MediaWiki REL1_28
AuthManagerSpecialPage.php
Go to the documentation of this file.
1<?php
2
3use MediaWiki\Auth\AuthenticationRequest;
4use MediaWiki\Auth\AuthenticationResponse;
5use MediaWiki\Auth\AuthManager;
6use MediaWiki\Logger\LoggerFactory;
7use MediaWiki\Session\Token;
8
14abstract class AuthManagerSpecialPage extends SpecialPage {
17 protected static $allowedActions = [
18 AuthManager::ACTION_LOGIN, AuthManager::ACTION_LOGIN_CONTINUE,
19 AuthManager::ACTION_CREATE, AuthManager::ACTION_CREATE_CONTINUE,
20 AuthManager::ACTION_LINK, AuthManager::ACTION_LINK_CONTINUE,
21 AuthManager::ACTION_CHANGE, AuthManager::ACTION_REMOVE, AuthManager::ACTION_UNLINK,
22 ];
23
25 protected static $messages = [];
26
28 protected $authAction;
29
31 protected $authRequests;
32
34 protected $subPage;
35
37 protected $isReturn;
38
40 protected $savedRequest;
41
53 public function onAuthChangeFormFields(
54 array $requests, array $fieldInfo, array &$formDescriptor, $action
55 ) {
56 return true;
57 }
58
59 protected function getLoginSecurityLevel() {
60 return $this->getName();
61 }
62
63 public function getRequest() {
64 return $this->savedRequest ?: $this->getContext()->getRequest();
65 }
66
75 protected function setRequest( array $data, $wasPosted = null ) {
76 $request = $this->getContext()->getRequest();
77 if ( $wasPosted === null ) {
78 $wasPosted = $request->wasPosted();
79 }
80 $this->savedRequest = new DerivativeRequest( $request, $data + $request->getQueryValues(),
81 $wasPosted );
82 }
83
84 protected function beforeExecute( $subPage ) {
85 $this->getOutput()->disallowUserJs();
86
87 return $this->handleReturnBeforeExecute( $subPage )
88 && $this->handleReauthBeforeExecute( $subPage );
89 }
90
107 protected function handleReturnBeforeExecute( $subPage ) {
108 $authManager = AuthManager::singleton();
109 $key = 'AuthManagerSpecialPage:return:' . $this->getName();
110
111 if ( $subPage === 'return' ) {
112 $this->loadAuth( $subPage );
113 $preservedParams = $this->getPreservedParams( false );
114
115 // FIXME save POST values only from request
116 $authData = array_diff_key( $this->getRequest()->getValues(),
117 $preservedParams, [ 'title' => 1 ] );
118 $authManager->setAuthenticationSessionData( $key, $authData );
119
120 $url = $this->getPageTitle()->getFullURL( $preservedParams, false, PROTO_HTTPS );
121 $this->getOutput()->redirect( $url );
122 return false;
123 }
124
125 $authData = $authManager->getAuthenticationSessionData( $key );
126 if ( $authData ) {
127 $authManager->removeAuthenticationSessionData( $key );
128 $this->isReturn = true;
129 $this->setRequest( $authData, true );
130 }
131
132 return true;
133 }
134
145 protected function handleReauthBeforeExecute( $subPage ) {
146 $authManager = AuthManager::singleton();
147 $request = $this->getRequest();
148 $key = 'AuthManagerSpecialPage:reauth:' . $this->getName();
149
150 $securityLevel = $this->getLoginSecurityLevel();
151 if ( $securityLevel ) {
152 $securityStatus = AuthManager::singleton()
153 ->securitySensitiveOperationStatus( $securityLevel );
154 if ( $securityStatus === AuthManager::SEC_REAUTH ) {
155 $queryParams = array_diff_key( $request->getQueryValues(), [ 'title' => true ] );
156
157 if ( $request->wasPosted() ) {
158 // unique ID in case the same special page is open in multiple browser tabs
159 $uniqueId = MWCryptRand::generateHex( 6 );
160 $key = $key . ':' . $uniqueId;
161
162 $queryParams = [ 'authUniqueId' => $uniqueId ] + $queryParams;
163 $authData = array_diff_key( $request->getValues(),
164 $this->getPreservedParams( false ), [ 'title' => 1 ] );
165 $authManager->setAuthenticationSessionData( $key, $authData );
166 }
167
168 $title = SpecialPage::getTitleFor( 'Userlogin' );
169 $url = $title->getFullURL( [
