46 private $messageFormat;
55 $this->module = $module;
58 $this->messageFormat =
$params[
'messageformat'] ??
'wikitext';
59 $this->authManager = $authManager ?: MediaWikiServices::getInstance()->getAuthManager();
69 return new self( $module, $authManager );
78 private function formatMessage( array &$res, $key,
Message $message ) {
79 switch ( $this->messageFormat ) {
84 $res[$key] = $message->
setContext( $this->module )->text();
88 $res[$key] = $message->
setContext( $this->module )->parseAsBlock();
89 $res[$key] = Parser::stripOuterParagraph( $res[$key] );
95 'key' => $message->
getKey(),
98 ApiResult::setIndexedTagName(
$params,
'param' );
109 $status = $this->authManager->securitySensitiveOperationStatus( $operation );
111 case AuthManager::SEC_OK:
114 case AuthManager::SEC_REAUTH:
115 $this->module->dieWithError(
'apierror-reauthenticate' );
118 case AuthManager::SEC_FAIL:
119 $this->module->dieWithError(
'apierror-cannotreauthenticate' );
123 throw new UnexpectedValueException(
"Unknown status \"$status\"" );
135 $remove = array_fill_keys( $remove,
true );
136 $reqs = array_filter( $reqs,
static function ( $req ) use ( $remove ) {
137 return !isset( $remove[get_class( $req )] );
149 $params = $this->module->extractRequestParams();
151 $reqs = $this->authManager->getAuthenticationRequests( $action, $this->module->getUser() );
154 $wantedRequests =
null;
155 if ( isset(
$params[
'requests'] ) ) {
156 $wantedRequests = array_fill_keys(
$params[
'requests'],
true );
157 } elseif ( isset(
$params[
'request'] ) ) {
158 $wantedRequests = [
$params[
'request'] => true ];
160 if ( $wantedRequests !==
null ) {
161 $reqs = array_filter(
164 return isset( $wantedRequests[$req->
getUniqueId()] );
172 foreach ( $reqs as $req ) {
173 $info = (array)$req->getFieldInfo();
175 $sensitive += array_filter( $info,
static function ( $opts ) {
176 return !empty( $opts[
'sensitive'] );
182 $data = array_intersect_key( $this->module->getRequest()->getValues(), $fields );
183 $this->module->getMain()->markParamsUsed( array_keys( $data ) );
186 $this->module->getMain()->markParamsSensitive( array_keys( $sensitive ) );
187 $this->module->requirePostedParameters( array_keys( $sensitive ),
'noprefix' );
190 return AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
200 'status' => $res->status,
203 if ( $res->status === AuthenticationResponse::PASS && $res->username !==
null ) {
204 $ret[
'username'] = $res->username;
207 if ( $res->status === AuthenticationResponse::REDIRECT ) {
208 $ret[
'redirecttarget'] = $res->redirectTarget;
209 if ( $res->redirectApiData !==
null ) {
210 $ret[
'redirectdata'] = $res->redirectApiData;
214 if ( $res->status === AuthenticationResponse::REDIRECT ||
215 $res->status === AuthenticationResponse::UI ||
216 $res->status === AuthenticationResponse::RESTART
221 if ( $res->status === AuthenticationResponse::FAIL ||
222 $res->status === AuthenticationResponse::UI ||
223 $res->status === AuthenticationResponse::RESTART
225 $this->formatMessage( $ret,
'message', $res->message );
226 $ret[
'messagecode'] = ApiMessage::create( $res->message )->getApiCode();
229 if ( $res->status === AuthenticationResponse::FAIL ||
230 $res->status === AuthenticationResponse::RESTART
232 $this->module->getRequest()->getSession()->set(
233 'ApiAuthManagerHelper::createRequest',
236 $ret[
'canpreservestate'] = $res->createRequest !==
null;
238 $this->module->getRequest()->getSession()->remove(
'ApiAuthManagerHelper::createRequest' );
250 if ( !in_array( $result->status, [ AuthenticationResponse::PASS, AuthenticationResponse::FAIL ] ) ) {
255 LoggerFactory::getInstance(
'authevents' )->info(
"$module API attempt", [
257 'successful' => $result->status === AuthenticationResponse::PASS,
258 'status' => $result->message ? $result->message->getKey() :
'-',
268 $ret = $this->module->getRequest()->getSession()->get(
'ApiAuthManagerHelper::createRequest' );
279 $params = $this->module->extractRequestParams();
280 $mergeFields = !empty(
$params[
'mergerequestfields'] );
282 $ret = [
