jenkins-bot has submitted this change and it was merged.
Change subject: Document what User::newSystemUser()'s "stealing" does
......................................................................
Document what User::newSystemUser()'s "stealing" does
Also improves a few other comments in the method.
Change-Id: I87e293c0ef487ef15bee8fbe1085d530c99a7b07
(cherry picked from commit 5cbf5be37a87acbf2ef9284e2bc501b81171868b)
---
M includes/user/User.php
1 file changed, 18 insertions(+), 5 deletions(-)
Approvals:
Gergő Tisza: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/user/User.php b/includes/user/User.php
index 5ef9cde..4f244b7 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -670,12 +670,26 @@
* This can optionally create the user if it doesn't exist, and "steal"
the
* account if it does exist.
*
+ * "Stealing" an existing user is intended to make it impossible for
normal
+ * authentication processes to use the account, effectively disabling
the
+ * account for normal use:
+ * - Email is invalidated, to prevent account recovery by emailing a
+ * temporary password and to disassociate the account from the
existing
+ * human.
+ * - The token is set to a magic invalid value, to kill existing
sessions
+ * and to prevent $this->setToken() calls from resetting the token to
a
+ * valid value.
+ * - SessionManager is instructed to prevent new sessions for the user,
to
+ * do things like deauthorizing OAuth consumers.
+ * - AuthManager is instructed to revoke access, to invalidate or remove
+ * passwords and other credentials.
+ *
* @param string $name Username
* @param array $options Options are:
* - validate: As for User::getCanonicalName(), default 'valid'
* - create: Whether to create the user if it doesn't already exist,
default true
- * - steal: Whether to reset the account's password and email if it
- * already exists, default false
+ * - steal: Whether to "disable" the account for normal use if it
already
+ * exists, default false
* @return User|null
*/
public static function newSystemUser( $name, $options = [] ) {
@@ -710,9 +724,8 @@
}
$user = self::newFromRow( $row );
- // A user is considered to exist as a non-system user if it has
a
- // password set, or a temporary password set, or an email set,
or a
- // non-invalid token.
+ // A user is considered to exist as a non-system user if it can
+ // authenticate, or has an email set, or has a non-invalid
token.
if ( !$user->mEmail && $user->mToken === self::INVALID_TOKEN ) {
if ( $wgDisableAuthManager ) {
$passwordFactory = new PasswordFactory();
--
To view, visit https://gerrit.wikimedia.org/r/291315
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I87e293c0ef487ef15bee8fbe1085d530c99a7b07
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Gergő Tisza <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: Gergő Tisza <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
