MediaWiki  1.28.0
AuthManagerSpecialPage.php
Go to the documentation of this file.
1 <?php
2 
3 use MediaWiki\Auth\AuthenticationRequest;
4 use MediaWiki\Auth\AuthenticationResponse;
5 use MediaWiki\Auth\AuthManager;
6 use MediaWiki\Logger\LoggerFactory;
7 use MediaWiki\Session\Token;
8 
14 abstract class AuthManagerSpecialPage extends SpecialPage {
17  protected static $allowedActions = [
18  AuthManager::ACTION_LOGIN, AuthManager::ACTION_LOGIN_CONTINUE,
19  AuthManager::ACTION_CREATE, AuthManager::ACTION_CREATE_CONTINUE,
20  AuthManager::ACTION_LINK, AuthManager::ACTION_LINK_CONTINUE,
21  AuthManager::ACTION_CHANGE, AuthManager::ACTION_REMOVE, AuthManager::ACTION_UNLINK,
22  ];
23 
25  protected static $messages = [];
26 
28  protected $authAction;
29 
31  protected $authRequests;
32 
34  protected $subPage;
35 
37  protected $isReturn;
38 
40  protected $savedRequest;
41 
53  public function onAuthChangeFormFields(
54  array $requests, array $fieldInfo, array &$formDescriptor, $action
55  ) {
56  return true;
57  }
58 
59  protected function getLoginSecurityLevel() {
60  return $this->getName();
61  }
62 
63  public function getRequest() {
64  return $this->savedRequest ?: $this->getContext()->getRequest();
65  }
66 
75  protected function setRequest( array $data, $wasPosted = null ) {
76  $request = $this->getContext()->getRequest();
77  if ( $wasPosted === null ) {
78  $wasPosted = $request->wasPosted();
79  }
80  $this->savedRequest = new DerivativeRequest( $request, $data + $request->getQueryValues(),
81  $wasPosted );
82  }
83 
84  protected function beforeExecute( $subPage ) {
85  $this->getOutput()->disallowUserJs();
86 
87  return $this->handleReturnBeforeExecute( $subPage )
88  && $this->handleReauthBeforeExecute( $subPage );
89  }
90 
107  protected function handleReturnBeforeExecute( $subPage ) {
108  $authManager = AuthManager::singleton();
109  $key = 'AuthManagerSpecialPage:return:' . $this->getName();
110 
111  if ( $subPage === 'return' ) {
112  $this->loadAuth( $subPage );
113  $preservedParams = $this->getPreservedParams( false );
114 
115  // FIXME save POST values only from request
116  $authData = array_diff_key( $this->getRequest()->getValues(),
117  $preservedParams, [ 'title' => 1 ] );
118  $authManager->setAuthenticationSessionData( $key, $authData );
119 
120  $url = $this->getPageTitle()->getFullURL( $preservedParams, false, PROTO_HTTPS );
121  $this->getOutput()->redirect( $url );
122  return false;
123  }
124 
125  $authData = $authManager->getAuthenticationSessionData( $key );
126  if ( $authData ) {
127  $authManager->removeAuthenticationSessionData( $key );
128  $this->isReturn = true;
129  $this->setRequest( $authData, true );
130  }
131 
132  return true;
133  }
134 
145  protected function handleReauthBeforeExecute( $subPage ) {
146  $authManager = AuthManager::singleton();
147  $request = $this->getRequest();
148  $key = 'AuthManagerSpecialPage:reauth:' . $this->getName();
149 
150  $securityLevel = $this->getLoginSecurityLevel();
151  if ( $securityLevel ) {
152  $securityStatus = AuthManager::singleton()
153  ->securitySensitiveOperationStatus( $securityLevel );
154  if ( $securityStatus === AuthManager::SEC_REAUTH ) {
155  $queryParams = array_diff_key( $request->getQueryValues(), [ 'title' => true ] );
156 
157  if ( $request->wasPosted() ) {
158  // unique ID in case the same special page is open in multiple browser tabs
159  $uniqueId = MWCryptRand::generateHex( 6 );
160  $key = $key . ':' . $uniqueId;
161 
162  $queryParams = [ 'authUniqueId' => $uniqueId ] + $queryParams;
163  $authData = array_diff_key( $request->getValues(),
164  $this->getPreservedParams( false ), [ 'title' => 1 ] );
165  $authManager->setAuthenticationSessionData( $key, $authData );
166  }
167 
168  $title = SpecialPage::getTitleFor( 'Userlogin' );
169  $url = $title->getFullURL( [
170  'returnto' => $this->getFullTitle()->getPrefixedDBkey(),
171  'returntoquery' => wfArrayToCgi( $queryParams ),
172  'force' => $securityLevel,
173  ], false, PROTO_HTTPS );
174 
175  $this->getOutput()->redirect( $url );
176  return false;
177  } elseif ( $securityStatus !== AuthManager::SEC_OK ) {
178  throw new ErrorPageError( 'cannotauth-not-allowed-title', 'cannotauth-not-allowed' );
179  }
180  }
181 
182  $uniqueId = $request->getVal( 'authUniqueId' );
183  if ( $uniqueId ) {
184  $key = $key . ':' . $uniqueId;
