Gergő Tisza has uploaded a new change for review. https://gerrit.wikimedia.org/r/293775
Change subject: Add new convenience User method for authentication data change ...................................................................... Add new convenience User method for authentication data change Also update createAndPromote.php to use it so it can display errors. Note that there are two possible approaches. The other is to do the update for all requests for which the test passed, even if some tests fail. The approach of the patch seems more manageable from the caller's point of view (either the operation was a success, or it failed and nothing happened). Change-Id: I86abed4b80472cd888337444fac0cbcb870b1246 (cherry picked from commit b568497e9a863bf71338b254eb05ca3da9c38eb5) --- M includes/user/User.php M languages/i18n/en.json M languages/i18n/qqq.json M maintenance/changePassword.php M maintenance/createAndPromote.php 5 files changed, 79 insertions(+), 18 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/75/293775/1 diff --git a/includes/user/User.php b/includes/user/User.php index 9afd72d..f246b3b 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -2592,23 +2592,16 @@ throw new LogicException( 'Cannot set a password for a user that is not in the database.' ); } - $data = [ + $status = $this->changeAuthenticationData( [ 'username' => $this->getName(), 'password' => $str, 'retype' => $str, - ]; - $reqs = $manager->getAuthenticationRequests( AuthManager::ACTION_CHANGE, $this ); - $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); - foreach ( $reqs as $req ) { - $status = $manager->allowsAuthenticationDataChange( $req ); - if ( !$status->isGood() ) { - \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' ) - ->info( __METHOD__ . ': Password change rejected: ' . $status->getWikiText() ); - return false; - } - } - foreach ( $reqs as $req ) { - $manager->changeAuthenticationData( $req ); + ] ); + if ( !$status->isGood() ) { + \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' ) + ->info( __METHOD__ . ': Password change rejected: ' + . $status->getWikiText( null, null, 'en' ) ); + return false; } $this->setOption( 'watchlisttoken', false ); @@ -2620,6 +2613,45 @@ } /** + * Changes credentials of the user. + * + * This is a convenience wrapper around AuthManager::changeAuthenticationData. + * Note that this can return a status that isOK() but not isGood() on certain types of failures, + * e.g. when no provider handled the change. + * + * @param array $data A set of authentication data in fieldname => value format. This is the + * same data you would pass the changeauthenticationdata API - 'username', 'password' etc. + * @return Status + * @since 1.27 + */ + public function changeAuthenticationData( array $data ) { + global $wgDisableAuthManager; + if ( $wgDisableAuthManager ) { + throw new LogicException( __METHOD__ . ' cannot be called when $wgDisableAuthManager ' + . 'is true' ); + } + + $manager = AuthManager::singleton(); + $reqs = $manager->getAuthenticationRequests( AuthManager::ACTION_CHANGE, $this ); + $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); + + $status = Status::newGood( 'ignored' ); + foreach ( $reqs as $req ) { + $status->merge( $manager->allowsAuthenticationDataChange( $req ), true ); + } + if ( $status->getValue() === 'ignored' ) { + $status->warning( 'authenticationdatachange-ignored' ); + } + + if ( $status->isGood() ) { + foreach ( $reqs as $req ) { + $manager->changeAuthenticationData( $req ); + } + } + return $status; + } + + /** * Get the user's current token. * @param bool $forceCreation Force the generation of a new token if the * user doesn't have one (default=true for backwards compatibility). diff --git a/languages/i18n/en.json b/languages/i18n/en.json index 4ced6df..5c67092 100644 --- a/languages/i18n/en.json +++ b/languages/i18n/en.json @@ -4171,5 +4171,6 @@ "linkaccounts-success-text": "The account was linked.", "linkaccounts-submit": "Link accounts", "unlinkaccounts": "Unlink accounts", - "unlinkaccounts-success": "The account was unlinked." + "unlinkaccounts-success": "The account was unlinked.", + "authenticationdatachange-ignored": "The authentication data change was not handled. Maybe no provider was configured?" } diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index 29d926d..fa0b464 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -4349,5 +4349,6 @@ "linkaccounts-success-text": "Text shown on top of the form after a successful action.", "linkaccounts-submit": "Text of the main submit button on [[Special:LinkAccounts]] (when there is one)", "unlinkaccounts": "Title of the special page [[Special:UnlinkAccounts]] which allows the user to remove linked remote accounts.", - "unlinkaccounts-success": "Account unlinking form success message" + "unlinkaccounts-success": "Account unlinking form success message", + "authenticationdatachange-ignored": "Shown when authentication data change was unsuccessful due to configuration problems." } diff --git a/maintenance/changePassword.php b/maintenance/changePassword.php index 8687f81..a550d12 100644 --- a/maintenance/changePassword.php +++ b/maintenance/changePassword.php @@ -41,6 +41,8 @@ } public function execute() { + global $wgDisableAuthManager; + if ( $this->hasOption( "user" ) ) { $user = User::newFromName( $this->getOption( 'user' ) ); } elseif ( $this->hasOption( "userid" ) ) { @@ -51,8 +53,20 @@ if ( !$user || !$user->getId() ) { $this->error( "No such user: " . $this->getOption( 'user' ), true ); } + $password = $this->getOption( 'password' ); try { - $user->setPassword( $this->getOption( 'password' ) ); + if ( $wgDisableAuthManager ) { + $user->setPassword( $password ); + } else { + $status = $user->changeAuthenticationData( [ + 'username' => $user->getName(), + 'password' => $password, + 'retype' => $password, + ] ); + if ( !$status->isGood() ) { + throw new PasswordError( $status->getWikiText( null, null, 'en' ) ); + } + } $user->saveSettings(); $this->output( "Password set for " . $user->getName() . "\n" ); } catch ( PasswordError $pwe ) { diff --git a/maintenance/createAndPromote.php b/maintenance/createAndPromote.php index 848c2f7..3591b9c 100644 --- a/maintenance/createAndPromote.php +++ b/maintenance/createAndPromote.php @@ -56,6 +56,8 @@ } public function execute() { + global $wgDisableAuthManager; + $username = $this->getArg( 0 ); $password = $this->getArg( 1 ); $force = $this->hasOption( 'force' ); @@ -120,7 +122,18 @@ if ( $password ) { # Try to set the password try { - $user->setPassword( $password ); + if ( $wgDisableAuthManager ) { + $user->setPassword( $password ); + } else { + $status = $user->changeAuthenticationData( [ + 'username' => $user->getName(), + 'password' => $password, + 'retype' => $password, + ] ); + if ( !$status->isGood() ) { + throw new PasswordError( $status->getWikiText( null, null, 'en' ) ); + } + } if ( $exists ) { $this->output( "Password set.\n" ); $user->saveSettings(); -- To view, visit https://gerrit.wikimedia.org/r/293775 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I86abed4b80472cd888337444fac0cbcb870b1246 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_27 Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits