MediaWiki  master
SpecialChangeCredentials.php
Go to the documentation of this file.
1 <?php
2 
3 use MediaWiki\Auth\AuthenticationRequest;
4 use MediaWiki\Auth\AuthenticationResponse;
5 use MediaWiki\Auth\AuthManager;
6 use MediaWiki\Auth\PasswordAuthenticationRequest;
7 use MediaWiki\Html\Html;
8 use MediaWiki\MainConfigNames;
9 use MediaWiki\Session\SessionManager;
10 use MediaWiki\Title\Title;
11 
17 class SpecialChangeCredentials extends AuthManagerSpecialPage {
18  protected static $allowedActions = [ AuthManager::ACTION_CHANGE ];
19 
20  protected static $messagePrefix = 'changecredentials';
21 
23  protected static $loadUserData = true;
24 
28  public function __construct( AuthManager $authManager ) {
29  parent::__construct( 'ChangeCredentials', 'editmyprivateinfo' );
30  $this->setAuthManager( $authManager );
31  }
32 
33  protected function getGroupName() {
34  return 'users';
35  }
36 
37  public function isListed() {
38  $this->loadAuth( '' );
39  return (bool)$this->authRequests;
40  }
41 
42  public function doesWrites() {
43  return true;
44  }
45 
46  protected function getDefaultAction( $subPage ) {
47  return AuthManager::ACTION_CHANGE;
48  }
49 
50  protected function getPreservedParams( $withToken = false ) {
51  $request = $this->getRequest();
52  $params = parent::getPreservedParams( $withToken );
53  $params += [
54  'returnto' => $request->getVal( 'returnto' ),
55  'returntoquery' => $request->getVal( 'returntoquery' ),
56  ];
57  return $params;
58  }
59 
60  public function execute( $subPage ) {
61  $this->setHeaders();
62  $this->outputHeader();
63 
64  $this->loadAuth( $subPage );
65 
66  if ( !$subPage ) {
67  $this->showSubpageList();
68  return;
69  }
70 
71  if ( !$this->authRequests ) {
72  // messages used: changecredentials-invalidsubpage, removecredentials-invalidsubpage
73  $this->showSubpageList( $this->msg( static::$messagePrefix . '-invalidsubpage', $subPage ) );
74  return;
75  }
76 
77  $out = $this->getOutput();
78  $out->addModules( 'mediawiki.special.changecredentials' );
79  $out->addBacklinkSubtitle( $this->getPageTitle() );
80  $status = $this->trySubmit();
81 
82  if ( $status === false || !$status->isOK() ) {
83  $this->displayForm( $status );
84  return;
85  }
86 
87  $response = $status->getValue();
88 
89  switch ( $response->status ) {
90  case AuthenticationResponse::PASS:
91  $this->success();
92  break;
93  case AuthenticationResponse::FAIL:
94  $this->displayForm( Status::newFatal( $response->message ) );
95  break;
96  default:
97  throw new LogicException( 'invalid AuthenticationResponse' );
98  }
99  }
100 
101  protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
102  parent::loadAuth( $subPage, $authAction );
103  if ( $subPage ) {
104  $foundReqs = [];
105  foreach ( $this->authRequests as $req ) {
106  if ( $req->getUniqueId() === $subPage ) {
107  $foundReqs[] = $req;
108  }
109  }
110  if ( count( $foundReqs ) > 1 ) {
111  throw new LogicException( 'Multiple AuthenticationRequest objects with same ID!' );
112  }
113  $this->authRequests = $foundReqs;
114  }
115  }
116 
118  public function onAuthChangeFormFields(
119  array $requests, array $fieldInfo, array &$formDescriptor, $action
120  ) {
121  parent::onAuthChangeFormFields( $requests, $fieldInfo, $formDescriptor, $action );
122 
123  // Add some UI flair for password changes, the most common use case for this page.