185  $authData = $authManager->getAuthenticationSessionData( $key );
186  if ( $authData ) {
187  $authManager->removeAuthenticationSessionData( $key );
188  $this->setRequest( $authData, true );
189  }
190  }
191 
192  return true;
193  }
194 
201  protected function getDefaultAction( $subPage ) {
202  throw new BadMethodCallException( 'Subclass did not implement getDefaultAction' );
203  }
204 
211  protected function messageKey( $defaultKey ) {
212  return array_key_exists( $defaultKey, static::$messages )
213  ? static::$messages[$defaultKey] : $defaultKey;
214  }
215 
220  protected function getRequestBlacklist() {
221  return [];
222  }
223 
233  protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
234  // Do not load if already loaded, to cut down on the number of getAuthenticationRequests
235  // calls. This is important for requests which have hidden information so any
236  // getAuthenticationRequests call would mean putting data into some cache.
237  if (
238  !$reset && $this->subPage === $subPage && $this->authAction
239  && ( !$authAction || $authAction === $this->authAction )
240  ) {
241  return;
242  }
243 
244  $request = $this->getRequest();
245  $this->subPage = $subPage;
246  $this->authAction = $authAction ?: $request->getText( 'authAction' );
247  if ( !in_array( $this->authAction, static::$allowedActions, true ) ) {
248  $this->authAction = $this->getDefaultAction( $subPage );
249  if ( $request->wasPosted() ) {
250  $continueAction = $this->getContinueAction( $this->authAction );
251  if ( in_array( $continueAction, static::$allowedActions, true ) ) {
252  $this->authAction = $continueAction;
253  }
254  }
255  }
256 
257  $allReqs = AuthManager::singleton()->getAuthenticationRequests(
258  $this->authAction, $this->getUser() );
259  $this->authRequests = array_filter( $allReqs, function ( $req ) use ( $subPage ) {
260  return !in_array( get_class( $req ), $this->getRequestBlacklist(), true );
261  } );
262  }
263 
268  protected function isContinued() {
269  return in_array( $this->authAction, [
270  AuthManager::ACTION_LOGIN_CONTINUE,
271  AuthManager::ACTION_CREATE_CONTINUE,
272  AuthManager::ACTION_LINK_CONTINUE,
273  ], true );
274  }
275 
281  protected function getContinueAction( $action ) {
282  switch ( $action ) {
283  case AuthManager::ACTION_LOGIN:
284  $action = AuthManager::ACTION_LOGIN_CONTINUE;
285  break;
286  case AuthManager::ACTION_CREATE:
287  $action = AuthManager::ACTION_CREATE_CONTINUE;
288  break;
289  case AuthManager::ACTION_LINK:
290  $action = AuthManager::ACTION_LINK_CONTINUE;
291  break;
292  }
293  return $action;
294  }
295 
304  protected function isActionAllowed( $action ) {
305  $authManager = AuthManager::singleton();
306  if ( !in_array( $action, static::$allowedActions, true ) ) {
307  throw new InvalidArgumentException( 'invalid action: ' . $action );
308  }
309 
310  // calling getAuthenticationRequests can be expensive, avoid if possible
311  $requests = ( $action === $this->authAction ) ? $this->authRequests
312  : $authManager->getAuthenticationRequests( $action );
313  if ( !$requests ) {
314  // no provider supports this action in the current state
315  return false;
316  }
317 
318  switch ( $action ) {
319  case AuthManager::ACTION_LOGIN:
320  case AuthManager::ACTION_LOGIN_CONTINUE:
321  return $authManager->canAuthenticateNow();
322  case AuthManager::ACTION_CREATE:
323  case AuthManager::ACTION_CREATE_CONTINUE:
324  return $authManager->canCreateAccounts();
325  case AuthManager::ACTION_LINK:
326  case AuthManager::ACTION_LINK_CONTINUE:
327  return $authManager->canLinkAccounts();
328  case AuthManager::ACTION_CHANGE:
329  case AuthManager::ACTION_REMOVE:
330  case AuthManager::ACTION_UNLINK:
331  return true;
332  default:
333  // should never reach here but makes static code analyzers happy
334  throw new InvalidArgumentException( 'invalid action: ' . $action );
335  }
336  }
337 
344  protected function performAuthenticationStep( $action, array $requests ) {
345  if ( !in_array( $action, static::$allowedActions, true ) ) {
346  throw new InvalidArgumentException( 'invalid action: ' . $action );
347  }
348 
349  $authManager = AuthManager::singleton();
350  $returnToUrl = $this->getPageTitle( 'return' )
351  ->getFullURL( $this->getPreservedParams( true ), false, PROTO_HTTPS );
352 
353  switch ( $action ) {
354  case AuthManager::ACTION_LOGIN:
355  return $authManager->beginAuthentication( $requests, $returnToUrl );