170 'returnto' => $this->getFullTitle()->getPrefixedDBkey(),
171 'returntoquery' => wfArrayToCgi( $queryParams ),
172 'force' => $securityLevel,
173 ], false, PROTO_HTTPS );
174
175 $this->getOutput()->redirect( $url );
176 return false;
177 } elseif ( $securityStatus !== AuthManager::SEC_OK ) {
178 throw new ErrorPageError( 'cannotauth-not-allowed-title', 'cannotauth-not-allowed' );
179 }
180 }
181
182 $uniqueId = $request->getVal( 'authUniqueId' );
183 if ( $uniqueId ) {
184 $key = $key . ':' . $uniqueId;
185 $authData = $authManager->getAuthenticationSessionData( $key );
186 if ( $authData ) {
187 $authManager->removeAuthenticationSessionData( $key );
188 $this->setRequest( $authData, true );
189 }
190 }
191
192 return true;
193 }
194
201 protected function getDefaultAction( $subPage ) {
202 throw new BadMethodCallException( 'Subclass did not implement getDefaultAction' );
203 }
204
211 protected function messageKey( $defaultKey ) {
212 return array_key_exists( $defaultKey, static::$messages )
213 ? static::$messages[$defaultKey] : $defaultKey;
214 }
215
220 protected function getRequestBlacklist() {
221 return [];
222 }
223
233 protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
234 // Do not load if already loaded, to cut down on the number of getAuthenticationRequests
235 // calls. This is important for requests which have hidden information so any
236 // getAuthenticationRequests call would mean putting data into some cache.
237 if (
238 !$reset && $this->subPage === $subPage && $this->authAction
239 && ( !$authAction || $authAction === $this->authAction )
240 ) {
241 return;
242 }
243
244 $request = $this->getRequest();
245 $this->subPage = $subPage;
246 $this->authAction = $authAction ?: $request->getText( 'authAction' );
247 if ( !in_array( $this->authAction, static::$allowedActions, true ) ) {
248 $this->authAction = $this->getDefaultAction( $subPage );
249 if ( $request->wasPosted() ) {
250 $continueAction = $this->getContinueAction( $this->authAction );
251 if ( in_array( $continueAction, static::$allowedActions, true ) ) {
252 $this->authAction = $continueAction;
253 }
254 }
255 }
256
257 $allReqs = AuthManager::singleton()->getAuthenticationRequests(
258 $this->authAction, $this->getUser() );
259 $this->authRequests = array_filter( $allReqs, function ( $req ) use ( $subPage ) {
260 return !in_array( get_class( $req ), $this->getRequestBlacklist(), true );
261 } );
262 }
263
268 protected function isContinued() {
269 return in_array( $this->authAction, [
270 AuthManager::ACTION_LOGIN_CONTINUE,
271 AuthManager::ACTION_CREATE_CONTINUE,
272 AuthManager::ACTION_LINK_CONTINUE,
273 ], true );
274 }
275
281 protected function getContinueAction( $action ) {
282 switch ( $action ) {
283 case AuthManager::ACTION_LOGIN:
284 $action = AuthManager::ACTION_LOGIN_CONTINUE;
285 break;
286 case AuthManager::ACTION_CREATE:
287 $action = AuthManager::ACTION_CREATE_CONTINUE;
288 break;
289 case AuthManager::ACTION_LINK:
290 $action = AuthManager::ACTION_LINK_CONTINUE;
291 break;
292 }
293 return $action;
294 }
295
304 protected function isActionAllowed( $action ) {
305 $authManager = AuthManager::singleton();
306 if ( !in_array( $action, static::$allowedActions, true ) ) {
307 throw new InvalidArgumentException( 'invalid action: ' . $action );
308 }
309
310 // calling getAuthenticationRequests can be expensive, avoid if possible
311 $requests = ( $action === $this->authAction ) ? $this->authRequests
312 : $authManager->getAuthenticationRequests( $action );
313 if ( !$requests ) {
314 // no provider supports this action in the current state
315 return false;
316 }
317
318 switch ( $action ) {
319 case AuthManager::ACTION_LOGIN:
320 case AuthManager::ACTION_LOGIN_CONTINUE:
