Fix login with temporary password with $wgSecureLogin = true1.22.0rc-FINAL

The problem is that FauxRequest sets the protocol to http by default,
thus triggering the redirect when executing Special:UserLogin in the
background to log the user in after having reset his password.

DerivativeRequest is now used instead of FauxRequest so that the
protocol is correctly forwarded, and the redirect will not be
triggered.

Bug: 57289
Change-Id: I252351ff7d446283c9d1ab5f79b5cdbce71b76e0
(cherry picked from commit bb2ad0e816ce8ba579960148c2300f37510a1651)

2 files changed, 3 insertions, 1 deletions

diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index fe7ef88370d2..f8fdddd05a04 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -411,6 +411,8 @@ production.
 * (bug 45288) Support mysqli PHP extension
 * (bug 56707) Correct tooltip of "Next n results" on query special pages.
 * (bug 56770) mw.util.addPortletLink: Check length before access array index.
+* (bug 57289) Logging in with a temporary password is no longer broken when
+  $wgSecureLogin is true.
 
 === API changes in 1.22 ===
 * (bug 25553) The JSON output formatter now leaves forward slashes unescaped
diff --git a/includes/specials/SpecialChangePassword.php b/includes/specials/SpecialChangePassword.php
index 7fcab1939c37..c54b5575be67 100644
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@@ -99,7 +99,7 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 						'wpLoginToken' => $token,
 						'wpPassword' => $request->getVal( 'wpNewPassword' ),
 					) + $request->getValues( 'wpRemember', 'returnto', 'returntoquery' );
-					$login = new LoginForm( new FauxRequest( $data, true ) );
+					$login = new LoginForm( new DerivativeRequest( $request, $data, true ) );
 					$login->setContext( $this->getContext() );
 					$login->execute( null );
 				}