Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
32.79% covered (danger)
32.79%
20 / 61
46.15% covered (danger)
46.15%
6 / 13
 CRAP
0.00% covered (danger)
0.00%
0 / 1
SpecialCreateAccount
33.33% covered (danger)
33.33%
20 / 60
46.15% covered (danger)
46.15%
6 / 13
 179.74
0.00% covered (danger)
0.00%
0 / 1
 __construct
100.00% covered (success)
100.00%
4 / 4
100.00% covered (success)
100.00%
1 / 1
 1
 doesWrites
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
 checkPermissions
91.67% covered (success)
91.67%
11 / 12
0.00% covered (danger)
0.00%
0 / 1
 3.01
 getLoginSecurityLevel
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
 getDefaultAction
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
 1
 getDescription
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
 1
 isSignup
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
 1
 successfulAction
0.00% covered (danger)
0.00%
0 / 29
0.00% covered (danger)
0.00%
0 / 1
 90
 getToken
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
 1
 clearToken
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
 getTokenName
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
 1
 getGroupName
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
 logAuthResult
0.00% covered (danger)
0.00%
0 / 6
0.00% covered (danger)
0.00%
0 / 1
 2
1<?php
2/**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 */
20
21namespace MediaWiki\Specials;
22
23use ErrorPageError;
24use MediaWiki\Auth\AuthManager;
25use MediaWiki\Language\FormatterFactory;
26use MediaWiki\Logger\LoggerFactory;
27use MediaWiki\SpecialPage\LoginSignupSpecialPage;
28use MediaWiki\Title\Title;
29use MediaWiki\User\UserIdentity;
30use MediaWiki\User\UserIdentityUtils;
31use StatusValue;
32
33/**
34 * Implements Special:CreateAccount
35 *
36 * @ingroup SpecialPage
37 * @ingroup Auth
38 */
39class SpecialCreateAccount extends LoginSignupSpecialPage {
40    /** @inheritDoc */
41    protected static $allowedActions = [
42        AuthManager::ACTION_CREATE,
43        AuthManager::ACTION_CREATE_CONTINUE
44    ];
45
46    /** @inheritDoc */
47    protected static $messages = [
48        'authform-newtoken' => 'nocookiesfornew',
49        'authform-notoken' => 'sessionfailure',
50        'authform-wrongtoken' => 'sessionfailure',
51    ];
52
53    private FormatterFactory $formatterFactory;
54
55    private UserIdentityUtils $identityUtils;
56
57    /**
58     * @param AuthManager $authManager
59     * @param FormatterFactory $formatterFactory
60     * @param UserIdentityUtils $identityUtils
61     */
62    public function __construct(
63        AuthManager $authManager,
64        FormatterFactory $formatterFactory,
65        UserIdentityUtils $identityUtils
66    ) {
67        parent::__construct( 'CreateAccount', 'createaccount' );
68
69        $this->setAuthManager( $authManager );
70        $this->formatterFactory = $formatterFactory;
71        $this->identityUtils = $identityUtils;
72    }
73
74    public function doesWrites() {
75        return true;
76    }
77
78    public function checkPermissions() {
79        parent::checkPermissions();
80
81        $performer = $this->getAuthority();
82        $authManager = $this->getAuthManager();
83
84        $status = $this->mPosted ?
85            $authManager->authorizeCreateAccount( $performer ) :
86            $authManager->probablyCanCreateAccount( $performer );
87
88        if ( !$status->isGood() ) {
89            $formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() );
90            throw new ErrorPageError(
91                'createacct-error',
92                $formatter->getMessage( $status )
93            );
94        }
95    }
96
97    protected function getLoginSecurityLevel() {
98        return false;
99    }
100
101    protected function getDefaultAction( $subPage ) {
102        return AuthManager::ACTION_CREATE;
103    }
104
105    public function getDescription() {
106        return $this->msg( 'createaccount' );
107    }
108
109    protected function isSignup() {
110        return true;
111    }
112
113    /**
114     * Run any hooks registered for logins, then display a message welcoming
115     * the user.
116     * @param bool $direct True if the action was successful just now; false if that happened
117     *    pre-redirection (so this handler was called already)
118     * @param StatusValue|null $extraMessages
119     */
120    protected function successfulAction( $direct = false, $extraMessages = null ) {
121        $session = $this->getRequest()->getSession();
122        $user = $this->targetUser ?: $this->getUser();
123
124        $injected_html = '';
125        if ( $direct ) {
126            # Only save preferences if the user is not creating an account for someone else.
127            if ( !$this->proxyAccountCreation ) {
128                $this->getHookRunner()->onAddNewAccount( $user, false );
129
130                // If the user does not have a session cookie at this point, they probably need to
131                // do something to their browser.
132                if ( !$this->hasSessionCookie() ) {
133                    $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
134                    // TODO something more specific? This used to use nocookiesnew
135                    // FIXME should redirect to login page instead?
136                    return;
137                }
138            } else {
139                $byEmail = false; // FIXME no way to set this
140
141                $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
142
143                $out = $this->getOutput();
144                // @phan-suppress-next-line PhanImpossibleCondition
145                $out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
146                // @phan-suppress-next-line PhanImpossibleCondition
147                if ( $byEmail ) {
148                    $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
149                } else {
150                    $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
151                }
152
153                $rt = Title::newFromText( $this->mReturnTo );
154                $out->addReturnTo(
155                    ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
156                    wfCgiToArray( $this->mReturnToQuery )
157                );
158                return;
159            }
160            $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
161        }
162
163        $this->clearToken();
164
165        # Run any hooks; display injected HTML
166        $welcome_creation_msg = 'welcomecreation-msg';
167        /**
168         * Let any extensions change what message is shown.
169         * @see https://www.mediawiki.org/wiki/Manual:Hooks/BeforeWelcomeCreation
170         * @since 1.18
171         */
172        $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
173
174        $this->showSuccessPage( 'signup',
175            // T308471: ensure username is plaintext (aka escaped)
176            $this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ),
177            $welcome_creation_msg, $injected_html, $extraMessages );
178    }
179
180    protected function getToken() {
181        return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
182    }
183
184    protected function clearToken() {
185        $this->getRequest()->getSession()->resetToken( 'createaccount' );
186    }
187
188    protected function getTokenName() {
189        return 'wpCreateaccountToken';
190    }
191
192    protected function getGroupName() {
193        return 'users';
194    }
195
196    protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
197        LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
198            'event' => 'accountcreation',
199            'successful' => $success,
200            'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
201            'status' => strval( $status ),
202        ] );
203    }
204}
205
206/** @deprecated class alias since 1.41 */
207class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );