MediaWiki REL1_37
ApiRemoveAuthenticationData.php
Go to the documentation of this file.
1<?php
25
32
33 private $authAction;
34 private $operation;
35
37 private $authManager;
38
44 public function __construct(
45 ApiMain $main,
46 $action,
48 ) {
49 parent::__construct( $main, $action );
50
51 $this->authAction = $action === 'unlinkaccount'
52 ? AuthManager::ACTION_UNLINK
53 : AuthManager::ACTION_REMOVE;
54 $this->operation = $action === 'unlinkaccount'
55 ? 'UnlinkAccount'
56 : 'RemoveCredentials';
57
58 $this->authManager = $authManager;
59 }
60
61 public function execute() {
62 if ( !$this->getUser()->isRegistered() ) {
63 $this->dieWithError( 'apierror-mustbeloggedin-removeauth', 'notloggedin' );
64 }
65
66 $params = $this->extractRequestParams();
67
68 // Check security-sensitive operation status
69 ApiAuthManagerHelper::newForModule( $this, $this->authManager )
70 ->securitySensitiveOperation( $this->operation );
71
72 // Fetch the request. No need to load from the request, so don't use
73 // ApiAuthManagerHelper's method.
74 $remove = $this->authAction === AuthManager::ACTION_REMOVE
75 ? array_fill_keys( $this->getConfig()->get( 'RemoveCredentialsBlacklist' ), true )
76 : [];
77 $reqs = array_filter(
78 $this->authManager->getAuthenticationRequests( $this->authAction, $this->getUser() ),
79 static function ( AuthenticationRequest $req ) use ( $params, $remove ) {
80 return $req->getUniqueId() === $params['request'] &&
81 !isset( $remove[get_class( $req )] );
82 }
83 );
84 if ( count( $reqs ) !== 1 ) {
85 $this->dieWithError( 'apierror-changeauth-norequest', 'badrequest' );
86 }
87 $req = reset( $reqs );
88
89 // Perform the removal
90 $status = $this->authManager->allowsAuthenticationDataChange( $req, true );
91 $this->getHookRunner()->onChangeAuthenticationDataAudit( $req, $status );
92 if ( !$status->isGood() ) {
93 $this->dieStatus( $status );
94 }
95 $this->authManager->changeAuthenticationData( $req );
96
97 $this->getResult()->addValue( null, $this->getModuleName(), [ 'status' => 'success' ] );
98 }
99
100 public function isWriteMode() {
101 return true;
102 }
103
104 public function needsToken() {
105 return 'csrf';
106 }
107
108 public function getAllowedParams() {
109 return ApiAuthManagerHelper::getStandardParams( $this->authAction,
110 'request'
111 );
112 }
113
114 protected function getExamplesMessages() {
115 $path = $this->getModulePath();
116 $action = $this->getModuleName();
117 return [
118 "action={$action}&request=FooAuthenticationRequest&token=123ABC"
119 => "apihelp-{$path}-example-simple",
120 ];
121 }
122
123 public function getHelpUrls() {
124 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Manage_authentication_data';
125 }
126}
static newForModule(ApiBase $module, AuthManager $authManager=null)
Static version of the constructor, for chaining.
static getStandardParams( $action,... $wantedParams)
Fetch the standard parameters this helper recognizes.
This abstract class implements many basic API functions, and is the base of all API classes.
Definition ApiBase.php:55
dieWithError( $msg, $code=null, $data=null, $httpCode=0)
Abort execution with an error.
Definition ApiBase.php:1436
getResult()
Get the result object.
Definition ApiBase.php:628
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition ApiBase.php:764
getModulePath()
Get the path to this module.
Definition ApiBase.php:572
getModuleName()
Get the name of the module being executed by this instance.
Definition ApiBase.php:497
dieStatus(StatusValue $status)
Throw an ApiUsageException based on the Status object.
Definition ApiBase.php:1495
getHookRunner()
Get an ApiHookRunner for running core API hooks.
Definition ApiBase.php:710
This is the main API class, used for both external and internal processing.
Definition ApiMain.php:49
Remove authentication data from AuthManager.
__construct(ApiMain $main, $action, AuthManager $authManager)
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
isWriteMode()
Indicates whether this module requires write mode.
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
getHelpUrls()
Return links to more detailed help pages about the module.
getExamplesMessages()
Returns usage examples for this module.
needsToken()
Returns the token type this module requires in order to execute.
This serves as the entry point to the authentication system.
This is a value object for authentication requests.
getUniqueId()
Supply a unique key for deduplication.