321 return $authManager->canAuthenticateNow();
322 case AuthManager::ACTION_CREATE:
323 case AuthManager::ACTION_CREATE_CONTINUE:
324 return $authManager->canCreateAccounts();
325 case AuthManager::ACTION_LINK:
326 case AuthManager::ACTION_LINK_CONTINUE:
327 return $authManager->canLinkAccounts();
328 case AuthManager::ACTION_CHANGE:
329 case AuthManager::ACTION_REMOVE:
330 case AuthManager::ACTION_UNLINK:
331 return true;
332 default:
333 // should never reach here but makes static code analyzers happy
334 throw new InvalidArgumentException( 'invalid action: ' . $action );
335 }
336 }
337
344 protected function performAuthenticationStep( $action, array $requests ) {
345 if ( !in_array( $action, static::$allowedActions, true ) ) {
346 throw new InvalidArgumentException( 'invalid action: ' . $action );
347 }
348
349 $authManager = AuthManager::singleton();
350 $returnToUrl = $this->getPageTitle( 'return' )
351 ->getFullURL( $this->getPreservedParams( true ), false, PROTO_HTTPS );
352
353 switch ( $action ) {
354 case AuthManager::ACTION_LOGIN:
355 return $authManager->beginAuthentication( $requests, $returnToUrl );
356 case AuthManager::ACTION_LOGIN_CONTINUE:
357 return $authManager->continueAuthentication( $requests );
358 case AuthManager::ACTION_CREATE:
359 return $authManager->beginAccountCreation( $this->getUser(), $requests,
360 $returnToUrl );
361 case AuthManager::ACTION_CREATE_CONTINUE:
362 return $authManager->continueAccountCreation( $requests );
363 case AuthManager::ACTION_LINK:
364 return $authManager->beginAccountLink( $this->getUser(), $requests, $returnToUrl );
365 case AuthManager::ACTION_LINK_CONTINUE:
366 return $authManager->continueAccountLink( $requests );
367 case AuthManager::ACTION_CHANGE:
368 case AuthManager::ACTION_REMOVE:
369 case AuthManager::ACTION_UNLINK:
370 if ( count( $requests ) > 1 ) {
371 throw new InvalidArgumentException( 'only one auth request can be changed at a time' );
372 } elseif ( !$requests ) {
373 throw new InvalidArgumentException( 'no auth request' );
374 }
375 $req = reset( $requests );
376 $status = $authManager->allowsAuthenticationDataChange( $req );
377 Hooks::run( 'ChangeAuthenticationDataAudit', [ $req, $status ] );
378 if ( !$status->isGood() ) {
379 return AuthenticationResponse::newFail( $status->getMessage() );
380 }
381 $authManager->changeAuthenticationData( $req );
382 return AuthenticationResponse::newPass();
383 default:
384 // should never reach here but makes static code analyzers happy
385 throw new InvalidArgumentException( 'invalid action: ' . $action );
386 }
387 }
388
399 protected function trySubmit() {
400 $status = false;
401
402 $form = $this->getAuthForm( $this->authRequests, $this->authAction );
403 $form->setSubmitCallback( [ $this, 'handleFormSubmit' ] );
404
405 if ( $this->getRequest()->wasPosted() ) {
406 // handle tokens manually; $form->tryAuthorizedSubmit only works for logged-in users
407 $requestTokenValue = $this->getRequest()->getVal( $this->getTokenName() );
408 $sessionToken = $this->getToken();
409 if ( $sessionToken->wasNew() ) {
410 return Status::newFatal( $this->messageKey( 'authform-newtoken' ) );
411 } elseif ( !$requestTokenValue ) {
412 return Status::newFatal( $this->messageKey( 'authform-notoken' ) );
413 } elseif ( !$sessionToken->match( $requestTokenValue ) ) {
414 return Status::newFatal( $this->messageKey( 'authform-wrongtoken' ) );
415 }
416
417 $form->prepareForm();
418 $status = $form->trySubmit();
419
420 // HTMLForm submit return values are a mess; let's ensure it is false or a Status
421 // FIXME this probably should be in HTMLForm
422 if ( $status === true ) {
423 // not supposed to happen since our submit handler should always return a Status
