Page MenuHomePhabricator

Fix LoginForm::getLoginToken() to work with MediaWiki >=1.27
Closed, ResolvedPublic

Description

Since Version 1.27 function LoginForm::getLoginToken() returns a MediaWiki\Session\Token instead of a string.

Function chooseName() in file SpecialOpenIDLogin.body.php currently tests against a string:

if ( LoginForm::getLoginToken() != $wgRequest->getVal( 'openidChooseNameBeforeLoginToken' ) ) {

This should be altered to something like

if ( false === LoginForm::getLoginToken()->match($wgRequest->getVal( 'openidChooseNameBeforeLoginToken' ) ) ) {

User::setNewPassword() now always throws exceptions, so this also needs to be addressed.

Event Timeline

Aklapper renamed this task from Add compatibility for Version 1.27 to Fix LoginForm::getLoginToken() to work with MediaWiki >=1.27.Apr 24 2021, 12:59 PM

SpecialOpenIDLogin.body.php got renamed to SpecialOpenIDLogin.php; code now checks if ( $token != $wgRequest->getVal( 'openidChooseNameBeforeLoginToken' ) since a227842aba2c6d0dcc609be2885a5f9f21b954aa