Skip to content

Commit 686f038

Browse files
committed
Fixed postAuthentication() bug
postAuthentication() method is run after login for every registered provider which meant that it also ran if the LocalPasswordPrimaryAuthenticationProvider was that one who authenticated a user. postAuthentication() then tried to access something that was not there. This is now fixed. Post auth tasks will only be performed if the ExternalDatabaseAuth provider was the one that successfully authenticated.
1 parent 9be9555 commit 686f038

1 file changed

Lines changed: 14 additions & 1 deletion

File tree

includes/ExternalDatabaseAuth.php

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,16 @@ class ExternalDatabaseAuth extends AbstractPasswordPrimaryAuthenticationProvider
3434
*/
3535
private $loginUser;
3636

37+
/**
38+
* Keeps record if this provider's login attempt was successful. This is necessary for the
39+
* postAuthentication() method since it is called for every registered provider and we need to
40+
* make sure that our post-auth tasks are only performed if our provider was the one that
41+
* successfully authenticated.
42+
*
43+
* @var boolean
44+
*/
45+
private $providerSuccess;
46+
3747
/**
3848
* Creates a new object for external database authentication. Queries the current configuration
3949
* and stores it for further use.
@@ -48,6 +58,8 @@ public function __construct( array $params = [] ) {
4858
MediaWikiServices::getInstance()
4959
->getConfigFactory()
5060
->makeConfig( "ExternalDatabaseAuth" );
61+
$this->loginUser = null;
62+
$this->providerSuccess = false;
5163
}
5264

5365
/**
@@ -115,6 +127,7 @@ public function beginPrimaryAuthentication( array $reqs ) {
115127
// Authenticate the user (see if password matches the stored one)
116128
if ( $this->loginUser && $this->isPasswordValid( $req->password,
117129
$this->loginUser->{$fields["userPassword"]} ) ) {
130+
$this->providerSuccess = true;
118131
return AuthenticationResponse::newPass( $req->username );
119132
}
120133

@@ -187,7 +200,7 @@ private function isPasswordValid( $enteredPassword, $storedPassword ) {
187200
public function postAuthentication( $user, AuthenticationResponse $response ) {
188201
parent::postAuthentication( $user, $response );
189202

190-
if ( $response->status === AuthenticationResponse::PASS ) {
203+
if ( $response->status === AuthenticationResponse::PASS && $this->providerSuccess ) {
191204
$fields = $this->edaConfig->get( "ExternalDatabaseAuthFields" );
192205

193206
$user->setRealName( $this->loginUser->{$fields["userRealName"]} );

0 commit comments

Comments
 (0)