356  case AuthManager::ACTION_LOGIN_CONTINUE:
357  return $authManager->continueAuthentication( $requests );
358  case AuthManager::ACTION_CREATE:
359  return $authManager->beginAccountCreation( $this->getUser(), $requests,
360  $returnToUrl );
361  case AuthManager::ACTION_CREATE_CONTINUE:
362  return $authManager->continueAccountCreation( $requests );
363  case AuthManager::ACTION_LINK:
364  return $authManager->beginAccountLink( $this->getUser(), $requests, $returnToUrl );
365  case AuthManager::ACTION_LINK_CONTINUE:
366  return $authManager->continueAccountLink( $requests );
367  case AuthManager::ACTION_CHANGE:
368  case AuthManager::ACTION_REMOVE:
369  case AuthManager::ACTION_UNLINK:
370  if ( count( $requests ) > 1 ) {
371  throw new InvalidArgumentException( 'only one auth request can be changed at a time' );
372  } elseif ( !$requests ) {
373  throw new InvalidArgumentException( 'no auth request' );
374  }
375  $req = reset( $requests );
376  $status = $authManager->allowsAuthenticationDataChange( $req );
377  Hooks::run( 'ChangeAuthenticationDataAudit', [ $req, $status ] );
378  if ( !$status->isGood() ) {
379  return AuthenticationResponse::newFail( $status->getMessage() );
380  }
381  $authManager->changeAuthenticationData( $req );
382  return AuthenticationResponse::newPass();
383  default:
384  // should never reach here but makes static code analyzers happy
385  throw new InvalidArgumentException( 'invalid action: ' . $action );
386  }
387  }
388 
399  protected function trySubmit() {
400  $status = false;
401 
402  $form = $this->getAuthForm( $this->authRequests, $this->authAction );
403  $form->setSubmitCallback( [ $this, 'handleFormSubmit' ] );
404 
405  if ( $this->getRequest()->wasPosted() ) {
406  // handle tokens manually; $form->tryAuthorizedSubmit only works for logged-in users
407  $requestTokenValue = $this->getRequest()->getVal( $this->getTokenName() );
408  $sessionToken = $this->getToken();
409  if ( $sessionToken->wasNew() ) {
410  return Status::newFatal( $this->messageKey( 'authform-newtoken' ) );
411  } elseif ( !$requestTokenValue ) {
412  return Status::newFatal( $this->messageKey( 'authform-notoken' ) );
413  } elseif ( !$sessionToken->match( $requestTokenValue ) ) {
414  return Status::newFatal( $this->messageKey( 'authform-wrongtoken' ) );
415  }
416 
417  $form->prepareForm();
418  $status = $form->trySubmit();
419 
420  // HTMLForm submit return values are a mess; let's ensure it is false or a Status
421  // FIXME this probably should be in HTMLForm
422  if ( $status === true ) {
423  // not supposed to happen since our submit handler should always return a Status
424  throw new UnexpectedValueException( 'HTMLForm::trySubmit() returned true' );
425  } elseif ( $status === false ) {
426  // form was not submitted; nothing to do
427  } elseif ( $status instanceof Status ) {
428  // already handled by the form; nothing to do
429  } elseif ( $status instanceof StatusValue ) {
430  // in theory not an allowed return type but nothing stops the submit handler from
431  // accidentally returning it so best check and fix
432  $status = Status::wrap( $status );
433  } elseif ( is_string( $status ) ) {
434  $status = Status::newFatal( new RawMessage( '$1', $status ) );
435  } elseif ( is_array( $status ) ) {
436  if ( is_string( reset( $status ) ) ) {
437  $status = call_user_func_array( 'Status::newFatal', $status );
438  } elseif ( is_array( reset( $status ) ) ) {
439  $status = Status::newGood();
440  foreach ( $status as $message ) {
441  call_user_func_array( [ $status, 'fatal' ], $message );
442  }
443  } else {
444  throw new UnexpectedValueException( 'invalid HTMLForm::trySubmit() return value: '
445  . 'first element of array is ' . gettype( reset( $status ) ) );
446  }
447  } else {
448  // not supposed to happen but HTMLForm does not actually verify the return type
449  // from the submit callback; better safe then sorry
450  throw new UnexpectedValueException( 'invalid HTMLForm::trySubmit() return type: '
451  . gettype( $status ) );
452  }
453 
454  if ( ( !$status || !$status->isOK() ) && $this->isReturn ) {
455  // This is awkward. There was a form validation error, which means the data was not
456  // passed to AuthManager. Normally we would display the form with an error message,
457  // but for the data we received via the redirect flow that would not be helpful at all.
