Add hook AbortChangePassword to Special:ChangePassword

Adds a consistent method for authentication extensions to block password changing operations. Bug: 46590 Change-Id: I3469e90a958c4fb0f24cafd67de5590d3cc2f075
2013-04-30 12:37:52 -07:00 · 2013-04-30 12:37:52 -07:00 · 138092b61a
commit 138092b61a
parent ba672550c0
5 changed files with 15 additions and 0 deletions
--- a/docs/hooks.txt
+++ b/docs/hooks.txt
@ -270,6 +270,12 @@ $reason: the reason for the move (added in 1.13)
 $user: the User object about to be created (read-only, incomplete)
 &$msg: out parameter: HTML to display on abort

+'AbortChangePassword': Return false to cancel password change.
+$user: the User object to which the password change is occuring
+$mOldpass: the old password provided by the user
+$newpass: the new password provided by the user
+&$abortMsg: the message identifier for abort reason
+
 'ActionBeforeFormDisplay': Before executing the HTMLForm object.
 $name: name of the action
 &$form: HTMLForm object
--- a/includes/specials/SpecialChangePassword.php
+++ b/includes/specials/SpecialChangePassword.php
@ -251,6 +251,12 @@ class SpecialChangePassword extends UnlistedSpecialPage {
 			throw new PasswordError( $this->msg( 'login-throttled' )->text() );
 		}

+		$abortMsg = 'resetpass-abort-generic';
+		if ( !wfRunHooks( 'AbortChangePassword', array( $user, $this->mOldpass, $newpass, &$abortMsg ) ) ) {
+			wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'abortreset' ) );
+			throw new PasswordError( $this->msg( $abortMsg )->text() );
+		}
+
 		if ( !$user->checkTemporaryPassword( $this->mOldpass ) && !$user->checkPassword( $this->mOldpass ) ) {
 			wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
 			throw new PasswordError( $this->msg( 'resetpass-wrong-oldpass' )->text() );
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@ -1247,6 +1247,7 @@ To finish logging in, you must set a new password here:',
 'oldpassword'               => 'Old password:',
 'newpassword'               => 'New password:',
 'retypenew'                 => 'Retype new password:',
+'resetpass-abort-generic'   => 'Password change has been aborted by an extension.',
 'resetpass_submit'          => 'Set password and log in',
 'resetpass_success'         => 'Your password has been changed successfully!
 Now logging you in...',
--- a/languages/messages/MessagesQqq.php
+++ b/languages/messages/MessagesQqq.php
@ -1303,6 +1303,7 @@ See also:
 'oldpassword' => "Used on the 'User profile' tab of 'my preferences'. This is the text next to an entry box for the old password in the 'change password' section.",
 'newpassword' => '{{Identical|New password}}',
 'retypenew' => "Appears on the 'User profile' tab of the 'Preferences' special page in the 'Change password' section. It appears next to the text box for entering the new password a second time.",
+'resetpass-abort-generic' => 'Generic error message shown on [[Special:ChangePassword]] when an extension aborts a password change from a hook.',
 'resetpass_submit' => 'Submit button on [[Special:ChangePassword]]',
 'resetpass_success' => 'Used in [[Special:ChangePassword]].',
 'resetpass_forbidden' => "Used as error message in changing password. Maybe the external auth plugin won't allow local password changes.",
--- a/maintenance/language/messages.inc
+++ b/maintenance/language/messages.inc
@ -567,6 +567,7 @@ $wgMessageStructure = array(
 		'resetpass-submit-cancel',
 		'resetpass-wrong-oldpass',
 		'resetpass-temp-password',
+		'resetpass-abort-generic',
 	),
 	'passwordreset' => array(
 		'passwordreset',