Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F585290
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
4 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/includes/auth/AuthManager.php b/includes/auth/AuthManager.php
index 44c15cc870c..c48e21b5969 100644
--- a/includes/auth/AuthManager.php
+++ b/includes/auth/AuthManager.php
@@ -1295,6 +1295,19 @@ class AuthManager implements LoggerAwareInterface {
*/
public function beginAccountCreation( Authority $creator, array $reqs, $returnToUrl ) {
$session = $this->request->getSession();
+ if ( $creator->isTemp() ) {
+ // For a temp account creating a permanent account, we do not want the temporary
+ // account to be associated with the created permanent account. To avoid this,
+ // set the session user to a new anonymous user, save it, and set the request
+ // context from the new session user account. (T393628)
+ $creator = $this->userFactory->newAnonymous();
+ $session->setUser( $creator );
+ // Ensure the temporary account username is also cleared from the session, this is set
+ // in TempUserCreator::acquireAndStashName
+ $session->remove( 'TempUser:name' );
+ $session->save();
+ $this->setRequestContextUserFromSessionUser();
+ }
if ( !$this->canCreateAccounts() ) {
// Caller should have called canCreateAccounts()
$session->remove( self::ACCOUNT_CREATION_STATE );
@@ -1390,6 +1403,10 @@ class AuthManager implements LoggerAwareInterface {
$session->setSecret( self::ACCOUNT_CREATION_STATE, $state );
$session->persist();
+ $this->logger->debug( __METHOD__ . ': Proceeding with account creation for {username} by {creator}', [
+ 'username' => $user->getName(),
+ 'creator' => $creator->getUser()->getName(),
+ ] );
return $this->continueAccountCreation( $reqs );
}
diff --git a/tests/phpunit/includes/auth/AuthManagerTest.php b/tests/phpunit/includes/auth/AuthManagerTest.php
index 018cc739738..19be12c6fe9 100644
--- a/tests/phpunit/includes/auth/AuthManagerTest.php
+++ b/tests/phpunit/includes/auth/AuthManagerTest.php
@@ -4396,4 +4396,53 @@ class AuthManagerTest extends MediaWikiIntegrationTestCase {
];
// phpcs:enable
}
+
+ public function testTemporaryAccountNamedAccountCreation() {
+ $tempAccount = $this->getServiceContainer()->getTempUserCreator()->create( null, new FauxRequest() )->getUser();
+ $this->clearHook( 'UserLogout' );
+ $this->clearHook( 'SaveUserOptions' );
+ $this->mergeMwGlobalArrayValue(
+ 'wgRevokePermissions',
+ [
+ 'temp' => [
+ 'createaccount' => false
+ ]
+ ]
+ );
+ $primaryAuthProvider = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
+ $primaryAuthProvider->method( 'accountCreationType' )
+ ->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
+ $primaryAuthProvider->method( 'continuePrimaryAuthentication' )->willReturn( AuthenticationResponse::PASS );
+ $primaryAuthProvider->method( 'testForAccountCreation' )->willReturn( StatusValue::newGood() );
+ $primaryAuthProvider->method( 'beginPrimaryAccountCreation' )->willReturn( AuthenticationResponse::newPass() );
+ $primaryAuthProvider->method( 'testUserForCreation' )->willReturn( StatusValue::newGood() );
+ $this->primaryauthMocks = [ $primaryAuthProvider ];
+ $this->logger = new TestLogger( true, static function ( $message, $level ) {
+ return $message;
+ } );
+ $this->initializeManager();
+ $this->logger->setCollectContext( true );
+ $this->logger->setCollect( true );
+
+ $usernameAuthRequest = new UsernameAuthenticationRequest();
+ $usernameAuthRequest->username = ucfirst( wfRandomString() );
+ $userDataAuthRequest = new UserDataAuthenticationRequest();
+ $userDataAuthRequest->username = $tempAccount->getName();
+ $session = $this->request->getSession();
+ $session->setUser( $tempAccount );
+ $this->manager->setRequestContextUserFromSessionUser();
+ $session->set( 'TempUser:name', $tempAccount->getName() );
+ $result = $this->manager->beginAccountCreation( $tempAccount, [
+ $usernameAuthRequest,
+ $userDataAuthRequest
+ ], '' );
+ $this->assertSame( $usernameAuthRequest->username, $result->username );
+ $this->assertSame( AuthenticationResponse::PASS, $result->status );
+ $this->assertSame(
+ [ 'username' => $usernameAuthRequest->username, 'creator' => '127.0.0.1' ],
+ // Check the context variables on the last message passed to the logger
+ $this->logger->getBuffer()[0][2]
+ );
+ $this->assertSame( null, $this->request->getSession()->get( 'TempUser:name' ) );
+ }
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Jul 5, 5:32 AM (18 h, 23 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
227698
Default Alt Text
(4 KB)
Attached To
Mode
rMW mediawiki
Attached
Detach File
Event Timeline
Log In to Comment