458  // Let's just submit the data to AuthManager directly instead.
459  LoggerFactory::getInstance( 'authentication' )
460  ->warning( 'Validation error on return', [ 'data' => $form->mFieldData,
461  'status' => $status->getWikiText() ] );
462  $status = $this->handleFormSubmit( $form->mFieldData );
463  }
464  }
465 
466  $changeActions = [
467  AuthManager::ACTION_CHANGE, AuthManager::ACTION_REMOVE, AuthManager::ACTION_UNLINK
468  ];
469  if ( in_array( $this->authAction, $changeActions, true ) && $status && !$status->isOK() ) {
470  Hooks::run( 'ChangeAuthenticationDataAudit', [ reset( $this->authRequests ), $status ] );
471  }
472 
473  return $status;
474  }
475 
482  public function handleFormSubmit( $data ) {
483  $requests = AuthenticationRequest::loadRequestsFromSubmission( $this->authRequests, $data );
484  $response = $this->performAuthenticationStep( $this->authAction, $requests );
485 
486  // we can't handle FAIL or similar as failure here since it might require changing the form
487  return Status::newGood( $response );
488  }
489 
497  protected function getPreservedParams( $withToken = false ) {
498  $params = [];
499  if ( $this->authAction !== $this->getDefaultAction( $this->subPage ) ) {
500  $params['authAction'] = $this->getContinueAction( $this->authAction );
501  }
502  if ( $withToken ) {
503  $params[$this->getTokenName()] = $this->getToken()->toString();
504  }
505  return $params;
506  }
507 
514  protected function getAuthFormDescriptor( $requests, $action ) {
515  $fieldInfo = AuthenticationRequest::mergeFieldInfo( $requests );
516  $formDescriptor = $this->fieldInfoToFormDescriptor( $requests, $fieldInfo, $action );
517 
518  $this->addTabIndex( $formDescriptor );
519 
520  return $formDescriptor;
521  }
522 
528  protected function getAuthForm( array $requests, $action ) {
529  $formDescriptor = $this->getAuthFormDescriptor( $requests, $action );
530  $context = $this->getContext();
531  if ( $context->getRequest() !== $this->getRequest() ) {
532  // We have overridden the request, need to make sure the form uses that too.
533  $context = new DerivativeContext( $this->getContext() );
534  $context->setRequest( $this->getRequest() );
535  }
536  $form = HTMLForm::factory( 'ooui', $formDescriptor, $context );
537  $form->setAction( $this->getFullTitle()->getFullURL( $this->getPreservedParams() ) );
538  $form->addHiddenField( $this->getTokenName(), $this->getToken()->toString() );
539  $form->addHiddenField( 'authAction', $this->authAction );
540  $form->suppressDefaultSubmit( !$this->needsSubmitButton( $requests ) );
541 
542  return $form;
543  }
544 
549  protected function displayForm( $status ) {
550  if ( $status instanceof StatusValue ) {
551  $status = Status::wrap( $status );
552  }
553  $form = $this->getAuthForm( $this->authRequests, $this->authAction );
554  $form->prepareForm()->displayForm( $status );
555  }
556 
567  protected function needsSubmitButton( array $requests ) {
568  $customSubmitButtonPresent = false;
569 
570  // Secondary and preauth providers always need their data; they will not care what button
571  // is used, so they can be ignored. So can OPTIONAL buttons createdby primary providers;
572  // that's the point in being optional. Se we need to check whether all primary providers
573  // have their own buttons and whether there is at least one button present.
