MediaWiki master
ConfirmLinkSecondaryAuthenticationProvider.php
Go to the documentation of this file.
1<?php
2
3namespace MediaWiki\Auth;
4
5use MediaWiki\User\User;
6
18class ConfirmLinkSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {
19
21 public function getAuthenticationRequests( $action, array $options ) {
22 return [];
23 }
24
26 public function beginSecondaryAuthentication( $user, array $reqs ) {
27 return $this->beginLinkAttempt( $user, AuthManager::AUTHN_STATE );
28 }
29
31 public function continueSecondaryAuthentication( $user, array $reqs ) {
32 return $this->continueLinkAttempt( $user, AuthManager::AUTHN_STATE, $reqs );
33 }
34
36 public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {
37 return $this->beginLinkAttempt( $user, AuthManager::ACCOUNT_CREATION_STATE );
38 }
39
41 public function continueSecondaryAccountCreation( $user, $creator, array $reqs ) {
42 return $this->continueLinkAttempt( $user, AuthManager::ACCOUNT_CREATION_STATE, $reqs );
43 }
44
51 protected function beginLinkAttempt( $user, $key ) {
52 $session = $this->manager->getRequest()->getSession();
53 $state = $session->getSecret( $key );
54 if ( !is_array( $state ) ) {
55 return AuthenticationResponse::newAbstain();
56 }
57
58 $maybeLink = array_filter( $state['maybeLink'], function ( $req ) use ( $user ) {
59 if ( !$req->action ) {
60 $req->action = AuthManager::ACTION_CHANGE;
61 }
62 $req->username = $user->getName();
63 return $this->manager->allowsAuthenticationDataChange( $req )->isGood();
64 } );
65 if ( !$maybeLink ) {
66 return AuthenticationResponse::newAbstain();
67 }
68
69 $req = new ConfirmLinkAuthenticationRequest( $maybeLink );
70 return AuthenticationResponse::newUI(
71 [ $req ],
72 wfMessage( 'authprovider-confirmlink-message' ),
73 'warning'
74 );
75 }
76
84 protected function continueLinkAttempt( $user, $key, array $reqs ) {
85 $req = ButtonAuthenticationRequest::getRequestByName( $reqs, 'linkOk' );
86 if ( $req ) {
87 return AuthenticationResponse::newPass();
88 }
89
90 $req = AuthenticationRequest::getRequestByClass( $reqs, ConfirmLinkAuthenticationRequest::class );
91 if ( !$req ) {
92 // WTF? Retry.
93 return $this->beginLinkAttempt( $user, $key );
94 }
95
96 $session = $this->manager->getRequest()->getSession();
97 $state = $session->getSecret( $key );
98 if ( !is_array( $state ) ) {
99 return AuthenticationResponse::newAbstain();
100 }
101
102 $maybeLink = [];
103 foreach ( $state['maybeLink'] as $linkReq ) {
104 $maybeLink[$linkReq->getUniqueId()] = $linkReq;
105 }
106 if ( !$maybeLink ) {
107 return AuthenticationResponse::newAbstain();
108 }
109
110 $state['maybeLink'] = [];
111 $session->setSecret( $key, $state );
112
113 $statuses = [];
114 $anyFailed = false;
115 foreach ( $req->confirmedLinkIDs as $id ) {
116 if ( isset( $maybeLink[$id] ) ) {
117 $req = $maybeLink[$id];
118 $req->username = $user->getName();
119 if ( !$req->action ) {
120 // Make sure the action is set, but don't override it if
121 // the provider filled it in.
122 $req->action = AuthManager::ACTION_CHANGE;
123 }
124 $status = $this->manager->allowsAuthenticationDataChange( $req );
125 $statuses[] = [ $req, $status ];
126 if ( $status->isGood() ) {
127 // We're not changing credentials, just adding a new link
128 // to an already-known user.
129 $this->manager->changeAuthenticationData( $req, /* $isAddition */ true );
130 } else {
131 $anyFailed = true;
132 }
133 }
134 }
135 if ( !$anyFailed ) {
136 return AuthenticationResponse::newPass();
137 }
138
139 $combinedStatus = \MediaWiki\Status\Status::newGood();
140 foreach ( $statuses as [ $req, $status ] ) {
141 $descriptionInfo = $req->describeCredentials();
142 $description = wfMessage(
143 'authprovider-confirmlink-option',
144 $descriptionInfo['provider']->text(), $descriptionInfo['account']->text()
145 )->text();
146 if ( $status->isGood() ) {
147 $combinedStatus->error( wfMessage( 'authprovider-confirmlink-success-line', $description ) );
148 } else {
149 $combinedStatus->error( wfMessage(
150 'authprovider-confirmlink-failed-line', $description, $status->getMessage()->text()
151 ) );
152 }
153 }
154 return AuthenticationResponse::newUI(
155 [
156 new ButtonAuthenticationRequest(
157 'linkOk', wfMessage( 'ok' ), wfMessage( 'authprovider-confirmlink-ok-help' )
158 )
159 ],
160 $combinedStatus->getMessage( 'authprovider-confirmlink-failed' ),
161 'error'
162 );
163 }
164}
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:821
MediaWiki\Auth\AbstractSecondaryAuthenticationProvider
A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider.
Definition AbstractSecondaryAuthenticationProvider.php:18
MediaWiki\Auth\AuthManager\ACTION_CHANGE
const ACTION_CHANGE
Change a user's credentials.
Definition AuthManager.php:154
MediaWiki\Auth\AuthenticationRequest\getRequestByClass
static getRequestByClass(array $reqs, $class, $allowSubclasses=false)
Select a request by class name.
Definition AuthenticationRequest.php:287
MediaWiki\Auth\AuthenticationResponse\newUI
static newUI(array $reqs, Message $msg, $msgtype='warning')
Definition AuthenticationResponse.php:179
MediaWiki\Auth\ButtonAuthenticationRequest
An authentication request that implements a single button.
Definition ButtonAuthenticationRequest.php:27
MediaWiki\Auth\ButtonAuthenticationRequest\getRequestByName
static getRequestByName(array $reqs, $name)
Fetch a ButtonAuthenticationRequest or subclass by name.
Definition ButtonAuthenticationRequest.php:77
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueSecondaryAccountCreation
continueSecondaryAccountCreation( $user, $creator, array $reqs)
Continue an authentication flow.AuthenticationResponse Expected responses:PASS: The user creation is ...
Definition ConfirmLinkSecondaryAuthenticationProvider.php:41
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\beginSecondaryAuthentication
beginSecondaryAuthentication( $user, array $reqs)
Start an authentication flow.Note that this may be called for a user even if beginSecondaryAccountCre...
Definition ConfirmLinkSecondaryAuthenticationProvider.php:26
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueSecondaryAuthentication
continueSecondaryAuthentication( $user, array $reqs)
Continue an authentication flow.AuthenticationResponse Expected responses:PASS: The user is authentic...
Definition ConfirmLinkSecondaryAuthenticationProvider.php:31
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\getAuthenticationRequests
getAuthenticationRequests( $action, array $options)
Return the applicable list of AuthenticationRequests.Possible values for $action depend on whether th...
Definition ConfirmLinkSecondaryAuthenticationProvider.php:21
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\beginSecondaryAccountCreation
beginSecondaryAccountCreation( $user, $creator, array $reqs)
Start an account creation flow.There is no guarantee this will be called in a successful account crea...
Definition ConfirmLinkSecondaryAuthenticationProvider.php:36
MediaWiki\User\User
User class for the MediaWiki software.
Definition User.php:130