MediaWiki  master
SpecialCreateAccount.php
Go to the documentation of this file.
1 <?php
24 namespace MediaWiki\Specials;
25 
26 use ErrorPageError;
27 use LoginSignupSpecialPage;
28 use MediaWiki\Auth\AuthManager;
29 use MediaWiki\Logger\LoggerFactory;
30 use MediaWiki\Title\Title;
31 use Status;
32 use StatusValue;
33 
39 class SpecialCreateAccount extends LoginSignupSpecialPage {
40  protected static $allowedActions = [
41  AuthManager::ACTION_CREATE,
42  AuthManager::ACTION_CREATE_CONTINUE
43  ];
44 
45  protected static $messages = [
46  'authform-newtoken' => 'nocookiesfornew',
47  'authform-notoken' => 'sessionfailure',
48  'authform-wrongtoken' => 'sessionfailure',
49  ];
50 
54  public function __construct( AuthManager $authManager ) {
55  parent::__construct( 'CreateAccount', 'createaccount' );
56 
57  $this->setAuthManager( $authManager );
58  }
59 
60  public function doesWrites() {
61  return true;
62  }
63 
64  public function checkPermissions() {
65  parent::checkPermissions();
66 
67  $performer = $this->getAuthority();
68  $authManager = $this->getAuthManager();
69 
70  $status = $this->mPosted ?
71  $authManager->authorizeCreateAccount( $performer ) :
72  $authManager->probablyCanCreateAccount( $performer );
73  if ( !$status->isGood() ) {
74  throw new ErrorPageError(
75  'createacct-error',
76  Status::wrap( $status )->getMessage()
77  );
78  }
79  }
80 
81  protected function getLoginSecurityLevel() {
82  return false;
83  }
84 
85  protected function getDefaultAction( $subPage ) {
86  return AuthManager::ACTION_CREATE;
87  }
88 
89  public function getDescription() {
90  return $this->msg( 'createaccount' )->text();
91  }
92 
93  protected function isSignup() {
94  return true;
95  }
96 
104  protected function successfulAction( $direct = false, $extraMessages = null ) {
105  $session = $this->getRequest()->getSession();
106  $user = $this->targetUser ?: $this->getUser();
107 
108  if ( $direct ) {
109  # Only save preferences if the user is not creating an account for someone else.
110  if ( !$this->proxyAccountCreation ) {
111  $this->getHookRunner()->onAddNewAccount( $user, false );
112 
113  // If the user does not have a session cookie at this point, they probably need to
114  // do something to their browser.
115  if ( !$this->hasSessionCookie() ) {
116  $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
117  // TODO something more specific? This used to use nocookiesnew
118  // FIXME should redirect to login page instead?
119  return;
120  }
121  } else {
122  $byEmail = false; // FIXME no way to set this
123 
124  $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
125 
126  $out = $this->getOutput();
127  // @phan-suppress-next-line PhanImpossibleCondition
128  $out->setPageTitle( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
129  // @phan-suppress-next-line PhanImpossibleCondition
130  if ( $byEmail ) {
131  $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
132  } else {
133  $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
134  }
135 
136  $rt = Title::newFromText( $this->mReturnTo );
137  $out->addReturnTo(
138  ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
139  wfCgiToArray( $this->mReturnToQuery )
140  );
141  return;
142  }
143  }
144 
145  $this->clearToken();
146 
147  # Run any hooks; display injected HTML
148  $injected_html = '';
149  $welcome_creation_msg = 'welcomecreation-msg';
150  $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
151 
157  $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
158 
159  $this->showSuccessPage( 'signup',
160  $this->msg( 'welcomeuser', $this->getUser()->getName() )->escaped(),
161  $welcome_creation_msg, $injected_html, $extraMessages );
162  }
163 
164  protected function getToken() {
165  return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
166  }
167 
168  protected function clearToken() {
169  $this->getRequest()->getSession()->resetToken( 'createaccount' );
170  }
171 
172  protected function getTokenName() {
173  return 'wpCreateaccountToken';
174  }
175 
176  protected function getGroupName() {
177  return 'users';
178  }
179 
180  protected function logAuthResult( $success, $status = null ) {
181  LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
182  'event' => 'accountcreation',
183  'successful' => $success,
184  'status' => strval( $status ),
185  ] );
186  }
187 }
188 
192 class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );
wfCgiToArray
wfCgiToArray( $query)
This is the logical opposite of wfArrayToCgi(): it accepts a query string as its argument and returns...