'requests' => [] ];
283 foreach ( $reqs as $req ) {
284 $describe = $req->describeCredentials();
286 'id' => $req->getUniqueId(),
287 'metadata' => $req->getMetadata() + [ ApiResult::META_TYPE =>
'assoc' ],
289 switch ( $req->required ) {
290 case AuthenticationRequest::OPTIONAL:
291 $reqInfo[
'required'] =
'optional';
293 case AuthenticationRequest::REQUIRED:
294 $reqInfo[
'required'] =
'required';
296 case AuthenticationRequest::PRIMARY_REQUIRED:
297 $reqInfo[
'required'] =
'primary-required';
300 $this->formatMessage( $reqInfo,
'provider', $describe[
'provider'] );
301 $this->formatMessage( $reqInfo,
'account', $describe[
'account'] );
302 if ( !$mergeFields ) {
303 $reqInfo[
'fields'] = $this->formatFields( (array)$req->getFieldInfo() );
305 $ret[
'requests'][] = $reqInfo;
308 if ( $mergeFields ) {
309 $fields = AuthenticationRequest::mergeFieldInfo( $reqs );
310 $ret[
'fields'] = $this->formatFields( $fields );
323 private function formatFields( array $fields ) {
329 $module = $this->module;
332 foreach ( $fields as $name => $field ) {
333 $ret = array_intersect_key( $field, $copy );
335 if ( isset( $field[
'options'] ) ) {
336 $ret[
'options'] = array_map(
static function ( $msg ) use ( $module ) {
337 return $msg->setContext( $module )->plain();
338 }, $field[
'options'] );
341 $this->formatMessage( $ret,
'label', $field[
'label'] );
342 $this->formatMessage( $ret,
'help', $field[
'help'] );
343 $ret[
'optional'] = !empty( $field[
'optional'] );
344 $ret[
'sensitive'] = !empty( $field[
'sensitive'] );
346 $retFields[$name] = $ret;
363 ParamValidator::PARAM_TYPE =>
'string',
364 ParamValidator::PARAM_ISMULTI =>
true,
365 ApiBase::PARAM_HELP_MSG => [
'api-help-authmanagerhelper-requests', $action ],
368 ParamValidator::PARAM_TYPE =>
'string',
369 ParamValidator::PARAM_REQUIRED =>
true,
370 ApiBase::PARAM_HELP_MSG => [
'api-help-authmanagerhelper-request', $action ],
373 ParamValidator::PARAM_DEFAULT =>
'wikitext',
374 ParamValidator::PARAM_TYPE => [
'html',
'wikitext',
'raw',
'none' ],
375 ApiBase::PARAM_HELP_MSG =>
'api-help-authmanagerhelper-messageformat',
377 'mergerequestfields' => [
378 ParamValidator::PARAM_DEFAULT =>
false,
379 ApiBase::PARAM_HELP_MSG =>
'api-help-authmanagerhelper-mergerequestfields',
382 ParamValidator::PARAM_DEFAULT =>
false,
383 ApiBase::PARAM_HELP_MSG =>
'api-help-authmanagerhelper-preservestate',
386 ParamValidator::PARAM_TYPE =>
'string',
387 ApiBase::PARAM_HELP_MSG =>
'api-help-authmanagerhelper-returnurl',
390 ParamValidator::PARAM_DEFAULT =>
false,
391 ApiBase::PARAM_HELP_MSG =>
'api-help-authmanagerhelper-continue',
396 foreach ( $wantedParams as $name ) {
397 if ( isset(
$params[$name] ) ) {
array $params
The job parameters.
Helper class for AuthManager-using API modules.
static newForModule(ApiBase $module, AuthManager $authManager=null)
Static version of the constructor, for chaining.
getPreservedRequest()
Fetch the preserved CreateFromLoginAuthenticationRequest, if any.
static getStandardParams( $action,... $wantedParams)
Fetch the standard parameters this helper recognizes.
static blacklistAuthenticationRequests(array $reqs, array $remove)
Filter out authentication requests by class name.
formatAuthenticationResponse(AuthenticationResponse $res)
Format an AuthenticationResponse for return.
__construct(ApiBase $module, AuthManager $authManager=null)
formatRequests(array $reqs)
Format an array of AuthenticationRequests for return.
securitySensitiveOperation( $operation)
Call $manager->securitySensitiveOperationStatus()
loadAuthenticationRequests( $action)
Fetch and load the AuthenticationRequests for an action.
logAuthenticationResult( $event, AuthenticationResponse $result)
Logs successful or failed authentication.
This abstract class implements many basic API functions, and is the base of all API classes.
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
getModuleName()
Get the name of the module being executed by this instance.
static setArrayType(array &$arr, $type, $kvpKeyName=null)
Set the array data type.