SpecialCreateAccount.php

Go to the documentation of this file.

<?php
namespace MediaWiki\Specials;
 
use MediaWiki\Auth\AuthManager;
use MediaWiki\Context\RequestContext;
use MediaWiki\Exception\ErrorPageError;
use MediaWiki\Language\FormatterFactory;
use MediaWiki\Logger\LoggerFactory;
use MediaWiki\SpecialPage\LoginSignupSpecialPage;
use MediaWiki\Title\Title;
use MediaWiki\User\UserIdentity;
use MediaWiki\User\UserIdentityUtils;
use StatusValue;
 
class SpecialCreateAccount extends LoginSignupSpecialPage {
    protected static $allowedActions = [
        AuthManager::ACTION_CREATE,
        AuthManager::ACTION_CREATE_CONTINUE
    ];
 
    protected static $messages = [
        'authform-newtoken' => 'nocookiesfornew',
        'authform-notoken' => 'sessionfailure',
        'authform-wrongtoken' => 'sessionfailure',
    ];
 
    private FormatterFactory $formatterFactory;
 
    private UserIdentityUtils $identityUtils;
 
    public function __construct(
        AuthManager $authManager,
        FormatterFactory $formatterFactory,
        UserIdentityUtils $identityUtils
    ) {
        parent::__construct( 'CreateAccount', 'createaccount' );
 
        $this->setAuthManager( $authManager );
        $this->formatterFactory = $formatterFactory;
        $this->identityUtils = $identityUtils;
    }
 
    public function doesWrites() {
        return true;
    }
 
    public function checkPermissions() {
        parent::checkPermissions();
 
        $performer = $this->getAuthority();
        $authManager = $this->getAuthManager();
 
        $status = $this->mPosted ?
            $authManager->authorizeCreateAccount( $performer ) :
            $authManager->probablyCanCreateAccount( $performer );
 
        if ( !$status->isGood() ) {
            $formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() );
            $messages = [];
            foreach ( $status->getMessages() as $message ) {
                $messages[] = $message->getKey();
            }
            $this->logAuthResult(
                false, $performer->getUser(),
                implode( '|', $messages )
            );
            throw new ErrorPageError(
                'createacct-error',
                $formatter->getMessage( $status )
            );
        }
    }
 
    protected function getLoginSecurityLevel() {
        return false;
    }
 
    protected function getDefaultAction( $subPage ) {
        return AuthManager::ACTION_CREATE;
    }
 
    public function getDescription() {
        return $this->msg( 'createaccount' );
    }
 
    protected function isSignup() {
        return true;
    }
 
    protected function successfulAction( $direct = false, $extraMessages = null ) {
        $session = $this->getRequest()->getSession();
        $user = $this->targetUser ?: $this->getUser();
 
        $injected_html = '';
        if ( $direct ) {
            # Only save preferences if the user is not creating an account for someone else.
            if ( !$this->proxyAccountCreation ) {
                $this->getHookRunner()->onAddNewAccount( $user, false );
            } else {
                $byEmail = false; // FIXME no way to set this
 
                $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
 
                $out = $this->getOutput();
                // @phan-suppress-next-line PhanImpossibleCondition
                $out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
                // @phan-suppress-next-line PhanImpossibleCondition
                if ( $byEmail ) {
                    $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
                } else {
                    $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
                }
 
                $rt = Title::newFromText( $this->mReturnTo );
                $out->addReturnTo(
                    ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
                    wfCgiToArray( $this->mReturnToQuery )
                );
                return;
            }
            $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
        }
 
        $this->clearToken();
 
        # Run any hooks; display injected HTML
        $welcome_creation_msg = 'welcomecreation-msg';
        $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
 
        $this->showSuccessPage( 'signup',
            // T308471: ensure username is plaintext (aka escaped)
            $this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ),
            $welcome_creation_msg, $injected_html, $extraMessages );
    }
 
    protected function getToken() {
        return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
    }
 
    protected function clearToken() {
        $this->getRequest()->getSession()->resetToken( 'createaccount' );
    }
 
    protected function getTokenName() {
        return 'wpCreateaccountToken';
    }
 
    protected function getGroupName() {
        return 'users';
    }
 
    protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
        LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
            'event' => 'accountcreation',
            'successful' => $success,
            'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
            'status' => strval( $status )
        ] + RequestContext::getMain()->getRequest()->getSecurityLogContext( $performer ) );
    }
}
 
class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );