jenkins-bot has submitted this change and it was merged.
Change subject: Don't override action in UI and REDIRECT responses
......................................................................
Don't override action in UI and REDIRECT responses
In Ic8caf57eb, we changed things so the requests returned in a UI or
REDIRECT response would have the action forced to that appropriate for
the action being peformed. But ResetPasswordSecondaryAuthenticationProvider
has a use case where a mismatch is necessary: it's run during the login
action, but it needs a PasswordAuthenticationResponse for a change
action.
Bug: T136894
Change-Id: I9d109a22c5b2d2064f664f584100ecaab43199c5
(cherry picked from commit e2522e7e7eafdc0a2ca36e1f7f681562b580b355)
---
M includes/auth/AuthManager.php
M includes/auth/ResetPasswordSecondaryAuthenticationProvider.php
2 files changed, 9 insertions(+), 8 deletions(-)
Approvals:
Gergő Tisza: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php
index 402ea96..2ed0d61 100644
--- a/includes/auth/AuthManager.php
+++ b/includes/auth/AuthManager.php
@@ -558,7 +558,7 @@
);
$ret->neededRequests[] =
$ret->createRequest;
}
- $this->fillRequests( $ret->neededRequests,
self::ACTION_LOGIN, null );
+ $this->fillRequests( $ret->neededRequests,
self::ACTION_LOGIN, null, true );
$session->setSecret( 'AuthManager::authnState',
[
'reqs' => [], // Will be filled in later
'primary' => null,
@@ -2056,7 +2056,7 @@
}
// Fill in reqs data
- $this->fillRequests( $reqs, $providerAction,
$options['username'] );
+ $this->fillRequests( $reqs, $providerAction,
$options['username'], true );
// For self::ACTION_CHANGE, filter out any that something else
*doesn't* allow changing
if ( $providerAction === self::ACTION_CHANGE || $providerAction
=== self::ACTION_REMOVE ) {
@@ -2073,10 +2073,13 @@
* @param AuthenticationRequest[] &$reqs
* @param string $action
* @param string|null $username
+ * @param boolean $forceAction
*/
- private function fillRequests( array &$reqs, $action, $username ) {
+ private function fillRequests( array &$reqs, $action, $username,
$forceAction = false ) {
foreach ( $reqs as $req ) {
- $req->action = $action;
+ if ( !$req->action || $forceAction ) {
+ $req->action = $action;
+ }
if ( $req->username === null ) {
$req->username = $username;
}
diff --git a/includes/auth/ResetPasswordSecondaryAuthenticationProvider.php
b/includes/auth/ResetPasswordSecondaryAuthenticationProvider.php
index 2e51cf2..f87a762 100644
--- a/includes/auth/ResetPasswordSecondaryAuthenticationProvider.php
+++ b/includes/auth/ResetPasswordSecondaryAuthenticationProvider.php
@@ -95,10 +95,8 @@
}
}
- if ( isset( $data->req ) ) {
- $needReq = $data->req;
- } else {
- $needReq = new PasswordAuthenticationRequest();
+ $needReq = isset( $data->req ) ? $data->req : new
PasswordAuthenticationRequest();
+ if ( !$needReq->action ) {
$needReq->action = AuthManager::ACTION_CHANGE;
}
$needReqs = [ $needReq ];
--
To view, visit https://gerrit.wikimedia.org/r/292932
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I9d109a22c5b2d2064f664f584100ecaab43199c5
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Gergő Tisza <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: Gergő Tisza <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
