Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 66 |
|
0.00% |
0 / 12 |
CRAP | |
0.00% |
0 / 1 |
SpecialPasswordReset | |
0.00% |
0 / 65 |
|
0.00% |
0 / 12 |
930 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
2 | |||
doesWrites | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
userCanExecute | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
checkExecutePermissions | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
6 | |||
execute | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
2 | |||
getFormFields | |
0.00% |
0 / 16 |
|
0.00% |
0 / 1 |
42 | |||
getDisplayFormat | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
alterForm | |
0.00% |
0 / 11 |
|
0.00% |
0 / 1 |
42 | |||
onSubmit | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
12 | |||
onSuccess | |
0.00% |
0 / 14 |
|
0.00% |
0 / 1 |
30 | |||
isListed | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
6 | |||
getGroupName | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | /** |
3 | * Implements Special:PasswordReset |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | * GNU General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License along |
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
18 | * http://www.gnu.org/copyleft/gpl.html |
19 | * |
20 | * @file |
21 | * @ingroup SpecialPage |
22 | */ |
23 | |
24 | namespace MediaWiki\Specials; |
25 | |
26 | use ErrorPageError; |
27 | use MediaWiki\HTMLForm\HTMLForm; |
28 | use MediaWiki\MainConfigNames; |
29 | use MediaWiki\SpecialPage\FormSpecialPage; |
30 | use MediaWiki\Status\Status; |
31 | use MediaWiki\User\PasswordReset; |
32 | use MediaWiki\User\User; |
33 | use ThrottledError; |
34 | |
35 | /** |
36 | * Special page for requesting a password reset email. |
37 | * |
38 | * Requires the TemporaryPasswordPrimaryAuthenticationProvider and the |
39 | * EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent |
40 | * functionality) to be enabled. |
41 | * |
42 | * @ingroup SpecialPage |
43 | */ |
44 | class SpecialPasswordReset extends FormSpecialPage { |
45 | /** @var PasswordReset */ |
46 | private $passwordReset; |
47 | |
48 | /** |
49 | * @var Status |
50 | */ |
51 | private $result; |
52 | |
53 | /** |
54 | * @var string Identifies which password reset field was specified by the user. |
55 | */ |
56 | private $method; |
57 | |
58 | /** |
59 | * @param PasswordReset $passwordReset |
60 | */ |
61 | public function __construct( PasswordReset $passwordReset ) { |
62 | parent::__construct( 'PasswordReset', 'editmyprivateinfo' ); |
63 | |
64 | $this->passwordReset = $passwordReset; |
65 | } |
66 | |
67 | public function doesWrites() { |
68 | return true; |
69 | } |
70 | |
71 | public function userCanExecute( User $user ) { |
72 | return $this->passwordReset->isAllowed( $user )->isGood(); |
73 | } |
74 | |
75 | public function checkExecutePermissions( User $user ) { |
76 | $status = Status::wrap( $this->passwordReset->isAllowed( $user ) ); |
77 | if ( !$status->isGood() ) { |
78 | throw new ErrorPageError( 'internalerror', $status->getMessage() ); |
79 | } |
80 | |
81 | parent::checkExecutePermissions( $user ); |
82 | } |
83 | |
84 | /** |
85 | * @param string|null $par |
86 | */ |
87 | public function execute( $par ) { |
88 | $out = $this->getOutput(); |
89 | $out->disallowUserJs(); |
90 | parent::execute( $par ); |
91 | } |
92 | |
93 | protected function getFormFields() { |
94 | $resetRoutes = $this->getConfig()->get( MainConfigNames::PasswordResetRoutes ); |
95 | $a = []; |
96 | if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) { |
97 | $a['Username'] = [ |
98 | 'type' => 'text', |
99 | 'default' => $this->getRequest()->getSession()->suggestLoginUsername(), |
100 | 'label-message' => 'passwordreset-username', |
101 | ]; |
102 | |
