MediaWiki  master
ApiRemoveAuthenticationData.php
Go to the documentation of this file.
1 <?php
26 
33 
34  private $authAction;
35  private $operation;
36 
38  private $authManager;
39 
45  public function __construct(
46  ApiMain $main,
47  $action,
49  ) {
50  parent::__construct( $main, $action );
51 
52  $this->authAction = $action === 'unlinkaccount'
53  ? AuthManager::ACTION_UNLINK
54  : AuthManager::ACTION_REMOVE;
55  $this->operation = $action === 'unlinkaccount'
56  ? 'UnlinkAccount'
57  : 'RemoveCredentials';
58 
59  $this->authManager = $authManager;
60  }
61 
62  public function execute() {
63  if ( !$this->getUser()->isRegistered() ) {
64  $this->dieWithError( 'apierror-mustbeloggedin-removeauth', 'notloggedin' );
65  }
66 
67  $params = $this->extractRequestParams();
68 
69  // Check security-sensitive operation status
70  ApiAuthManagerHelper::newForModule( $this, $this->authManager )
71  ->securitySensitiveOperation( $this->operation );
72 
73  // Fetch the request. No need to load from the request, so don't use
74  // ApiAuthManagerHelper's method.
75  $remove = $this->authAction === AuthManager::ACTION_REMOVE
76  ? array_fill_keys( $this->getConfig()->get(
77  MainConfigNames::RemoveCredentialsBlacklist ), true )
78  : [];
79  $reqs = array_filter(
80  $this->authManager->getAuthenticationRequests( $this->authAction, $this->getUser() ),
81  static function ( AuthenticationRequest $req ) use ( $params, $remove ) {
82  return $req->getUniqueId() === $params['request'] &&
83  !isset( $remove[get_class( $req )] );
84  }
85  );
86  if ( count( $reqs ) !== 1 ) {
87  $this->dieWithError( 'apierror-changeauth-norequest', 'badrequest' );
88  }
89  $req = reset( $reqs );
90 
91  // Perform the removal
92  $status = $this->authManager->allowsAuthenticationDataChange( $req, true );
93  $this->getHookRunner()->onChangeAuthenticationDataAudit( $req, $status );
94  if ( !$status->isGood() ) {
95  $this->dieStatus( $status );
96  }
97  $this->authManager->changeAuthenticationData( $req );
98 
99  $this->getResult()->addValue( null, $this->getModuleName(), [ 'status' => 'success' ] );
100  }
101 
102  public function isWriteMode() {
103  return true;
104  }
105 
106  public function needsToken() {
107  return 'csrf';
108  }
109 
110  public function getAllowedParams() {
111  return ApiAuthManagerHelper::getStandardParams( $this->authAction,
112  'request'
113  );
114  }
115 
116  protected function getExamplesMessages() {
117  $path = $this->getModulePath();
118  $action = $this->getModuleName();
119  return [
120  "action={$action}&request=FooAuthenticationRequest&token=123ABC"
121  => "apihelp-{$path}-example-simple",
122  ];
123  }
124 
125  public function getHelpUrls() {
126  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Manage_authentication_data';
127  }
128 }
static newForModule(ApiBase $module, AuthManager $authManager=null)
Static version of the constructor, for chaining.
static getStandardParams( $action,... $wantedParams)
Fetch the standard parameters this helper recognizes.
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:56
dieWithError( $msg, $code=null, $data=null, $httpCode=null)
Abort execution with an error.
Definition: ApiBase.php:1458
getResult()
Get the result object.
Definition: ApiBase.php:629
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:765
getModulePath()
Get the path to this module.
Definition: ApiBase.php:573
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:498
dieStatus(StatusValue $status)
Throw an ApiUsageException based on the Status object.
Definition: ApiBase.php:1521
getHookRunner()
Get an ApiHookRunner for running core API hooks.
Definition: ApiBase.php:711
This is the main API class, used for both external and internal processing.
Definition: ApiMain.php:52
Remove authentication data from AuthManager.
__construct(ApiMain $main, $action, AuthManager $authManager)
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
isWriteMode()
Indicates whether this module requires write mode.
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
getHelpUrls()
Return links to more detailed help pages about the module.
getExamplesMessages()
Returns usage examples for this module.
needsToken()
Returns the token type this module requires in order to execute.
This serves as the entry point to the authentication system.
This is a value object for authentication requests.
getUniqueId()
Supply a unique key for deduplication.
A class containing constants representing the names of configuration variables.