From 6d5f7512d649257152d5b44a04acf51fc443841e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 1 Jul 2021 14:44:02 +0200
Subject: [PATCH 1/4] Add a UserLoggedIn event

---
 .../event/UserLoggedIn.class.php              | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 wcfsetup/install/files/lib/system/user/authentication/event/UserLoggedIn.class.php

diff --git a/wcfsetup/install/files/lib/system/user/authentication/event/UserLoggedIn.class.php b/wcfsetup/install/files/lib/system/user/authentication/event/UserLoggedIn.class.php
new file mode 100644
index 00000000000..637d8646ce5
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/user/authentication/event/UserLoggedIn.class.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace wcf\system\user\authentication\event;
+
+use wcf\data\user\User;
+use wcf\system\cache\runtime\UserRuntimeCache;
+use wcf\system\event\IEvent;
+
+/**
+ * Indicates that the user actively logged in, i.e. that a user change happened in response
+ * to a user's request based off proper authentication.
+ *
+ * This event specifically must not be used if the active user is changed for technical
+ * reasons, e.g. when switching back to the real user after executing some logic with
+ * guest permissions.
+ *
+ * @author  Tim Duesterhus
+ * @copyright   2001-2021 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package WoltLabSuite\Core\System\User\Authentication\Event
+ * @since   5.5
+ */
+final class UserLoggedIn implements IEvent
+{
+    /**
+     * @var int
+     */
+    private $userID;
+
+    public function __construct(User $user)
+    {
+        $this->userID = (int)$user->userID;
+    }
+
+    public function getUser(): User
+    {
+        return UserRuntimeCache::getInstance()->getObject($this->userID);
+    }
+}

From 301d5ea43eb4864410c90843cdcda2b14d937737 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 1 Jul 2021 14:49:34 +0200
Subject: [PATCH 2/4] Implement the UserLoggedIn event

---
 wcfsetup/install/files/lib/acp/form/LoginForm.class.php   | 6 ++++++
 .../install/files/lib/action/FacebookAuthAction.class.php | 6 ++++++
 .../install/files/lib/action/GithubAuthAction.class.php   | 6 ++++++
 .../install/files/lib/action/GoogleAuthAction.class.php   | 6 ++++++
 .../install/files/lib/action/TwitterAuthAction.class.php  | 6 ++++++
 wcfsetup/install/files/lib/form/LoginForm.class.php       | 8 ++++++++
 .../lib/form/MultifactorAuthenticationForm.class.php      | 5 +++++
 7 files changed, 43 insertions(+)

diff --git a/wcfsetup/install/files/lib/acp/form/LoginForm.class.php b/wcfsetup/install/files/lib/acp/form/LoginForm.class.php
index 7d36887dec0..845e9f724cb 100755
--- a/wcfsetup/install/files/lib/acp/form/LoginForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/LoginForm.class.php
@@ -8,12 +8,14 @@
 use wcf\data\user\UserProfile;
 use wcf\form\AbstractCaptchaForm;
 use wcf\system\application\ApplicationHandler;
+use wcf\system\event\EventHandler;
 use wcf\system\exception\NamedUserException;
 use wcf\system\exception\UserInputException;
 use wcf\system\request\LinkHandler;
 use wcf\system\request\RequestHandler;
 use wcf\system\request\RouteHandler;
 use wcf\system\user\authentication\EmailUserAuthentication;
+use wcf\system\user\authentication\event\UserLoggedIn;
 use wcf\system\user\authentication\UserAuthenticationFactory;
 use wcf\system\WCF;
 use wcf\util\HeaderUtil;
@@ -226,6 +228,10 @@ public function save()
         $needsMultifactor = WCF::getSession()->changeUserAfterMultifactorAuthentication($this->user);
         if (!$needsMultifactor) {
             WCF::getSession()->registerReauthentication();
+
+            EventHandler::getInstance()->fire(
+                new UserLoggedIn($this->user)
+            );
         }
         $this->saved();
 
diff --git a/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php b/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
index c5276b38469..35bd06f3ed1 100644
--- a/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/FacebookAuthAction.class.php
@@ -5,8 +5,10 @@
 use GuzzleHttp\Psr7\Request;
 use wcf\data\user\User;
 use wcf\form\RegisterForm;
+use wcf\system\event\EventHandler;
 use wcf\system\exception\NamedUserException;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\event\UserLoggedIn;
 use wcf\system\user\authentication\oauth\User as OauthUser;
 use wcf\system\WCF;
 use wcf\util\HeaderUtil;
@@ -135,6 +137,10 @@ protected function processUser(OauthUser $oauthUser)
 
