Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 56 |
|
0.00% |
0 / 12 |
CRAP | |
0.00% |
0 / 1 |
DisableOATHForUser | |
0.00% |
0 / 56 |
|
0.00% |
0 / 12 |
272 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
getGroupName | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
doesWrites | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getLoginSecurityLevel | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
alterForm | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
2 | |||
getDisplayFormat | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
requiresUnblock | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
checkExecutePermissions | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
execute | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
getFormFields | |
0.00% |
0 / 16 |
|
0.00% |
0 / 1 |
2 | |||
onSubmit | |
0.00% |
0 / 22 |
|
0.00% |
0 / 1 |
30 | |||
onSuccess | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | |
3 | namespace MediaWiki\Extension\OATHAuth\Special; |
4 | |
5 | use HTMLForm; |
6 | use ManualLogEntry; |
7 | use MediaWiki\Config\ConfigException; |
8 | use MediaWiki\Extension\OATHAuth\OATHUserRepository; |
9 | use MediaWiki\Logger\LoggerFactory; |
10 | use MediaWiki\SpecialPage\FormSpecialPage; |
11 | use MediaWiki\User\User; |
12 | use MediaWiki\User\UserFactory; |
13 | use Message; |
14 | use MWException; |
15 | use UserBlockedError; |
16 | use UserNotLoggedIn; |
17 | |
18 | class DisableOATHForUser extends FormSpecialPage { |
19 | |
20 | private OATHUserRepository $userRepo; |
21 | |
22 | private UserFactory $userFactory; |
23 | |
24 | /** |
25 | * @param OATHUserRepository $userRepo |
26 | * @param UserFactory $userFactory |
27 | */ |
28 | public function __construct( $userRepo, $userFactory ) { |
29 | // messages used: disableoathforuser (display "name" on Special:SpecialPages), |
30 | // right-oathauth-disable-for-user, action-oathauth-disable-for-user |
31 | parent::__construct( 'DisableOATHForUser', 'oathauth-disable-for-user' ); |
32 | |
33 | $this->userRepo = $userRepo; |
34 | $this->userFactory = $userFactory; |
35 | } |
36 | |
37 | /** |
38 | * @inheritDoc |
39 | */ |
40 | protected function getGroupName() { |
41 | return 'users'; |
42 | } |
43 | |
44 | public function doesWrites() { |
45 | return true; |
46 | } |
47 | |
48 | /** |
49 | * @return string |
50 | */ |
51 | protected function getLoginSecurityLevel() { |
52 | return $this->getName(); |
53 | } |
54 | |
55 | /** |
56 | * Set the page title and add JavaScript RL modules |
57 | * |
58 | * @param HTMLForm $form |
59 | */ |
60 | public function alterForm( HTMLForm $form ) { |
61 | $form->setMessagePrefix( 'oathauth' ); |
62 | $form->setWrapperLegendMsg( 'oathauth-disable-for-user' ); |
63 | $form->setPreHtml( $this->msg( 'oathauth-disable-intro' )->parse() ); |
64 | $form->getOutput()->setPageTitleMsg( $this->msg( 'oathauth-disable-for-user' ) ); |
65 | } |
66 | |
67 | /** |
68 | * @return string |
69 | */ |
70 | protected function getDisplayFormat() { |
71 | return 'ooui'; |
72 | } |
73 | |
74 | /** |
75 | * @return bool |
76 | */ |
77 | public function requiresUnblock() { |
78 | return false; |
79 | } |
80 | |
81 | /** |
82 | * @param User $user |
83 | * @throws UserBlockedError |
84 | * @throws UserNotLoggedIn |
85 | */ |
86 | protected function checkExecutePermissions( User $user ) { |
87 | parent::checkExecutePermissions( $user ); |
88 | |
89 | $this->requireLogin(); |
90 | } |
91 | |
92 | /** |
93 | * @param string $par |
94 | */ |
95 | public function execute( $par ) { |
96 | $this->getOutput()->disallowUserJs(); |
97 | parent::execute( $par ); |
98 | } |
99 | |
100 | /** |
101 | * @return array[] |
102 | */ |
103 | protected function getFormFields() { |
104 | return [ |
105 | 'user' => [ |
106 | 'type' => 'user', |
107 | 'default' => '', |
108 | 'label-message' => 'oathauth-enteruser', |
109 | 'name' => 'user', |
110 | 'required' => true, |
111 | ], |
112 | 'reason' => [ |
113 | 'type' => 'text', |
114 | 'default' => '', |
115 | 'label-message' => 'oathauth-enterdisablereason', |
116 | 'name' => 'reason', |
117 | 'required' => true, |
118 | ], |
119 | ]; |
120 | } |
121 | |
122 | /** |
123 | * @param array $formData |
124 | * @return array|bool |
125 | * @throws ConfigException |
126 | * @throws MWException |
127 | */ |
128 | public function onSubmit( array $formData ) { |
129 | $user = $this->userFactory->newFromName( $formData['user'] ); |
130 | if ( !$user || ( $user->getId() === 0 ) ) { |
131 | return [ 'oathauth-user-not-found' ]; |
132 | } |
133 | |
134 | $oathUser = $this->userRepo->findByUser( $user ); |
135 | |
136 | if ( !$oathUser->isTwoFactorAuthEnabled() ) { |
137 | return [ 'oathauth-user-not-does-not-have-oath-enabled' ]; |
138 | } |
139 | |
140 | if ( $this->getUser()->pingLimiter( 'disableoath', 0 ) ) { |
141 | // Arbitrary duration given here |
142 | return [ 'oathauth-throttled', Message::durationParam( 60 ) ]; |
143 | } |
144 | |
145 | $this->userRepo->removeAll( $oathUser, $this->getRequest()->getIP(), false ); |
146 | |
147 | // messages used: logentry-oath-disable-other, log-action-oath-disable-other |
148 | $logEntry = new ManualLogEntry( 'oath', 'disable-other' ); |
149 | $logEntry->setPerformer( $this->getUser() ); |
150 | $logEntry->setTarget( $user->getUserPage() ); |
151 | $logEntry->setComment( $formData['reason'] ); |
152 | $logEntry->insert(); |
153 | |
154 | LoggerFactory::getInstance( 'authentication' )->info( |
155 | 'OATHAuth disabled for {usertarget} by {user} from {clientip}', [ |
156 | 'user' => $this->getUser()->getName(), |
157 | 'usertarget' => $formData['user'], |
158 | 'clientip' => $this->getRequest()->getIP(), |
159 | ] |
160 | ); |
161 | |
162 | return true; |
163 | } |
164 | |
165 | public function onSuccess() { |
166 | $this->getOutput()->addWikiMsg( 'oathauth-disabledoath' ); |
167 | $this->getOutput()->returnToMain(); |
168 | } |
169 | |
170 | } |