diff options
author | Chad Horohoe <chadh@wikimedia.org> | 2016-05-31 12:20:05 -0700 |
---|---|---|
committer | Chad <chadh@wikimedia.org> | 2016-05-31 23:13:56 +0000 |
commit | 57f722a315d69c3cf5893f0a4e8782afbfb856b6 (patch) | |
tree | a9e4954ccabce76bfa6255ecd706bf876c7a15e1 | |
parent | 6eb3ea41b7167ba9d9c60bcb2d303a9ce3a89f68 (diff) |
Reset all tokens on login1.27.0-rc.0
Bug: T122056
Change-Id: I03739e942b6c182ed9cbcd0d9615dcd799e8baed
(cherry picked from commit ca831d5f4535146dc1ddd19059d981f4deb01126)
-rw-r--r-- | includes/auth/AuthManager.php | 1 | ||||
-rw-r--r-- | includes/specials/pre-authmanager/SpecialUserlogin.php | 1 | ||||
-rw-r--r-- | includes/user/User.php | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php index 136ce262a76f..69f51b899f77 100644 --- a/includes/auth/AuthManager.php +++ b/includes/auth/AuthManager.php @@ -2288,6 +2288,7 @@ class AuthManager implements LoggerAwareInterface { $delay = $session->delaySave(); $session->resetId(); + $session->resetAllTokens(); if ( $session->canSetUser() ) { $session->setUser( $user ); } diff --git a/includes/specials/pre-authmanager/SpecialUserlogin.php b/includes/specials/pre-authmanager/SpecialUserlogin.php index e745129427b6..8935a490bb97 100644 --- a/includes/specials/pre-authmanager/SpecialUserlogin.php +++ b/includes/specials/pre-authmanager/SpecialUserlogin.php @@ -1718,6 +1718,7 @@ class LoginFormPreAuthManager extends SpecialPage { } SessionManager::getGlobalSession()->resetId(); + SessionManager::getGlobalSession()->resetAllTokens(); } /** diff --git a/includes/user/User.php b/includes/user/User.php index 4f244b749d93..e2b80e473ce2 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -3865,6 +3865,7 @@ class User implements IDBAccessObject { $session->setLoggedOutTimestamp( time() ); $session->setUser( new User ); $session->set( 'wsUserID', 0 ); // Other code expects this + $session->resetAllTokens(); ScopedCallback::consume( $delay ); } } |