From a35c79249cb1c11a8eba5178cd6897ed2225d9bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <gtisza@wikimedia.org>
Date: Fri, 10 Jun 2016 13:32:11 +0000
Subject: [PATCH] [SECURITY] Abort login/autologin when loginwiki account is
 unattached

Bug: T137551
Change-Id: I7405af5a9361ea58d16194ec7e1385a5e58fde16
---
 includes/specials/SpecialCentralAutoLogin.php | 7 +++++++
 includes/specials/SpecialCentralLogin.php     | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/includes/specials/SpecialCentralAutoLogin.php b/includes/specials/SpecialCentralAutoLogin.php
index 1e9e86f..c5c625a 100644
--- a/includes/specials/SpecialCentralAutoLogin.php
+++ b/includes/specials/SpecialCentralAutoLogin.php
@@ -250,6 +250,13 @@ class SpecialCentralAutoLogin extends UnlistedSpecialPage {
 				return;
 			}
 
+			if ( !$centralUser->isAttached() ) {
+				// this should never happen but it's good to be
+				$this->doFinalOutput( false, 'Central account not connected on login wiki! Please '
+					. ' ask for developer help', self::getInlineScript( 'anon-set.js' ) );
+				return;
+			}
+
 			// We're pretty sure this user is logged in, so pass back
 			// headers to prevent caching, just in case
 			$this->getOutput()->enableClientCache( false );
diff --git a/includes/specials/SpecialCentralLogin.php b/includes/specials/SpecialCentralLogin.php
index da1d70a..e841d27 100644
--- a/includes/specials/SpecialCentralLogin.php
+++ b/includes/specials/SpecialCentralLogin.php
@@ -77,6 +77,8 @@ class SpecialCentralLogin extends UnlistedSpecialPage {
 			throw new Exception( "Global user '{$info['name']}' does not exist." );
 		} elseif ( $centralUser->getId() !== $info['guid'] ) { // sanity
 			throw new Exception( "Global user does not have ID '{$info['guid']}'." );
+		} elseif ( !$centralUser->isAttached() ) { // even more sanity
+			throw new Exception( "Global user '{$info['name']}' is not attached on loginwiki." );
 		}
 
 		$session = CentralAuthUtils::getCentralSession();
-- 
1.9.1