574  foreach ( $requests as $req ) {
575  if ( $req->required === AuthenticationRequest::PRIMARY_REQUIRED ) {
576  if ( $this->hasOwnSubmitButton( $req ) ) {
577  $customSubmitButtonPresent = true;
578  } else {
579  return true;
580  }
581  }
582  }
583  return !$customSubmitButtonPresent;
584  }
585 
591  protected function hasOwnSubmitButton( AuthenticationRequest $req ) {
592  foreach ( $req->getFieldInfo() as $field => $info ) {
593  if ( $info['type'] === 'button' ) {
594  return true;
595  }
596  }
597  return false;
598  }
599 
605  protected function addTabIndex( &$formDescriptor ) {
606  $i = 1;
607  foreach ( $formDescriptor as $field => &$definition ) {
608  $class = false;
609  if ( array_key_exists( 'class', $definition ) ) {
610  $class = $definition['class'];
611  } elseif ( array_key_exists( 'type', $definition ) ) {
612  $class = HTMLForm::$typeMappings[$definition['type']];
613  }
614  if ( $class !== 'HTMLInfoField' ) {
615  $definition['tabindex'] = $i;
616  $i++;
617  }
618  }
619  }
620 
625  protected function getToken() {
626  return $this->getRequest()->getSession()->getToken( 'AuthManagerSpecialPage:'
627  . $this->getName() );
628  }
629 
634  protected function getTokenName() {
635  return 'wpAuthToken';
636  }
637 
647  protected function fieldInfoToFormDescriptor( array $requests, array $fieldInfo, $action ) {
648  $formDescriptor = [];
649  foreach ( $fieldInfo as $fieldName => $singleFieldInfo ) {
650  $formDescriptor[$fieldName] = self::mapSingleFieldInfo( $singleFieldInfo, $fieldName );
651  }
652 
653  $requestSnapshot = serialize( $requests );
654  $this->onAuthChangeFormFields( $requests, $fieldInfo, $formDescriptor, $action );
655  \Hooks::run( 'AuthChangeFormFields', [ $requests, $fieldInfo, &$formDescriptor, $action ] );
656  if ( $requestSnapshot !== serialize( $requests ) ) {
657  LoggerFactory::getInstance( 'authentication' )->warning(
658  'AuthChangeFormFields hook changed auth requests' );
659  }
660 
661  // Process the special 'weight' property, which is a way for AuthChangeFormFields hook
662  // subscribers (who only see one field at a time) to influence ordering.
663  self::sortFormDescriptorFields( $formDescriptor );
664 
665  return $formDescriptor;
666  }
667 
675  protected static function mapSingleFieldInfo( $singleFieldInfo, $fieldName ) {
676  $type = self::mapFieldInfoTypeToFormDescriptorType( $singleFieldInfo['type'] );
677  $descriptor = [
678  'type' => $type,
679  // Do not prefix input name with 'wp'. This is important for the redirect flow.
680  'name' => $fieldName,
681  ];
682 
683  if ( $type === 'submit' && isset( $singleFieldInfo['label'] ) ) {
684  $descriptor['default'] = wfMessage( $singleFieldInfo['label'] )->plain();
685  } elseif ( $type !== 'submit' ) {
686  $descriptor += array_filter( [
687  // help-message is omitted as it is usually not really useful for a web interface
688  'label-message' => self::getField( $singleFieldInfo, 'label' ),
689  ] );
690 
691  if ( isset( $singleFieldInfo['options'] ) ) {
692  $descriptor['options'] = array_flip( array_map( function ( $message ) {
694  return $message->parse();
695  }, $singleFieldInfo['options'] ) );
696  }
697 
698  if ( isset( $singleFieldInfo['value'] ) ) {
699  $descriptor['default'] = $singleFieldInfo['value'];
700  }
701 
702  if ( empty( $singleFieldInfo['optional'] ) ) {
703  $descriptor['required'] = true;
704  }
705  }
706 
707  return $descriptor;
708  }
709 
717  protected static function sortFormDescriptorFields( array &$formDescriptor ) {
718  $i = 0;
719  foreach ( $formDescriptor as &$field ) {
720  $field['__index'] = $i++;
721  }
722  uasort( $formDescriptor, function ( $first, $second ) {
723  return self::getField( $first, 'weight', 0 ) - self::getField( $second, 'weight', 0 )
724  ?: $first['__index'] - $second['__index'];
725  } );
726  foreach ( $formDescriptor as &$field ) {
727  unset( $field['__index'] );
728  }
729  }
730 
738  protected static function getField( array $array, $fieldName, $default = null ) {
739  if ( array_key_exists( $fieldName, $array ) ) {
740  return $array[$fieldName];
741  } else {
742  return $default;
743  }
744  }
745 
752  protected static function mapFieldInfoTypeToFormDescriptorType( $type ) {
753  $map = [
754  'string' => 'text',
755  'password' => 'password',
756  'select' => 'select',
757  'checkbox' => 'check',
758  'multiselect' => 'multiselect',
759  'button' => 'submit',
760  'hidden' => 'hidden',
761  'null' => 'info',
762  ];
763  if ( !array_key_exists( $type, $map ) ) {
764  throw new \LogicException( 'invalid field type: ' . $type );
765  }
766  return $map[$type];
767  }
768 }
AuthManagerSpecialPage\$messages
static array $messages
Customized messages.
