Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
32.20% |
19 / 59 |
|
46.15% |
6 / 13 |
CRAP | |
0.00% |
0 / 1 |
SpecialCreateAccount | |
32.76% |
19 / 58 |
|
46.15% |
6 / 13 |
183.83 | |
0.00% |
0 / 1 |
__construct | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
1 | |||
doesWrites | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
checkPermissions | |
91.67% |
11 / 12 |
|
0.00% |
0 / 1 |
3.01 | |||
getLoginSecurityLevel | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getDefaultAction | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getDescription | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
isSignup | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
successfulAction | |
0.00% |
0 / 29 |
|
0.00% |
0 / 1 |
90 | |||
getToken | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
clearToken | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
getTokenName | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
1 | |||
getGroupName | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
logAuthResult | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | /** |
3 | * Implements Special:CreateAccount |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | * GNU General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License along |
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
18 | * http://www.gnu.org/copyleft/gpl.html |
19 | * |
20 | * @file |
21 | * @ingroup SpecialPage |
22 | */ |
23 | |
24 | namespace MediaWiki\Specials; |
25 | |
26 | use ErrorPageError; |
27 | use MediaWiki\Auth\AuthManager; |
28 | use MediaWiki\Language\FormatterFactory; |
29 | use MediaWiki\Logger\LoggerFactory; |
30 | use MediaWiki\SpecialPage\LoginSignupSpecialPage; |
31 | use MediaWiki\Title\Title; |
32 | use StatusValue; |
33 | |
34 | /** |
35 | * Implements Special:CreateAccount |
36 | * |
37 | * @ingroup SpecialPage |
38 | */ |
39 | class SpecialCreateAccount extends LoginSignupSpecialPage { |
40 | protected static $allowedActions = [ |
41 | AuthManager::ACTION_CREATE, |
42 | AuthManager::ACTION_CREATE_CONTINUE |
43 | ]; |
44 | |
45 | protected static $messages = [ |
46 | 'authform-newtoken' => 'nocookiesfornew', |
47 | 'authform-notoken' => 'sessionfailure', |
48 | 'authform-wrongtoken' => 'sessionfailure', |
49 | ]; |
50 | |
51 | private FormatterFactory $formatterFactory; |
52 | |
53 | /** |
54 | * @param AuthManager $authManager |
55 | * @param FormatterFactory $formatterFactory |
56 | */ |
57 | public function __construct( AuthManager $authManager, FormatterFactory $formatterFactory ) { |
58 | parent::__construct( 'CreateAccount', 'createaccount' ); |
59 | |
60 | $this->setAuthManager( $authManager ); |
61 | $this->formatterFactory = $formatterFactory; |
62 | } |
63 | |
64 | public function doesWrites() { |
65 | return true; |
66 | } |
67 | |
68 | public function checkPermissions() { |
69 | parent::checkPermissions(); |
70 | |
71 | $performer = $this->getAuthority(); |
72 | $authManager = $this->getAuthManager(); |
73 | |
74 | $status = $this->mPosted ? |
75 | $authManager->authorizeCreateAccount( $performer ) : |
76 | $authManager->probablyCanCreateAccount( $performer ); |
77 | |
78 | if ( !$status->isGood() ) { |
79 | $formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() ); |
80 | throw new ErrorPageError( |
81 | 'createacct-error', |
82 | $formatter->getMessage( $status ) |
83 | ); |
84 | } |
85 | } |
86 | |
87 | protected function getLoginSecurityLevel() { |
88 | return false; |
89 | } |
90 | |
91 | protected function getDefaultAction( $subPage ) { |
92 | return AuthManager::ACTION_CREATE; |
93 | } |
94 | |
95 | public function getDescription() { |
96 | return $this->msg( 'createaccount' ); |
97 | } |
98 | |
99 | protected function isSignup() { |
100 | return true; |
101 | } |
102 | |
103 | /** |
104 | * Run any hooks registered for logins, then display a message welcoming |
105 | * the user. |
106 | * @param bool $direct True if the action was successful just now; false if that happened |
107 | * pre-redirection (so this handler was called already) |
108 | * @param StatusValue|null $extraMessages |
109 | */ |
110 | protected function successfulAction( $direct = false, $extraMessages = null ) { |
111 | $session = $this->getRequest()->getSession(); |
112 | $user = $this->targetUser ?: $this->getUser(); |
113 | |
114 | $injected_html = ''; |
115 | if ( $direct ) { |
116 | # Only save preferences if the user is not creating an account for someone else. |
117 | if ( !$this->proxyAccountCreation ) { |
118 | $this->getHookRunner()->onAddNewAccount( $user, false ); |
119 | |
120 | // If the user does not have a session cookie at this point, they probably need to |
121 | // do something to their browser. |
122 | if ( !$this->hasSessionCookie() ) { |
123 | $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() ); |
124 | // TODO something more specific? This used to use nocookiesnew |
125 | // FIXME should redirect to login page instead? |
126 | return; |
127 | } |
128 | } else { |
129 | $byEmail = false; // FIXME no way to set this |
130 | |
131 | $this->getHookRunner()->onAddNewAccount( $user, $byEmail ); |
132 | |
133 | $out = $this->getOutput(); |
134 | // @phan-suppress-next-line PhanImpossibleCondition |
135 | $out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) ); |
136 | // @phan-suppress-next-line PhanImpossibleCondition |
137 | if ( $byEmail ) { |
138 | $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() ); |
139 | } else { |
140 | $out->addWikiMsg( 'accountcreatedtext', $user->getName() ); |
141 | } |
142 | |
143 | $rt = Title::newFromText( $this->mReturnTo ); |
144 | $out->addReturnTo( |
145 | ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(), |
146 | wfCgiToArray( $this->mReturnToQuery ) |
147 | ); |
148 | return; |
149 | } |
150 | $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct ); |
151 | } |
152 | |
153 | $this->clearToken(); |
154 | |
155 | # Run any hooks; display injected HTML |
156 | $welcome_creation_msg = 'welcomecreation-msg'; |
157 | /** |
158 | * Let any extensions change what message is shown. |
159 | * @see https://www.mediawiki.org/wiki/Manual:Hooks/BeforeWelcomeCreation |
160 | * @since 1.18 |
161 | */ |
162 | $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html ); |
163 | |
164 | $this->showSuccessPage( 'signup', |
165 | // T308471: ensure username is plaintext (aka escaped) |
166 | $this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ), |
167 | $welcome_creation_msg, $injected_html, $extraMessages ); |
168 | } |
169 | |
170 | protected function getToken() { |
171 | return $this->getRequest()->getSession()->getToken( '', 'createaccount' ); |
172 | } |
173 | |
174 | protected function clearToken() { |
175 | $this->getRequest()->getSession()->resetToken( 'createaccount' ); |
176 | } |
177 | |
178 | protected function getTokenName() { |
179 | return 'wpCreateaccountToken'; |
180 | } |
181 | |
182 | protected function getGroupName() { |
183 | return 'users'; |
184 | } |
185 | |
186 | protected function logAuthResult( $success, $status = null ) { |
187 | LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [ |
188 | 'event' => 'accountcreation', |
189 | 'successful' => $success, |
190 | 'status' => strval( $status ), |
191 | ] ); |
192 | } |
193 | } |
194 | |
195 | /** @deprecated class alias since 1.41 */ |
196 | class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' ); |