We only want to set the local user_token when we create the local
account. We don't want to invalidate all existing CentralAuth sessions
for the user just because they happened to visit a new wiki and get
an account auto-created.
This might also fix T136853. It looks like what's going on there is that
two jobs are both in this code path calling CentralAuth::resetAuthToken()
at the same time, leading to a race and one fails the CAS check.
Bug: T136834
Change-Id: I61b8253584a11a5b02f7ccb9efa0679cd2a822c6
I found a need in CentralAuth to check that
CentralAuthPrimaryAuthenticationProvider is actually in use, so I'm
exposing this.
Change-Id: I40bd3dc4d05db0c3a34b01f550a9a9a1ded8fc61
They were coming out as null instead, which screws up when requests are
changing their fields based on the action.
Change-Id: Ic8caf57ebad35c3eb17d45f9d96c6de5b559a83a
* ApiQueryAuthManagerInfo will differentiate between preserved linking
data and a preserved createRequest.
* ApiQueryAuthManagerInfo will indicate the preserved username, if any,
because the client will have to pass that back to action=createaccount.
* ApiClientLogin won't tell about the confusing
CreateFromLoginAuthenticationRequest returned on RESTART responses.
* Explain how 'preservestate' works in ApiAMCreateAccount's auto-doc.
* ConfirmLinkSecondaryAuthenticationProvider will filter out requests
that can no longer be used (i.e. if it was for linking the account
that got used for creation).
* All the complicated code in AuthManager::beginAccountCreation() was
trying to deal with allowing the client to pass only the
CreateFromLoginAuthenticationRequest. That was dumb, removed it.
* Added methods to CreateFromLoginAuthenticationRequest to indicate its
status with respect to different kinds of preserved state.
* Increase accuracy of the AuthenticationResponse::$createRequest doc.
Change-Id: I726d79de18e739d6e60c1eea51453433c21ba207
This implements the AuthManager class and its needed interfaces and
subclasses, and integrates them into the backend portion of MediaWiki.
Integration with frontend portions of MediaWiki (e.g. ApiLogin,
Special:Login) is left for a followup.
Bug: T91699
Bug: T71589
Bug: T111299
Co-Authored-By: Gergő Tisza <gtisza@wikimedia.org>
Change-Id: If89d24838e326fe25fe867d02181eebcfbb0e196