424 throw new UnexpectedValueException( 'HTMLForm::trySubmit() returned true' );
425 } elseif ( $status === false ) {
426 // form was not submitted; nothing to do
427 } elseif ( $status instanceof Status ) {
428 // already handled by the form; nothing to do
429 } elseif ( $status instanceof StatusValue ) {
430 // in theory not an allowed return type but nothing stops the submit handler from
431 // accidentally returning it so best check and fix
432 $status = Status::wrap( $status );
433 } elseif ( is_string( $status ) ) {
434 $status = Status::newFatal( new RawMessage( '$1', $status ) );
435 } elseif ( is_array( $status ) ) {
436 if ( is_string( reset( $status ) ) ) {
437 $status = call_user_func_array( 'Status::newFatal', $status );
438 } elseif ( is_array( reset( $status ) ) ) {
439 $status = Status::newGood();
440 foreach ( $status as $message ) {
441 call_user_func_array( [ $status, 'fatal' ], $message );
442 }
443 } else {
444 throw new UnexpectedValueException( 'invalid HTMLForm::trySubmit() return value: '
445 . 'first element of array is ' . gettype( reset( $status ) ) );
446 }
447 } else {
448 // not supposed to happen but HTMLForm does not actually verify the return type
449 // from the submit callback; better safe then sorry
450 throw new UnexpectedValueException( 'invalid HTMLForm::trySubmit() return type: '
451 . gettype( $status ) );
452 }
453
454 if ( ( !$status || !$status->isOK() ) && $this->isReturn ) {
455 // This is awkward. There was a form validation error, which means the data was not
456 // passed to AuthManager. Normally we would display the form with an error message,
457 // but for the data we received via the redirect flow that would not be helpful at all.
458 // Let's just submit the data to AuthManager directly instead.
459 LoggerFactory::getInstance( 'authentication' )
460 ->warning( 'Validation error on return', [ 'data' => $form->mFieldData,
461 'status' => $status->getWikiText() ] );
462 $status = $this->handleFormSubmit( $form->mFieldData );
463 }
464 }
465
466 $changeActions = [
467 AuthManager::ACTION_CHANGE, AuthManager::ACTION_REMOVE, AuthManager::ACTION_UNLINK
468 ];
469 if ( in_array( $this->authAction, $changeActions, true ) && $status && !$status->isOK() ) {
470 Hooks::run( 'ChangeAuthenticationDataAudit', [ reset( $this->authRequests ), $status ] );
471 }
472
473 return $status;
474 }
475
482 public function handleFormSubmit( $data ) {
483 $requests = AuthenticationRequest::loadRequestsFromSubmission( $this->authRequests, $data );
484 $response = $this->performAuthenticationStep( $this->authAction, $requests );
485
486 // we can't handle FAIL or similar as failure here since it might require changing the form
487 return Status::newGood( $response );
488 }
489
497 protected function getPreservedParams( $withToken = false ) {
498 $params = [];
499 if ( $this->authAction !== $this->getDefaultAction( $this->subPage ) ) {
500 $params['authAction'] = $this->getContinueAction( $this->authAction );
501 }
502 if ( $withToken ) {
503 $params[$this->getTokenName()] = $this->getToken()->toString();
504 }
505 return $params;
506 }
507
514 protected function getAuthFormDescriptor( $requests, $action ) {
515 $fieldInfo = AuthenticationRequest::mergeFieldInfo( $requests );
516 $formDescriptor = $this->fieldInfoToFormDescriptor( $requests, $fieldInfo, $action );
517
518 $this->addTabIndex( $formDescriptor );
519
520 return $formDescriptor;
521 }
522
528 protected function getAuthForm( array $requests, $action ) {
529 $formDescriptor = $this->getAuthFormDescriptor( $requests, $action );
530 $context = $this->getContext();
531 if ( $context->getRequest() !== $this->getRequest() ) {
532 // We have overridden the request, need to make sure the form uses that too.