Definition: AuthManagerSpecialPage.php:25
array
the array() calling protocol came about after MediaWiki 1.4rc1.
HTMLForm\$typeMappings
static $typeMappings
Definition: HTMLForm.php:130
AuthManagerSpecialPage\hasOwnSubmitButton
hasOwnSubmitButton(AuthenticationRequest $req)
Checks whether the given AuthenticationRequest has its own submit button.
Definition: AuthManagerSpecialPage.php:591
Status\wrap
static wrap($sv)
Succinct helper method to wrap a StatusValue.
Definition: Status.php:55
AuthManagerSpecialPage
A special page subclass for authentication-related special pages.
Definition: AuthManagerSpecialPage.php:14
$context
$context
Definition: load.php:50
SpecialPage\getContext
getContext()
Gets the context this SpecialPage is executed in.
Definition: SpecialPage.php:648
use
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
Definition: APACHE-LICENSE-2.0.txt:3
SpecialPage\getTitleFor
static getTitleFor($name, $subpage=false, $fragment= '')
Get a localised Title object for a specified special page name If you don't need a full Title object...
Definition: SpecialPage.php:82
StatusValue\newFatal
static newFatal($message)
Factory function for fatal errors.
Definition: StatusValue.php:63
AuthManagerSpecialPage\needsSubmitButton
needsSubmitButton(array $requests)
Returns true if the form built from the given AuthenticationRequests needs a submit button...
Definition: AuthManagerSpecialPage.php:567
AuthManagerSpecialPage\messageKey
messageKey($defaultKey)
Return custom message key.
Definition: AuthManagerSpecialPage.php:211
AuthManagerSpecialPage\$allowedActions
static string[] $allowedActions
The list of actions this special page deals with.
Definition: AuthManagerSpecialPage.php:17
DerivativeContext
An IContextSource implementation which will inherit context from another source but allow individual ...
Definition: DerivativeContext.php:31
DerivativeRequest
Similar to FauxRequest, but only fakes URL parameters and method (POST or GET) and use the base reque...
Definition: DerivativeRequest.php:34
HTMLForm\factory
static factory($displayFormat)
Construct a HTMLForm object for given display type.
Definition: HTMLForm.php:275
MediaWiki\Auth\AuthenticationRequest\getFieldInfo
getFieldInfo()
Fetch input field info.
AuthManagerSpecialPage\mapFieldInfoTypeToFormDescriptorType
static mapFieldInfoTypeToFormDescriptorType($type)
Maps AuthenticationRequest::getFieldInfo() types to HTMLForm types.
Definition: AuthManagerSpecialPage.php:752
AuthManagerSpecialPage\getToken
getToken()
Returns the CSRF token.
Definition: AuthManagerSpecialPage.php:625
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition: SpecialPage.php:675
$response
this hook is for auditing only $response
Definition: hooks.txt:802
AuthManagerSpecialPage\displayForm
displayForm($status)
Display the form.
Definition: AuthManagerSpecialPage.php:549
AuthManagerSpecialPage\getRequestBlacklist
getRequestBlacklist()
Allows blacklisting certain request types.
Definition: AuthManagerSpecialPage.php:220
AuthManagerSpecialPage\setRequest
setRequest(array $data, $wasPosted=null)
Override the POST data, GET data from the real request is preserved.
