65 parent::__construct(
'BotPasswords',
'editmyprivateinfo' );
66 $this->logger = LoggerFactory::getInstance(
'authentication' );
76 return $this->
getConfig()->get(
'EnableBotPasswords' );
93 if ( strlen(
$par ) === 0 ) {
95 } elseif ( strlen(
$par ) > BotPassword::APPID_MAXLENGTH ) {
96 throw new ErrorPageError(
'botpasswords',
'botpasswords-bad-appid',
97 [ htmlspecialchars(
$par ) ] );
100 parent::execute(
$par );
104 parent::checkExecutePermissions( $user );
106 if ( !$this->
getConfig()->
get(
'EnableBotPasswords' ) ) {
107 throw new ErrorPageError(
'botpasswords',
'botpasswords-disabled' );
110 $this->userId = $this->centralIdLookup->centralIdFromLocalUser( $this->
getUser() );
111 if ( !$this->userId ) {
112 throw new ErrorPageError(
'botpasswords',
'botpasswords-no-central-id' );
119 if ( $this->par !==
null ) {
120 $this->botPassword = BotPassword::newFromCentralId( $this->userId, $this->par );
121 if ( !$this->botPassword ) {
122 $this->botPassword = BotPassword::newUnsaved( [
123 'centralId' => $this->userId,
124 'appId' => $this->par,
128 $sep = BotPassword::getSeparator();
131 'label-message' =>
'username',
135 if ( $this->botPassword->isSaved() ) {
136 $fields[
'resetPassword'] = [
138 'label-message' =>
'botpasswords-label-resetpassword',
140 if ( $this->botPassword->isInvalid() ) {
141 $fields[
'resetPassword'][
'default'] =
true;
147 $grantLinks = array_map( [ MWGrants::class,
'getGrantsLink' ], $showGrants );
149 $fields[
'grants'] = [
150 'type' =>
'checkmatrix',
151 'label-message' =>
'botpasswords-label-grants',
152 'help-message' =>
'botpasswords-help-grants',
154 $this->
msg(
'botpasswords-label-grants-column' )->escaped() =>
'grant'
156 'rows' => array_combine(
160 'default' => array_map(
161 static function ( $g ) {
164 $this->botPassword->getGrants()
166 'tooltips' => array_combine(
169 static function ( $rights ) use (
$lang ) {
170 return $lang->semicolonList( array_map( [ User::class,
'getRightDescription' ], $rights ) );
173 array_fill_keys( $showGrants,
true ) )
176 'force-options-on' => array_map(
177 static function ( $g ) {
184 $fields[
'restrictions'] = [
185 'class' => HTMLRestrictionsField::class,
187 'default' => $this->botPassword->getRestrictions(),
196 [
'bp_app_id',
'bp_password' ],
197 [
'bp_user' => $this->userId ],
200 foreach (
$res as $row ) {
202 $password = $this->passwordFactory->newFromCiphertext( $row->bp_password );
206 $passwordInvalid =
true;
213 if ( $passwordInvalid ) {
214 $text .= $this->
msg(
'word-separator' )->escaped()
215 . $this->
msg(
'botpasswords-label-needsreset' )->parse();
219 'section' =>
'existing',
227 'section' =>
'createnew',
228 'type' =>
'textwithbutton',
229 'label-message' =>
'botpasswords-label-appid',
230 'buttondefault' => $this->
msg(
'botpasswords-label-create' )->text(),
231 'buttonflags' => [
'progressive',
'primary' ],
233 'size' => BotPassword::APPID_MAXLENGTH,
234 'maxlength' => BotPassword::APPID_MAXLENGTH,
235 'validation-callback' =>
static function ( $v ) {
237 return $v !==
'' && strlen( $v ) <= BotPassword::APPID_MAXLENGTH;
252 $form->
setId(
'mw-botpasswords-form' );
254 $form->
addPreText( $this->
msg(
'botpasswords-summary' )->parseAsBlock() );
257 if ( $this->par !==
null ) {
258 if ( $this->botPassword->isSaved() ) {
263 'label-message' =>
'botpasswords-label-update',
264 'flags' => [
'primary',
'progressive' ],
269 'label-message' =>
'botpasswords-label-delete',
270 'flags' => [
'destructive' ],
277 'label-message' =>
'botpasswords-label-create',
278 'flags' => [
'primary',
'progressive' ],
285 'label-message' =>
'botpasswords-label-cancel'
291 $op = $this->
getRequest()->getVal(
'op',
'' );
299 $this->operation =
'insert';
300 return $this->
save( $data );
303 $this->operation =
'update';
304 return $this->
save( $data );
307 $this->operation =
'delete';
308 $bp = BotPassword::newFromCentralId( $this->userId, $this->par );
312 "Bot password {op} for {user}@{app_id}",
314 'app_id' => $this->par,
316 'centralId' => $this->userId,
322 return Status::newGood();
332 private function save( array $data ) {
333 $bp = BotPassword::newUnsaved( [
334 'centralId' => $this->userId,
335 'appId' => $this->par,
336 'restrictions' => $data[
'restrictions'],
337 'grants' => array_merge(
341 preg_replace(
'/^grant-/',
'', $data[
'grants'] )
345 if ( $bp ===
null ) {
347 return Status::newFatal(
"botpasswords-{$this->operation}-failed", $this->par );
350 if ( $this->operation ===
'insert' || !empty( $data[
'resetPassword'] ) ) {
351 $this->password = BotPassword::generatePassword( $this->
getConfig() );
352 $password = $this->passwordFactory->newFromPlaintext( $this->password );
362 'Bot password {op} for {user}@{app_id} ' . (
$success ?
