[MediaWiki-commits] [Gerrit] Reset all tokens on login - change (mediawiki/core)

Tue, 31 May 2016 19:38:29 -0700 

jenkins-bot has submitted this change and it was merged.

Change subject: Reset all tokens on login
......................................................................


Reset all tokens on login

Bug: T122056
Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed
(cherry picked from commit ca831d5f4535146dc1ddd19059d981f4deb01126)
---
M includes/auth/AuthManager.php
M includes/specials/pre-authmanager/SpecialUserlogin.php
M includes/user/User.php
3 files changed, 3 insertions(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php
index 136ce26..69f51b8 100644
--- a/includes/auth/AuthManager.php
+++ b/includes/auth/AuthManager.php
@@ -2288,6 +2288,7 @@
                $delay = $session->delaySave();
 
                $session->resetId();
+               $session->resetAllTokens();
                if ( $session->canSetUser() ) {
                        $session->setUser( $user );
                }
diff --git a/includes/specials/pre-authmanager/SpecialUserlogin.php 
b/includes/specials/pre-authmanager/SpecialUserlogin.php
index e745129..8935a49 100644
--- a/includes/specials/pre-authmanager/SpecialUserlogin.php
+++ b/includes/specials/pre-authmanager/SpecialUserlogin.php
@@ -1718,6 +1718,7 @@
                }
 
                SessionManager::getGlobalSession()->resetId();
+               SessionManager::getGlobalSession()->resetAllTokens();
        }
 
        /**
diff --git a/includes/user/User.php b/includes/user/User.php
index 70adc32..ff3171e 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -3904,6 +3904,7 @@
                        $session->setLoggedOutTimestamp( time() );
                        $session->setUser( new User );
                        $session->set( 'wsUserID', 0 ); // Other code expects 
this
+                       $session->resetAllTokens();
                        ScopedCallback::consume( $delay );
                        $error = false;
                }

-- 
To view, visit https://gerrit.wikimedia.org/r/292059
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.28.0-wmf.4
Gerrit-Owner: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Florianschmidtwelzow <florian.schmidt.stargatewis...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to