Code Coverage for /workspace/src/includes/specials/SpecialCreateAccount.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	32.79% covered (danger)	32.79%	20 / 61	46.15% covered (danger)	46.15%	6 / 13	CRAP	0.00% covered (danger)	0.00%	0 / 1
SpecialCreateAccount	33.33% covered (danger)	33.33%	20 / 60	46.15% covered (danger)	46.15%	6 / 13	179.74	0.00% covered (danger)	0.00%	0 / 1
__construct	100.00% covered (success)	100.00%	4 / 4	100.00% covered (success)	100.00%	1 / 1	1
doesWrites	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
checkPermissions	91.67% covered (success)	91.67%	11 / 12	0.00% covered (danger)	0.00%	0 / 1	3.01
getLoginSecurityLevel	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
getDefaultAction	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
getDescription	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
isSignup	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
successfulAction	0.00% covered (danger)	0.00%	0 / 29	0.00% covered (danger)	0.00%	0 / 1	90
getToken	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
clearToken	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
getTokenName	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
getGroupName	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
logAuthResult	0.00% covered (danger)	0.00%	0 / 6	0.00% covered (danger)	0.00%	0 / 1	2

1	<?php
2	/**
3	* This program is free software; you can redistribute it and/or modify
4	* it under the terms of the GNU General Public License as published by
5	* the Free Software Foundation; either version 2 of the License, or
6	* (at your option) any later version.
7	*
8	* This program is distributed in the hope that it will be useful,
9	* but WITHOUT ANY WARRANTY; without even the implied warranty of
10	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11	* GNU General Public License for more details.
12	*
13	* You should have received a copy of the GNU General Public License along
14	* with this program; if not, write to the Free Software Foundation, Inc.,
15	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16	* http://www.gnu.org/copyleft/gpl.html
17	*
18	* @file
19	*/
20
21	namespace MediaWiki\Specials;
22
23	use MediaWiki\Auth\AuthManager;
24	use MediaWiki\Exception\ErrorPageError;
25	use MediaWiki\Language\FormatterFactory;
26	use MediaWiki\Logger\LoggerFactory;
27	use MediaWiki\SpecialPage\LoginSignupSpecialPage;
28	use MediaWiki\Title\Title;
29	use MediaWiki\User\UserIdentity;
30	use MediaWiki\User\UserIdentityUtils;
31	use StatusValue;
32
33	/**
34	* Implements Special:CreateAccount
35	*
36	* @ingroup SpecialPage
37	* @ingroup Auth
38	*/
39	class SpecialCreateAccount extends LoginSignupSpecialPage {
40	/** @inheritDoc */
41	protected static $allowedActions = [
42	AuthManager::ACTION_CREATE,
43	AuthManager::ACTION_CREATE_CONTINUE
44	];
45
46	/** @inheritDoc */
47	protected static $messages = [
48	'authform-newtoken' => 'nocookiesfornew',
49	'authform-notoken' => 'sessionfailure',
50	'authform-wrongtoken' => 'sessionfailure',
51	];
52
53	private FormatterFactory $formatterFactory;
54
55	private UserIdentityUtils $identityUtils;
56
57	public function __construct(
58	AuthManager $authManager,
59	FormatterFactory $formatterFactory,
60	UserIdentityUtils $identityUtils
61	) {
62	parent::__construct( 'CreateAccount', 'createaccount' );
63
64	$this->setAuthManager( $authManager );
65	$this->formatterFactory = $formatterFactory;
66	$this->identityUtils = $identityUtils;
67	}
68
69	public function doesWrites() {
70	return true;
71	}
72
73	public function checkPermissions() {
74	parent::checkPermissions();
75
76	$performer = $this->getAuthority();
77	$authManager = $this->getAuthManager();
78
79	$status = $this->mPosted ?
80	$authManager->authorizeCreateAccount( $performer ) :
81	$authManager->probablyCanCreateAccount( $performer );
82
83	if ( !$status->isGood() ) {
84	$formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() );
85	throw new ErrorPageError(
86	'createacct-error',
87	$formatter->getMessage( $status )
88	);
89	}
90	}
91
92	protected function getLoginSecurityLevel() {
93	return false;
94	}
95
96	protected function getDefaultAction( $subPage ) {
97	return AuthManager::ACTION_CREATE;
98	}
99
100	public function getDescription() {
101	return $this->msg( 'createaccount' );
102	}
103
104	protected function isSignup() {
105	return true;
106	}
107
108	/**
109	* Run any hooks registered for logins, then display a message welcoming
110	* the user.
111	* @param bool $direct True if the action was successful just now; false if that happened
112	* pre-redirection (so this handler was called already)
113	* @param StatusValue\|null $extraMessages
114	*/
115	protected function successfulAction( $direct = false, $extraMessages = null ) {
116	$session = $this->getRequest()->getSession();
117	$user = $this->targetUser ?: $this->getUser();
118
119	$injected_html = '';
120	if ( $direct ) {
121	# Only save preferences if the user is not creating an account for someone else.
122	if ( !$this->proxyAccountCreation ) {
123	$this->getHookRunner()->onAddNewAccount( $user, false );
124
125	// If the user does not have a session cookie at this point, they probably need to
126	// do something to their browser.
127	if ( !$this->hasSessionCookie() ) {
128	$this->mainLoginForm( [ /?/ ], $session->getProvider()->whyNoSession() );
129	// TODO something more specific? This used to use nocookiesnew
130	// FIXME should redirect to login page instead?
131	return;
132	}
133	} else {
134	$byEmail = false; // FIXME no way to set this
135
136	$this->getHookRunner()->onAddNewAccount( $user, $byEmail );
137
138	$out = $this->getOutput();
139	// @phan-suppress-next-line PhanImpossibleCondition
140	$out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
141	// @phan-suppress-next-line PhanImpossibleCondition
142	if ( $byEmail ) {
143	$out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
144	} else {
145	$out->addWikiMsg( 'accountcreatedtext', $user->getName() );
146	}
147
148	$rt = Title::newFromText( $this->mReturnTo );
149	$out->addReturnTo(
150	( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
151	wfCgiToArray( $this->mReturnToQuery )
152	);
153	return;
154	}
155	$this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
156	}
157
158	$this->clearToken();
159
160	# Run any hooks; display injected HTML
161	$welcome_creation_msg = 'welcomecreation-msg';
162	/**
163	* Let any extensions change what message is shown.
164	* @see https://www.mediawiki.org/wiki/Manual:Hooks/BeforeWelcomeCreation
165	* @since 1.18
166	*/
167	$this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
168
169	$this->showSuccessPage( 'signup',
170	// T308471: ensure username is plaintext (aka escaped)
171	$this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ),
172	$welcome_creation_msg, $injected_html, $extraMessages );
173	}
174
175	protected function getToken() {
176	return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
177	}
178
179	protected function clearToken() {
180	$this->getRequest()->getSession()->resetToken( 'createaccount' );
181	}
182
183	protected function getTokenName() {
184	return 'wpCreateaccountToken';
185	}
186
187	protected function getGroupName() {
188	return 'users';
189	}
190
191	protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
192	LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
193	'event' => 'accountcreation',
194	'successful' => $success,
195	'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
196	'status' => strval( $status ),
197	] );
198	}
199	}
200
201	/** @deprecated class alias since 1.41 */
202	class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );