MediaWiki master
SpecialCreateAccount.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
31use StatusValue;
32
41 protected static $allowedActions = [
42 AuthManager::ACTION_CREATE,
43 AuthManager::ACTION_CREATE_CONTINUE
44 ];
45
47 protected static $messages = [
48 'authform-newtoken' => 'nocookiesfornew',
49 'authform-notoken' => 'sessionfailure',
50 'authform-wrongtoken' => 'sessionfailure',
51 ];
52
53 private FormatterFactory $formatterFactory;
54
55 private UserIdentityUtils $identityUtils;
56
62 public function __construct(
63 AuthManager $authManager,
64 FormatterFactory $formatterFactory,
65 UserIdentityUtils $identityUtils
66 ) {
67 parent::__construct( 'CreateAccount', 'createaccount' );
68
69 $this->setAuthManager( $authManager );
70 $this->formatterFactory = $formatterFactory;
71 $this->identityUtils = $identityUtils;
72 }
73
74 public function doesWrites() {
75 return true;
76 }
77
78 public function checkPermissions() {
79 parent::checkPermissions();
80
81 $performer = $this->getAuthority();
82 $authManager = $this->getAuthManager();
83
84 $status = $this->mPosted ?
85 $authManager->authorizeCreateAccount( $performer ) :
86 $authManager->probablyCanCreateAccount( $performer );
87
88 if ( !$status->isGood() ) {
89 $formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() );
90 throw new ErrorPageError(
91 'createacct-error',
92 $formatter->getMessage( $status )
93 );
94 }
95 }
96
97 protected function getLoginSecurityLevel() {
98 return false;
99 }
100
101 protected function getDefaultAction( $subPage ) {
102 return AuthManager::ACTION_CREATE;
103 }
104
105 public function getDescription() {
106 return $this->msg( 'createaccount' );
107 }
108
109 protected function isSignup() {
110 return true;
111 }
112
120 protected function successfulAction( $direct = false, $extraMessages = null ) {
121 $session = $this->getRequest()->getSession();
122 $user = $this->targetUser ?: $this->getUser();
123
124 $injected_html = '';
125 if ( $direct ) {
126 # Only save preferences if the user is not creating an account for someone else.
127 if ( !$this->proxyAccountCreation ) {
128 $this->getHookRunner()->onAddNewAccount( $user, false );
129
130 // If the user does not have a session cookie at this point, they probably need to
131 // do something to their browser.
132 if ( !$this->hasSessionCookie() ) {
133 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
134 // TODO something more specific? This used to use nocookiesnew
135 // FIXME should redirect to login page instead?
136 return;
137 }
138 } else {
139 $byEmail = false; // FIXME no way to set this
140
141 $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
142
143 $out = $this->getOutput();
144 // @phan-suppress-next-line PhanImpossibleCondition
145 $out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
146 // @phan-suppress-next-line PhanImpossibleCondition
147 if ( $byEmail ) {
148 $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
149 } else {
150 $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
151 }
152
153 $rt = Title::newFromText( $this->mReturnTo );
154 $out->addReturnTo(
155 ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
156 wfCgiToArray( $this->mReturnToQuery )
157 );
158 return;
159 }
160 $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
161 }
162
163 $this->clearToken();
164
165 # Run any hooks; display injected HTML
166 $welcome_creation_msg = 'welcomecreation-msg';
172 $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
173
174 $this->showSuccessPage( 'signup',
175 // T308471: ensure username is plaintext (aka escaped)
176 $this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ),
177 $welcome_creation_msg, $injected_html, $extraMessages );
178 }
179
180 protected function getToken() {
181 return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
182 }
183
184 protected function clearToken() {
185 $this->getRequest()->getSession()->resetToken( 'createaccount' );
186 }
187
188 protected function getTokenName() {
189 return 'wpCreateaccountToken';
190 }
191
192 protected function getGroupName() {
193 return 'users';
194 }
195
196 protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
197 LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
198 'event' => 'accountcreation',
199 'successful' => $success,
200 'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
201 'status' => strval( $status ),
202 ] );
203 }
204}
205
207class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
An error page which can definitely be safely rendered using the OutputPage.
This serves as the entry point to the authentication system.
Factory for formatters of common complex objects.
Create PSR-3 logger objects.
getRequest()
Get the WebRequest being used for this instance.
Holds shared logic for login and account creation pages.
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
mainLoginForm(array $requests, $msg='', $msgtype='error')
hasSessionCookie()
Check if a session cookie is present.
getUser()
Shortcut to get the User executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getPageTitle( $subpage=false)
Get a self-referential title object.
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
getAuthority()
Shortcut to get the Authority executing this instance.
getName()
Get the canonical, unlocalized name of this special page without namespace.
Implements Special:CreateAccount.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
logAuthResult( $success, UserIdentity $performer, $status=null)
Logs to the authmanager-stats channel.
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
__construct(AuthManager $authManager, FormatterFactory $formatterFactory, UserIdentityUtils $identityUtils)
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then display a message welcoming the user.
doesWrites()
Indicates whether POST requests to this special page require write access to the wiki.
Represents a title within MediaWiki.
Definition Title.php:78
Convenience functions for interpreting UserIdentity objects using additional services or config.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Interface for objects representing user identity.