MediaWiki  master
SpecialCreateAccount.php
Go to the documentation of this file.
1 <?php
26 
33  protected static $allowedActions = [
34  AuthManager::ACTION_CREATE,
35  AuthManager::ACTION_CREATE_CONTINUE
36  ];
37 
38  protected static $messages = [
39  'authform-newtoken' => 'nocookiesfornew',
40  'authform-notoken' => 'sessionfailure',
41  'authform-wrongtoken' => 'sessionfailure',
42  ];
43 
47  public function __construct( AuthManager $authManager ) {
48  parent::__construct( 'CreateAccount', 'createaccount' );
49 
50  $this->setAuthManager( $authManager );
51  }
52 
53  public function doesWrites() {
54  return true;
55  }
56 
57  public function checkPermissions() {
58  parent::checkPermissions();
59 
60  $performer = $this->getAuthority();
61  $authManager = $this->getAuthManager();
62 
63  $status = $this->mPosted ?
64  $authManager->authorizeCreateAccount( $performer ) :
66  if ( !$status->isGood() ) {
67  throw new ErrorPageError(
68  'createacct-error',
69  Status::wrap( $status )->getMessage()
70  );
71  }
72  }
73 
74  protected function getLoginSecurityLevel() {
75  return false;
76  }
77 
78  protected function getDefaultAction( $subPage ) {
79  return AuthManager::ACTION_CREATE;
80  }
81 
82  public function getDescription() {
83  return $this->msg( 'createaccount' )->text();
84  }
85 
86  protected function isSignup() {
87  return true;
88  }
89 
97  protected function successfulAction( $direct = false, $extraMessages = null ) {
98  $session = $this->getRequest()->getSession();
99  $user = $this->targetUser ?: $this->getUser();
100 
101  if ( $direct ) {
102  # Only save preferences if the user is not creating an account for someone else.
103  if ( !$this->proxyAccountCreation ) {
104  $this->getHookRunner()->onAddNewAccount( $user, false );
105 
106  // If the user does not have a session cookie at this point, they probably need to
107  // do something to their browser.
108  if ( !$this->hasSessionCookie() ) {
109  $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
110  // TODO something more specific? This used to use nocookiesnew
111  // FIXME should redirect to login page instead?
112  return;
113  }
114  } else {
115  $byEmail = false; // FIXME no way to set this
116 
117  $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
118 
119  $out = $this->getOutput();
120  // @phan-suppress-next-line PhanImpossibleCondition
121  $out->setPageTitle( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
122  // @phan-suppress-next-line PhanImpossibleCondition
123  if ( $byEmail ) {
124  $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
125  } else {
126  $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
127  }
128 
129  $rt = Title::newFromText( $this->mReturnTo );
130  $out->addReturnTo(
131  ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
132  wfCgiToArray( $this->mReturnToQuery )
133  );
134  return;
135  }
136  }
137 
138  $this->clearToken();
139 
140  # Run any hooks; display injected HTML
141  $injected_html = '';
142  $welcome_creation_msg = 'welcomecreation-msg';
143  $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
144 
150  $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
151 
152  $this->showSuccessPage( 'signup',
153  $this->msg( 'welcomeuser', $this->getUser()->getName() )->escaped(),
154  $welcome_creation_msg, $injected_html, $extraMessages );
155  }
156 
157  protected function getToken() {
158  return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
159  }
160 
161  protected function clearToken() {
162  return $this->getRequest()->getSession()->resetToken( 'createaccount' );
163  }
164 
165  protected function getTokenName() {
166  return 'wpCreateaccountToken';
167  }
168 
169  protected function getGroupName() {
170  return 'login';
171  }
172 
173  protected function logAuthResult( $success, $status = null ) {
174  LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
175  'event' => 'accountcreation',
176  'successful' => $success,
177  'status' => strval( $status ),
178  ] );
179  }
180 }
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
$success
string $subPage
Subpage of the special page.
getRequest()
Get the WebRequest being used for this instance.
An error page which can definitely be safely rendered using the OutputPage.
Holds shared logic for login and account creation pages.
mainLoginForm(array $requests, $msg='', $msgtype='error')
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
hasSessionCookie()
Check if a session cookie is present.
This serves as the entry point to the authentication system.
probablyCanCreateAccount(Authority $creator)
Check whether $creator can create accounts.
authorizeCreateAccount(Authority $creator)
Authorize the account creation by $creator.
PSR-3 logger instance factory.
Implements Special:CreateAccount.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then display a message welcoming the user.
getToken()
Returns the CSRF token.
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
doesWrites()
Indicates whether this special page may perform database writes.
__construct(AuthManager $authManager)
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
getName()
Get the name of this Special Page.
getOutput()
Get the OutputPage being used for this instance.
getUser()
Shortcut to get the User executing this instance.
AuthManager null $authManager
Definition: SpecialPage.php:89
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getAuthority()
Shortcut to get the Authority executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
static wrap( $sv)
Succinct helper method to wrap a StatusValue.
Definition: Status.php:62
static newFromText( $text, $defaultNamespace=NS_MAIN)
Create a new Title from text, such as what one would find in a link.
Definition: Title.php:370