Gergő Tisza has uploaded a new change for review.
https://gerrit.wikimedia.org/r/323786
Change subject: Show already logged in / security reauth message at the right
time
......................................................................
Show already logged in / security reauth message at the right time
After I9588a2, the initial display of the login form might be skipped
under certain conditions. Make sure that the warnings normally shown
there are still shown if there is a login step that requires user
input.
(Using a similar system for the error/warning URL parameters is left
for a future patch.)
Bug: T141474
Change-Id: I59ebe79994debfb7bb17f0f748a5dcfe165333b6
---
M includes/specialpage/LoginSignupSpecialPage.php
1 file changed, 13 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/86/323786/1
diff --git a/includes/specialpage/LoginSignupSpecialPage.php
b/includes/specialpage/LoginSignupSpecialPage.php
index 5f57519..198fa01 100644
--- a/includes/specialpage/LoginSignupSpecialPage.php
+++ b/includes/specialpage/LoginSignupSpecialPage.php
@@ -308,6 +308,11 @@
return;
}
+ // make sure warnings will be shown exactly once, even if they
cannot be shown immediately
+ if ( !$this->isContinued() && !$this->getRequest()->wasPosted()
) {
+ $session->set( 'login-warnings-not-shown-yet', true );
+ }
+
if ( $this->canBypassForm( $button_name ) ) {
// bypassing means an attacker can send the user to
this page and it will be
// autosubmitted; we don't want the attacker to be able
to set the values of form
@@ -523,6 +528,7 @@
protected function mainLoginForm( array $requests, $msg = '', $msgtype
= 'error' ) {
$user = $this->getUser();
$out = $this->getOutput();
+ $session = SessionManager::getGlobalSession();
// FIXME how to handle empty $requests - restart, or no form,
just an error message?
// no form would be better for no session type errors, restart
is better when can* fails.
@@ -570,14 +576,13 @@
$submitStatus->fatal( $msg );
}
- // warning header for non-standard workflows (e.g. security
reauthentication)
- if (
- !$this->isSignup() &&
- $this->getUser()->isLoggedIn() &&
- !$this->isContinued()
- ) {
- $reauthMessage = $this->securityLevel ?
'userlogin-reauth' : 'userlogin-loggedin';
- $submitStatus->warning( $reauthMessage,
$this->getUser()->getName() );
+ if ( $session->get( 'login-warnings-not-shown-yet' ) ) {
+ if ( !$this->isSignup() &&
$this->getUser()->isLoggedIn() ) {
+ // warning header for non-standard workflows
(e.g. security reauthentication)
+ $reauthMessage = $this->securityLevel ?
'userlogin-reauth' : 'userlogin-loggedin';
+ $submitStatus->warning( $reauthMessage,
$this->getUser()->getName() );
+ }
+ $session->remove( 'login-warnings-not-shown-yet' );
}
$formHtml = $form->getHTML( $submitStatus );
--
To view, visit https://gerrit.wikimedia.org/r/323786
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I59ebe79994debfb7bb17f0f748a5dcfe165333b6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Gergő Tisza <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
