[MediaWiki-commits] [Gerrit] mediawiki...ConfirmAccount[master]: Fix bug where accounts confirmed with a modified name stayed...

Aaron Schulz (Code Review) Sun, 21 Aug 2016 07:44:38 -0700

Aaron Schulz has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/305866


Change subject: Fix bug where accounts confirmed with a modified name stayed in 
queue
......................................................................

Fix bug where accounts confirmed with a modified name stayed in queue

A few other assorted cleanups too.

Change-Id: If1e4d1b2edfb91556d0e30398ddba22b45957035
---
M business/AccountConfirmSubmission.php
M business/ConfirmAccountPreAuthenticationProvider.php
2 files changed, 22 insertions(+), 19 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/ConfirmAccount 
refs/changes/66/305866/1

diff --git a/business/AccountConfirmSubmission.php 
b/business/AccountConfirmSubmission.php
index ecdf6ed..578bc22 100644
--- a/business/AccountConfirmSubmission.php
+++ b/business/AccountConfirmSubmission.php
@@ -203,9 +203,6 @@
 
                # Now create user and check if the name is valid
                $user = User::newFromName( $this->userName, false );
-               if ( !$user ) {
-                       return [ 'accountconf_invalid_name', $context->msg( 
'noname' )->escaped(), null ];
-               }
 
                $dbw = wfGetDB( DB_MASTER );
                $dbw->startAtomic( __METHOD__ );
diff --git a/business/ConfirmAccountPreAuthenticationProvider.php 
b/business/ConfirmAccountPreAuthenticationProvider.php
index f557a63..9daef73 100644
--- a/business/ConfirmAccountPreAuthenticationProvider.php
+++ b/business/ConfirmAccountPreAuthenticationProvider.php
@@ -33,10 +33,29 @@
         * @param array $reqs
         * @return bool
         * @throws MWException
+        * @TODO: avoid using global WebRequest and use dedicate auth request 
class
         */
        public function testForAccountCreation( $user, $creator, array $reqs ) {
-               if ( UserAccountRequest::acquireUsername( $user->getName() ) ) {
-                       return StatusValue::newGood(); // no pending request 
for an account with this name
+               $request = RequestContext::getMain()->getRequest();
+               $accReqId = $request->getInt( 'AccountRequestId' );
+               # For normal account creations, just check if the name is free
+               if ( !$accReqId ) {
+                       return UserAccountRequest::acquireUsername( 
$user->getName() )
+                               ? StatusValue::newGood() // no pending requests 
with this name
+                               : StatusValue::newFatal( 'requestaccount-inuse' 
);
+               }
+
+               # User is doing a confirmation creation...
+
+               # Allow creations for account requests as long as the 
parameters match up.
+               # Always keep names reserved on API requests as there is no API 
support for now.
+               if ( !$creator->isAllowed( 'confirmaccount' ) || defined( 
'MW_API' ) ) {
+                       return StatusValue::newFatal( 'badaccess-group0' );
+               }
+
+               $accountReq = UserAccountRequest::newFromId( $accReqId );
+               if ( !$accountReq ) {
+                       return StatusValue::newFatal( 'confirmaccount-badid' );
                }
 
                /** @var \MediaWiki\Auth\UserDataAuthenticationRequest 
$usrDataAuthReq */
@@ -45,19 +64,6 @@
                /** @var \MediaWiki\Auth\TemporaryPasswordAuthenticationRequest 
$tmpPassAuthReq */
                $tmpPassAuthReq = AuthenticationRequest::getRequestByClass(
                        $reqs, 
\MediaWiki\Auth\TemporaryPasswordAuthenticationRequest::class );
-
-               $request = RequestContext::getMain()->getRequest();
-               $accReqId = $request->getInt( 'AccountRequestId' );
-               # Allow creations for account requests as long as the 
parameters match up.
-               # Always keep names reserved on API requests as there is no API 
support for now.
-               if ( !$accReqId || !$creator->isAllowed( 'confirmaccount' ) || 
defined( 'MW_API' ) ) {
-                       return StatusValue::newFatal( 'requestaccount-inuse' );
-               }
-
-               $accountReq = UserAccountRequest::newFromId( $accReqId );
-               if ( !$accountReq ) {
-                       return StatusValue::newFatal( 'confirmaccount-badid' );
-               }
 
                # Make sure certain field were left unchanged from the account 
request
                if (
@@ -74,7 +80,7 @@
                        [
                                'accountRequestId' => $accountReq->getId(),
                                'confirmationParams' => [
-                                       'userName' => $user->getName(),
+                                       'userName' => $request->getVal( 
'wpName', $user->getName() ),
                                        'action' => 'complete',
                                        'reason' => $request->getVal( 
'wpReason', '' ),
                                        // @TODO: make overridable in GUI

-- 
To view, visit https://gerrit.wikimedia.org/r/305866
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If1e4d1b2edfb91556d0e30398ddba22b45957035
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/ConfirmAccount
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...ConfirmAccount[master]: Fix bug where accounts confirmed with a modified name stayed...

Reply via email to