Definition: AuthManagerSpecialPage.php:75
true
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition: hooks.txt:1936
AuthManagerSpecialPage\isActionAllowed
isActionAllowed($action)
Checks whether AuthManager is ready to perform the action.
Definition: AuthManagerSpecialPage.php:304
AuthManagerSpecialPage\$isReturn
bool $isReturn
True if the current request is a result of returning from a redirect flow.
Definition: AuthManagerSpecialPage.php:37
SpecialPage
Parent class for all special pages.
Definition: SpecialPage.php:36
PROTO_HTTPS
const PROTO_HTTPS
Definition: Defines.php:224
AuthManagerSpecialPage\isContinued
isContinued()
Returns true if this is not the first step of the authentication.
Definition: AuthManagerSpecialPage.php:268
AuthManagerSpecialPage\getContinueAction
getContinueAction($action)
Gets the _CONTINUE version of an action.
Definition: AuthManagerSpecialPage.php:281
AuthManagerSpecialPage\addTabIndex
addTabIndex(&$formDescriptor)
Adds a sequential tabindex starting from 1 to all form elements.
Definition: AuthManagerSpecialPage.php:605
AuthManagerSpecialPage\handleReturnBeforeExecute
handleReturnBeforeExecute($subPage)
Handle redirection from the /return subpage.
Definition: AuthManagerSpecialPage.php:107
ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition: ErrorPageError.php:27
wfMessage
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock()-offset Set to overwrite offset parameter in $wgRequest set to ''to unsetoffset-wrap String Wrap the message in html(usually something like"&lt
AuthManagerSpecialPage\getPreservedParams
getPreservedParams($withToken=false)
Returns URL query parameters which can be used to reload the page (or leave and return) while preserv...
Definition: AuthManagerSpecialPage.php:497
$params
$params
Definition: styleTest.css.php:40
AuthManagerSpecialPage\performAuthenticationStep
performAuthenticationStep($action, array $requests)
Definition: AuthManagerSpecialPage.php:344
$requests
Allows to change the fields on the form that will be generated are created Can be used to omit specific feeds from being outputted You must not use this hook to add use OutputPage::addFeedLink() instead.&$feedLinks hooks can tweak the array to change how login etc forms should look $requests
Definition: hooks.txt:302
$title
namespace and then decline to actually register it file or subcat img or subcat $title
Definition: hooks.txt:953
StatusValue\newGood
static newGood($value=null)
Factory function for good results.
Definition: StatusValue.php:76
Hooks\run
static run($event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:131
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
AuthManagerSpecialPage\loadAuth
loadAuth($subPage, $authAction=null, $reset=false)
Load or initialize $authAction, $authRequests and $subPage.
Definition: AuthManagerSpecialPage.php:233
AuthManagerSpecialPage\$savedRequest
WebRequest null $savedRequest
If set, will be used instead of the real request.
Definition: AuthManagerSpecialPage.php:40
AuthManagerSpecialPage\onAuthChangeFormFields
onAuthChangeFormFields(array $requests, array $fieldInfo, array &$formDescriptor, $action)
Change the form descriptor that determines how a field will look in the authentication form...
Definition: AuthManagerSpecialPage.php:53
AuthManagerSpecialPage\$authRequests
AuthenticationRequest[] $authRequests
Definition: AuthManagerSpecialPage.php:31
AuthManagerSpecialPage\getField
static getField(array $array, $fieldName, $default=null)
Get an array value, or a default if it does not exist.
Definition: AuthManagerSpecialPage.php:738
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
$req
this hook is for auditing only $req
Definition: hooks.txt:1007
AuthManagerSpecialPage\handleReauthBeforeExecute
handleReauthBeforeExecute($subPage)
Handle redirection when the user needs to (re)authenticate.
Definition: AuthManagerSpecialPage.php:145
AuthManagerSpecialPage\mapSingleFieldInfo
static mapSingleFieldInfo($singleFieldInfo, $fieldName)
Maps an authentication field configuration for a single field (as returned by AuthenticationRequest::...
Definition: AuthManagerSpecialPage.php:675
AuthManagerSpecialPage\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data)...
Definition: AuthManagerSpecialPage.php:634
$request
error also a ContextSource you ll probably need to make sure the header is varied on $request
Definition: hooks.txt:2573
SpecialPage\getName
getName()
Get the name of this Special Page.
Definition: SpecialPage.php:150
AuthManagerSpecialPage\getDefaultAction
getDefaultAction($subPage)
Get the default action for this special page, if none is given via URL/POST data. ...
