MediaWiki master
SpecialUnlinkAccounts.php
Go to the documentation of this file.
1<?php
2
3namespace MediaWiki\Specials;
4
12use StatusValue;
13
15 protected static $allowedActions = [ AuthManager::ACTION_UNLINK ];
16
20 public function __construct( AuthManager $authManager ) {
21 parent::__construct( 'UnlinkAccounts' );
22 $this->setAuthManager( $authManager );
23 }
24
25 protected function getLoginSecurityLevel() {
26 return 'UnlinkAccount';
27 }
28
29 protected function getDefaultAction( $subPage ) {
30 return AuthManager::ACTION_UNLINK;
31 }
32
37 protected function getGroupName() {
38 return 'login';
39 }
40
41 public function isListed() {
42 return $this->getAuthManager()->canLinkAccounts();
43 }
44
45 protected function getRequestBlacklist() {
47 }
48
49 public function execute( $subPage ) {
50 $this->setHeaders();
51 $this->loadAuth( $subPage );
52
53 if ( !$this->isActionAllowed( $this->authAction ) ) {
54 if ( $this->authAction === AuthManager::ACTION_UNLINK ) {
55 // Looks like there are no linked accounts to unlink
56 $titleMessage = $this->msg( 'cannotunlink-no-provider-title' );
57 $errorMessage = $this->msg( 'cannotunlink-no-provider' );
58 throw new ErrorPageError( $titleMessage, $errorMessage );
59 } else {
60 // user probably back-button-navigated into an auth session that no longer exists
61 // FIXME would be nice to show a message
62 $this->getOutput()->redirect( $this->getPageTitle()->getFullURL( '', false, PROTO_HTTPS ) );
63 return;
64 }
65 }
66
67 $this->outputHeader();
68
69 $status = $this->trySubmit();
70
71 if ( $status === false || !$status->isOK() ) {
72 $this->displayForm( $status );
73 return;
74 }
75
77 $response = $status->getValue();
78
79 if ( $response->status === AuthenticationResponse::FAIL ) {
80 $this->displayForm( StatusValue::newFatal( $response->message ) );
81 return;
82 }
83
84 $status = StatusValue::newGood();
85 $status->warning( $this->msg( 'unlinkaccounts-success' ) );
86 $this->loadAuth( $subPage, null, true ); // update requests so the unlinked one doesn't show up
87
88 // Reset sessions - if the user unlinked an account because it was compromised,
89 // log attackers out from sessions obtained via that account.
90 $session = $this->getRequest()->getSession();
91 $user = $this->getUser();
92 SessionManager::singleton()->invalidateSessionsForUser( $user );
93 $session->setUser( $user );
94 $session->resetId();
95
96 $this->displayForm( $status );
97 }
98
99 public function handleFormSubmit( $data ) {
100 // unlink requests do not accept user input so repeat parent code but skip call to
101 // AuthenticationRequest::loadRequestsFromSubmission
102 $response = $this->performAuthenticationStep( $this->authAction, $this->authRequests );
103 return Status::newGood( $response );
104 }
105}
106
111class_alias( SpecialUnlinkAccounts::class, 'SpecialUnlinkAccounts' );
const PROTO_HTTPS
Definition Defines.php:201
An error page which can definitely be safely rendered using the OutputPage.
This serves as the entry point to the authentication system.
This is a value object to hold authentication response data.
A class containing constants representing the names of configuration variables.
const RemoveCredentialsBlacklist
Name constant for the RemoveCredentialsBlacklist setting, for use with Config::get()
This serves as the entry point to the MediaWiki session handling system.
A special page subclass for authentication-related special pages.
isActionAllowed( $action)
Checks whether AuthManager is ready to perform the action.
trySubmit()
Attempts to do an authentication step with the submitted data.
loadAuth( $subPage, $authAction=null, $reset=false)
Load or initialize $authAction, $authRequests and $subPage.
getRequest()
Get the WebRequest being used for this instance.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
getUser()
Shortcut to get the User executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getPageTitle( $subpage=false)
Get a self-referential title object.
getConfig()
Shortcut to get main config object.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
outputHeader( $summaryMessageKey='')
Outputs a summary message on top of special pages Per default the message key is the canonical name o...
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.
execute( $subPage)
Default execute method Checks user permissions.
getRequestBlacklist()
Allows blacklisting certain request types.
isListed()
Whether this special page is listed in Special:SpecialPages.
handleFormSubmit( $data)
Submit handler callback for HTMLForm.
getGroupName()
Under which header this special page is listed in Special:SpecialPages.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54
Generic operation result class Has warning/error list, boolean status and arbitrary value.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...