533 $context = new DerivativeContext( $this->getContext() );
534 $context->setRequest( $this->getRequest() );
535 }
536 $form = HTMLForm::factory( 'ooui', $formDescriptor, $context );
537 $form->setAction( $this->getFullTitle()->getFullURL( $this->getPreservedParams() ) );
538 $form->addHiddenField( $this->getTokenName(), $this->getToken()->toString() );
539 $form->addHiddenField( 'authAction', $this->authAction );
540 $form->suppressDefaultSubmit( !$this->needsSubmitButton( $requests ) );
541
542 return $form;
543 }
544
549 protected function displayForm( $status ) {
550 if ( $status instanceof StatusValue ) {
551 $status = Status::wrap( $status );
552 }
553 $form = $this->getAuthForm( $this->authRequests, $this->authAction );
554 $form->prepareForm()->displayForm( $status );
555 }
556
567 protected function needsSubmitButton( array $requests ) {
568 $customSubmitButtonPresent = false;
569
570 // Secondary and preauth providers always need their data; they will not care what button
571 // is used, so they can be ignored. So can OPTIONAL buttons createdby primary providers;
572 // that's the point in being optional. Se we need to check whether all primary providers
573 // have their own buttons and whether there is at least one button present.
574 foreach ( $requests as $req ) {
575 if ( $req->required === AuthenticationRequest::PRIMARY_REQUIRED ) {
576 if ( $this->hasOwnSubmitButton( $req ) ) {
577 $customSubmitButtonPresent = true;
578 } else {
579 return true;
580 }
581 }
582 }
583 return !$customSubmitButtonPresent;
584 }
585
591 protected function hasOwnSubmitButton( AuthenticationRequest $req ) {
592 foreach ( $req->getFieldInfo() as $field => $info ) {
593 if ( $info['type'] === 'button' ) {
594 return true;
595 }
596 }
597 return false;
598 }
599
605 protected function addTabIndex( &$formDescriptor ) {
606 $i = 1;
607 foreach ( $formDescriptor as $field => &$definition ) {
608 $class = false;
609 if ( array_key_exists( 'class', $definition ) ) {
610 $class = $definition['class'];
611 } elseif ( array_key_exists( 'type', $definition ) ) {
612 $class = HTMLForm::$typeMappings[$definition['type']];
613 }
614 if ( $class !== 'HTMLInfoField' ) {
615 $definition['tabindex'] = $i;
616 $i++;
617 }
618 }
619 }
620
625 protected function getToken() {
626 return $this->getRequest()->getSession()->getToken( 'AuthManagerSpecialPage:'
627 . $this->getName() );
628 }
629
634 protected function getTokenName() {
635 return 'wpAuthToken';
636 }
637
647 protected function fieldInfoToFormDescriptor( array $requests, array $fieldInfo, $action ) {
648 $formDescriptor = [];
649 foreach ( $fieldInfo as $fieldName => $singleFieldInfo ) {
650 $formDescriptor[$fieldName] = self::mapSingleFieldInfo( $singleFieldInfo, $fieldName );
651 }
652
653 $requestSnapshot = serialize( $requests );
654 $this->onAuthChangeFormFields( $requests, $fieldInfo, $formDescriptor, $action );
655 \Hooks::run( 'AuthChangeFormFields', [ $requests, $fieldInfo, &$formDescriptor, $action ] );
656 if ( $requestSnapshot !== serialize( $requests ) ) {
657 LoggerFactory::getInstance( 'authentication' )->warning(
658 'AuthChangeFormFields hook changed auth requests' );
659 }
660
661 // Process the special 'weight' property, which is a way for AuthChangeFormFields hook
662 // subscribers (who only see one field at a time) to influence ordering.
663 self::sortFormDescriptorFields( $formDescriptor );
664
665 return $formDescriptor;
666 }
667
675 protected static function mapSingleFieldInfo( $singleFieldInfo, $fieldName ) {
676 $type = self::mapFieldInfoTypeToFormDescriptorType( $singleFieldInfo['type'] );
677 $descriptor = [
678 'type' => $type,
679 // Do not prefix input name with 'wp'. This is important for the redirect flow.
