[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Allow password resets from anon-only range blocks

Sun, 11 Dec 2016 07:31:07 -0800 

Brian Wolff has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/326355 )

Change subject: Allow password resets from anon-only range blocks
......................................................................

Allow password resets from anon-only range blocks

If a block is an anon-only range block, it likely covers many.
Some will probably forget their password, and it doesn't make
sense to not allow them to recover it.

Bug: T109909
Change-Id: Ifa2b3c0d1445a747c4b3385dd5d44530331c5590
---
M includes/specials/SpecialPasswordReset.php
M includes/user/PasswordReset.php
2 files changed, 18 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/55/326355/1

diff --git a/includes/specials/SpecialPasswordReset.php 
b/includes/specials/SpecialPasswordReset.php
index a4f16bd..02d1e4d 100644
--- a/includes/specials/SpecialPasswordReset.php
+++ b/includes/specials/SpecialPasswordReset.php
@@ -175,4 +175,15 @@
        protected function getGroupName() {
                return 'users';
        }
+
+       /**
+        * We do our own unblock checking
+        *
+        * The PasswordReset class checks blocks, but we don't want to
+        * stop anon-only range blocks, so return false here.
+        * @see T109909
+        */
+       public function requiresUnblock() {
+               return false;
+       }
 }
diff --git a/includes/user/PasswordReset.php b/includes/user/PasswordReset.php
index c1aef22..89fb9a3 100644
--- a/includes/user/PasswordReset.php
+++ b/includes/user/PasswordReset.php
@@ -101,9 +101,14 @@
                                // Maybe not all users have permission to 
change private data
                                $status = StatusValue::newFatal( 'badaccess' );
                        } elseif ( $user->isBlocked() ) {
+                               $block = $user->getBlock();
                                // Maybe the user is blocked (check this here 
rather than relying on the parent
-                               // method as we have a more specific error 
message to use here
-                               $status = StatusValue::newFatal( 
'blocked-mailpassword' );
+                               // method as we have a more specific error 
message to use here.
+                               // Don't error on anon-only range blocks, since
+                               // user is likely innocent.
+                               if ( $block->isHardblock() || $block->getType() 
!== BLOCK::TYPE_RANGE ) {
+                                       $status = StatusValue::newFatal( 
'blocked-mailpassword' );
+                               }
                        }
 
                        $this->permissionCache->set( $user->getName(), $status 
);

-- 
To view, visit https://gerrit.wikimedia.org/r/326355
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifa2b3c0d1445a747c4b3385dd5d44530331c5590
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <bawolff...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to