'succeeded' :
'failed' ),
364 'op' => $this->operation,
365 'user' => $this->
getUser()->getName(),
368 'restrictions' => $data[
'restrictions'],
369 'grants' => $bp->getGrants(),
381 $username = $this->
getUser()->getName();
382 switch ( $this->operation ) {
384 $out->setPageTitle( $this->
msg(
'botpasswords-created-title' )->text() );
385 $out->addWikiMsg(
'botpasswords-created-body', $this->par, $username );
389 $out->setPageTitle( $this->
msg(
'botpasswords-updated-title' )->text() );
390 $out->addWikiMsg(
'botpasswords-updated-body', $this->par, $username );
394 $out->setPageTitle( $this->
msg(
'botpasswords-deleted-title' )->text() );
395 $out->addWikiMsg(
'botpasswords-deleted-body', $this->par, $username );
396 $this->password =
null;
400 if ( $this->password !==
null ) {
401 $sep = BotPassword::getSeparator();
403 'botpasswords-newpassword',
404 htmlspecialchars( $username . $sep . $this->par ),
405 htmlspecialchars( $this->password ),
406 htmlspecialchars( $username ),
407 htmlspecialchars( $this->par . $sep . $this->password )
409 $this->password =
null;
Utility class for bot passwords.
The CentralIdLookup service allows for connecting local users with cluster-wide IDs.
An error page which can definitely be safely rendered using the OutputPage.
Special page which uses an HTMLForm to handle processing.
string null $par
The sub-page of the special page.
Represents an invalid password hash.
static getHiddenGrants()
Get the list of grants that are hidden and should always be granted.
static getRightsByGrant()
Map all grants to corresponding user rights.
static getValidGrants()
List all known grants.
Show an error when any operation involving passwords fails to run.
Factory class for creating and checking Password objects.
Let users manage bot passwords.
string $password
New password set, for communication between onSubmit() and onSuccess()
BotPassword null $botPassword
Bot password being edited, if any.
onSuccess()
Do something exciting on successful processing of the form, most likely to show a confirmation messag...
alterForm(HTMLForm $form)
Play with the HTMLForm if you need to more substantially.
execute( $par)
Main execution point.
__construct(PasswordFactory $passwordFactory, AuthManager $authManager, CentralIdLookup $centralIdLookup)
getFormFields()
Get an HTMLForm descriptor array.
onSubmit(array $data)
Process the form on POST submission.
checkExecutePermissions(User $user)
Called from execute() to check if the given user can perform this action.
getDisplayFormat()
Get display format for the form.
CentralIdLookup $centralIdLookup
getLoginSecurityLevel()
Tells if the special page does something security-sensitive and needs extra defense against a stolen ...
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
int $userId
Central user ID.
PasswordFactory $passwordFactory
string $operation
Operation being performed: create, update, delete.
Psr Log LoggerInterface $logger
getName()
Get the name of this Special Page.
getOutput()
Get the OutputPage being used for this instance.
requireLogin( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin')
If the user is not logged in, throws UserNotLoggedIn error.
getUser()
Shortcut to get the User executing this instance.
AuthManager null $authManager
LinkRenderer null $linkRenderer
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getConfig()
Shortcut to get main config object.
getRequest()
Get the WebRequest being used for this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getPageTitle( $subpage=false)
Get a self-referential title object.
getLanguage()
Shortcut to get user's language.
addHelpLink( $to, $overrideBaseUrl=false)
Adds help link with an icon via page indicators.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
if(!isset( $args[0])) $lang