Code Coverage for /workspace/src/includes/specials/SpecialCreateAccount.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	32.20% covered (danger)	32.20%	19 / 59	46.15% covered (danger)	46.15%	6 / 13	CRAP	0.00% covered (danger)	0.00%	0 / 1
SpecialCreateAccount	32.76% covered (danger)	32.76%	19 / 58	46.15% covered (danger)	46.15%	6 / 13	183.83	0.00% covered (danger)	0.00%	0 / 1
__construct	100.00% covered (success)	100.00%	3 / 3	100.00% covered (success)	100.00%	1 / 1	1
doesWrites	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
checkPermissions	91.67% covered (success)	91.67%	11 / 12	0.00% covered (danger)	0.00%	0 / 1	3.01
getLoginSecurityLevel	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
getDefaultAction	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
getDescription	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
isSignup	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
successfulAction	0.00% covered (danger)	0.00%	0 / 29	0.00% covered (danger)	0.00%	0 / 1	90
getToken	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
clearToken	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
getTokenName	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
getGroupName	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
logAuthResult	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	2

1	<?php
2	/**
3	* Implements Special:CreateAccount
4	*
5	* This program is free software; you can redistribute it and/or modify
6	* it under the terms of the GNU General Public License as published by
7	* the Free Software Foundation; either version 2 of the License, or
8	* (at your option) any later version.
9	*
10	* This program is distributed in the hope that it will be useful,
11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	* GNU General Public License for more details.
14	*
15	* You should have received a copy of the GNU General Public License along
16	* with this program; if not, write to the Free Software Foundation, Inc.,
17	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18	* http://www.gnu.org/copyleft/gpl.html
19	*
20	* @file
21	* @ingroup SpecialPage
22	*/
23
24	namespace MediaWiki\Specials;
25
26	use ErrorPageError;
27	use MediaWiki\Auth\AuthManager;
28	use MediaWiki\Language\FormatterFactory;
29	use MediaWiki\Logger\LoggerFactory;
30	use MediaWiki\SpecialPage\LoginSignupSpecialPage;
31	use MediaWiki\Title\Title;
32	use StatusValue;
33
34	/**
35	* Implements Special:CreateAccount
36	*
37	* @ingroup SpecialPage
38	*/
39	class SpecialCreateAccount extends LoginSignupSpecialPage {
40	protected static $allowedActions = [
41	AuthManager::ACTION_CREATE,
42	AuthManager::ACTION_CREATE_CONTINUE
43	];
44
45	protected static $messages = [
46	'authform-newtoken' => 'nocookiesfornew',
47	'authform-notoken' => 'sessionfailure',
48	'authform-wrongtoken' => 'sessionfailure',
49	];
50
51	private FormatterFactory $formatterFactory;
52
53	/**
54	* @param AuthManager $authManager
55	* @param FormatterFactory $formatterFactory
56	*/
57	public function __construct( AuthManager $authManager, FormatterFactory $formatterFactory ) {
58	parent::__construct( 'CreateAccount', 'createaccount' );
59
60	$this->setAuthManager( $authManager );
61	$this->formatterFactory = $formatterFactory;
62	}
63
64	public function doesWrites() {
65	return true;
66	}
67
68	public function checkPermissions() {
69	parent::checkPermissions();
70
71	$performer = $this->getAuthority();
72	$authManager = $this->getAuthManager();
73
74	$status = $this->mPosted ?
75	$authManager->authorizeCreateAccount( $performer ) :
76	$authManager->probablyCanCreateAccount( $performer );
77
78	if ( !$status->isGood() ) {
79	$formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() );
80	throw new ErrorPageError(
81	'createacct-error',
82	$formatter->getMessage( $status )
83	);
84	}
85	}
86
87	protected function getLoginSecurityLevel() {
88	return false;
89	}
90
91	protected function getDefaultAction( $subPage ) {
92	return AuthManager::ACTION_CREATE;
93	}
94
95	public function getDescription() {
96	return $this->msg( 'createaccount' );
97	}
98
99	protected function isSignup() {
100	return true;
101	}
102
103	/**
104	* Run any hooks registered for logins, then display a message welcoming
105	* the user.
106	* @param bool $direct True if the action was successful just now; false if that happened
107	* pre-redirection (so this handler was called already)
108	* @param StatusValue\|null $extraMessages
109	*/
110	protected function successfulAction( $direct = false, $extraMessages = null ) {
111	$session = $this->getRequest()->getSession();
112	$user = $this->targetUser ?: $this->getUser();
113
114	$injected_html = '';
115	if ( $direct ) {
116	# Only save preferences if the user is not creating an account for someone else.
117	if ( !$this->proxyAccountCreation ) {
118	$this->getHookRunner()->onAddNewAccount( $user, false );
119
120	// If the user does not have a session cookie at this point, they probably need to
121	// do something to their browser.
122	if ( !$this->hasSessionCookie() ) {
123	$this->mainLoginForm( [ /?/ ], $session->getProvider()->whyNoSession() );
124	// TODO something more specific? This used to use nocookiesnew
125	// FIXME should redirect to login page instead?
126	return;
127	}
128	} else {
129	$byEmail = false; // FIXME no way to set this
130
131	$this->getHookRunner()->onAddNewAccount( $user, $byEmail );
132
133	$out = $this->getOutput();
134	// @phan-suppress-next-line PhanImpossibleCondition
135	$out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
136	// @phan-suppress-next-line PhanImpossibleCondition
137	if ( $byEmail ) {
138	$out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
139	} else {
140	$out->addWikiMsg( 'accountcreatedtext', $user->getName() );
141	}
142
143	$rt = Title::newFromText( $this->mReturnTo );
144	$out->addReturnTo(
145	( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
146	wfCgiToArray( $this->mReturnToQuery )
147	);
148	return;
149	}
150	$this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
151	}
152
153	$this->clearToken();
154
155	# Run any hooks; display injected HTML
156	$welcome_creation_msg = 'welcomecreation-msg';
157	/**
158	* Let any extensions change what message is shown.
159	* @see https://www.mediawiki.org/wiki/Manual:Hooks/BeforeWelcomeCreation
160	* @since 1.18
161	*/
162	$this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
163
164	$this->showSuccessPage( 'signup',
165	// T308471: ensure username is plaintext (aka escaped)
166	$this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ),
167	$welcome_creation_msg, $injected_html, $extraMessages );
168	}
169
170	protected function getToken() {
171	return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
172	}
173
174	protected function clearToken() {
175	$this->getRequest()->getSession()->resetToken( 'createaccount' );
176	}
177
178	protected function getTokenName() {
179	return 'wpCreateaccountToken';
180	}
181
182	protected function getGroupName() {
183	return 'users';
184	}
185
186	protected function logAuthResult( $success, $status = null ) {
187	LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
188	'event' => 'accountcreation',
189	'successful' => $success,
190	'status' => strval( $status ),
191	] );
192	}
193	}
194
195	/** @deprecated class alias since 1.41 */
196	class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );