Page MenuHomePhabricator
Files F10469

46590_119_git.patch
Public
Actions

Authored By
bzimport
Nov 22 2014, 1:21 AM
Size
4 KB
Referenced Files
None
Subscribers
None

46590_119_git.patch
View Options

From c29a1252573d65887510c76965ed205968415aaa Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Tue, 30 Apr 2013 08:57:23 -0700
Subject: [PATCH] Add hook AbortChangePassword to Special:ChangePassword
Adds a consistent method for authentication extensions to block
password changing operations.
Author: Ryan Lane <rlane@wikimedia.org>
Bug: 46590
Change-Id: I3469e90a958c4fb0f24cafd67de5590d3cc2f075
---
docs/hooks.txt | 6 ++++++
includes/specials/SpecialChangePassword.php | 6 ++++++
languages/messages/MessagesEn.php | 1 +
languages/messages/MessagesQqq.php | 1 +
4 files changed, 14 insertions(+)
diff --git a/docs/hooks.txt b/docs/hooks.txt
index 988ac5d..30b4706 100644
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@@ -264,6 +264,12 @@ $reason: the reason for the move (added in 1.13)
$user: the User object about to be created (read-only, incomplete)
&$msg: out parameter: name of error message to display on abort
+'AbortChangePassword': Return false to cancel password change.
+$user: the User object to which the password change is occuring
+$this->mOldpass: the old password provided by the user
+$newpass: the new password provided by the user
+&$abortMsg: the message identifier for abort reason
+
'ActionBeforeFormDisplay': before executing the HTMLForm object
$name: name of the action
&$form: HTMLForm object
diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index f6482ef..a06b5f3 100644
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -220,6 +220,12 @@ class SpecialChangePassword extends UnlistedSpecialPage {
throw new PasswordError( $this->msg( 'login-throttled' )->text() );
}
+ $abortMsg = 'resetpass-abort-generic';
+ if ( !wfRunHooks( 'AbortChangePassword', array( $user, $this->mOldpass, $newpass, &$abortMsg ) ) ) {
+ wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'abortreset' ) );
+ throw new PasswordError( $this->msg( $abortMsg )->text() );
+ }
+
if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) {
wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() );
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index d62f141..3c7a9c2 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1171,6 +1171,7 @@ To finish logging in, you must set a new password here:',
'oldpassword' => 'Old password:',
'newpassword' => 'New password:',
'retypenew' => 'Retype new password:',
+'resetpass-abort-generic' => 'Password change has been aborted by an extension.',
'resetpass_submit' => 'Set password and log in',
'resetpass_success' => 'Your password has been changed successfully!
Now logging you in...',
diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php
index 59307c7..9c879fe 100644
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@@ -1156,6 +1156,7 @@ See also:
'oldpassword' => "Used on the 'User profile' tab of 'my preferences'. This is the text next to an entry box for the old password in the 'change password' section.",
'newpassword' => '{{Identical|New password}}',
'retypenew' => "Appears on the 'User profile' tab of the 'Preferences' special page in the 'Change password' section. It appears next to the text box for entering the new password a second time.",
+'resetpass-abort-generic' => 'Generic error message shown on [[Special:ChangePassword]] when an extension aborts a password change from a hook.',
'resetpass_submit' => 'Submit button on [[Special:ChangePassword]]',
'resetpass_success' => 'Used in [[Special:ChangePassword]].',
'resetpass_forbidden' => "Used as error message in changing password. Maybe the external auth plugin won't allow local password changes.",
--
1.8.1.4

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9950
Default Alt Text
46590_119_git.patch (4 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits
  NODES
Note 1