Definition: AuthManagerSpecialPage.php:201
RawMessage
Variant of the Message class.
Definition: Message.php:1242
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition: SpecialPage.php:685
wfArrayToCgi
wfArrayToCgi($array1, $array2=null, $prefix= '')
This function takes one or two arrays as input, and returns a CGI-style string, e.g.
Definition: GlobalFunctions.php:406
MWCryptRand\generateHex
static generateHex($chars, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in hexadecimal string format...
Definition: MWCryptRand.php:76
AuthManagerSpecialPage\sortFormDescriptorFields
static sortFormDescriptorFields(array &$formDescriptor)
Sort the fields of a form descriptor by their 'weight' property.
Definition: AuthManagerSpecialPage.php:717
AuthManagerSpecialPage\fieldInfoToFormDescriptor
fieldInfoToFormDescriptor(array $requests, array $fieldInfo, $action)
Turns a field info array into a form descriptor.
Definition: AuthManagerSpecialPage.php:647
AuthManagerSpecialPage\getAuthForm
getAuthForm(array $requests, $action)
Definition: AuthManagerSpecialPage.php:528
$status
this hook is for auditing only RecentChangesLinked and Watchlist RecentChangesLinked and Watchlist e g Watchlist removed from all revisions and log entries to which it was applied This gives extensions a chance to take it off their books as the deletion has already been partly carried out by this point or something similar the user will be unable to create the tag set $status
Definition: hooks.txt:1046
LoggerFactory
MediaWiki Logger LoggerFactory implements a PSR[0] compatible message logging system Named Psr Log LoggerInterface instances can be obtained from the MediaWiki Logger LoggerFactory::getInstance() static method.MediaWiki\Logger\LoggerFactory expects a class implementing the MediaWiki\Logger\Spi interface to act as a factory for new Psr\Log\LoggerInterface instances.The"Spi"in MediaWiki\Logger\Spi stands for"service provider interface".An SPI is an API intended to be implemented or extended by a third party.This software design pattern is intended to enable framework extension and replaceable components.It is specifically used in the MediaWiki\Logger\LoggerFactory service to allow alternate PSR-3 logging implementations to be easily integrated with MediaWiki.The service provider interface allows the backend logging library to be implemented in multiple ways.The $wgMWLoggerDefaultSpi global provides the classname of the default MediaWiki\Logger\Spi implementation to be loaded at runtime.This can either be the name of a class implementing the MediaWiki\Logger\Spi with a zero argument const ructor or a callable that will return an MediaWiki\Logger\Spi instance.Alternately the MediaWiki\Logger\LoggerFactory MediaWiki Logger LoggerFactory
Definition: logger.txt:5
SpecialPage\getFullTitle
getFullTitle()
Return the full title, including $par.
Definition: SpecialPage.php:724
$messages
$messages
Definition: LogTests.i18n.php:8
AuthManagerSpecialPage\handleFormSubmit
handleFormSubmit($data)
Submit handler callback for HTMLForm.
Definition: AuthManagerSpecialPage.php:482
serialize
serialize()
Definition: ApiMessage.php:94
AuthManagerSpecialPage\$subPage
string $subPage
Subpage of the special page.
Definition: AuthManagerSpecialPage.php:34
$type
do that in ParserLimitReportFormat instead use this to modify the parameters of the image and a DIV can begin in one section and end in another Make sure your code can handle that case gracefully See the EditSectionClearerLink extension for an example zero but section is usually empty its values are the globals values before the output is cached one of or reset my talk my contributions etc etc otherwise the built in rate limiting checks are if enabled allows for interception of redirect as a string mapping parameter names to values & $type
Definition: hooks.txt:2491
AuthManagerSpecialPage\getAuthFormDescriptor
getAuthFormDescriptor($requests, $action)
Generates a HTMLForm descriptor array from a set of authentication requests.
Definition: AuthManagerSpecialPage.php:514
MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition: AuthenticationRequest.php:37
AuthManagerSpecialPage\$authAction
string $authAction
one of the AuthManager::ACTION_* constants.
Definition: AuthManagerSpecialPage.php:28
SpecialPage\getPageTitle
getPageTitle($subpage=false)
Get a self-referential title object.
Definition: SpecialPage.php:628
AuthManagerSpecialPage\trySubmit
trySubmit()
Attempts to do an authentication step with the submitted data.
Definition: AuthManagerSpecialPage.php:399