Add ability to login user without password check

bd808 · bd808 · commit 0189d345b772 · 2015-10-05T23:51:32.000Z
Make session management steps for OAuth driven workflows possible by
separating the act of verifying username &amp; password from setting an
authenticated UserData object in the current session.

Change-Id: Ie49b9cc0ccf2c9fdcc559fc065b0f5ab4207cd38
diff --git a/src/Auth/AuthManager.php b/src/Auth/AuthManager.php
@@ -109,17 +109,7 @@ public function authenticate( $uname, $password ) {
 		$user = $this->manager->getUserData( $uname );
 		$check = Password::comparePasswordToHash( $password, $user->getPassword() );
 		if ( $check && !$user->isBlocked() ) {
-			// clear session
-			foreach ( $_SESSION as $key => $value ) {
-				unset( $_SESSION[$key] );
-			}
-
-			// generate new session id
-			session_regenerate_id( true );
-
-			// store user info in session
-			$this->setUser( $user );
-
+			$this->login( $user );
 			return true;
 
 		} else {
@@ -128,6 +118,25 @@ public function authenticate( $uname, $password ) {
 	}
 
 
+	/**
+	 * Add authentication.
+	 *
+	 * @param UserData $user
+	 */
+	public function login( UserData $user ) {
+		// clear session
+		foreach ( $_SESSION as $key => $value ) {
+			unset( $_SESSION[$key] );
+		}
+
+		// generate new session id
+		session_regenerate_id( true );
+
+		// store user info in session
+		$this->setUser( $user );
+	}
+
+
 	/**
 	 * Remove authentication.
 	 */
diff --git a/src/Auth/UserManager.php b/src/Auth/UserManager.php
@@ -23,7 +23,7 @@
 
 namespace Wikimedia\Slimapp\Auth;
 
-use \PDOException;
+use PDOException;
 
 /**
  * Data access object for users.