                 WCF::getSession()->changeUser($user);
                 WCF::getSession()->update();
+                EventHandler::getInstance()->fire(
+                    new UserLoggedIn($user)
+                );
+
                 HeaderUtil::redirect(LinkHandler::getInstance()->getLink());
 
                 exit;
diff --git a/wcfsetup/install/files/lib/action/GithubAuthAction.class.php b/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
index a8a034e3b1b..1efc49a2b19 100644
--- a/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/GithubAuthAction.class.php
@@ -6,8 +6,10 @@
 use Psr\Http\Client\ClientExceptionInterface;
 use wcf\data\user\User;
 use wcf\form\RegisterForm;
+use wcf\system\event\EventHandler;
 use wcf\system\exception\NamedUserException;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\event\UserLoggedIn;
 use wcf\system\user\authentication\oauth\User as OauthUser;
 use wcf\system\WCF;
 use wcf\util\HeaderUtil;
@@ -125,6 +127,10 @@ protected function processUser(OauthUser $oauthUser)
 
                 WCF::getSession()->changeUser($user);
                 WCF::getSession()->update();
+                EventHandler::getInstance()->fire(
+                    new UserLoggedIn($user)
+                );
+
                 HeaderUtil::redirect(LinkHandler::getInstance()->getLink());
 
                 exit;
diff --git a/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php b/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php
index 078e9b64259..169d77bac91 100644
--- a/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/GoogleAuthAction.class.php
@@ -5,8 +5,10 @@
 use GuzzleHttp\Psr7\Request;
 use wcf\data\user\User;
 use wcf\form\RegisterForm;
+use wcf\system\event\EventHandler;
 use wcf\system\exception\NamedUserException;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\event\UserLoggedIn;
 use wcf\system\user\authentication\oauth\User as OauthUser;
 use wcf\system\WCF;
 use wcf\util\HeaderUtil;
@@ -147,6 +149,10 @@ protected function processUser(OauthUser $oauthUser)
 
                 WCF::getSession()->changeUser($user);
                 WCF::getSession()->update();
+                EventHandler::getInstance()->fire(
+                    new UserLoggedIn($user)
+                );
+
                 HeaderUtil::redirect(LinkHandler::getInstance()->getLink());
 
                 exit;
diff --git a/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php b/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
index 1975bd10e90..5b287412c3d 100644
--- a/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
+++ b/wcfsetup/install/files/lib/action/TwitterAuthAction.class.php
@@ -8,10 +8,12 @@
 use ParagonIE\ConstantTime\Hex;
 use Psr\Http\Client\ClientExceptionInterface;
 use wcf\data\user\User;
+use wcf\system\event\EventHandler;
 use wcf\system\exception\NamedUserException;
 use wcf\system\exception\PermissionDeniedException;
 use wcf\system\io\HttpFactory;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\event\UserLoggedIn;
 use wcf\system\user\authentication\oauth\exception\StateValidationException;
 use wcf\system\user\authentication\oauth\User as OauthUser;
 use wcf\system\WCF;
@@ -121,6 +123,10 @@ protected function processUser(OauthUser $oauthUser)
 
                 WCF::getSession()->changeUser($user);
                 WCF::getSession()->update();
+                EventHandler::getInstance()->fire(
+                    new UserLoggedIn($user)
+                );
+
                 HeaderUtil::redirect(LinkHandler::getInstance()->getLink());
 
                 exit;
diff --git a/wcfsetup/install/files/lib/form/LoginForm.class.php b/wcfsetup/install/files/lib/form/LoginForm.class.php
index 95fadd5b494..7dbd1c6a43d 100644
--- a/wcfsetup/install/files/lib/form/LoginForm.class.php
+++ b/wcfsetup/install/files/lib/form/LoginForm.class.php
@@ -2,7 +2,9 @@
 
 namespace wcf\form;
 
+use wcf\system\event\EventHandler;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\event\UserLoggedIn;
 use wcf\system\WCF;
 
 /**
@@ -31,6 +33,12 @@ public function save()
         // change user
         $needsMultifactor = WCF::getSession()->changeUserAfterMultifactorAuthentication($this->user);
 
+        if (!$needsMultifactor) {
+            EventHandler::getInstance()->fire(
+                new UserLoggedIn($this->user)
+            );
+        }
+
         $this->saved();
 
         // redirect to url
diff --git a/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php b/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php
index 57c87c273f3..4c0a5d194b1 100644
--- a/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php
+++ b/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php
@@ -6,10 +6,12 @@
 use wcf\data\user\User;
 use wcf\system\application\ApplicationHandler;
 use wcf\system\cache\runtime\UserProfileRuntimeCache;
+use wcf\system\event\EventHandler;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\NamedUserException;
 use wcf\system\form\builder\TemplateFormNode;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\event\UserLoggedIn;
 use wcf\system\user\multifactor\IMultifactorMethod;
 use wcf\system\user\multifactor\Setup;
 use wcf\system\WCF;
@@ -144,6 +146,9 @@ public function save()
         WCF::getDB()->commitTransaction();
 
         WCF::getSession()->applyPendingUserChange($this->user);
+        EventHandler::getInstance()->fire(
+            new UserLoggedIn($this->user)
+        );
 
