset-emailsentemail}}\n* {{msg-mw|Passwordreset-emailsentusername}}\n* {{msg-mw|Passwordreset-emailerror-capture}}", - "passwordreset-emailerror-capture2": "Error message displayed in [[Special:PasswordReset]] when sending an email fails. Parameters:\n* $1 - error message\n* $2 - username, used for GENDER\n* $3 - number of accounts notified\n\nSee also:\n* {{msg-mw|Passwordreset-emailsentemail}}\n* {{msg-mw|Passwordreset-emailsentusername}}\n* {{msg-mw|Passwordreset-emailsent-capture}}\n* {{msg-mw|Passwordreset-emailerror-capture}}", "passwordreset-nocaller": "Shown when a password reset was requested but the process failed due to an internal error related to missing details about the origin (caller) of the password reset request.", "passwordreset-nosuchcaller": "Shown when a password reset was requested but the username of the caller could not be resolved to a user. This is an internal error.\n\nParameters:\n* $1 - username of the caller", "passwordreset-ignored": "Shown when password reset was unsuccessful due to configuration problems.", @@ -1432,7 +1428,6 @@ "right-siteadmin": "{{doc-right|siteadmin}}", "right-override-export-depth": "{{doc-right|override-export-depth}}", "right-sendemail": "{{doc-right|sendemail}}", - "right-passwordreset": "{{doc-right|passwordreset}}", "right-managechangetags": "{{doc-right|managechangetags}}", "right-applychangetags": "{{doc-right|applychangetags}}", "right-changetags": "{{doc-right|changetags}}", diff --git a/tests/phpunit/includes/auth/TemporaryPasswordPrimaryAuthenticationProviderTest.php b/tests/phpunit/includes/auth/TemporaryPasswordPrimaryAuthenticationProviderTest.php index d4ebe34a98..4b60622796 100644 --- a/tests/phpunit/includes/auth/TemporaryPasswordPrimaryAuthenticationProviderTest.php +++ b/tests/phpunit/includes/auth/TemporaryPasswordPrimaryAuthenticationProviderTest.php @@ -520,10 +520,6 @@ class TemporaryPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestC $provider = $this->getProvider( [ 'emailEnabled' => false ] ); $status = $provider->providerAllowsAuthenticationDataChange( $req, true ); $this->assertEquals( \StatusValue::newFatal( 'passwordreset-emaildisabled' ), $status ); - $req->hasBackchannel = true; - $status = $provider->providerAllowsAuthenticationDataChange( $req, true ); - $this->assertFalse( $status->hasMessage( 'passwordreset-emaildisabled' ) ); - $req->hasBackchannel = false; $provider = $this->getProvider( [ 'passwordReminderResendTime' => 10 ] ); $status = $provider->providerAllowsAuthenticationDataChange( $req, true ); @@ -686,18 +682,10 @@ class TemporaryPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestC $provider = $this->getProvider( [ 'emailEnabled' => false ] ); $status = $provider->testForAccountCreation( $user, $creator, [ $req ] ); $this->assertEquals( \StatusValue::newFatal( 'emaildisabled' ), $status ); - $req->hasBackchannel = true; - $status = $provider->testForAccountCreation( $user, $creator, [ $req ] ); - $this->assertFalse( $status->hasMessage( 'emaildisabled' ) ); - $req->hasBackchannel = false; $provider = $this->getProvider( [ 'emailEnabled' => true ] ); $status = $provider->testForAccountCreation( $user, $creator, [ $req ] ); $this->assertEquals( \StatusValue::newFatal( 'noemailcreate' ), $status ); - $req->hasBackchannel = true; - $status = $provider->testForAccountCreation( $user, $creator, [ $req ] ); - $this->assertFalse( $status->hasMessage( 'noemailcreate' ) ); - $req->hasBackchannel = false; $user->setEmail( 'test@localhost.localdomain' ); $status = $provider->testForAccountCreation( $user, $creator, [ $req ] ); diff --git a/tests/phpunit/includes/user/PasswordResetTest.php b/tests/phpunit/includes/user/PasswordResetTest.php index 4db636b126..7ff882a5ad 100644 --- a/tests/phpunit/includes/user/PasswordResetTest.php +++ b/tests/phpunit/includes/user/PasswordResetTest.php @@ -11,7 +11,7 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { */ public function testIsAllowed( $passwordResetRoutes, $enableEmail, $allowsAuthenticationDataChange, $canEditPrivate, $canSeePassword, - $userIsBlocked, $isAllowed, $isAllowedToDisplayPassword + $userIsBlocked, $isAllowed ) { $config = new HashConfig( [ 'PasswordResetRoutes' => $passwordResetRoutes, @@ -40,8 +40,6 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { $passwordReset = new PasswordReset( $config, $authManager ); $this->assertSame( $isAllowed, $passwordReset->isAllowed( $user )->isGood() ); - $this->assertSame( $isAllowedToDisplayPassword, - $passwordReset->isAllowed( $user, true )->isGood() ); } public function provideIsAllowed() { @@ -54,7 +52,6 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { 'canSeePassword' => true, 'userIsBlocked' => false, 'isAllowed' => false, - 'isAllowedToDisplayPassword' => false, ], [ 'passwordResetRoutes' => [ 'username' => true ], @@ -64,7 +61,6 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { 'canSeePassword' => true, 'userIsBlocked' => false, 'isAllowed' => false, - 'isAllowedToDisplayPassword' => false, ], [ 'passwordResetRoutes' => [ 'username' => true ], @@ -74,7 +70,6 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { 'canSeePassword' => true, 'userIsBlocked' => false, 'isAllowed' => false, - 'isAllowedToDisplayPassword' => false, ], [ 'passwordResetRoutes' => [ 'username' => true ], @@ -84,7 +79,6 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { 'canSeePassword' => true, 'userIsBlocked' => false, 'isAllowed' => false, - 'isAllowedToDisplayPassword' => false, ], [ 'passwordResetRoutes' => [ 'username' => true ], @@ -94,7 +88,6 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { 'canSeePassword' => true, 'userIsBlocked' => true, 'isAllowed' => false, - 'isAllowedToDisplayPassword' => false, ], [ 'passwordResetRoutes' => [ 'username' => true ], @@ -104,7 +97,6 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { 'canSeePassword' => false, 'userIsBlocked' => false, 'isAllowed' => true, - 'isAllowedToDisplayPassword' => false, ], [ 'passwordResetRoutes' => [ 'username' => true ], @@ -114,7 +106,6 @@ class PasswordResetTest extends PHPUnit_Framework_TestCase { 'canSeePassword' => true, 'userIsBlocked' => false, 'isAllowed' => true, - 'isAllowedToDisplayPassword' => true, ], ]; } -- 2.20.1