103 | if ( $this->getUser()->isRegistered() ) { |
104 | $a['Username']['default'] = $this->getUser()->getName(); |
105 | } |
106 | } |
107 | |
108 | if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) { |
109 | $a['Email'] = [ |
110 | 'type' => 'email', |
111 | 'label-message' => 'passwordreset-email', |
112 | ]; |
113 | } |
114 | |
115 | return $a; |
116 | } |
117 | |
118 | protected function getDisplayFormat() { |
119 | return 'ooui'; |
120 | } |
121 | |
122 | public function alterForm( HTMLForm $form ) { |
123 | $resetRoutes = $this->getConfig()->get( MainConfigNames::PasswordResetRoutes ); |
124 | |
125 | $form->setSubmitDestructive(); |
126 | |
127 | $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) ); |
128 | |
129 | $i = 0; |
130 | if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) { |
131 | $i++; |
132 | } |
133 | if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) { |
134 | $i++; |
135 | } |
136 | |
137 | $message = ( $i > 1 ) ? 'passwordreset-text-many' : 'passwordreset-text-one'; |
138 | |
139 | $form->setHeaderHtml( $this->msg( $message, $i )->parseAsBlock() ); |
140 | $form->setSubmitTextMsg( 'mailmypassword' ); |
141 | } |
142 | |
143 | /** |
144 | * Process the form. At this point we know that the user passes all the criteria in |
145 | * userCanExecute(), and if the data array contains 'Username', etc, then Username |
146 | * resets are allowed. |
147 | * @param array $data |
148 | * @return Status |
149 | */ |
150 | public function onSubmit( array $data ) { |
151 | $username = $data['Username'] ?? null; |
152 | $email = $data['Email'] ?? null; |
153 | |
154 | $this->method = $username ? 'username' : 'email'; |
155 | $this->result = Status::wrap( |
156 | $this->passwordReset->execute( $this->getUser(), $username, $email ) ); |
157 | |
158 | if ( $this->result->hasMessage( 'actionthrottledtext' ) ) { |
159 | throw new ThrottledError; |
160 | } |
161 | |
162 | return $this->result; |
163 | } |
164 | |
165 | /** |
166 | * Show a message on the successful processing of the form. |
167 | * This doesn't necessarily mean a reset email was sent. |
168 | */ |
169 | public function onSuccess() { |
170 | $output = $this->getOutput(); |
171 | |
172 | // Information messages. |
173 | $output->addWikiMsg( 'passwordreset-success' ); |
174 | $output->addWikiMsg( 'passwordreset-success-details-generic', |
175 | $this->getConfig()->get( MainConfigNames::PasswordReminderResendTime ) ); |
176 | |
177 | // Confirmation of what the user has just submitted. |
178 | $info = "\n"; |
179 | $postVals = $this->getRequest()->getPostValues(); |
180 | if ( isset( $postVals['wpUsername'] ) && $postVals['wpUsername'] !== '' ) { |
181 | $info .= "* " . $this->msg( 'passwordreset-username' ) . ' ' |
182 | . wfEscapeWikiText( $postVals['wpUsername'] ) . "\n"; |
183 | } |
184 | if ( isset( $postVals['wpEmail'] ) && $postVals['wpEmail'] !== '' ) { |
185 | $info .= "* " . $this->msg( 'passwordreset-email' ) . ' ' |
186 | . wfEscapeWikiText( $postVals['wpEmail'] ) . "\n"; |
187 | } |
188 | $output->addWikiMsg( 'passwordreset-success-info', $info ); |
189 | |
190 | // Link to main page. |
191 | $output->returnToMain(); |
192 | } |
193 | |
194 | /** |
195 | * Hide the password reset page if resets are disabled. |
196 | * @return bool |
197 | */ |
198 | public function isListed() { |
199 | if ( !$this->passwordReset->isEnabled()->isGood() ) { |
200 | return false; |
201 | } |
202 | |
203 | return parent::isListed(); |
204 | } |
205 | |
206 | protected function getGroupName() { |
207 | return 'login'; |
208 | } |
209 | } |
210 | |
211 | /** |
212 | * Retain the old class name for backwards compatibility. |
213 | * @deprecated since 1.41 |
214 | */ |
215 | class_alias( SpecialPasswordReset::class, 'SpecialPasswordReset' ); |