124  if ( AuthenticationRequest::getRequestByClass( $this->authRequests,
125  PasswordAuthenticationRequest::class )
126  ) {
127  $formDescriptor = self::mergeDefaultFormDescriptor( $fieldInfo, $formDescriptor, [
128  'password' => [
129  'autocomplete' => 'new-password',
130  'placeholder-message' => 'createacct-yourpassword-ph',
131  'help-message' => 'createacct-useuniquepass',
132  ],
133  'retype' => [
134  'autocomplete' => 'new-password',
135  'placeholder-message' => 'createacct-yourpasswordagain-ph',
136  ],
137  // T263927 - the Chromium password form guide recommends always having a username field
138  'username' => [
139  'type' => 'text',
140  'baseField' => 'password',
141  'autocomplete' => 'username',
142  'nodata' => true,
143  'readonly' => true,
144  'cssclass' => 'mw-htmlform-hidden-field',
145  'label-message' => 'userlogin-yourname',
146  'placeholder-message' => 'userlogin-yourname-ph',
147  ],
148  ] );
149  }
150  }
151 
152  protected function getAuthFormDescriptor( $requests, $action ) {
153  if ( !static::$loadUserData ) {
154  return [];
155  } else {
156  $descriptor = parent::getAuthFormDescriptor( $requests, $action );
157 
158  $any = false;
159  foreach ( $descriptor as &$field ) {
160  if ( $field['type'] === 'password' && $field['name'] !== 'retype' ) {
161  $any = true;
162  if ( isset( $field['cssclass'] ) ) {
163  $field['cssclass'] .= ' mw-changecredentials-validate-password';
164  } else {
165  $field['cssclass'] = 'mw-changecredentials-validate-password';
166  }
167  }
168  }
169 
170  if ( $any ) {
171  $this->getOutput()->addModules( 'mediawiki.misc-authed-ooui' );
172  }
173 
174  return $descriptor;
175  }
176  }
177 
178  protected function getAuthForm( array $requests, $action ) {
179  $form = parent::getAuthForm( $requests, $action );
180  $req = reset( $requests );
181  $info = $req->describeCredentials();
182 
183  $form->addPreHtml(
184  Html::openElement( 'dl' )
185  . Html::element( 'dt', [], $this->msg( 'credentialsform-provider' )->text() )
186  . Html::element( 'dd', [], $info['provider']->text() )
187  . Html::element( 'dt', [], $this->msg( 'credentialsform-account' )->text() )
188  . Html::element( 'dd', [], $info['account']->text() )
189  . Html::closeElement( 'dl' )
190  );
191 
192  // messages used: changecredentials-submit removecredentials-submit
193  $form->setSubmitTextMsg( static::$messagePrefix . '-submit' );
194  $form->showCancel()->setCancelTarget( $this->getReturnUrl() ?: Title::newMainPage() );
195  $form->setSubmitID( 'change_credentials_submit' );
196  return $form;
197  }
198 
199  protected function needsSubmitButton( array $requests ) {
200  // Change/remove forms show are built from a single AuthenticationRequest and do not allow
201  // for redirect flow; they always need a submit button.
202  return true;
203  }
204 
205  public function handleFormSubmit( $data ) {
206  // remove requests do not accept user input
207  $requests = $this->authRequests;
208  if ( static::$loadUserData ) {
209  $requests = AuthenticationRequest::loadRequestsFromSubmission( $this->authRequests, $data );
210  }
211 
212  $response = $this->performAuthenticationStep( $this->authAction, $requests );
213 
214  // we can't handle FAIL or similar as failure here since it might require changing the form
215  return Status::newGood( $response );
216  }
217 
221  protected function showSubpageList( $error = null ) {
222  $out = $this->getOutput();
223 
224  if ( $error ) {
225  $out->addHTML( $error->parse() );
226  }
227 
228  $groupedRequests = [];
229  foreach ( $this->authRequests as $req ) {
230  $info = $req->describeCredentials();
231  $groupedRequests[$info['provider']->text()][] = $req;
232  }
233 
234  $linkRenderer = $this->getLinkRenderer();
235  $out->addHTML( Html::openElement( 'dl' ) );
236  foreach ( $groupedRequests as $group => $members ) {
237  $out->addHTML( Html::element( 'dt', [], $group ) );
238  foreach ( $members as $req ) {
240  $info = $req->describeCredentials();
241  $out->addHTML( Html::rawElement( 'dd', [],
242  $linkRenderer->makeLink(
243  $this->getPageTitle( $req->getUniqueId() ),
244  $info['account']->text()
245  )
246  ) );
247  }
248  }
249  $out->addHTML( Html::closeElement( 'dl' ) );
250  }
251 
252  protected function success() {
253  $session = $this->getRequest()->getSession();
254  $user = $this->getUser();
255  $out = $this->getOutput();
256  $returnUrl = $this->getReturnUrl();
257 
258  // change user token and update the session
259  SessionManager::singleton()->invalidateSessionsForUser( $user );
260  $session->setUser( $user );
261  $session->resetId();
262 
263  if ( $returnUrl ) {
264  $out->redirect( $returnUrl );
265  } else {
266  // messages used: changecredentials-success removecredentials-success
267  $out->addHTML(
268  Html::successBox(
269  $out->msg( static::$messagePrefix . '-success' )->parse()
270  )
271  );
272  $out->returnToMain();
273  }
274  }
275 
279  protected function getReturnUrl() {
280  $request = $this->getRequest();
281  $returnTo = $request->getText( 'returnto' );
282  $returnToQuery = $request->getText( 'returntoquery', '' );
283 
284  if ( !$returnTo ) {
285  return null;
286  }
287 
288  $title = Title::newFromText( $returnTo );
289  return $title->getFullUrlForRedirect( $returnToQuery );
290  }
291 
292  protected function getRequestBlacklist() {
293  return $this->getConfig()->get( MainConfigNames::ChangeCredentialsBlacklist );
294  }
295 }
AuthManagerSpecialPage
A special page subclass for authentication-related special pages.
Definition: AuthManagerSpecialPage.php:20
AuthManagerSpecialPage\$authAction
string $authAction
one of the AuthManager::ACTION_* constants.