680 'name' => $fieldName,
681 ];
682
683 if ( $type === 'submit' && isset( $singleFieldInfo['label'] ) ) {
684 $descriptor['default'] = wfMessage( $singleFieldInfo['label'] )->plain();
685 } elseif ( $type !== 'submit' ) {
686 $descriptor += array_filter( [
687 // help-message is omitted as it is usually not really useful for a web interface
688 'label-message' => self::getField( $singleFieldInfo, 'label' ),
689 ] );
690
691 if ( isset( $singleFieldInfo['options'] ) ) {
692 $descriptor['options'] = array_flip( array_map( function ( $message ) {
694 return $message->parse();
695 }, $singleFieldInfo['options'] ) );
696 }
697
698 if ( isset( $singleFieldInfo['value'] ) ) {
699 $descriptor['default'] = $singleFieldInfo['value'];
700 }
701
702 if ( empty( $singleFieldInfo['optional'] ) ) {
703 $descriptor['required'] = true;
704 }
705 }
706
707 return $descriptor;
708 }
709
717 protected static function sortFormDescriptorFields( array &$formDescriptor ) {
718 $i = 0;
719 foreach ( $formDescriptor as &$field ) {
720 $field['__index'] = $i++;
721 }
722 uasort( $formDescriptor, function ( $first, $second ) {
723 return self::getField( $first, 'weight', 0 ) - self::getField( $second, 'weight', 0 )
724 ?: $first['__index'] - $second['__index'];
725 } );
726 foreach ( $formDescriptor as &$field ) {
727 unset( $field['__index'] );
728 }
729 }
730
738 protected static function getField( array $array, $fieldName, $default = null ) {
739 if ( array_key_exists( $fieldName, $array ) ) {
740 return $array[$fieldName];
741 } else {
742 return $default;
743 }
744 }
745
752 protected static function mapFieldInfoTypeToFormDescriptorType( $type ) {
753 $map = [
754 'string' => 'text',
755 'password' => 'password',
756 'select' => 'select',
757 'checkbox' => 'check',
758 'multiselect' => 'multiselect',
759 'button' => 'submit',
760 'hidden' => 'hidden',
761 'null' => 'info',
762 ];
763 if ( !array_key_exists( $type, $map ) ) {
764 throw new \LogicException( 'invalid field type: ' . $type );
765 }
766 return $map[$type];
767 }
768}
use
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
Definition APACHE-LICENSE-2.0.txt:10
serialize
serialize()
Definition ApiMessage.php:94
wfArrayToCgi
wfArrayToCgi( $array1, $array2=null, $prefix='')
This function takes one or two arrays as input, and returns a CGI-style string, e....
Definition GlobalFunctions.php:407
AuthManagerSpecialPage
A special page subclass for authentication-related special pages.
Definition AuthManagerSpecialPage.php:14
AuthManagerSpecialPage\getContinueAction
getContinueAction( $action)
Gets the _CONTINUE version of an action.
Definition AuthManagerSpecialPage.php:281
AuthManagerSpecialPage\handleReturnBeforeExecute
handleReturnBeforeExecute( $subPage)
Handle redirection from the /return subpage.
Definition AuthManagerSpecialPage.php:107
AuthManagerSpecialPage\getLoginSecurityLevel
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
Definition AuthManagerSpecialPage.php:59
AuthManagerSpecialPage\handleReauthBeforeExecute
handleReauthBeforeExecute( $subPage)
Handle redirection when the user needs to (re)authenticate.
Definition AuthManagerSpecialPage.php:145
AuthManagerSpecialPage\beforeExecute
beforeExecute( $subPage)
Gets called before.
Definition AuthManagerSpecialPage.php:84
AuthManagerSpecialPage\isActionAllowed
isActionAllowed( $action)
Checks whether AuthManager is ready to perform the action.
Definition AuthManagerSpecialPage.php:304
AuthManagerSpecialPage\$savedRequest
WebRequest null $savedRequest
If set, will be used instead of the real request.
Definition AuthManagerSpecialPage.php:40
AuthManagerSpecialPage\$authAction
string $authAction
one of the AuthManager::ACTION_* constants.
Definition AuthManagerSpecialPage.php:28
AuthManagerSpecialPage\performAuthenticationStep
performAuthenticationStep( $action, array $requests)
Definition AuthManagerSpecialPage.php:344
AuthManagerSpecialPage\getAuthForm
getAuthForm(array $requests, $action)
Definition AuthManagerSpecialPage.php:528
AuthManagerSpecialPage\displayForm
displayForm( $status)
Display the form.
Definition AuthManagerSpecialPage.php:549
AuthManagerSpecialPage\loadAuth
loadAuth( $subPage, $authAction=null, $reset=false)
Load or initialize $authAction, $authRequests and $subPage.