         $this->saved();
     }

From 72e2661facb36e658db82eb43f849cc6a8bd0b39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 1 Jul 2021 14:59:02 +0200
Subject: [PATCH 3/4] Cancel lost password requests when the user logs in

Resolves #3922
---
 com.woltlab.wcf/eventListener.xml             |  5 +++
 ...rLoginCancelLostPasswordListener.class.php | 37 +++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 wcfsetup/install/files/lib/system/event/listener/UserLoginCancelLostPasswordListener.class.php

diff --git a/com.woltlab.wcf/eventListener.xml b/com.woltlab.wcf/eventListener.xml
index 3fb2f656d55..20179f8bdef 100644
--- a/com.woltlab.wcf/eventListener.xml
+++ b/com.woltlab.wcf/eventListener.xml
@@ -39,5 +39,10 @@
 			<listenerclassname>wcf\system\event\listener\UserLinkHtmlInputNodeProcessorListener</listenerclassname>
 			<environment>all</environment>
 		</eventlistener>
+		<eventlistener name="userLoginCancelLostPassword">
+			<eventclassname>wcf\system\user\authentication\event\UserLoggedIn</eventclassname>
+			<listenerclassname>wcf\system\event\listener\UserLoginCancelLostPasswordListener</listenerclassname>
+			<environment>all</environment>
+		</eventlistener>
 	</import>
 </data>
diff --git a/wcfsetup/install/files/lib/system/event/listener/UserLoginCancelLostPasswordListener.class.php b/wcfsetup/install/files/lib/system/event/listener/UserLoginCancelLostPasswordListener.class.php
new file mode 100644
index 00000000000..2ce062d429b
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/event/listener/UserLoginCancelLostPasswordListener.class.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace wcf\system\event\listener;
+
+use wcf\data\user\UserAction;
+use wcf\system\user\authentication\event\UserLoggedIn;
+
+/**
+ * Cancels lost password requests if the user successfully logs in.
+ *
+ * @author  Tim Duesterhus
+ * @copyright   2001-2021 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package WoltLabSuite\Core\System\Event\Listener
+ * @since   5.5
+ */
+final class UserLoginCancelLostPasswordListener
+{
+    public function __invoke(UserLoggedIn $event)
+    {
+        $user = $event->getUser();
+        if (!$user->lostPasswordKey) {
+            return;
+        }
+
+        (new UserAction(
+            [$user],
+            'update',
+            [
+                'data' => [
+                    'lastLostPasswordRequestTime' => 0,
+                    'lostPasswordKey' => '',
+                ],
+            ]
+        ))->executeAction();
+    }
+}

From 3363ef97fcb3dae8ffaafac23bebfbb9db9ea731 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Fri, 2 Jul 2021 10:36:18 +0200
Subject: [PATCH 4/4] Add cancelLostPasswordRequest to UserAction

---
 .../files/lib/data/user/UserAction.class.php    | 17 +++++++++++++++++
 ...serLoginCancelLostPasswordListener.class.php | 11 +----------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/wcfsetup/install/files/lib/data/user/UserAction.class.php b/wcfsetup/install/files/lib/data/user/UserAction.class.php
index 2bb22707cdd..a43fced14d9 100644
--- a/wcfsetup/install/files/lib/data/user/UserAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserAction.class.php
@@ -1235,4 +1235,21 @@ public function devtoolsSetLanguage()
             'languageID' => $this->parameters['languageID'],
         ]);
     }
+
+    /**
+     * @since   5.5
+     */
+    public function cancelLostPasswordRequest(): void
+    {
+        if (empty($this->objects)) {
+            $this->readObjects();
+        }
+
+        foreach ($this->getObjects() as $userEditor) {
+            $userEditor->update([
+                'lastLostPasswordRequestTime' => 0,
+                'lostPasswordKey' => '',
+            ]);
+        }
+    }
 }
diff --git a/wcfsetup/install/files/lib/system/event/listener/UserLoginCancelLostPasswordListener.class.php b/wcfsetup/install/files/lib/system/event/listener/UserLoginCancelLostPasswordListener.class.php
index 2ce062d429b..606190fa45b 100644
--- a/wcfsetup/install/files/lib/system/event/listener/UserLoginCancelLostPasswordListener.class.php
+++ b/wcfsetup/install/files/lib/system/event/listener/UserLoginCancelLostPasswordListener.class.php
@@ -23,15 +23,6 @@ public function __invoke(UserLoggedIn $event)
             return;
         }
 
-        (new UserAction(
-            [$user],
-            'update',
-            [
-                'data' => [
-                    'lastLostPasswordRequestTime' => 0,
-                    'lostPasswordKey' => '',
-                ],
-            ]
-        ))->executeAction();
+        (new UserAction([$user], 'cancelLostPasswordRequest'))->executeAction();
     }
 }