Definition: AuthManagerSpecialPage.php:35
AuthManagerSpecialPage\performAuthenticationStep
performAuthenticationStep( $action, array $requests)
Definition: AuthManagerSpecialPage.php:363
AuthManagerSpecialPage\displayForm
displayForm( $status)
Display the form.
Definition: AuthManagerSpecialPage.php:574
AuthManagerSpecialPage\$authRequests
AuthenticationRequest[] $authRequests
Definition: AuthManagerSpecialPage.php:38
AuthManagerSpecialPage\$subPage
string $subPage
Subpage of the special page.
Definition: AuthManagerSpecialPage.php:41
AuthManagerSpecialPage\mergeDefaultFormDescriptor
static mergeDefaultFormDescriptor(array $fieldInfo, array $formDescriptor, array $defaultFormDescriptor)
Apply defaults to a form descriptor, without creating non-existent fields.
Definition: AuthManagerSpecialPage.php:809
AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition: AuthManagerSpecialPage.php:74
AuthManagerSpecialPage\trySubmit
trySubmit()
Attempts to do an authentication step with the submitted data.
Definition: AuthManagerSpecialPage.php:418
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:106
MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition: AuthenticationRequest.php:40
MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition: AuthenticationResponse.php:37
MediaWiki\Auth\PasswordAuthenticationRequest
This is a value object for authentication requests with a username and password.
Definition: PasswordAuthenticationRequest.php:32
MediaWiki\Html\Html
This class is a collection of static functions that serve two purposes:
Definition: Html.php:55
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition: MainConfigNames.php:22
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition: SessionManager.php:79
MediaWiki\Title\Title
Represents a title within MediaWiki.
Definition: Title.php:82
SpecialChangeCredentials
Special change to change credentials (such as the password).
Definition: SpecialChangeCredentials.php:17
SpecialChangeCredentials\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition: SpecialChangeCredentials.php:33
SpecialChangeCredentials\getAuthForm
getAuthForm(array $requests, $action)
Definition: SpecialChangeCredentials.php:178
SpecialChangeCredentials\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition: SpecialChangeCredentials.php:42
SpecialChangeCredentials\handleFormSubmit
handleFormSubmit( $data)
Submit handler callback for HTMLForm.
Definition: SpecialChangeCredentials.php:205
SpecialChangeCredentials\getPreservedParams
getPreservedParams( $withToken=false)
Returns URL query parameters which can be used to reload the page (or leave and return) while preserv...
Definition: SpecialChangeCredentials.php:50
SpecialChangeCredentials\isListed
isListed()
Whether this special page is listed in Special:SpecialPages.
Definition: SpecialChangeCredentials.php:37
SpecialChangeCredentials\getRequestBlacklist
getRequestBlacklist()
Allows blacklisting certain request types.
Definition: SpecialChangeCredentials.php:292
SpecialChangeCredentials\getAuthFormDescriptor
getAuthFormDescriptor( $requests, $action)
Generates a HTMLForm descriptor array from a set of authentication requests.
Definition: SpecialChangeCredentials.php:152
SpecialChangeCredentials\loadAuth
loadAuth( $subPage, $authAction=null, $reset=false)
Load or initialize $authAction, $authRequests and $subPage.
Definition: SpecialChangeCredentials.php:101
SpecialChangeCredentials\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
Definition: SpecialChangeCredentials.php:46
SpecialChangeCredentials\__construct
__construct(AuthManager $authManager)
Definition: SpecialChangeCredentials.php:28
SpecialChangeCredentials\needsSubmitButton
needsSubmitButton(array $requests)
Returns true if the form built from the given AuthenticationRequests needs a submit button.
Definition: SpecialChangeCredentials.php:199
SpecialChangeCredentials\$loadUserData
static $loadUserData
Change action needs user data; remove action does not.
Definition: SpecialChangeCredentials.php:23
SpecialChangeCredentials\execute
execute( $subPage)
Default execute method Checks user permissions.
Definition: SpecialChangeCredentials.php:60
SpecialChangeCredentials\onAuthChangeFormFields
onAuthChangeFormFields(array $requests, array $fieldInfo, array &$formDescriptor, $action)
Change the form descriptor that determines how a field will look in the authentication form....
Definition: SpecialChangeCredentials.php:118
SpecialPage\outputHeader
outputHeader( $summaryMessageKey='')
Outputs a summary message on top of special pages Per default the message key is the canonical name o...
Definition: SpecialPage.php:763
SpecialPage\setHeaders
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
Definition: SpecialPage.php:672
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition: SpecialPage.php:862
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition: SpecialPage.php:872
SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition: SpecialPage.php:984
SpecialPage\getConfig
getConfig()
Shortcut to get main config object.
Definition: SpecialPage.php:950
SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition: SpecialPage.php:553
SpecialPage\getPageTitle
getPageTitle( $subpage=false)
Get a self-referential title object.
Definition: SpecialPage.php:816
StatusValue\newFatal
static newFatal( $message,... $parameters)
Factory function for fatal errors.
Definition: StatusValue.php:73
StatusValue\newGood
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:85