Definition AuthManagerSpecialPage.php:233
AuthManagerSpecialPage\$isReturn
bool $isReturn
True if the current request is a result of returning from a redirect flow.
Definition AuthManagerSpecialPage.php:37
AuthManagerSpecialPage\mapFieldInfoTypeToFormDescriptorType
static mapFieldInfoTypeToFormDescriptorType( $type)
Maps AuthenticationRequest::getFieldInfo() types to HTMLForm types.
Definition AuthManagerSpecialPage.php:752
AuthManagerSpecialPage\fieldInfoToFormDescriptor
fieldInfoToFormDescriptor(array $requests, array $fieldInfo, $action)
Turns a field info array into a form descriptor.
Definition AuthManagerSpecialPage.php:647
AuthManagerSpecialPage\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
Definition AuthManagerSpecialPage.php:201
AuthManagerSpecialPage\handleFormSubmit
handleFormSubmit( $data)
Submit handler callback for HTMLForm.
Definition AuthManagerSpecialPage.php:482
AuthManagerSpecialPage\$messages
static array $messages
Customized messages.
Definition AuthManagerSpecialPage.php:25
AuthManagerSpecialPage\$authRequests
AuthenticationRequest[] $authRequests
Definition AuthManagerSpecialPage.php:31
AuthManagerSpecialPage\needsSubmitButton
needsSubmitButton(array $requests)
Returns true if the form built from the given AuthenticationRequests needs a submit button.
Definition AuthManagerSpecialPage.php:567
AuthManagerSpecialPage\$subPage
string $subPage
Subpage of the special page.
Definition AuthManagerSpecialPage.php:34
AuthManagerSpecialPage\isContinued
isContinued()
Returns true if this is not the first step of the authentication.
Definition AuthManagerSpecialPage.php:268
AuthManagerSpecialPage\hasOwnSubmitButton
hasOwnSubmitButton(AuthenticationRequest $req)
Checks whether the given AuthenticationRequest has its own submit button.
Definition AuthManagerSpecialPage.php:591
AuthManagerSpecialPage\getRequestBlacklist
getRequestBlacklist()
Allows blacklisting certain request types.
Definition AuthManagerSpecialPage.php:220
AuthManagerSpecialPage\mapSingleFieldInfo
static mapSingleFieldInfo( $singleFieldInfo, $fieldName)
Maps an authentication field configuration for a single field (as returned by AuthenticationRequest::...
Definition AuthManagerSpecialPage.php:675
AuthManagerSpecialPage\getField
static getField(array $array, $fieldName, $default=null)
Get an array value, or a default if it does not exist.
Definition AuthManagerSpecialPage.php:738
AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition AuthManagerSpecialPage.php:63
AuthManagerSpecialPage\messageKey
messageKey( $defaultKey)
Return custom message key.
Definition AuthManagerSpecialPage.php:211
AuthManagerSpecialPage\setRequest
setRequest(array $data, $wasPosted=null)
Override the POST data, GET data from the real request is preserved.
Definition AuthManagerSpecialPage.php:75
AuthManagerSpecialPage\trySubmit
trySubmit()
Attempts to do an authentication step with the submitted data.
Definition AuthManagerSpecialPage.php:399
AuthManagerSpecialPage\getToken
getToken()
Returns the CSRF token.
Definition AuthManagerSpecialPage.php:625
AuthManagerSpecialPage\sortFormDescriptorFields
static sortFormDescriptorFields(array &$formDescriptor)
Sort the fields of a form descriptor by their 'weight' property.
Definition AuthManagerSpecialPage.php:717
AuthManagerSpecialPage\addTabIndex
addTabIndex(&$formDescriptor)
Adds a sequential tabindex starting from 1 to all form elements.
Definition AuthManagerSpecialPage.php:605
AuthManagerSpecialPage\getAuthFormDescriptor
getAuthFormDescriptor( $requests, $action)
Generates a HTMLForm descriptor array from a set of authentication requests.
Definition AuthManagerSpecialPage.php:514
AuthManagerSpecialPage\onAuthChangeFormFields
onAuthChangeFormFields(array $requests, array $fieldInfo, array &$formDescriptor, $action)
Change the form descriptor that determines how a field will look in the authentication form.
Definition AuthManagerSpecialPage.php:53
AuthManagerSpecialPage\getPreservedParams
getPreservedParams( $withToken=false)
Returns URL query parameters which can be used to reload the page (or leave and return) while preserv...