Definition: GlobalFunctions.php:383
$success
$success
Definition: NoLocalSettings.php:44
AuthManagerSpecialPage\$subPage
string $subPage
Subpage of the special page.
Definition: AuthManagerSpecialPage.php:41
AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition: AuthManagerSpecialPage.php:74
ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition: ErrorPageError.php:30
LoginSignupSpecialPage
Holds shared logic for login and account creation pages.
Definition: LoginSignupSpecialPage.php:42
LoginSignupSpecialPage\mainLoginForm
mainLoginForm(array $requests, $msg='', $msgtype='error')
Definition: LoginSignupSpecialPage.php:526
LoginSignupSpecialPage\showSuccessPage
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
Definition: LoginSignupSpecialPage.php:447
LoginSignupSpecialPage\hasSessionCookie
hasSessionCookie()
Check if a session cookie is present.
Definition: LoginSignupSpecialPage.php:1137
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:106
MediaWiki\Auth\AuthManager\ACTION_CREATE_CONTINUE
const ACTION_CREATE_CONTINUE
Continue a user creation process that was interrupted by the need for user input or communication wit...
Definition: AuthManager.php:118
MediaWiki\Auth\AuthManager\ACTION_CREATE
const ACTION_CREATE
Create a new user.
Definition: AuthManager.php:114
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45
MediaWiki\Logger\LoggerFactory\getInstance
static getInstance( $channel)
Get a named logger instance from the currently configured logger factory.
Definition: LoggerFactory.php:92
MediaWiki\Specials\SpecialCreateAccount
Implements Special:CreateAccount.
Definition: SpecialCreateAccount.php:39
MediaWiki\Specials\SpecialCreateAccount\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
Definition: SpecialCreateAccount.php:172
MediaWiki\Specials\SpecialCreateAccount\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
Definition: SpecialCreateAccount.php:85
MediaWiki\Specials\SpecialCreateAccount\logAuthResult
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
Definition: SpecialCreateAccount.php:180
MediaWiki\Specials\SpecialCreateAccount\getDescription
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
Definition: SpecialCreateAccount.php:89
MediaWiki\Specials\SpecialCreateAccount\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition: SpecialCreateAccount.php:176
MediaWiki\Specials\SpecialCreateAccount\checkPermissions
checkPermissions()
Checks if userCanExecute, and if not throws a PermissionsError.
Definition: SpecialCreateAccount.php:64
MediaWiki\Specials\SpecialCreateAccount\successfulAction
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then display a message welcoming the user.
Definition: SpecialCreateAccount.php:104
MediaWiki\Specials\SpecialCreateAccount\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition: SpecialCreateAccount.php:60
MediaWiki\Title\Title
Represents a title within MediaWiki.
Definition: Title.php:82
MediaWiki\Title\Title\newFromText
static newFromText( $text, $defaultNamespace=NS_MAIN)
Create a new Title from text, such as what one would find in a link.
Definition: Title.php:425
SpecialPage\getName
getName()
Get the name of this Special Page.
Definition: SpecialPage.php:204
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition: SpecialPage.php:862
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition: SpecialPage.php:872
SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition: SpecialPage.php:984
SpecialPage\getAuthority
getAuthority()
Shortcut to get the Authority executing this instance.
Definition: SpecialPage.php:882
SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition: SpecialPage.php:553
StatusValue
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: StatusValue.php:46
Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: Status.php:46
Status\wrap
static wrap( $sv)
Succinct helper method to wrap a StatusValue.
Definition: Status.php:64