Page MenuHomePhabricator

Update EditAccount for AuthManager
Closed, DeclinedPublic

Description

Setting the password with User::setPassword() is now deprecated. You might inline it if you want to preserve this feature instead of using core's password reset mechanism that generates a temporary password that the user is forced to change on login, but I recommend doing the latter.

Further, an account may no longer be reliably disabled by simply setting its password to something random and clearing its email address. Look at User::newSystemUser() (particularly the implementation of the 'steal' option) for a more complete implementation.