ResetPasswordSecondaryAuthenticationProvider.php

Go to the documentation of this file.

<?php
namespace MediaWiki\Auth;
 
class ResetPasswordSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {
 
    public function getAuthenticationRequests( $action, array $options ) {
        return [];
    }
 
    public function beginSecondaryAuthentication( $user, array $reqs ) {
        return $this->tryReset( $user, $reqs );
    }
 
    public function continueSecondaryAuthentication( $user, array $reqs ) {
        return $this->tryReset( $user, $reqs );
    }
 
    public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {
        return $this->tryReset( $user, $reqs );
    }
 
    public function continueSecondaryAccountCreation( $user, $creator, array $reqs ) {
        return $this->tryReset( $user, $reqs );
    }
 
    protected function tryReset( \User $user, array $reqs ) {
        $data = $this->manager->getAuthenticationSessionData( 'reset-pass' );
        if ( !$data ) {
            return AuthenticationResponse::newAbstain();
        }
 
        if ( is_array( $data ) ) {
            $data = (object)$data;
        }
        if ( !is_object( $data ) ) {
            throw new \UnexpectedValueException( 'reset-pass is not valid' );
        }
 
        if ( !isset( $data->msg ) ) {
            throw new \UnexpectedValueException( 'reset-pass msg is missing' );
        } elseif ( !$data->msg instanceof \Message ) {
            throw new \UnexpectedValueException( 'reset-pass msg is not valid' );
        } elseif ( !isset( $data->hard ) ) {
            throw new \UnexpectedValueException( 'reset-pass hard is missing' );
        } elseif ( isset( $data->req ) && (
            !$data->req instanceof PasswordAuthenticationRequest ||
            !array_key_exists( 'retype', $data->req->getFieldInfo() )
        ) ) {
            throw new \UnexpectedValueException( 'reset-pass req is not valid' );
        }
 
        if ( !$data->hard ) {
            $req = ButtonAuthenticationRequest::getRequestByName( $reqs, 'skipReset' );
            if ( $req ) {
                $this->manager->removeAuthenticationSessionData( 'reset-pass' );
                return AuthenticationResponse::newPass();
            }
        }
 
        $needReq = $data->req ?? new PasswordAuthenticationRequest();
        '@phan-var PasswordAuthenticationRequest $needReq';
        if ( !$needReq->action ) {
            $needReq->action = AuthManager::ACTION_CHANGE;
        }
        $needReq->required = $data->hard ? AuthenticationRequest::REQUIRED
            : AuthenticationRequest::OPTIONAL;
        $needReqs = [ $needReq ];
        if ( !$data->hard ) {
            $needReqs[] = new ButtonAuthenticationRequest(
                'skipReset',
                wfMessage( 'authprovider-resetpass-skip-label' ),
                wfMessage( 'authprovider-resetpass-skip-help' )
            );
        }
 
        $req = AuthenticationRequest::getRequestByClass( $reqs, get_class( $needReq ) );
        if ( !$req || !array_key_exists( 'retype', $req->getFieldInfo() ) ) {
            return AuthenticationResponse::newUI( $needReqs, $data->msg, 'warning' );
        }
 
        if ( $req->password !== $req->retype ) {
            return AuthenticationResponse::newUI( $needReqs, new \Message( 'badretype' ), 'error' );
        }
 
        $req->username = $user->getName();
        $status = $this->manager->allowsAuthenticationDataChange( $req );
        if ( !$status->isGood() ) {
            return AuthenticationResponse::newUI( $needReqs, $status->getMessage(), 'error' );
        }
        $this->manager->changeAuthenticationData( $req );
 
        $this->manager->removeAuthenticationSessionData( 'reset-pass' );
        return AuthenticationResponse::newPass();
    }
}