Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 38 |
|
0.00% |
0 / 8 |
CRAP | |
0.00% |
0 / 1 |
| SpecialUnlinkAccounts | |
0.00% |
0 / 37 |
|
0.00% |
0 / 8 |
182 | |
0.00% |
0 / 1 |
| __construct | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
| getLoginSecurityLevel | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getDefaultAction | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getGroupName | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| isListed | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getRequestBlacklist | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| execute | |
0.00% |
0 / 27 |
|
0.00% |
0 / 1 |
42 | |||
| handleFormSubmit | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace MediaWiki\Specials; |
| 4 | |
| 5 | use MediaWiki\Auth\AuthenticationResponse; |
| 6 | use MediaWiki\Auth\AuthManager; |
| 7 | use MediaWiki\Exception\ErrorPageError; |
| 8 | use MediaWiki\MainConfigNames; |
| 9 | use MediaWiki\Session\SessionManager; |
| 10 | use MediaWiki\SpecialPage\AuthManagerSpecialPage; |
| 11 | use MediaWiki\Status\Status; |
| 12 | use StatusValue; |
| 13 | |
| 14 | /** |
| 15 | * @ingroup SpecialPage |
| 16 | * @ingroup Auth |
| 17 | */ |
| 18 | class SpecialUnlinkAccounts extends AuthManagerSpecialPage { |
| 19 | /** @inheritDoc */ |
| 20 | protected static $allowedActions = [ AuthManager::ACTION_UNLINK ]; |
| 21 | private SessionManager $sessionManager; |
| 22 | |
| 23 | public function __construct( AuthManager $authManager, SessionManager $sessionManager ) { |
| 24 | parent::__construct( 'UnlinkAccounts' ); |
| 25 | $this->setAuthManager( $authManager ); |
| 26 | $this->sessionManager = $sessionManager; |
| 27 | } |
| 28 | |
| 29 | /** @inheritDoc */ |
| 30 | protected function getLoginSecurityLevel() { |
| 31 | return 'UnlinkAccount'; |
| 32 | } |
| 33 | |
| 34 | /** @inheritDoc */ |
| 35 | protected function getDefaultAction( $subPage ) { |
| 36 | return AuthManager::ACTION_UNLINK; |
| 37 | } |
| 38 | |
| 39 | /** |
| 40 | * Under which header this special page is listed in Special:SpecialPages. |
| 41 | * @return string |
| 42 | */ |
| 43 | protected function getGroupName() { |
| 44 | return 'login'; |
| 45 | } |
| 46 | |
| 47 | /** @inheritDoc */ |
| 48 | public function isListed() { |
| 49 | return $this->getAuthManager()->canLinkAccounts(); |
| 50 | } |
| 51 | |
| 52 | /** @inheritDoc */ |
| 53 | protected function getRequestBlacklist() { |
| 54 | return $this->getConfig()->get( MainConfigNames::RemoveCredentialsBlacklist ); |
| 55 | } |
| 56 | |
| 57 | /** @inheritDoc */ |
| 58 | public function execute( $subPage ) { |
| 59 | $this->setHeaders(); |
| 60 | $this->loadAuth( $subPage ); |
| 61 | |
| 62 | if ( !$this->isActionAllowed( $this->authAction ) ) { |
| 63 | if ( $this->authAction === AuthManager::ACTION_UNLINK ) { |
| 64 | // Looks like there are no linked accounts to unlink |
| 65 | $titleMessage = $this->msg( 'cannotunlink-no-provider-title' ); |
| 66 | $errorMessage = $this->msg( 'cannotunlink-no-provider' ); |
| 67 | throw new ErrorPageError( $titleMessage, $errorMessage ); |
| 68 | } else { |
| 69 | // user probably back-button-navigated into an auth session that no longer exists |
| 70 | // FIXME would be nice to show a message |
| 71 | $this->getOutput()->redirect( $this->getPageTitle()->getFullURL( '', false, PROTO_HTTPS ) ); |
| 72 | return; |
| 73 | } |
| 74 | } |
| 75 | |
| 76 | $this->outputHeader(); |
| 77 | |
| 78 | $status = $this->trySubmit(); |
| 79 | |
| 80 | if ( $status === false || !$status->isOK() ) { |
| 81 | $this->displayForm( $status ); |
| 82 | return; |
| 83 | } |
| 84 | |
| 85 | /** @var AuthenticationResponse $response */ |
| 86 | $response = $status->getValue(); |
| 87 | |
| 88 | if ( $response->status === AuthenticationResponse::FAIL ) { |
| 89 | $this->displayForm( StatusValue::newFatal( $response->message ) ); |
| 90 | return; |
| 91 | } |
| 92 | |
| 93 | $status = StatusValue::newGood(); |
| 94 | $status->warning( $this->msg( 'unlinkaccounts-success' ) ); |
| 95 | $this->loadAuth( $subPage, null, true ); // update requests so the unlinked one doesn't show up |
| 96 | |
| 97 | // Reset sessions - if the user unlinked an account because it was compromised, |
| 98 | // log attackers out from sessions obtained via that account. |
| 99 | $session = $this->getRequest()->getSession(); |
| 100 | $user = $this->getUser(); |
| 101 | $this->sessionManager->invalidateSessionsForUser( $user ); |
| 102 | $session->setUser( $user ); |
| 103 | $session->resetId(); |
| 104 | |
| 105 | $this->displayForm( $status ); |
| 106 | } |
| 107 | |
| 108 | /** @inheritDoc */ |
| 109 | public function handleFormSubmit( $data ) { |
| 110 | // unlink requests do not accept user input so repeat parent code but skip call to |
| 111 | // AuthenticationRequest::loadRequestsFromSubmission |
| 112 | $response = $this->performAuthenticationStep( $this->authAction, $this->authRequests ); |
| 113 | return Status::newGood( $response ); |
| 114 | } |
| 115 | } |
| 116 | |
| 117 | /** |
| 118 | * Retain the old class name for backwards compatibility. |
| 119 | * @deprecated since 1.41 |
| 120 | */ |
| 121 | class_alias( SpecialUnlinkAccounts::class, 'SpecialUnlinkAccounts' ); |