MediaWiki master
SpecialCreateAccount.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
31use StatusValue;
32
41 protected static $allowedActions = [
42 AuthManager::ACTION_CREATE,
43 AuthManager::ACTION_CREATE_CONTINUE
44 ];
45
47 protected static $messages = [
48 'authform-newtoken' => 'nocookiesfornew',
49 'authform-notoken' => 'sessionfailure',
50 'authform-wrongtoken' => 'sessionfailure',
51 ];
52
53 private FormatterFactory $formatterFactory;
54
55 private UserIdentityUtils $identityUtils;
56
57 public function __construct(
58 AuthManager $authManager,
59 FormatterFactory $formatterFactory,
60 UserIdentityUtils $identityUtils
61 ) {
62 parent::__construct( 'CreateAccount', 'createaccount' );
63
64 $this->setAuthManager( $authManager );
65 $this->formatterFactory = $formatterFactory;
66 $this->identityUtils = $identityUtils;
67 }
68
69 public function doesWrites() {
70 return true;
71 }
72
73 public function checkPermissions() {
74 parent::checkPermissions();
75
76 $performer = $this->getAuthority();
77 $authManager = $this->getAuthManager();
78
79 $status = $this->mPosted ?
80 $authManager->authorizeCreateAccount( $performer ) :
81 $authManager->probablyCanCreateAccount( $performer );
82
83 if ( !$status->isGood() ) {
84 $formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() );
85 throw new ErrorPageError(
86 'createacct-error',
87 $formatter->getMessage( $status )
88 );
89 }
90 }
91
92 protected function getLoginSecurityLevel() {
93 return false;
94 }
95
96 protected function getDefaultAction( $subPage ) {
97 return AuthManager::ACTION_CREATE;
98 }
99
100 public function getDescription() {
101 return $this->msg( 'createaccount' );
102 }
103
104 protected function isSignup() {
105 return true;
106 }
107
115 protected function successfulAction( $direct = false, $extraMessages = null ) {
116 $session = $this->getRequest()->getSession();
117 $user = $this->targetUser ?: $this->getUser();
118
119 $injected_html = '';
120 if ( $direct ) {
121 # Only save preferences if the user is not creating an account for someone else.
122 if ( !$this->proxyAccountCreation ) {
123 $this->getHookRunner()->onAddNewAccount( $user, false );
124
125 // If the user does not have a session cookie at this point, they probably need to
126 // do something to their browser.
127 if ( !$this->hasSessionCookie() ) {
128 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
129 // TODO something more specific? This used to use nocookiesnew
130 // FIXME should redirect to login page instead?
131 return;
132 }
133 } else {
134 $byEmail = false; // FIXME no way to set this
135
136 $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
137
138 $out = $this->getOutput();
139 // @phan-suppress-next-line PhanImpossibleCondition
140 $out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
141 // @phan-suppress-next-line PhanImpossibleCondition
142 if ( $byEmail ) {
143 $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
144 } else {
145 $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
146 }
147
148 $rt = Title::newFromText( $this->mReturnTo );
149 $out->addReturnTo(
150 ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
151 wfCgiToArray( $this->mReturnToQuery )
152 );
153 return;
154 }
155 $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
156 }
157
158 $this->clearToken();
159
160 # Run any hooks; display injected HTML
161 $welcome_creation_msg = 'welcomecreation-msg';
167 $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
168
169 $this->showSuccessPage( 'signup',
170 // T308471: ensure username is plaintext (aka escaped)
171 $this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ),
172 $welcome_creation_msg, $injected_html, $extraMessages );
173 }
174
175 protected function getToken() {
176 return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
177 }
178
179 protected function clearToken() {
180 $this->getRequest()->getSession()->resetToken( 'createaccount' );
181 }
182
183 protected function getTokenName() {
184 return 'wpCreateaccountToken';
185 }
186
187 protected function getGroupName() {
188 return 'users';
189 }
190
191 protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
192 LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
193 'event' => 'accountcreation',
194 'successful' => $success,
195 'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
196 'status' => strval( $status ),
197 ] );
198 }
199}
200
202class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
This serves as the entry point to the authentication system.
An error page which can definitely be safely rendered using the OutputPage.
Factory for formatters of common complex objects.
Create PSR-3 logger objects.
getRequest()
Get the WebRequest being used for this instance.
Holds shared logic for login and account creation pages.
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
mainLoginForm(array $requests, $msg='', $msgtype='error')
hasSessionCookie()
Check if a session cookie is present.
getUser()
Shortcut to get the User executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getPageTitle( $subpage=false)
Get a self-referential title object.
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
getAuthority()
Shortcut to get the Authority executing this instance.
getName()
Get the canonical, unlocalized name of this special page without namespace.
Implements Special:CreateAccount.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
logAuthResult( $success, UserIdentity $performer, $status=null)
Logs to the authmanager-stats channel.
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
__construct(AuthManager $authManager, FormatterFactory $formatterFactory, UserIdentityUtils $identityUtils)
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then display a message welcoming the user.
doesWrites()
Indicates whether POST requests to this special page require write access to the wiki.
Represents a title within MediaWiki.
Definition Title.php:78
Convenience functions for interpreting UserIdentity objects using additional services or config.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Interface for objects representing user identity.