Definition AuthManagerSpecialPage.php:497
AuthManagerSpecialPage\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
Definition AuthManagerSpecialPage.php:634
AuthManagerSpecialPage\$allowedActions
static string[] $allowedActions
The list of actions this special page deals with.
Definition AuthManagerSpecialPage.php:17
ContextSource\getRequest
getRequest()
Get the WebRequest object.
Definition ContextSource.php:77
DerivativeContext
An IContextSource implementation which will inherit context from another source but allow individual ...
Definition DerivativeContext.php:31
DerivativeRequest
Similar to FauxRequest, but only fakes URL parameters and method (POST or GET) and use the base reque...
Definition DerivativeRequest.php:34
ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition ErrorPageError.php:27
HTMLForm\$typeMappings
static $typeMappings
Definition HTMLForm.php:130
HTMLForm\factory
static factory( $displayFormat)
Construct a HTMLForm object for given display type.
Definition HTMLForm.php:275
MWCryptRand\generateHex
static generateHex( $chars, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in hexadecimal string format.
Definition MWCryptRand.php:76
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:81
MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition AuthenticationRequest.php:37
MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition AuthenticationResponse.php:37
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition LoggerFactory.php:46
MediaWiki\Session\Token
Value object representing a CSRF token.
Definition Token.php:32
RawMessage
Variant of the Message class.
Definition Message.php:1260
SpecialPage
Parent class for all special pages.
Definition SpecialPage.php:36
SpecialPage\getName
getName()
Get the name of this Special Page.
Definition SpecialPage.php:150
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:675
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:685
SpecialPage\getTitleFor
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
Definition SpecialPage.php:82
SpecialPage\getContext
getContext()
Gets the context this SpecialPage is executed in.
Definition SpecialPage.php:648
SpecialPage\getPageTitle
getPageTitle( $subpage=false)
Get a self-referential title object.
Definition SpecialPage.php:628
SpecialPage\getFullTitle
getFullTitle()
Return the full title, including $par.
Definition SpecialPage.php:724
StatusValue
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition StatusValue.php:42
Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:40
WebRequest
The WebRequest class encapsulates getting at data passed in the URL or via a POSTed form stripping il...
Definition WebRequest.php:38
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition distributors.txt:22
PROTO_HTTPS
const PROTO_HTTPS
Definition Defines.php:224
$req
this hook is for auditing only $req
Definition hooks.txt:1010
$status
this hook is for auditing only RecentChangesLinked and Watchlist RecentChangesLinked and Watchlist e g Watchlist removed from all revisions and log entries to which it was applied This gives extensions a chance to take it off their books as the deletion has already been partly carried out by this point or something similar the user will be unable to create the tag set $status
Definition hooks.txt:1049
array
the array() calling protocol came about after MediaWiki 1.4rc1.
$type
namespace are movable Hooks may change this value to override the return value of MWNamespace::isMovable(). 'NewDifferenceEngine' do that in ParserLimitReportFormat instead use this to modify the parameters of the image and a DIV can begin in one section and end in another Make sure your code can handle that case gracefully See the EditSectionClearerLink extension for an example zero but section is usually empty its values are the globals values before the output is cached one of or reset my talk my contributions etc etc otherwise the built in rate limiting checks are if enabled allows for interception of redirect as a string mapping parameter names to values & $type
Definition hooks.txt:2568
$title
namespace and then decline to actually register it file or subcat img or subcat $title
Definition hooks.txt:986
wfMessage
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt;div ...>$1&lt;/div>"). - flags Integer display flags(NO_ACTION_LINK, NO_EXTRA_USER_LINKS) 'LogException':Called before an exception(or PHP error) is logged. This is meant for integration with external error aggregation services
$request
error also a ContextSource you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2685
$requests
Allows to change the fields on the form that will be generated are created Can be used to omit specific feeds from being outputted You must not use this hook to add use OutputPage::addFeedLink() instead. & $feedLinks hooks can tweak the array to change how login etc forms should look $requests
Definition hooks.txt:306
$response
this hook is for auditing only $response
Definition hooks.txt:805
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37
$context
$context
Definition load.php:50
$params
$params
Definition styleTest.css.php:40