MediaWiki  master
ConfirmLinkSecondaryAuthenticationProvider.php
Go to the documentation of this file.
1 <?php
2 
3 namespace MediaWiki\Auth;
4 
5 use User;
6 
18 class ConfirmLinkSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {
19 
20  public function getAuthenticationRequests( $action, array $options ) {
21  return [];
22  }
23 
24  public function beginSecondaryAuthentication( $user, array $reqs ) {
25  return $this->beginLinkAttempt( $user, 'AuthManager::authnState' );
26  }
27 
28  public function continueSecondaryAuthentication( $user, array $reqs ) {
29  return $this->continueLinkAttempt( $user, 'AuthManager::authnState', $reqs );
30  }
31 
32  public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {
33  return $this->beginLinkAttempt( $user, 'AuthManager::accountCreationState' );
34  }
35 
36  public function continueSecondaryAccountCreation( $user, $creator, array $reqs ) {
37  return $this->continueLinkAttempt( $user, 'AuthManager::accountCreationState', $reqs );
38  }
39 
46  protected function beginLinkAttempt( $user, $key ) {
47  $session = $this->manager->getRequest()->getSession();
48  $state = $session->getSecret( $key );
49  if ( !is_array( $state ) ) {
50  return AuthenticationResponse::newAbstain();
51  }
52 
53  $maybeLink = array_filter( $state['maybeLink'], function ( $req ) use ( $user ) {
54  if ( !$req->action ) {
55  $req->action = AuthManager::ACTION_CHANGE;
56  }
57  $req->username = $user->getName();
58  return $this->manager->allowsAuthenticationDataChange( $req )->isGood();
59  } );
60  if ( !$maybeLink ) {
61  return AuthenticationResponse::newAbstain();
62  }
63 
64  $req = new ConfirmLinkAuthenticationRequest( $maybeLink );
65  return AuthenticationResponse::newUI(
66  [ $req ],
67  wfMessage( 'authprovider-confirmlink-message' ),
68  'warning'
69  );
70  }
71 
79  protected function continueLinkAttempt( $user, $key, array $reqs ) {
80  $req = ButtonAuthenticationRequest::getRequestByName( $reqs, 'linkOk' );
81  if ( $req ) {
82  return AuthenticationResponse::newPass();
83  }
84 
85  $req = AuthenticationRequest::getRequestByClass( $reqs, ConfirmLinkAuthenticationRequest::class );
86  if ( !$req ) {
87  // WTF? Retry.
88  return $this->beginLinkAttempt( $user, $key );
89  }
90 
91  $session = $this->manager->getRequest()->getSession();
92  $state = $session->getSecret( $key );
93  if ( !is_array( $state ) ) {
94  return AuthenticationResponse::newAbstain();
95  }
96 
97  $maybeLink = [];
98  foreach ( $state['maybeLink'] as $linkReq ) {
99  $maybeLink[$linkReq->getUniqueId()] = $linkReq;
100  }
101  if ( !$maybeLink ) {
102  return AuthenticationResponse::newAbstain();
103  }
104 
105  $state['maybeLink'] = [];
106  $session->setSecret( $key, $state );
107 
108  $statuses = [];
109  $anyFailed = false;
110  foreach ( $req->confirmedLinkIDs as $id ) {
111  if ( isset( $maybeLink[$id] ) ) {
112  $req = $maybeLink[$id];
113  $req->username = $user->getName();
114  if ( !$req->action ) {
115  // Make sure the action is set, but don't override it if
116  // the provider filled it in.
117  $req->action = AuthManager::ACTION_CHANGE;
118  }
119  $status = $this->manager->allowsAuthenticationDataChange( $req );
120  $statuses[] = [ $req, $status ];
121  if ( $status->isGood() ) {
122  // We're not changing credentials, just adding a new link
123  // to an already-known user.
124  $this->manager->changeAuthenticationData( $req, /* $isAddition */ true );
125  } else {
126  $anyFailed = true;
127  }
128  }
129  }
130  if ( !$anyFailed ) {
131  return AuthenticationResponse::newPass();
132  }
133 
134  $combinedStatus = \Status::newGood();
135  foreach ( $statuses as $data ) {
136  [ $req, $status ] = $data;
137  $descriptionInfo = $req->describeCredentials();
138  $description = wfMessage(
139  'authprovider-confirmlink-option',
140  $descriptionInfo['provider']->text(), $descriptionInfo['account']->text()
141  )->text();
142  if ( $status->isGood() ) {
143  $combinedStatus->error( wfMessage( 'authprovider-confirmlink-success-line', $description ) );
144  } else {
145  $combinedStatus->error( wfMessage(
146  'authprovider-confirmlink-failed-line', $description, $status->getMessage()->text()
147  ) );
148  }
149  }
150  return AuthenticationResponse::newUI(
151  [
152  new ButtonAuthenticationRequest(
153  'linkOk', wfMessage( 'ok' ), wfMessage( 'authprovider-confirmlink-ok-help' )
154  )
155  ],
156  $combinedStatus->getMessage( 'authprovider-confirmlink-failed' ),
157  'error'
158  );
159  }
160 }
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition: GlobalFunctions.php:893
MediaWiki\Auth\AbstractSecondaryAuthenticationProvider
A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider.
Definition: AbstractSecondaryAuthenticationProvider.php:33
MediaWiki\Auth\AuthManager\ACTION_CHANGE
const ACTION_CHANGE
Change a user's credentials.
Definition: AuthManager.php:126
MediaWiki\Auth\AuthenticationRequest\getRequestByClass
static getRequestByClass(array $reqs, $class, $allowSubclasses=false)
Select a request by class name.
Definition: AuthenticationRequest.php:275
MediaWiki\Auth\AuthenticationResponse\newUI
static newUI(array $reqs, Message $msg, $msgtype='warning')
Definition: AuthenticationResponse.php:195
MediaWiki\Auth\ButtonAuthenticationRequest
This is an authentication request that just implements a simple button.
Definition: ButtonAuthenticationRequest.php:33
MediaWiki\Auth\ButtonAuthenticationRequest\getRequestByName
static getRequestByName(array $reqs, $name)
Fetch a ButtonAuthenticationRequest or subclass by name.
Definition: ButtonAuthenticationRequest.php:86
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueSecondaryAccountCreation
continueSecondaryAccountCreation( $user, $creator, array $reqs)
Continue an authentication flow.User being created (has been added to the database)....
Definition: ConfirmLinkSecondaryAuthenticationProvider.php:36
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\beginSecondaryAuthentication
beginSecondaryAuthentication( $user, array $reqs)
Start an authentication flow.
Definition: ConfirmLinkSecondaryAuthenticationProvider.php:24
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueSecondaryAuthentication
continueSecondaryAuthentication( $user, array $reqs)
Continue an authentication flow.User being authenticated. This may become a "UserValue" in the future...
Definition: ConfirmLinkSecondaryAuthenticationProvider.php:28
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\getAuthenticationRequests
getAuthenticationRequests( $action, array $options)
Return the applicable list of AuthenticationRequests.
Definition: ConfirmLinkSecondaryAuthenticationProvider.php:20
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueLinkAttempt
continueLinkAttempt( $user, $key, array $reqs)
Continue the link attempt.
Definition: ConfirmLinkSecondaryAuthenticationProvider.php:79
MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\beginSecondaryAccountCreation
beginSecondaryAccountCreation( $user, $creator, array $reqs)
Start an account creation flow.
Definition: ConfirmLinkSecondaryAuthenticationProvider.php:32
StatusValue\newGood
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:85
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:71